[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.836875] kauditd_printk_skb: 7 callbacks suppressed [ 28.836886] audit: type=1800 audit(1544549287.697:29): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.863653] audit: type=1800 audit(1544549287.697:30): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.788470] sshd (6070) used greatest stack depth: 15600 bytes left Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. 2018/12/11 17:28:19 fuzzer started 2018/12/11 17:28:21 dialing manager at 10.128.0.26:34565 [ 42.954244] ld (6095) used greatest stack depth: 15184 bytes left 2018/12/11 17:28:21 syscalls: 1 2018/12/11 17:28:21 code coverage: enabled 2018/12/11 17:28:21 comparison tracing: enabled 2018/12/11 17:28:21 setuid sandbox: enabled 2018/12/11 17:28:21 namespace sandbox: enabled 2018/12/11 17:28:21 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/11 17:28:21 fault injection: enabled 2018/12/11 17:28:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/11 17:28:21 net packet injection: enabled 2018/12/11 17:28:21 net device setup: enabled 17:31:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 226.280301] IPVS: ftp: loaded support on port[0] = 21 17:31:25 executing program 1: openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000680)='./file0\x00') r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x1, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000140), &(0x7f0000000240)=0x4) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) fsetxattr$security_smack_transmute(r1, &(0x7f0000000380)='security.SMACK64TRANSMUTE\x00', &(0x7f00000003c0)='TRUE', 0x4, 0x1) getegid() stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000500)) add_key$user(&(0x7f00000006c0)='user\x00', &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740)="c36d05ee804d1aa88737f3e96855668a9b92006e2e2fad0c9150746d8d4ce89cbaf24cf5e339a83dc047c781979560181becbc7325470bf94972f70dc161d0771ad6", 0x42, 0xfffffffffffffffb) request_key(&(0x7f0000000880)='asymmetric\x00', &(0x7f00000008c0)={'syz', 0x0}, &(0x7f0000000900)='-.nodevkeyringnodevmd5sumwlan1\x00', 0xfffffffffffffff8) r2 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000300)) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000004c0)={@mcast1, 0x7b}) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x220800, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000000000000100004007000000050000000000000008000000040000000000000000000000000000000000000001000000090000000400000001000000080000006103621c486a996200000000000000000000000000000000ee23d7330300000007000000ffffffff03000000fa0f00000000000000000000000000000000008003000000060000003a3d0000ffff000006000000000002000000000000000000000000005b08222256a6746a839ce88b4d00af467ae727b045df0d047900e27ec9b8da26d43f10b2ff51246099d1a258b41d186738974dff21a5bb4c9d9f0430e0d144c415aff1a32fd137c986f8eeae110ac25f12cfa27b24f0fde94c7a7fc31f2e931aff896375239f046782c6149d3a1e755f01689755c1cf18c8c515eb6d93489f613826e8b99d90"]) mkdir(&(0x7f0000000040)='./file0\x00', 0x40) dup2(0xffffffffffffffff, 0xffffffffffffffff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) sendmsg$IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x402}, 0xc, &(0x7f00000001c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="000328bd7000fddbdf250a0000002c0001000800090080007b000000080001000a000000080001000a00000008000200000000000c00030008000300030000001400010008000b0073697000080006006f766600040002"], 0x1}, 0x1, 0x0, 0x0, 0x20008000}, 0x40000) [ 226.558475] IPVS: ftp: loaded support on port[0] = 21 17:31:25 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0xd) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4205, r2, 0x2, 0xa06ff7) [ 226.975850] IPVS: ftp: loaded support on port[0] = 21 17:31:25 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb0100feff00000000000002000000020000000000fba383a6"], 0x0, 0x1a, 0x0, 0x1}, 0x20) [ 227.344414] IPVS: ftp: loaded support on port[0] = 21 17:31:26 executing program 4: r0 = msgget$private(0x0, 0x10) msgrcv(r0, &(0x7f0000000000)=ANY=[], 0x0, 0xfffffffffffffffe, 0x400) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/56) [ 227.898320] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.925065] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.935813] device bridge_slave_0 entered promiscuous mode [ 228.028235] IPVS: ftp: loaded support on port[0] = 21 [ 228.054282] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.084060] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.092299] device bridge_slave_1 entered promiscuous mode [ 228.251898] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 17:31:27 executing program 5: r0 = semget(0x3, 0x0, 0x0) semctl$GETNCNT(r0, 0x3, 0x3, 0x0) [ 228.354840] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.436445] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.442827] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.485847] device bridge_slave_0 entered promiscuous mode [ 228.605708] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.619248] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.636769] IPVS: ftp: loaded support on port[0] = 21 [ 228.646662] device bridge_slave_1 entered promiscuous mode [ 228.743992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.763269] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.871677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.937655] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.220768] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.235457] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.242981] device bridge_slave_0 entered promiscuous mode [ 