[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.996069][ T26] audit: type=1800 audit(1574139556.407:25): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.018400][ T26] audit: type=1800 audit(1574139556.417:26): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.059807][ T26] audit: type=1800 audit(1574139556.417:27): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts. 2019/11/19 04:59:28 fuzzer started 2019/11/19 04:59:30 dialing manager at 10.128.0.26:39077 2019/11/19 04:59:30 syscalls: 2566 2019/11/19 04:59:30 code coverage: enabled 2019/11/19 04:59:30 comparison tracing: enabled 2019/11/19 04:59:30 extra coverage: enabled 2019/11/19 04:59:30 setuid sandbox: enabled 2019/11/19 04:59:30 namespace sandbox: enabled 2019/11/19 04:59:30 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/19 04:59:30 fault injection: enabled 2019/11/19 04:59:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/19 04:59:30 net packet injection: enabled 2019/11/19 04:59:30 net device setup: enabled 2019/11/19 04:59:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/19 04:59:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 05:02:18 executing program 0: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000100)=[{r0, 0x1}], 0x1, 0xfffffff7) write$binfmt_aout(r1, 0x0, 0x0) 05:02:18 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @local}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={r1, 0x1, 0x6, @remote}, 0x10) syzkaller login: [ 239.205764][ T8890] IPVS: ftp: loaded support on port[0] = 21 [ 239.383202][ T8890] chnl_net:caif_netlink_parms(): no params data found 05:02:18 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000000)=""/112, 0x70) lseek(r1, 0xfffffffffffffffe, 0x1) [ 239.466535][ T8890] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.488825][ T8890] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.497362][ T8890] device bridge_slave_0 entered promiscuous mode [ 239.520182][ T8893] IPVS: ftp: loaded support on port[0] = 21 [ 239.526372][ T8890] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.539236][ T8890] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.551327][ T8890] device bridge_slave_1 entered promiscuous mode [ 239.618368][ T8890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.644385][ T8890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.742369][ T8890] team0: Port device team_slave_0 added [ 239.777671][ T8896] IPVS: ftp: loaded support on port[0] = 21 [ 239.787032][ T8890] team0: Port device team_slave_1 added 05:02:19 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x6, 0x0) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="003e6b0b4f43a99fe4a5ea4c0000160080d90920515e0000020000000007e9ff088cdf6d1e4833bb98394cc3003b3c040000710e1387145a9bbeb6c636e171d09a93a3e89f9721da03e685ab0d09000000e92bdae47d9ef9f9fb03840f99fd411bb779d141cd4d57a30c557090343ddcdb15e71820410ba3855e358fc3de7c4604f9f4038b35ed11f867aa3fb0ba364102c91c5ce11a19f4f319e993f48d14fd8eff7533543570f859a0f45c985fe63281f14bdc38bb639857b96fa07b2b94e4f441569377c47550e66357d2aec773ca351992ce35adafd8c276b810a37f53a4103e886f5724a9eb2257a99000"/247], 0x35) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xea) dup2(r1, r0) ioctl$TCXONC(r0, 0x540a, 0x3) [ 239.804296][ T8893] chnl_net:caif_netlink_parms(): no params data found [ 239.932500][ T8890] device hsr_slave_0 entered promiscuous mode 05:02:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}], 0x0, 0x20000000, 0x0}) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}], 0x0, 0x20000000, 0x0}) [ 240.029145][ T8890] device hsr_slave_1 entered promiscuous mode [ 240.148869][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.156219][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.164876][ T8893] device bridge_slave_0 entered promiscuous mode [ 240.222656][ T8898] IPVS: ftp: loaded support on port[0] = 21 [ 240.244882][ T8893] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.254611][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.269724][ T8893] device bridge_slave_1 entered promiscuous mode [ 240.345579][ T8900] IPVS: ftp: loaded support on port[0] = 21 [ 240.358440][ T8893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 05:02:19 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$isdn(0x22, 0x3, 0x10) [ 240.426138][ T8893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.436197][ T8890] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 240.568055][ T8890] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 240.611481][ T8890] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 240.674155][ T8893] team0: Port device team_slave_0 added [ 240.685049][ T8893] team0: Port device team_slave_1 added [ 240.701515][ T8890] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 240.701866][ T8902] IPVS: ftp: loaded support on port[0] = 21 [ 240.811824][ T8893] device hsr_slave_0 entered promiscuous mode [ 240.850181][ T8893] device hsr_slave_1 entered promiscuous mode [ 240.888921][ T8893] debugfs: Directory 'hsr0' with parent '/' already present! [ 240.900262][ T8896] chnl_net:caif_netlink_parms(): no params data found [ 241.007893][ T8898] chnl_net:caif_netlink_parms(): no params data found [ 241.125224][ T8896] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.132514][ T8896] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.140374][ T8896] device bridge_slave_0 entered promiscuous mode [ 241.159327][ T8893] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 241.226741][ T8893] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 241.316157][ T8896] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.324056][ T8896] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.332395][ T8896] device bridge_slave_1 entered promiscuous mode [ 241.342493][ T8898] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.350267][ T8898] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.358077][ T8898] device bridge_slave_0 entered promiscuous mode [ 241.365603][ T8893] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 241.435071][ T8893] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 241.520618][ T8898] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.527706][ T8898] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.536291][ T8898] device