[ 37.621303][ T26] audit: type=1800 audit(1554312458.547:25): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.654001][ T26] audit: type=1800 audit(1554312458.547:26): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.676099][ T26] audit: type=1800 audit(1554312458.547:27): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.722224][ T26] audit: type=1800 audit(1554312458.647:28): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. 2019/04/03 17:27:49 fuzzer started 2019/04/03 17:27:52 dialing manager at 10.128.0.26:44045 2019/04/03 17:27:52 syscalls: 2408 2019/04/03 17:27:52 code coverage: enabled 2019/04/03 17:27:52 comparison tracing: enabled 2019/04/03 17:27:52 extra coverage: extra coverage is not supported by the kernel 2019/04/03 17:27:52 setuid sandbox: enabled 2019/04/03 17:27:52 namespace sandbox: enabled 2019/04/03 17:27:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/03 17:27:52 fault injection: enabled 2019/04/03 17:27:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/03 17:27:52 net packet injection: enabled 2019/04/03 17:27:52 net device setup: enabled 17:29:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'gre0\x00', 0x0}) sendmmsg(r1, &(0x7f0000008a80)=[{{&(0x7f0000000180)=@ll={0x11, 0x6558, r2, 0x1, 0x0, 0x6, @link_local}, 0x80, 0x0}}], 0x300, 0x0) syzkaller login: [ 167.446881][ T7793] IPVS: ftp: loaded support on port[0] = 21 17:29:48 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@setlink={0x28, 0x13, 0x205, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKMODE={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) [ 167.562100][ T7793] chnl_net:caif_netlink_parms(): no params data found [ 167.647806][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.667337][ T7793] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.681172][ T7793] device bridge_slave_0 entered promiscuous mode [ 167.690452][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.697532][ T7793] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.707077][ T7793] device bridge_slave_1 entered promiscuous mode [ 167.734990][ T7793] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 167.746512][ T7793] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.749644][ T7796] IPVS: ftp: loaded support on port[0] = 21 [ 167.781143][ T7793] team0: Port device team_slave_0 added [ 167.788533][ T7793] team0: Port device team_slave_1 added 17:29:48 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x80044dfc, &(0x7f0000000140)) [ 167.872262][ T7793] device hsr_slave_0 entered promiscuous mode [ 167.909680][ T7793] device hsr_slave_1 entered promiscuous mode [ 167.981841][ T7798] IPVS: ftp: loaded support on port[0] = 21 [ 167.995114][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.002502][ T7793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.010482][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.017720][ T7793] bridge0: port 1(bridge_slave_0) entered forwarding state 17:29:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c) clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x35) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r3 = getpid() tkill(r3, 0x3a) [ 168.168145][ T7796] chnl_net:caif_netlink_parms(): no params data found [ 168.185434][ T7793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.246639][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.268485][ T3759] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.289940][ T3759] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.305078][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 168.326956][ T7793] 8021q: adding VLAN 0 to HW filter on device team0 17:29:49 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x3102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() futex(&(0x7f0000000040)=0x2, 0x8b, 0x2, &(0x7f0000000080)={0x77359400}, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0xd) [ 168.375173][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.385386][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.392515][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.402546][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.411084][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.418332][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.435654][ T7805] IPVS: ftp: loaded support on port[0] = 21 [ 168.475939][ T7798] chnl_net:caif_netlink_parms(): no params data found [ 168.516926][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.541446][ T7796] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.548541][ T7796] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.557764][ T7796] device bridge_slave_0 entered promiscuous mode [ 168.577586][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.591327][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.602590][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.613546][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.626595][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.644777][ T7796] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.657832][ T7796] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.666629][ T7796] device bridge_slave_1 entered promiscuous mode [ 168.704597][ T7807] IPVS: ftp: loaded support on port[0] = 21 17:29:49 executing program 5: futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0) [ 168.768102][ T7793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.801320][ T7796] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.818498][ T7796] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.859867][ T7798] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.871399][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.879548][ T7798] device bridge_slave_0 entered promiscuous mode [ 168.911258][ T7798] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.918364][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.933678][ T7798] device bridge_slave_1 entered