229.268721] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.362875] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.389609] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.397468] device bridge_slave_1 entered promiscuous mode [ 229.412589] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.475436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.565038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.571899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.597110] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 229.618721] team0: Port device team_slave_0 added [ 229.654977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.675678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.690864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.763283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 229.771745] team0: Port device team_slave_1 added [ 229.828077] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.834474] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.862361] device bridge_slave_0 entered promiscuous mode [ 229.902692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 229.934837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.943282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.029375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 230.044595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.052511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.067001] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.074476] team0: Port device team_slave_0 added [ 230.083529] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.100688] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.115671] device bridge_slave_1 entered promiscuous mode [ 230.135042] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.151815] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.161963] ip (6370) used greatest stack depth: 15048 bytes left [ 230.185757] team0: Port device team_slave_1 added [ 230.192744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.205923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.213905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.283678] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.307427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.320582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.336228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.349537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.375566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.449040] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.457978] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.465812] device bridge_slave_0 entered promiscuous mode [ 230.474648] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.497060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 230.504173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.529453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.555351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.574364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.634891] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.641267] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.666090] device bridge_slave_1 entered promiscuous mode [ 230.678288] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.697217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.719239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.771602] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.831468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.839026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.848708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.880370] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.907824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 231.000584] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.033167] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.049267] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.058187] device bridge_slave_0 entered promiscuous mode [ 231.068205] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.088093] team0: Port device team_slave_0 added [ 231.176839] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.189370] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.209694] device bridge_slave_1 entered promiscuous mode [ 231.225502] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.241050] team0: Port device team_slave_1 added [ 231.264457] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.325086] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.411278] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.425072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 231.436625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.504410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.520241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.595095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.602827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.619644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.647897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.667203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.714819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.735864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.752162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.789442] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.808109] team0: Port device team_slave_0 added [ 231.820828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.835247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.852699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.876895] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.934817] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.961067] team0: