[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.747611][ T25] audit: type=1800 audit(1570742399.887:25): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 39.767685][ T25] audit: type=1800 audit(1570742399.887:26): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 39.767698][ T25] audit: type=1800 audit(1570742399.887:27): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts. 2019/10/10 21:20:10 fuzzer started 2019/10/10 21:20:12 dialing manager at 10.128.0.105:37331 2019/10/10 21:20:12 syscalls: 2523 2019/10/10 21:20:12 code coverage: enabled 2019/10/10 21:20:12 comparison tracing: enabled 2019/10/10 21:20:12 extra coverage: extra coverage is not supported by the kernel 2019/10/10 21:20:12 setuid sandbox: enabled 2019/10/10 21:20:12 namespace sandbox: enabled 2019/10/10 21:20:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/10 21:20:12 fault injection: enabled 2019/10/10 21:20:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/10 21:20:12 net packet injection: enabled 2019/10/10 21:20:12 net device setup: enabled 2019/10/10 21:20:12 concurrency sanitizer: enabled 21:20:15 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) syzkaller login: [ 55.170488][ T7361] IPVS: ftp: loaded support on port[0] = 21 21:20:15 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0x4d0, 0x0, 0x40000084], [0x3a, 0x9104]}) syz_open_dev$dspn(0x0, 0x3, 0x21000) syz_open_dev$swradio(0x0, 0x1, 0x2) [ 55.262181][ T7361] chnl_net:caif_netlink_parms(): no params data found [ 55.329020][ T7361] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.337103][ T7361] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.360292][ T7361] device bridge_slave_0 entered promiscuous mode [ 55.369972][ T7361] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.377088][ T7361] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.386631][ T7361] device bridge_slave_1 entered promiscuous mode [ 55.408594][ T7361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.421177][ T7361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.447121][ T7361] team0: Port device team_slave_0 added [ 55.455064][ T7361] team0: Port device team_slave_1 added [ 55.533171][ T7361] device hsr_slave_0 entered promiscuous mode 21:20:15 executing program 2: mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) [ 55.619725][ T7361] device hsr_slave_1 entered promiscuous mode [ 55.696528][ T7361] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.703812][ T7361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.711320][ T7361] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.718382][ T7361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.736362][ T7364] IPVS: ftp: loaded support on port[0] = 21 [ 55.805575][ T7361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.836982][ T7361] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.847811][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.857956][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.876902][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.891793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.935867][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.945940][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.953033][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.972208][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 21:20:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x400000, &(0x7f0000001000/0x1000)=nil}) [ 55.982133][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.989207][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.031161][ T7368] IPVS: ftp: loaded support on port[0] = 21 [ 56.041951][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.087960][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.110670][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.121510][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.144121][ T7361] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.170529][ T7361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.213296][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.234715][ T7364] chnl_net:caif_netlink_parms(): no params data found [ 56.289967][ T7361] 8021q: adding VLAN 0 to HW filter on device batadv0 21:20:16 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x3f, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x9, @vbi}) [ 56.401494][ T7364] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.408613][ T7364] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.422561][ T7364] device bridge_slave_0 entered promiscuous mode [ 56.458653][ T7364] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.482896][ T7364] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.500185][ T7364] device bridge_slave_1 entered promiscuous mode [ 56.620026][ T7375] IPVS: ftp: loaded support on port[0] = 21 [ 56.631612][ T7364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.676806][ T7368] chnl_net:caif_netlink_parms(): no params data found [ 56.695627][ T7364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.759778][ T7364] team0: Port device team_slave_0 added [ 56.766680][ T7364] team0: Port device team_slave_1 added [ 56.862764][ T7368] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.881367][ T7368] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.899517][ T7368] device bridge_slave_0 entered promiscuous mode [ 56.952290][ T7364] device hsr_slave_0 entered promiscuous mode [ 56.961065][ C1] hrtimer: interrupt took 29371 ns 21:20:17 executing program 5: socket$key(0xf, 0x3, 0x2) socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 56.999422][ T7364] device hsr_slave_1 entered promiscuous mode [ 57.039271][ T7364] debugfs: Directory 'hsr0' with parent '/' already present! [ 57.053285][ T7368] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.060687][ T7368] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.068984][ T7368] device bridge_slave_1 entered promiscuous mode [ 57.103246][ T7364] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.110366][ T7364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.117740][ T7364] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.124856][ T7364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.146420][ T7386] IPVS: ftp: loaded support on port[0] = 21 [ 57.173810][ T7368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.200972][ T7368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:20:17 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 57.246214][ T7389] IPVS: ftp: loaded support on port[0] = 21 [ 