promiscuous mode [ 168.957898][ T7796] team0: Port device team_slave_0 added [ 168.974027][ T7796] team0: Port device team_slave_1 added [ 168.996959][ T7809] IPVS: ftp: loaded support on port[0] = 21 [ 169.014345][ T7798] bond0: Enslaving bond_slave_0 as an active interface with an up link 17:29:49 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f00000000c0)=0x4c000000, 0x10a000d04) 17:29:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000020807031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) [ 169.057657][ T7798] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.161317][ T7796] device hsr_slave_0 entered promiscuous mode [ 169.199594][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 169.199925][ T7796] device hsr_slave_1 entered promiscuous mode 17:29:50 executing program 0: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) [ 169.308522][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 169.321420][ T7807] chnl_net:caif_netlink_parms(): no params data found [ 169.340440][ T7798] team0: Port device team_slave_0 added [ 169.348031][ T7798] team0: Port device team_slave_1 added [ 169.382509][ T7805] chnl_net:caif_netlink_parms(): no params data found 17:29:50 executing program 0: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 17:29:50 executing program 0: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 17:29:50 executing program 0: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 17:29:50 executing program 0: clone(0x4000002102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\f', 0xffffffffffffffff, 0x4c00000000006874}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:D2', 0x0) [ 169.482028][ T7798] device hsr_slave_0 entered promiscuous mode [ 169.511739][ T7798] device hsr_slave_1 entered promiscuous mode [ 169.637768][ T7807] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.645542][ T7807] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.653651][ T7807] device bridge_slave_0 entered promiscuous mode [ 169.693896][ T7807] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.701462][ T7807] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.709415][ T7807] device bridge_slave_1 entered promiscuous mode [ 169.735514][ T7805] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.742959][ T7805] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.751450][ T7805] device bridge_slave_0 entered promiscuous mode [ 169.783666][ T7807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.794966][ T7805] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.802257][ T7805] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.810777][ T7805] device bridge_slave_1 entered promiscuous mode [ 169.834903][ T7805] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.846716][ T7807] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.860068][ T7805] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.883542][ T7807] team0: Port device team_slave_0 added [ 169.892012][ T7809] chnl_net:caif_netlink_parms(): no params data found [ 169.924508][ T7807] team0: Port device team_slave_1 added [ 169.954797][ T7796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.974024][ T7805] team0: Port device team_slave_0 added [ 170.010785][ T7805] team0: Port device team_slave_1 added [ 170.062132][ T7807] device hsr_slave_0 entered promiscuous mode [ 170.099875][ T7807] device hsr_slave_1 entered promiscuous mode [ 170.147122][ T7796] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.162976][ T7809] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.170582][ T7809] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.178259][ T7809] device bridge_slave_0 entered promiscuous mode [ 170.188637][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.196560][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.264615][ T7805] device hsr_slave_0 entered promiscuous mode [ 170.319877][ T7805] device hsr_slave_1 entered promiscuous mode [ 170.359643][ T7809] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.366759][ T7809] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.374894][ T7809] device bridge_slave_1 entered promiscuous mode [ 170.391654][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.400634][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.409423][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.416497][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.443346][ T7798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.459301][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.467896][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.477027][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.485551][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.493305][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.501917][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.519888][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.528600][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.537689][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.550725][ T7809] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.561503][ T7809] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.594259][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.602397][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.611041][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.619672][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.627948][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.637428][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.646175][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.664978][ T7798] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.681267][ T7796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.690396][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.698109][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.717849][ T7809] team0: Port device team_slave_0 added [ 170.744641][ T7809] team0: Port device team_slave_1 added [ 170.764052][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.774656][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.783185][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.790328][ T7799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.798146][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.807207][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.815638][ T7799] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.822813][ T7799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.845941][ T7805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.881159][ T7809] device hsr_slave_0 entered promiscuous mode [ 170.929844][ T7809] device hsr_slave_1 entered promiscuous mode [ 170.972502][ T7796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.982351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.990730][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.999101][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.043428][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.051901][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.062584][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.076390][ T7807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.104414][ T7805] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.124438][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.133310][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.141970][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.150379][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.162324][ T7807] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.175491][ T7848] team0: Device hsr0 is up. Set it down before adding it as a team port [ 171.184594][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.194000][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.203040][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.211658][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.220571][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.227654][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.235412][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.244370][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.252907][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.260005][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.268114][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.290510][ T7850] team0: Device hsr0 is up. Set it down before adding it as a team port 17:29:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f35"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 171.311698][ T7798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 171.324945][ T7798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.349308][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.357875][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.377829][ T7853] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 171.383607][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.400191][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.408756][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.423051][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.433176][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.442312][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.451354][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.463183][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.470326][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.478674][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.488528][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.497224][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.506919][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.518079][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.529819][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.577826][ T7809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.598890][ T7807] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 171.614852][ T7807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.637450][ T7798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.663510][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.677303][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.689926][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.698145][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.706687][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.715062][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.723737][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.732249][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.740691][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.748867][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.757581][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.765779][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.774674][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.784363][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.792319][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.800246][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.814774][ T7807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.842791][ T7809] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.877350][ T7805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 17:29:52 executing program 2: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) close(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0)) [ 171.914826][ T7805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 171.928312][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.950186][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.957948][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.972598][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.983408][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.991803][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.013707][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.021369][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.029953][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.038271][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.045403][ T7799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.052905][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.061878][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.070968][ T7799] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.078019][ T7799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.085799][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.095696][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.111762][ T7805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.134628][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.147400][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.158682][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.177717][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.186901][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.195860][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.210655][ T7809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 172.239790][ T7809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.261317][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.278491][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.293671][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.302237][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.310413][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 172.310428][ T26] audit: type=1326 audit(1554312593.227:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7874 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4582b9 code=0x0 [ 172.339432][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 17:29:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c) clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x35) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r3 = getpid() tkill(r3, 0x3a) 17:29:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7b, 0x600000000000000, [0x0, 0x0, 0x40000105], [0xc2]}) [ 172.392748][ T7809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.452447][ T26] audit: type=1326 audit(1554312593.377:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7886 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4582b9 code=0x0 17:29:53 executing program 5: futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0) 17:29:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0xa0007}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x3fd, 0x0, 0x0, 0xfffffffffffffe60) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)) 17:29:53 executing program 2: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) close(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0)) 17:29:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800) accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x40000000013f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8) capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5}) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) close(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0)) 17:29:53 executing program 5: futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0) 17:29:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c) clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x35) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r3 = getpid() tkill(r3, 0x3a) 17:29:53 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaaaaaaaaaaab3f, &(0x7f0000000200), 0x0, &(0x7f0000000740)={[{@gid={'gid'}}]}) getgid() 17:29:53 executing program 2: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) close(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0)) 17:29:53 executing program 5: futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0) 17:29:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800) accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x40000000013f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8) capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5}) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}, 0x40000000013f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8) capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5}) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}, 0x40000000013f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8) capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5}) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.751571][ T7965] RSP: 002b:00007f4df9230c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 173.759989][ T7965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 173.768457][ T7965] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000006 [ 173.776446][ T7965] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 173.784417][ T7965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4df92316d4 [ 173.792390][ T7965] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 173.800385][ T7965] [ 173.802716][ T7965] Allocated by task 7900: [ 173.807055][ T7965] save_stack+0x45/0xd0 [ 173.811233][ T7965] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 173.816867][ T7965] kasan_kmalloc+0x9/0x10 [ 173.816883][ T7965] kmem_cache_alloc_trace+0x151/0x760 [ 173.816900][ T7965] cma_alloc_port+0x4f/0x1a0 [ 173.816916][ T7965] rdma_bind_addr+0x1bc0/0x1f80 [ 173.816931][ T7965] rdma_resolve_addr+0x437/0x21f0 [ 173.816944][ T7965] ucma_resolve_ip+0x153/0x210 [ 173.816956][ T7965] ucma_write+0x2da/0x3c0 [ 173.816978][ T7965] __vfs_write+0x8d/0x110 [ 173.817002][ T7965] vfs_write+0x20c/0x580 [ 173.817015][ T7965] ksys_write+0xea/0x1f0 [ 173.826823][ T7965] __x64_sys_write+0x73/0xb0 [ 173.826841][ T7965] do_syscall_64+0x103/0x610 [ 173.826858][ T7965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.826862][ T7965] [ 173.826869][ T7965] Freed by task 7899: [ 173.826884][ T7965] save_stack+0x45/0xd0 [ 173.826899][ T7965] __kasan_slab_free+0x102/0x150 [ 173.826914][ T7965] kasan_slab_free+0xe/0x10 [ 173.826933][ T7965] kfree+0xcf/0x230 [ 173.900819][ T7935] hfs: can't find a HFS filesystem on dev loop1 [ 173.901888][ T7965] rdma_destroy_id+0x7fc/0xaa0 [ 173.901904][ T7965] ucma_close+0x115/0x320 [ 173.901917][ T7965] __fput+0x2e5/0x8d0 [ 173.901928][ T7965] ____fput+0x16/0x20 [ 173.901946][ T7965] task_work_run+0x14a/0x1c0 [ 173.901963][ T7965] exit_to_usermode_loop+0x273/0x2c0 [ 173.901984][ T7965] do_syscall_64+0x52d/0x610 [ 173.902000][ T7965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.902005][ T7965] [ 173.902016][ T7965] The buggy address belongs to the object at ffff88808eea3540 [ 173.902016][ T7965] which belongs to the cache kmalloc-32 of size 32 [ 173.902028][ T7965] The buggy address is located 8 bytes inside of [ 173.902028][ T7965] 32-byte region [ffff88808eea3540, ffff88808eea3560) [ 173.902033][ T7965] The buggy address belongs to the page: [ 173.902054][ T7965] page:ffffea00023ba8c0 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff88808eea3fc1 [ 173.902066][ T7965] flags: 0x1fffc0000000200(slab) [ 173.995497][ T7965] raw: 01fffc0000000200 ffffea0002a1cac8 ffffea000250ddc8 ffff88812c3f01c0 [ 174.004085][ T7965] raw: ffff88808eea3fc1 ffff88808eea3000 000000010000003f 0000000000000000 [ 174.012656][ T7965] page dumped because: kasan: bad access detected [ 174.019070][ T7965] [ 174.021404][ T7965] Memory state around the buggy address: [ 174.027033][ T7965] ffff88808eea3400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 174.035088][ T7965] ffff88808eea3480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 174.043144][ T7965] >ffff88808eea3500: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 174.051194][ T7965] ^ 17:29:55 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1}) write$P9_RUNLINKAT(r0, &(0x7f00000001c0)={0x7}, 0x7) setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) [ 174.057612][ T7965] ffff88808eea3580: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 174.065681][ T7965] ffff88808eea3600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 174.073731][ T7965] ================================================================== [ 174.081778][ T7965] Disabling lock debugging due to kernel taint [ 174.153386][ T7965] Kernel panic - not syncing: panic_on_warn set ... [ 174.160021][ T7965] CPU: 1 PID: 7965 Comm: syz-executor.4 Tainted: G B 5.1.0-rc3-next-20190403 #17 [ 174.170424][ T7965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.180476][ T7965] Call Trace: [ 174.183768][ T7965] dump_stack+0x172/0x1f0 [ 174.188107][ T7965] panic+0x2cb/0x65c [ 174.192003][ T7965] ? __warn_printk+0xf3/0xf3 [ 174.196592][ T7965] ? cma_check_port+0x8ce/0x8f0 [ 174.201451][ T7965] ? preempt_schedule+0x4b/0x60 [ 174.206300][ T7965] ? ___preempt_schedule+0x16/0x18 [ 174.211411][ T7965] ? trace_hardirqs_on+0x5e/0x230 [ 174.216433][ T7965] ? cma_check_port+0x8ce/0x8f0 [ 174.221289][ T7965] end_report+0x47/0x4f [ 174.225442][ T7965] ? cma_check_port+0x8ce/0x8f0 [ 174.230286][ T7965] kasan_report.cold+0xe/0x40 [ 174.234956][ T7965] ? __xa_insert+0x1d0/0x2a0 [ 174.239543][ T7965] ? cma_check_port+0x8ce/0x8f0 [ 174.244390][ T7965] __asan_report_load8_noabort+0x14/0x20 [ 174.250025][ T7965] cma_check_port+0x8ce/0x8f0 [ 174.254700][ T7965] rdma_bind_addr+0x19c3/0x1f80 [ 174.259545][ T7965] ? lock_acquire+0x1ea/0x3f0 [ 174.264220][ T7965] ? ucma_get_ctx+0x82/0x160 [ 174.268801][ T7965] ? find_held_lock+0x35/0x130 [ 174.273559][ T7965] ? cma_ndev_work_handler+0x1c0/0x1c0 [ 174.279063][ T7965] ? lock_downgrade+0x880/0x880 [ 174.283926][ T7965] rdma_resolve_addr+0x437/0x21f0 [ 174.288962][ T7965] ? kasan_check_write+0x14/0x20 [ 174.293929][ T7965] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 174.299464][ T7965] ? lock_downgrade+0x880/0x880 [ 174.304309][ T7965] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.310547][ T7965] ? rdma_bind_addr+0x1f80/0x1f80 [ 174.315583][ T7965] ucma_resolve_ip+0x153/0x210 [ 174.320345][ T7965] ? ucma_resolve_ip+0x153/0x210 [ 174.325274][ T7965] ? ucma_query+0x820/0x820 [ 174.329775][ T7965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.336052][ T7965] ? _copy_from_user+0xdd/0x150 [ 174.340895][ T7965] ucma_write+0x2da/0x3c0 [ 174.345235][ T7965] ? ucma_query+0x820/0x820 [ 174.349734][ T7965] ? ucma_open+0x290/0x290 [ 174.354144][ T7965] ? apparmor_file_permission+0x25/0x30 [ 174.359683][ T7965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.366090][ T7965] ? security_file_permission+0x94/0x380 [ 174.371719][ T7965] __vfs_write+0x8d/0x110 [ 174.376039][ T7965] ? ucma_open+0x290/0x290 [ 174.380453][ T7965] vfs_write+0x20c/0x580 [ 174.384701][ T7965] ksys_write+0xea/0x1f0 [ 174.388940][ T7965] ? __ia32_sys_read+0xb0/0xb0 [ 174.393724][ T7965] ? do_syscall_64+0x26/0x610 [ 174.398395][ T7965] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.404468][ T7965] ? do_syscall_64+0x26/0x610 [ 174.409144][ T7965] __x64_sys_write+0x73/0xb0 [ 174.413733][ T7965] do_syscall_64+0x103/0x610 [ 174.418319][ T7965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.424208][ T7965] RIP: 0033:0x4582b9 [ 174.428107][ T7965] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.447720][ T7965] RSP: 002b:00007f4df9230c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.456127][ T7965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 174.464119][ T7965] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000006 [ 174.472077][ T7965] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 174.480040][ T7965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4df92316d4 [ 174.488006][ T7965] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 174.496740][ T7965] Kernel Offset: disabled [ 174.501062][ T7965] Rebooting in 86400 seconds..