Port device team_slave_1 added [ 231.984299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.038934] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.045454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.052456] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.058885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.082422] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 232.102207] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.127083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.155316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.171675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.191169] team0: Port device team_slave_0 added [ 232.255305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.327942] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.350614] team0: Port device team_slave_1 added [ 232.359606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.378935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.397002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.446856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.455479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.466040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.503331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.527791] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.534180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.540929] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.547334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.556947] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 232.572180] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.596194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.615764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.679772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.687478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.697151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.733302] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.742072] team0: Port device team_slave_0 added [ 232.824773] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.831914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.840503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.872687] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.896512] team0: Port device team_slave_1 added [ 232.955834] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.963458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.977826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.041307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.063886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.080947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.146504] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.263577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.285611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.295656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.327899] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.334269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.341061] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.347482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.401695] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.424817] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.453636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.463024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.504648] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 233.513913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.042516] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.048955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.055674] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.062045] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.078600] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.514814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.551613] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.558084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.564798] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.571178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.590963] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.849863] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.856296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.862969] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.869404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.906254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.574728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.585826] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.390628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.574974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.850749] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.010656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.356603] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.362778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.385205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.445767] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.451948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.465744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.695780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.913279] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.969168] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.185184] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.524974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.627813] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.662225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.677636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.739821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.009065] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.047497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.088362] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.279847] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.468583] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.547758] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.555115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.562213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.801608] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.809113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.818556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.909090] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.924657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.933477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.064980] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.355829] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.396619] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.780487] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 241.887370] *** Guest State *** [ 241.905024] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 241.936219] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 241.976098] CR3 = 0x0000000000000000 [ 241.986940] RSP = 0x0000000000002006 RIP = 0x0000000000000000 [ 242.002740] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 242.018069] hrtimer: interrupt took 45162 ns [ 242.025011] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 [ 242.032760] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.056157] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.072516] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.108618] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.128597] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.145230] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.159803] GDTR: limit=0x00000000, base=0x0000000000000000 [ 242.177345] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.195735] IDTR: limit=0x00000000, base=0x0000000000000000 [ 242.224045] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 242.253492] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 242.284670] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 242.315662] Interruptibility = 00000000 ActivityState = 00000000 [ 242.330061] *** Host State *** [ 242.356563] RIP = 0xffffffff812048fe RSP = 0xffff888187a5f390 [ 242.395218] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 242.401814] FSBase=00007f4393404700 GSBase=ffff8881dad00000 TRBase=fffffe0000033000 [ 242.435572] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 242.465356] CR0=0000000080050033 CR3=00000001c0325000 CR4=00000000001426e0 17:31:41 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r0 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup2(r1, r0) [ 242.494745] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff88001360 [ 242.502058] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 242.529908] *** Control State *** [ 242.536889] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 242.565201] EntryControls=0000d1ff ExitControls=002fefff [ 242.570824] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 242.617718] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 242.645066] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 17:31:41 executing program 1: [ 242.674977] reason=80000021 qualification=0000000000000000 [ 242.701510] IDTVectoring: info=00000000 errcode=00000000 [ 242.709121] TSC Offset = 0xffffff7c4c4fa253 [ 242.724321] EPT pointer = 0x00000001d79fb01e 17:31:41 executing program 1: [ 242.804939] *** Guest State *** [ 242.809111] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 17:31:41 executing program 1: [ 242.871881] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 242.945105] CR3 = 0x0000000000000000 [ 242.948890] RSP = 0x0000000000002006 RIP = 0x0000000000000000 17:31:41 executing program 2: 17:31:41 executing program 1: [ 243.044570] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 243.050595] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 [ 243.131186] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.159407] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.176315] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.184403] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.214781] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.236788] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.246003] GDTR: limit=0x00000000, base=0x0000000000000000 [ 243.254095] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.275056] IDTR: limit=0x00000000, base=0x0000000000000000 [ 243.292081] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.308863] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 243.320285] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 243.345208] Interruptibility = 00000000 ActivityState = 00000000 [ 243.351450] *** Host State *** [ 243.379947] RIP = 0xffffffff812048fe RSP = 0xffff88818680f390 [ 243.394847] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 243.401497] FSBase=00007f43933a1700 GSBase=ffff8881dac00000 TRBase=fffffe0000033000 [ 243.411071] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 243.417384] CR0=0000000080050033 CR3=00000001c0325000 CR4=00000000001426f0 [ 