57.271436][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.290796][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.392718][ T7368] team0: Port device team_slave_0 added [ 57.407616][ T7375] chnl_net:caif_netlink_parms(): no params data found [ 57.427681][ T7368] team0: Port device team_slave_1 added [ 57.436257][ T7364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.519403][ T7364] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.582568][ T7368] device hsr_slave_0 entered promiscuous mode [ 57.649689][ T7368] device hsr_slave_1 entered promiscuous mode 21:20:17 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 57.712673][ T7368] debugfs: Directory 'hsr0' with parent '/' already present! [ 57.722834][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.740552][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.779683][ T7375] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.786851][ T7375] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.794738][ T7375] device bridge_slave_0 entered promiscuous mode [ 57.872924][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.885410][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.894542][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.901690][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.914182][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.923035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.935553][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.942845][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.951073][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.960757][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.971138][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.980349][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.989637][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.998277][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.007319][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.015920][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.024381][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.033065][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.041855][ T7375] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.048926][ T7375] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.057918][ T7375] device bridge_slave_1 entered promiscuous mode [ 58.081603][ T7364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.102810][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.114087][ T7375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.125456][ T7375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.170569][ T7386] chnl_net:caif_netlink_parms(): no params data found 21:20:18 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 58.216774][ T7375] team0: Port device team_slave_0 added [ 58.225854][ T7389] chnl_net:caif_netlink_parms(): no params data found [ 58.262479][ T7375] team0: Port device team_slave_1 added [ 58.285658][ T7364] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.294067][ T7386] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.302780][ T7386] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.315782][ T7386] device bridge_slave_0 entered promiscuous mode [ 58.338666][ T7368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.371679][ T7386] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.378762][ T7386] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.398255][ T7386] device bridge_slave_1 entered promiscuous mode [ 58.429186][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 58.435008][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 58.453909][ T7368] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.480731][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.488786][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.549228][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 58.555025][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 58.572788][ T7375] device hsr_slave_0 entered promiscuous mode [ 58.609549][ T7375] device hsr_slave_1 entered promiscuous mode [ 58.649270][ T7375] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.662006][ T7386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.675912][ T7386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.693007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.701931][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.725283][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.732422][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.756788][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.776526][ T7421] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.797151][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.806034][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.813185][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 21:20:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 58.823071][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.854626][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.868827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.878524][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.903317][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.912405][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.922019][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.938734][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.958426][ T7389] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.967600][ T7389] bridge0: port 1(bridge_slave_0) entered disabled state 21:20:19 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0x4d0, 0x0, 0x40000084], [0x3a, 0x9104]}) syz_open_dev$dspn(0x0, 0x3, 0x21000) syz_open_dev$swradio(0x0, 0x1, 0x2) [ 59.012874][ T7389] device bridge_slave_0 entered promiscuous mode [ 59.050073][ T7368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.068894][ T7368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.128794][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.146419][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.170478][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.224535][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.229188][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.235727][ T7389] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.238060][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 59.249823][ T7389] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.260840][ T7389] device bridge_slave_1 entered promiscuous mode [ 59.306931][ T7368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.324254][ T7386] team0: Port device team_slave_0 added [ 59.357952][ T7375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.359474][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.366806][ T7386] team0: Port device team_slave_1 added [ 59.370535][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 59.380696][ T7389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 21:20:19 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0x4d0, 0x0, 0x40000084], [0x3a, 0x9104]}) syz_open_dev$dspn(0x0, 0x3, 0x21000) syz_open_dev$swradio(0x0, 0x1, 0x2) [ 59.419536][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.427457][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.438094][ T7389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:20:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 59.486074][ T7375] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.556704][ T7386] device hsr_slave_0 entered promiscuous mode [ 59.619628][ T7386] device hsr_slave_1 entered promiscuous mode [ 59.649171][ T7386] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.689358][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.698418][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 21:20:19 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0x4d0, 0x0, 0x40000084], [0x3a, 0x9104]}) syz_open_dev$dspn(0x0, 0x3, 0x21000) syz_open_dev$swradio(0x0, 0x1, 0x2) [ 59.730013][ T7371] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.737085][ T7371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.759330][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.768195][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.793013][ T7371] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.800181][ T7371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.879890][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.899467][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.909811][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.938841][ T7375] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.962719][ T7375] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.981022][ T7389] team0: Port device team_slave_0 added [ 60.019330][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.030194][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.057810][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.068538][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.083977][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.099506][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.108975][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.123024][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 60.123052][ T25] audit: type=1800 audit(1570742420.267:31): pid=7457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16529 res=0 [ 60.153718][ T25] audit: type=1804 audit(1570742420.297:32): pid=7457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir331221168/syzkaller.mAw5ds/0/file0" dev="sda1" ino=16529 res=1 [ 60.154283][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.180990][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.197259][ T7366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.208212][ T7389] team0: Port device team_slave_1 added [ 60.255670][ T25] audit: type=1804 audit(1570742420.397:33): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir331221168/syzkaller.mAw5ds/0/file0" dev="sda1" ino=16529 res=1 [ 60.288892][ T7375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.402265][ T7389] device hsr_slave_0 entered promiscuous mode [ 60.439718][ T7389] device hsr_slave_1 entered promiscuous mode [ 60.479323][ T7389] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.550286][ T7386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.589779][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.610481][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.628496][ T7386] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.683924][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.706201][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.725481][ T7377] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.732645][ T7377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.771406][ T7389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.804517][ T7386] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.817529][ T7386] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.831569][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.840486][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.850264][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.858841][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.866061][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.875919][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.885530][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.895063][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.904508][ T25] audit: type=1804 audit(1570742421.057:34): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir331221168/syzkaller.mAw5ds/0/file0" dev="sda1" ino=16529 res=1 [ 60.930801][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.940003][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.949043][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 21:20:21 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7a, 0x0, [0x4d0, 0x0, 0x40000084], [0x3a, 0x9104]}) syz_open_dev$dspn(0x0, 0x3, 0x21000) syz_open_dev$swradio(0x0, 0x1, 0x2) 21:20:21 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x393, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8503eb719e25dc14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) ioctl$int_out(r1, 0x5466, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20, @local}, {0x2, 0x4e24, @empty}, 0x7095d4ebcdb70dd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00}) r2 = gettid() ptrace(0x11, r2) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r3 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r4 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) r5 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) r6 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x4, 0x9bc6648ccb836afd) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000080)={0x4, "9dca50784274d08abbb1fcd26d90a7ee5176258bac03b932ee94abb540d9629b"}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000340)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000380)=0x2c) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r6, 0x84, 