bridge_slave_1 entered promiscuous mode [ 241.546029][ T8900] chnl_net:caif_netlink_parms(): no params data found [ 241.559281][ T8902] chnl_net:caif_netlink_parms(): no params data found [ 241.577353][ T8896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.620153][ T8896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.641710][ T8900] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.648937][ T8900] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.656652][ T8900] device bridge_slave_0 entered promiscuous mode [ 241.666129][ T8900] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.673306][ T8900] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.681593][ T8900] device bridge_slave_1 entered promiscuous mode [ 241.696133][ T8898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.741785][ T8898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.752866][ T8896] team0: Port device team_slave_0 added [ 241.765853][ T8900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.785184][ T8890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.813043][ T8896] team0: Port device team_slave_1 added [ 241.822523][ T8900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.832549][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.840230][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.847913][ T8902] device bridge_slave_0 entered promiscuous mode [ 241.855825][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.863116][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.871245][ T8902] device bridge_slave_1 entered promiscuous mode [ 241.880308][ T8898] team0: Port device team_slave_0 added [ 241.887671][ T8898] team0: Port device team_slave_1 added [ 241.924476][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.002150][ T8898] device hsr_slave_0 entered promiscuous mode [ 242.049144][ T8898] device hsr_slave_1 entered promiscuous mode [ 242.088860][ T8898] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.110445][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.119513][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.129778][ T8900] team0: Port device team_slave_0 added [ 242.139318][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.160377][ T8890] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.174594][ T8900] team0: Port device team_slave_1 added [ 242.242456][ T8896] device hsr_slave_0 entered promiscuous mode [ 242.289885][ T8896] device hsr_slave_1 entered promiscuous mode [ 242.339130][ T8896] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.362997][ T8902] team0: Port device team_slave_0 added [ 242.374518][ T8902] team0: Port device team_slave_1 added [ 242.424820][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.434565][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.443753][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.450965][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.461203][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.470144][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.478582][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.485714][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.493516][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.572346][ T8900] device hsr_slave_0 entered promiscuous mode [ 242.609432][ T8900] device hsr_slave_1 entered promiscuous mode [ 242.648790][ T8900] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.671612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.689642][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.699498][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.708224][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.718351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.782297][ T8902] device hsr_slave_0 entered promiscuous mode [ 242.839186][ T8902] device hsr_slave_1 entered promiscuous mode [ 242.878853][ T8902] debugfs: Directory 'hsr0' with parent '/' already present! [ 242.912989][ T8896] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 242.987741][ T8896] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 243.043351][ T8893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.056865][ T3706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.065855][ T3706] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.077783][ T3706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 243.086454][ T3706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 243.102902][ T8898] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 243.161460][ T8898] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 243.235223][ T8896] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 243.284287][ T8896] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 243.336766][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 243.348524][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 243.359158][ T8890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 243.370429][ T8898] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 243.413579][ T8898] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 243.472116][ T8900] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 243.544718][ T8893] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.573772][ T8900] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 243.660404][ T8900] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 243.700764][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.712957][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.721112][ T8902] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 243.791059][ T8902] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 243.857149][ T8900] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 243.891904][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 243.899650][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.907089][ T8902] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 243.955387][ T8902] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 244.043631][ T8890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.056744][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.066270][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.075416][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.082546][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.090502][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.099256][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.109058][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.116155][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.123982][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.132570][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.141641][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.176402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.188161][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.197820][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.209335][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.220708][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.228532][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 244.237421][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 244.317668][ T8893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 244.340480][ T8893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.381491][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.403638][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 05:02:23 executing program 0: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000100)=[{r0, 0x1}], 0x1, 0xfffffff7) write$binfmt_aout(r1, 0x0, 0x0) [ 244.476483][ T8896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.493227][ T8898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.508868][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 244.516362][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 244.536653][ T8893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.563559][ T8898] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.577421][ T8900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.590663][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.606792][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.628907][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 05:02:24 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000100)={@local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x21, 0x0, @dev, @remote}, @gre}}}}, 0x0) [ 244.637772][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.647136][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.654313][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.662956][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.672136][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.681170][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.688269][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.698525][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.717803][ T8896] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.755195][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.764001][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.772315][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.785076][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.794874][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:02:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) request_key(&(0x7f0000000300)='id_resolver\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000780)='\x00', 0xffffffffffffffff) [ 244.803664][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.827271][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.838027][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.847647][ T8908] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.854809][ T8908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.870236][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.883681][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.892491][ T8908] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.899700][ T8908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.918889][ T8900] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.958423][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.973673][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.985859][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.997414][ T3113] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.004677][ T3113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.013339][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.022692][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.032673][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.041581][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.051216][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.061435][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.070806][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.079652][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.088737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.096920][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 05:02:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x2002) dup3(r1, r0, 0x0) fcntl$setstatus(r0, 0x4, 0x0) [ 245.104980][ T8926] device syz_tun entered promiscuous mode [ 245.125144][ T8902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.145701][ T8924] device syz_tun left promiscuous mode [ 245.178254][ T8902] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.213147][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 05:02:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000), 0x4) write(r1, &(0x7f0000000000), 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)={0xffff, 0x0, 0x1000}) r2 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x62a, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)) socket$inet6(0xa, 0x49c68e0740a3058b, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000580)={{{@in=@multicast1, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e20, 0x0, 0x0, 0x2, 0x0, 0x1b0, 0x80, 0x33}, {0x3fde27fc, 0x0, 0x0, 0x0, 0x5, 0x7, 0x2000000000004, 0x1}, {0x0, 0x3}, 0x0, 0x6e6bb8, 0x6, 0x1, 0x2, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x10}, 0x4d5}, 0xa, @in6=@mcast1, 0x3503, 0x8476f732d1874694, 0x0, 0x0, 0x3, 0x4e9}}, 0xe8) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r4, 0x4, 0x2000) fchdir(r3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x0) [ 