243.425151] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff88001360 [ 243.431930] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 243.455167] *** Control State *** [ 243.459196] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 243.473509] EntryControls=0000d1ff ExitControls=002fefff [ 243.480730] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 243.488604] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 243.497789] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 243.505038] reason=80000021 qualification=0000000000000000 [ 243.513927] IDTVectoring: info=00000000 errcode=00000000 [ 243.524982] TSC Offset = 0xffffff7c4c4fa253 [ 243.529434] EPT pointer = 0x00000001d79fb01e 17:31:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:31:42 executing program 2: 17:31:42 executing program 1: [ 243.726964] *** Guest State *** [ 243.737577] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 243.748772] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 243.765295] CR3 = 0x0000000000000000 [ 243.770475] RSP = 0x0000000000002006 RIP = 0x0000000000000000 [ 243.784676] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 243.798073] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 [ 243.814237] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.826577] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.841626] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.862655] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.879617] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 17:31:42 executing program 3: [ 243.903425] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.912796] GDTR: limit=0x00000000, base=0x0000000000000000 [ 243.928634] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.937091] IDTR: limit=0x00000000, base=0x0000000000000000 [ 243.945755] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 243.965243] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 243.971674] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 244.003758] Interruptibility = 00000000 ActivityState = 00000000 [ 244.010756] *** Host State *** [ 244.014111] RIP = 0xffffffff812048fe RSP = 0xffff88818647f390 [ 244.034843] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 244.044261] FSBase=00007f4393404700 GSBase=ffff8881dad00000 TRBase=fffffe0000033000 [ 244.068090] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 244.085083] CR0=0000000080050033 CR3=00000001b40d3000 CR4=00000000001426e0 [ 244.092277] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff88001360 [ 244.114631] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 244.120706] *** Control State *** [ 244.124177] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 244.155397] EntryControls=0000d1ff ExitControls=002fefff [ 244.160963] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 244.180459] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 244.204436] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 244.216919] reason=80000021 qualification=0000000000000000 [ 244.226903] IDTVectoring: info=00000000 errcode=00000000 [ 244.232367] TSC Offset = 0xffffff7b559768b4 [ 244.237213] EPT pointer = 0x00000001c4a7401e 17:31:43 executing program 4: 17:31:43 executing program 1: 17:31:43 executing program 2: 17:31:43 executing program 3: 17:31:43 executing program 5: 17:31:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:31:43 executing program 2: 17:31:43 executing program 4: 17:31:43 executing program 5: 17:31:44 executing program 4: pipe(&(0x7f0000000240)) readv(0xffffffffffffffff, 0x0, 0x0) 17:31:44 executing program 1: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmctl$IPC_RMID(r0, 0x0) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) 17:31:44 executing program 3: 17:31:44 executing program 2: [ 245.216116] *** Guest State *** [ 245.228799] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 17:31:44 executing program 5: 17:31:44 executing program 3: [ 245.259333] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 245.293327] CR3 = 0x0000000000000000 17:31:44 executing program 2: 17:31:44 executing program 4: [ 245.304900] RSP = 0x0000000000002006 RIP = 0x0000000000000000 [ 245.329023] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 245.382095] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 [ 245.424685] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.445103] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.456748] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.469342] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.481927] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.494781] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.510007] GDTR: limit=0x00000000, base=0x0000000000000000 [ 245.524683] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.532822] IDTR: limit=0x00000000, base=0x0000000000000000 [ 245.541023] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 245.549166] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 245.555637] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 245.563114] Interruptibility = 00000000 ActivityState = 00000000 [ 245.569383] *** Host State *** [ 245.572577] RIP = 0xffffffff812048fe RSP = 0xffff888188347390 [ 245.578826] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 245.585292] FSBase=00007f4393404700 GSBase=ffff8881dac00000 TRBase=fffffe0000003000 [ 245.593095] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 245.599021] CR0=0000000080050033 CR3=00000001ceec8000 CR4=00000000001426f0 [ 245.606106] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff88001360 [ 245.612829] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 245.618936] *** Control State *** [ 