0x71, &(0x7f0000000440)={r8, 0x10000}, 0x8) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x6, 0x0, 0x10001, 0x8000}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000002c0)={r9}) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000280)={0x7, 0x5476d3ed}) sendfile(r0, r3, 0x0, 0x102000002) syz_emit_ethernet(0x7e, &(0x7f0000002380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000700000000000019078ac7014bb000008000304907800000200010000ac1414aa000000020840000000000000000200e000000200000000e000000100000000000000007f00000100000000ffffffff00000000e000000100000000ac14140000000000"], 0x0) [ 60.957255][ T25] audit: type=1804 audit(1570742421.077:35): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir331221168/syzkaller.mAw5ds/0/file0" dev="sda1" ino=16529 res=1 [ 60.982570][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.992625][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.002761][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.046441][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.059919][ T7389] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.076390][ T7386] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.089126][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.103487][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.129459][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.147847][ T7377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.174211][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.188704][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.214367][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.221542][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.228968][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 61.234900][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 61.257189][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.271902][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.284844][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.291974][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.314280][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.328441][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.345582][ T7389] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.364376][ T7389] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.396428][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.406680][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.418924][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.435600][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.448455][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.476881][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.491783][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.502643][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.524835][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.543786][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.552539][ T7371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.586966][ T7389] 8021q: adding VLAN 0 to HW filter on device batadv0 21:20:21 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x3f, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000080)={0x9, @vbi}) [ 61.911632][ T7501] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 62.106704][ T7502] ================================================================== [ 62.114826][ T7502] BUG: KCSAN: data-race in __splice_from_pipe / pipe_poll [ 62.121919][ T7502] [ 62.124240][ T7502] read to 0xffff888103bda7b8 of 4 bytes by task 7499 on cpu 1: [ 62.131779][ T7502] pipe_poll+0x84/0x1d0 [ 62.135916][ T7502] do_select+0x7d0/0x1020 [ 62.140233][ T7502] core_sys_select+0x38b/0x520 [ 62.144991][ T7502] __x64_sys_pselect6+0x22a/0x280 [ 62.150006][ T7502] do_syscall_64+0xcf/0x2f0 [ 62.154516][ T7502] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.160414][ T7502] [ 62.162735][ T7502] write to 0xffff888103bda7b8 of 4 bytes by task 7502 on cpu 0: [ 62.170353][ T7502] __splice_from_pipe+0x3ce/0x480 [ 62.175367][ T7502] do_vmsplice.part.0+0x1c5/0x210 [ 62.180378][ T7502] __do_sys_vmsplice+0x15f/0x1c0 [ 62.185407][ T7502] __x64_sys_vmsplice+0x5e/0x80 [ 62.190246][ T7502] do_syscall_64+0xcf/0x2f0 [ 62.194924][ T7502] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.200802][ T7502] [ 62.203112][ T7502] Reported by Kernel Concurrency Sanitizer on: [ 62.209273][ T7502] CPU: 0 PID: 7502 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 62.216729][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.226770][ T7502] ================================================================== [ 62.234814][ T7502] Kernel panic - not syncing: panic_on_warn set ... [ 62.241645][ T7502] CPU: 0 PID: 7502 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 62.249343][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.259405][ T7502] Call Trace: [ 62.262888][ T7502] dump_stack+0xf5/0x159 [ 62.267144][ T7502] panic+0x209/0x639 [ 62.271026][ T7502] ? vprintk_func+0x8d/0x140 [ 62.275602][ T7502] kcsan_report.cold+0xc/0x1b [ 62.280348][ T7502] __kcsan_setup_watchpoint+0x3ee/0x510 [ 62.285873][ T7502] __tsan_write4+0x32/0x40 [ 62.290279][ T7502] __splice_from_pipe+0x3ce/0x480 [ 62.295298][ T7502] ? iter_to_pipe+0x3f0/0x3f0 [ 62.299961][ T7502] do_vmsplice.part.0+0x1c5/0x210 [ 62.304971][ T7502] __do_sys_vmsplice+0x15f/0x1c0 [ 62.309901][ T7502] ? __tsan_read8+0x2c/0x30 [ 62.314401][ T7502] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 62.320107][ T7502] ? __kcsan_setup_watchpoint+0x96/0x510 [ 62.325720][ T7502] ? _copy_to_user+0x84/0xb0 [ 62.330301][ T7502] ? __kcsan_setup_watchpoint+0x96/0x510 [ 62.336031][ T7502] ? __kcsan_setup_watchpoint+0x96/0x510 [ 62.341647][ T7502] __x64_sys_vmsplice+0x5e/0x80 [ 62.346490][ T7502] do_syscall_64+0xcf/0x2f0 [ 62.350978][ T7502] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.356940][ T7502] RIP: 0033:0x459a59 [ 62.360900][ T7502] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.380586][ T7502] RSP: 002b:00007f2fa0b53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 62.388977][ T7502] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a59 [ 62.396935][ T7502] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000008 [ 62.404908][ T7502] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 62.412973][ T7502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2fa0b546d4 [ 62.420961][ T7502] R13: 00000000004c94e5 R14: 00000000004e0c68 R15: 00000000ffffffff [ 62.430418][ T7502] Kernel Offset: disabled [ 62.434743][ T7502] Rebooting in 86400 seconds..