245.225505][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.250648][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.265268][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.276624][ T8907] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.283783][ T8907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.293691][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.302881][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.313029][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.326745][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.334740][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.345585][ T8898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.356679][ T8930] device syz_tun entered promiscuous mode [ 245.363954][ T8930] device syz_tun left promiscuous mode [ 245.382166][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 05:02:24 executing program 1: clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) [ 245.393715][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.413822][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.422982][ C0] hrtimer: interrupt took 27565 ns [ 245.425602][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 05:02:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x22) socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x200008c4) socket$kcm(0x29, 0x2, 0x0) r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={0xffffffffffffffff, &(0x7f00000009c0)}, 0x20) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000003800)=[{&(0x7f0000000180)="f4001100002b2c25e994efd18498d66205baa68754a3f5ffffff02000000000000000900000000002100000000000000c00100", 0x33}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000580)={&(0x7f0000000540)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) 05:02:25 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x22) socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x200008c4) socket$kcm(0x29, 0x2, 0x0) r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={0xffffffffffffffff, &(0x7f00000009c0)}, 0x20) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000003800)=[{&(0x7f0000000180)="f4001100002b2c25e994efd18498d66205baa68754a3f5ffffff02000000000000000900000000002100000000000000c00100", 0x33}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000580)={&(0x7f0000000540)='./file0\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) [ 373.048613][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 373.055416][ C1] rcu: 1-....: (11394 ticks this GP) idle=3b2/1/0x4000000000000002 softirq=13436/13438 fqs=5248 [ 373.066228][ C1] (t=10502 jiffies g=9041 q=147) [ 373.071263][ C1] NMI backtrace for cpu 1 [ 373.075593][ C1] CPU: 1 PID: 8936 Comm: syz-executor.0 Not tainted 5.4.0-rc7-next-20191115 #0 [ 373.084501][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.094546][ C1] Call Trace: [ 373.097807][ C1] [ 373.100739][ C1] dump_stack+0x197/0x210 [ 373.105088][ C1] nmi_cpu_backtrace.cold+0x70/0xb2 [ 373.110268][ C1] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 373.115878][ C1] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 373.121838][ C1] arch_trigger_cpumask_backtrace+0x14/0x20 [ 373.127718][ C1] rcu_dump_cpu_stacks+0x183/0x1cf [ 373.132864][ C1] ? find_next_bit+0x107/0x130 [ 373.137623][ C1] rcu_sched_clock_irq.cold+0x509/0xc02 [ 373.143147][ C1] ? raise_softirq+0x138/0x340 [ 373.147889][ C1] update_process_times+0x2d/0x70 [ 373.152904][ C1] tick_sched_handle+0xa2/0x190 [ 373.157737][ C1] tick_sched_timer+0x53/0x140 [ 373.162481][ C1] __hrtimer_run_queues+0x364/0xe40 [ 373.167658][ C1] ? tick_sched_do_timer+0x1b0/0x1b0 [ 373.172926][ C1] ? hrtimer_init+0x330/0x330 [ 373.177590][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 373.183296][ C1] ? ktime_get_update_offsets_now+0x2ce/0x430 [ 373.189343][ C1] hrtimer_interrupt+0x314/0x770 [ 373.194309][ C1] smp_apic_timer_interrupt+0x160/0x610 [ 373.199833][ C1] apic_timer_interrupt+0xf/0x20 [ 373.204742][ C1] [ 373.207671][ C1] RIP: 0010:irq_work_sync+0xfa/0x1d0 [ 373.212943][ C1] Code: ff f3 90 e8 78 87 f5 ff be 04 00 00 00 4c 89 e7 e8 ab a6 31 00 41 0f b6 06 41 38 c5 7c 08 84 c0 0f 85 b8 00 00 00 41 8b 1c 24 <31> ff 83 e3 02 89 de e8 ca 88 f5 ff 85 db 75 c2 e8 41 87 f5 ff 5b [ 373.232532][ C1] RSP: 0018:ffff88805b71fc08 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 373.240917][ C1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff817e51d5 [ 373.248876][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880a58db408 [ 373.256858][ C1] RBP: ffff88805b71fc28 R08: 1ffff11014b1b681 R09: ffffed1014b1b682 [ 373.264809][ C1] R10: ffffed1014b1b681 R11: ffff8880a58db40b R12: ffff8880a58db408 [ 373.272756][ C1] R13: 0000000000000003 R14: ffffed1014b1b681 R15: ffff88805b71fcc8 [ 373.280718][ C1] ? irq_work_sync+0xe5/0x1d0 [ 373.285383][ C1] ? irq_work_sync+0xe5/0x1d0 [ 373.290050][ C1] _free_event+0x89/0x13b0 [ 373.294448][ C1] ? __kasan_check_write+0x14/0x20 [ 373.299537][ C1] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 373.305071][ C1] ? mark_held_locks+0xa4/0xf0 [ 373.309812][ C1] ? ring_buffer_attach+0x650/0x650 [ 373.314989][ C1] ? wait_for_completion+0x440/0x440 [ 373.320254][ C1] put_event+0x47/0x60 [ 373.324300][ C1] perf_event_release_kernel+0x6d5/0xd70 [ 373.329910][ C1] ? __perf_event_exit_context+0x170/0x170 [ 373.335695][ C1] ? fasync_helper+0x6e/0xb2 [ 373.340275][ C1] perf_release+0x37/0x50 [ 373.344582][ C1] __fput+0x2ff/0x890 [ 373.348555][ C1] ? perf_event_release_kernel+0xd70/0xd70 [ 373.354336][ C1] ____fput+0x16/0x20 [ 373.358305][ C1] task_work_run+0x145/0x1c0 [ 373.362876][ C1] exit_to_usermode_loop+0x316/0x380 [ 373.368139][ C1] do_syscall_64+0x676/0x790 [ 373.372738][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 373.378692][ C1] RIP: 0033:0x4141d1 [ 373.382583][ C1] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 373.402168][ C1] RSP: 002b:00007ffc3ee55300 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 373.410571][ C1] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004141d1 [ 373.418523][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 373.426485][ C1] RBP: 0000000000000001 R08: 0000000034194edd R09: 0000000034194ee1 [ 373.434447][ C1] R10: 00007ffc3ee553e0 R11: 0000000000000293 R12: 000000000075c9a0 [ 373.442397][ C1] R13: 000000000075c9a0 R14: 0000000000762b30 R15: 000000000075bfd4