245.622398] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 245.629094] EntryControls=0000d1ff ExitControls=002fefff [ 245.634767] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 245.641677] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 245.648411] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 245.655042] reason=80000021 qualification=0000000000000000 [ 245.661360] IDTVectoring: info=00000000 errcode=00000000 [ 245.666856] TSC Offset = 0xffffff7a8e117d00 [ 245.671188] EPT pointer = 0x00000001c437101e 17:31:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000002f000/0x18000)=nil, 0x0, 0xffffffffffffff42, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17:31:44 executing program 1: 17:31:44 executing program 3: 17:31:44 executing program 2: 17:31:44 executing program 5: 17:31:44 executing program 4: [ 245.734653] list_add corruption. next->prev should be prev (ffff8881c5d6f470), but was ffff8881cd0518f0. (next=ffffffff8a1dca60). [ 245.746929] ------------[ cut here ]------------ [ 245.751688] kernel BUG at lib/list_debug.c:25! [ 245.756350] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 245.761722] CPU: 1 PID: 7725 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181210+ #164 [ 245.770207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.777557] kobject: 'loop5' (000000008058f3dd): kobject_uevent_env [ 245.779671] RIP: 0010:__list_add_valid.cold.2+0xf/0x2a [ 245.779689] Code: e5 80 88 e8 11 1f d2 fd 0f 0b 48 89 de 48 c7 c7 60 e5 80 88 e8 00 1f d2 fd 0f 0b 48 89 d9 48 c7 c7 20 e6 80 88 e8 ef 1e d2 fd <0f> 0b 48 89 f1 48 c7 c7 a0 e6 80 88 48 89 de e8 db 1e d2 fd 0f 0b [ 245.794281] kobject: 'loop5' (000000008058f3dd): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 245.810246] RSP: 0018:ffff8881dad06ce0 EFLAGS: 00010286 [ 245.810258] RAX: 0000000000000075 RBX: ffffffff8a1dca60 RCX: 0000000000000000 [ 245.810266] RDX: 0000000000000000 RSI: ffffffff816621c5 RDI: 0000000000000005 [ 245.810274] RBP: ffff8881dad06cf8 R08: ffff8881bc534400 R09: ffffed103b5a5020 [ 245.810283] R10: ffffed103b5a5020 R11: ffff8881dad28107 R12: ffff8881c628c270 [ 245.810290] R13: ffff8881c628c000 R14: ffffffff8a1dc820 R15: ffffffff8a1dcab0 [ 245.810301] FS: 0000000000000000(0000) GS:ffff8881dad00000(0000) knlGS:0000000000000000 [ 245.810316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 245.828485] kobject: 'loop3' (00000000b4292504): kobject_uevent_env [ 245.832360] CR2: 0000000000930000 CR3: 000000000966e000 CR4: 00000000001406e0 [ 245.832372] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 245.832380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 245.832384] Call Trace: [ 245.832389] [ 245.832460] ___neigh_create+0x14b7/0x2600 [ 245.849521] kobject: 'loop3' (00000000b4292504): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 245.854237] ? print_usage_bug+0xc0/0xc0 [ 245.854256] ? print_usage_bug+0xc0/0xc0 [ 245.862328] kobject: 'loop4' (00000000a96b5b4b): kobject_uevent_env [ 245.869739] ? neigh_remove_one+0x5a0/0x5a0 [ 245.869757] ? print_usage_bug+0xc0/0xc0 [ 245.869801] ? __local_bh_enable_ip+0x160/0x260 [ 245.869818] ? __local_bh_enable_ip+0x160/0x260 [ 245.876027] kobject: 'loop4' (00000000a96b5b4b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 245.882084] ? lockdep_hardirqs_on+0x296/0x5b0 [ 245.882103] ? mark_held_locks+0x130/0x130 [ 245.882121] ? __local_bh_enable_ip+0x160/0x260 [ 245.977337] ? lockdep_hardirqs_on+0x296/0x5b0 [ 245.981965] ? trace_hardirqs_on+0xbd/0x310 [ 245.986294] ? mark_held_locks+0xc7/0x130 [ 245.990473] ? ip6t_do_table+0xd9e/0x1d30 [ 245.994621] ? trace_hardirqs_off_caller+0x310/0x310 [ 245.999725] ? __local_bh_enable_ip+0x160/0x260 [ 246.004435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.009992] ? lock_acquire+0x1ed/0x520 [ 246.013962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.019502] ? check_preemption_disabled+0x48/0x280 [ 246.024542] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 246.030104] ? rcu_pm_notify+0xc0/0xc0 [ 246.034003] __neigh_create+0x30/0x40 [ 246.037828] ip6_finish_output2+0xa64/0x2940 [ 246.042240] ? find_held_lock+0x36/0x1c0 [ 246.046302] ? ip6_forward_finish+0x560/0x560 [ 246.050826] ? ip6_mtu+0x39c/0x520 [ 246.054370] ? lock_downgrade+0x900/0x900 [ 246.058516] ? check_preemption_disabled+0x48/0x280 [ 246.063573] ? kasan_check_read+0x11/0x20 [ 246.067721] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.072997] ? rcu_read_unlock_special+0x370/0x370 [ 246.077928] ? ip6_mtu+0x160/0x520 [ 246.081463] ? find_match+0x10a0/0x10a0 [ 246.085437] ? kasan_check_read+0x11/0x20 [ 246.089579] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.094852] ip6_finish_output+0x58c/0xc60 [ 246.099082] ? ip6_finish_output+0x58c/0xc60 [ 246.103488] ip6_output+0x232/0x9d0 [ 246.107112] ? ip6_finish_output+0xc60/0xc60 [ 246.111523] ? ip6_fragment+0x38b0/0x38b0 [ 246.115670] ? __lock_is_held+0xb5/0x140 [ 246.119735] ndisc_send_skb+0x1005/0x1560 [ 246.123885] ? nf_hook.constprop.33+0x860/0x860 [ 246.128570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.134116] ? refcount_sub_and_test_checked+0x203/0x310 [ 246.139574] ? refcount_dec_if_one+0x180/0x180 [ 246.144162] ? memcpy+0x45/0x50 [ 246.147441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.152977] ndisc_send_rs+0x134/0x6e0 [ 246.156871] addrconf_rs_timer+0x314/0x690 [ 246.161107] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 246.165394] call_timer_fn+0x272/0x920 [ 246.169286] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 246.173519] ? process_timeout+0x40/0x40 [ 246.177583] ? mark_held_locks+0xc7/0x130 [ 246.181762] ? _raw_spin_unlock_irq+0x27/0x80 [ 246.186270] ? _raw_spin_unlock_irq+0x27/0x80 [ 246.190764] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 246.194996] ? lockdep_hardirqs_on+0x296/0x5b0 [ 246.199576] ? trace_hardirqs_on+0xbd/0x310 [ 246.203898] ? kasan_check_read+0x11/0x20 [ 246.208038] ? __run_timers+0x7da/0xc70 [ 246.212009] ? trace_hardirqs_off_caller+0x310/0x310 [ 246.217120] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 246.221357] __run_timers+0x7e5/0xc70 [ 246.225168] ? timer_fixup_init+0x70/0x70 [ 246.229314] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.234326] ? graph_lock+0x270/0x270 [ 246.238125] ? print_usage_bug+0xc0/0xc0 [ 246.242208] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 246.247400] ? find_held_lock+0x36/0x1c0 [ 246.251461] ? graph_lock+0x270/0x270 [ 246.255262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.260802] ? check_preemption_disabled+0x48/0x280 [ 246.265851] ? __lock_is_held+0xb5/0x140 [ 246.269915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.275452] ? check_preemption_disabled+0x48/0x280 [ 246.280470] run_timer_softirq+0x52/0xb0 [ 246.284533] ? rcu_read_lock_sched_held+0x14f/0x180 [ 246.289548] __do_softirq+0x308/0xb7e [ 246.293360] ? ktime_get_raw_ts64+0x4d0/0x4d0 [ 246.297851] ? lock_downgrade+0x900/0x900 [ 246.301997] ? __irqentry_text_end+0x1f9658/0x1f9658 [ 246.307177] ? pvclock_read_flags+0x160/0x160 [ 246.311716] ? lapic_next_event+0x5a/0x90 [ 246.315870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.321410] ? kvm_clock_read+0x18/0x30 [ 246.325381] ? kvm_sched_clock_read+0x9/0x20 [ 246.329791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.335326] ? check_preemption_disabled+0x48/0x280 [ 246.340343] irq_exit+0x17f/0x1c0 [ 246.343794] smp_apic_timer_interrupt+0x1cb/0x760 [ 246.348672] ? smp_call_function_single_interrupt+0x650/0x650 [ 246.354552] ? interrupt_entry+0xb5/0xc0 [ 246.358611] ? trace_hardirqs_off_caller+0xbb/0x310 [ 246.363631] ? trace_hardirqs_off_caller+0xbb/0x310 [ 246.368691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.373536] ? trace_hardirqs_on_caller+0x310/0x310 [ 246.378550] ? trace_hardirqs_on_caller+0x310/0x310 [ 246.383611] ? task_prio+0x50/0x50 [ 246.387166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.392704] ? check_preemption_disabled+0x48/0x280 [ 246.397738] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.402582] apic_timer_interrupt+0xf/0x20 [ 246.406805] [ 246.409039] RIP: 0010:lock_acquire+0x268/0x520 [ 246.413618] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 44 02 00 00 48 83 3d f7 2d 10 08 00 0f 84 c3 01 00 00 48 8b bd 20 ff ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 246.432524] RSP: 0018:ffff888188346b10 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 246.440226] RAX: dffffc0000000000 RBX: 1ffff11031068d67 RCX: 0000000000000000 [ 246.447487] RDX: 1ffffffff12e4816 RSI: 0000000000000000 RDI: 0000000000000282 [ 246.454751] RBP: ffff888188346c00 R08: ffff8881bc534cc8 R09: 0000000000000008 [ 246.462027] R10: 0000000000000028 R11: ffff8881bc534400 R12: ffff8881bc534400 [ 246.469289] R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000 [ 246.476570] ? find_held_lock+0x36/0x1c0 [ 246.480634] ? lock_release+0xa00/0xa00 [ 246.484680] ? __unlock_page_memcg+0x53/0x100 [ 246.489179] ? lock_downgrade+0x900/0x900 [ 246.493328] ? check_preemption_disabled+0x48/0x280 [ 246.498347] lock_page_memcg+0x95/0x350 [ 246.502318] ? mem_cgroup_hierarchy_write+0x230/0x230 [ 246.507522] ? rcu_read_unlock_special+0x370/0x370 [ 246.512479] ? mem_cgroup_hierarchy_write+0x230/0x230 [ 246.517708] page_remove_rmap+0x855/0x1a30 [ 246.521950] ? page_add_file_rmap+0x1470/0x1470 [ 246.526616] ? __lock_is_held+0xb5/0x140 [ 246.530690] ? rcu_read_lock_sched_held+0x14f/0x180 [ 246.535756] ? __alloc_pages_nodemask+0xb9c/0xec0 [ 246.540617] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 246.546165] ? graph_lock+0x270/0x270 [ 246.549964] ? __alloc_pages_slowpath+0x2e00/0x2e00 [ 246.554979] ? free_pages_and_swap_cache+0x475/0x6f0 [ 246.560084] ? find_held_lock+0x36/0x1c0 [ 246.564155] ? kasan_check_read+0x11/0x20 [ 246.568335] ? page_mapcount+0x3b5/0x5d0 [ 246.572400] ? fault_around_bytes_set+0x90/0x90 [ 246.577072] ? lock_downgrade+0x900/0x900 [ 246.581220] ? kasan_check_write+0x14/0x20 [ 246.585483] ? do_raw_spin_lock+0x14f/0x350 [ 246.589805] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.594817] ? _vm_normal_page+0x161/0x3c0 [ 246.599054] ? __pte_alloc_kernel+0x210/0x210 [ 246.603547] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 246.608565] ? __tlb_remove_page_size+0x187/0x500 [ 246.613407] unmap_page_range+0x11c7/0x2930 [ 246.617741] ? vm_normal_page_pmd+0x510/0x510 [ 246.622239] ? lock_release+0xa00/0xa00 [ 246.626208] ? perf_trace_sched_process_exec+0x860/0x860 [ 246.631690] ? print_usage_bug+0xc0/0xc0 [ 246.636276] ? graph_lock+0x270/0x270 [ 246.640091] ? __mutex_lock+0x85e/0x16f0 [ 246.644189] ? uprobe_clear_state+0xb4/0x390 [ 246.648600] ? graph_lock+0x270/0x270 [ 246.652400] ? find_held_lock+0x36/0x1c0 [ 246.656463] ? find_held_lock+0x36/0x1c0 [ 246.660525] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 246.666059] ? uprobe_munmap+0x14c/0x450 [ 246.670115] ? uprobe_mmap+0x1130/0x1130 [ 246.674184] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 246.679284] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 246.684383] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 246.688966] ? pagevec_lru_move_fn+0x259/0x350 [ 246.693547] ? trace_hardirqs_off_caller+0x310/0x310 [ 246.698657] unmap_single_vma+0x19b/0x310 [ 246.702811] unmap_vmas+0x252/0x3d0 [ 246.706439] ? zap_vma_ptes+0x110/0x110 [ 246.710410] ? perf_trace_mm_lru_insertion+0x1490/0x1490 [ 246.715860] ? kasan_check_write+0x14/0x20 [ 246.720090] exit_mmap+0x2be/0x590 [ 246.723628] ? __ia32_sys_munmap+0x80/0x80 [ 246.727863] ? mutex_unlock+0xd/0x10 [ 246.731583] ? __might_sleep+0x95/0x190 [ 246.735579] mmput+0x247/0x610 [ 246.738771] ? lock_downgrade+0x900/0x900 [ 246.742916] ? set_mm_exe_file+0x200/0x200 [ 246.747162] ? kasan_check_read+0x11/0x20 [ 246.751307] ? do_raw_spin_unlock+0xa7/0x330 [ 246.755713] ? do_raw_spin_trylock+0x270/0x270 [ 246.760293] ? up_read_non_owner+0x100/0x100 [ 246.764702] ? __down_interruptible+0x700/0x700 [ 246.769395] do_exit+0xdeb/0x2620 [ 246.772850] ? lock_acquire+0x1a1/0x520 [ 246.776826] ? mm_update_next_owner+0x990/0x990 [ 246.781498] ? mark_held_locks+0x130/0x130 [ 246.785732] ? rwlock_bug.part.2+0x90/0x90 [ 246.789964] ? do_raw_spin_trylock+0x270/0x270 [ 246.794548] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 246.800180] ? __handle_mm_fault+0xa57/0x5b70 [ 246.804681] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 246.809520] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.814795] ? graph_lock+0x270/0x270 [ 246.818591] ? rcu_read_unlock_special+0x370/0x370 [ 246.823515] ? graph_lock+0x270/0x270 [ 246.827315] ? graph_lock+0x270/0x270 [ 246.831119] ? graph_lock+0x270/0x270 [ 246.834925] ? find_held_lock+0x36/0x1c0 [ 246.838984] ? find_held_lock+0x36/0x1c0 [ 246.843089] ? __close_fd+0x32a/0x3a0 [ 246.846892] ? lock_downgrade+0x900/0x900 [ 246.851042] ? kasan_check_read+0x11/0x20 [ 246.855185] ? do_raw_spin_unlock+0xa7/0x330 [ 246.859589] ? do_raw_spin_trylock+0x270/0x270 [ 246.864168] ? __lock_is_held+0xb5/0x140 [ 246.868233] ? _raw_spin_unlock+0x2c/0x50 [ 246.872375] ? __close_fd+0x24c/0x3a0 [ 246.876186] do_group_exit+0x177/0x440 [ 246.880073] ? trace_hardirqs_on+0xbd/0x310 [ 246.884390] ? __ia32_sys_exit+0x50/0x50 [ 246.888450] ? trace_hardirqs_off_caller+0x310/0x310 [ 246.893559] __x64_sys_exit_group+0x3e/0x50 [ 246.897879] do_syscall_64+0x1b9/0x820 [ 246.901762] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 246.907122] ? syscall_return_slowpath+0x5e0/0x5e0 [ 246.912052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.916893] ? trace_hardirqs_on_caller+0x310/0x310 [ 246.921907] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 246.926920] ? prepare_exit_to_usermode+0x291/0x3b0 [ 246.931940] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.936787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.941979] RIP: 0033:0x457679 [ 246.945181] Code: Bad RIP value. [ 246.948538] RSP: 002b:00007fff16ed2388 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 246.956237] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000457679 [ 246.963499] RDX: 0000000000411110 RSI: 00000000000002c4 RDI: 0000000000000000 [ 246.970763] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000001 [ 246.978028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.985296] R13: 0000000000000001 R14: 0000000000000009 R15: 0000000000000001 [ 246.992566] Modules linked in: [ 246.995888] ---[ end trace 1cc713775c971a7c ]--- [ 247.000670] RIP: 0010:__list_add_valid.cold.2+0xf/0x2a [ 247.005993] Code: e5 80 88 e8 11 1f d2 fd 0f 0b 48 89 de 48 c7 c7 60 e5 80 88 e8 00 1f d2 fd 0f 0b 48 89 d9 48 c7 c7 20 e6 80 88 e8 ef 1e d2 fd <0f> 0b 48 89 f1 48 c7 c7 a0 e6 80 88 48 89 de e8 db 1e d2 fd 0f 0b [ 247.024928] RSP: 0018:ffff8881dad06ce0 EFLAGS: 00010286 [ 247.030310] RAX: 0000000000000075 RBX: ffffffff8a1dca60 RCX: 0000000000000000 [ 247.037612] RDX: 0000000000000000 RSI: ffffffff816621c5 RDI: 0000000000000005 [ 247.038862] kobject: 'loop2' (00000000aa801973): kobject_uevent_env [ 247.044920] RBP: ffff8881dad06cf8 R08: ffff8881bc534400 R09: ffffed103b5a5020 [ 247.052559] kobject: 'loop2' (00000000aa801973): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 247.058599] R10: ffffed103b5a5020 R11: ffff8881dad28107 R12: ffff8881c628c270 [ 247.058614] R13: ffff8881c628c000 R14: ffffffff8a1dc820 R15: ffffffff8a1dcab0 [ 247.082620] FS: 0000000000000000(0000) GS:ffff8881dad00000(0000) knlGS:0000000000000000 17:31:45 executing program 2: 17:31:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$getownex(r0, 0x10, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x42800, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000740)={0x1}) getgid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, &(0x7f0000000340)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000004c0)) r2 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)="d7dc59a26c925bee7f043a45858b6cce5b0883b0f328f3d0a5fdf3e728e7ab29e46104ad0cd3165aca156b7c7c0655b0c687c7bb5161369d35bc229673fb40d918adaef28d506ee996bca7e6eab4cb8c017114859bd347a371de2210349bac7d82527702bc95443594eda26ad223230000101ec5d6eb33be05b103675888a96b01c8f2d375ee1551b28a28f5bf77aba9257a6f8115d15fffc005b8bd91b2000000000000000000") syz_genetlink_get_family_id$fou(0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="ed1d24095d4bddfd000000fa9a3e5a942a0564096209fda114d324a1fe0ebe07000000323d103f0b5b923f8420b837aa5f05290a0e6327f353ab516c40000000b1f804e941972ff5abb2"], 0x1}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 17:31:45 executing program 5: shmget(0x1, 0x4000, 0x694, &(0x7f0000ffc000/0x4000)=nil) 17:31:45 executing program 3: [ 247.090902] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.096828] CR2: 000000000045764f CR3: 000000000966e000 CR4: 00000000001426e0 [ 247.104120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.111443] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.118751] Kernel panic - not syncing: Fatal exception in interrupt [ 247.126181] Kernel Offset: disabled [ 247.129803] Rebooting in 86400 seconds..