[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.740147][ T26] audit: type=1800 audit(1574052111.436:25): pid=8578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.759824][ T26] audit: type=1800 audit(1574052111.436:26): pid=8578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.785370][ T26] audit: type=1800 audit(1574052111.446:27): pid=8578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. 2019/11/18 04:42:02 fuzzer started 2019/11/18 04:42:04 dialing manager at 10.128.0.26:44591 2019/11/18 04:42:04 syscalls: 2566 2019/11/18 04:42:04 code coverage: enabled 2019/11/18 04:42:04 comparison tracing: enabled 2019/11/18 04:42:04 extra coverage: enabled 2019/11/18 04:42:04 setuid sandbox: enabled 2019/11/18 04:42:04 namespace sandbox: enabled 2019/11/18 04:42:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/18 04:42:04 fault injection: enabled 2019/11/18 04:42:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/18 04:42:04 net packet injection: enabled 2019/11/18 04:42:04 net device setup: enabled 2019/11/18 04:42:04 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/18 04:42:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:44:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "6c48a3", 0x14, 0x6, 0x0, @dev, @mcast2, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000000c0)={0x0, 0x2, [0x0, 0x5a]}) 04:44:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') close(r0) syzkaller login: [ 231.639527][ T8746] IPVS: ftp: loaded support on port[0] = 21 [ 231.775663][ T8746] chnl_net:caif_netlink_parms(): no params data found [ 231.784920][ T8749] IPVS: ftp: loaded support on port[0] = 21 [ 231.870709][ T8746] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.885415][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.893042][ T8746] device bridge_slave_0 entered promiscuous mode [ 231.907695][ T8746] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.914754][ T8746] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.922665][ T8746] device bridge_slave_1 entered promiscuous mode [ 231.954538][ T8746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 04:44:44 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) process_vm_readv(r1, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x7ffff002}], 0x2, 0x0) [ 231.969924][ T8746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.007502][ T8746] team0: Port device team_slave_0 added [ 232.062420][ T8746] team0: Port device team_slave_1 added [ 232.113096][ T8749] chnl_net:caif_netlink_parms(): no params data found 04:44:44 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000040)={0x100, 0x1, 0x1}) socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 232.249870][ T8746] device hsr_slave_0 entered promiscuous mode [ 232.307510][ T8746] device hsr_slave_1 entered promiscuous mode [ 232.380496][ T8752] IPVS: ftp: loaded support on port[0] = 21 04:44:45 executing program 4: r0 = creat(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc)) read(r3, &(0x7f0000000040)=""/11, 0xb) r4 = epoll_create1(0x0) r5 = syz_open_pts(r3, 0x0) dup2(r4, r5) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000540)={0x0, {{0x2, 0x0, @multicast2}}}, 0x88) [ 232.449511][ T8754] IPVS: ftp: loaded support on port[0] = 21 [ 232.464690][ T8749] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.473772][ T8749] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.482921][ T8749] device bridge_slave_0 entered promiscuous mode [ 232.503908][ T8746] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 232.586451][ T8749] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.593623][ T8749] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.613805][ T8749] device bridge_slave_1 entered promiscuous mode [ 232.642322][ T8746] netdevsim netdevsim0 netdevsim1: renamed from eth1 04:44:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000100)={'security\x00'}, &(0x7f0000000180)=0x54) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) [ 232.690329][ T8746] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 232.753024][ T8746] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 232.761030][ T8756] IPVS: ftp: loaded support on port[0] = 21 [ 232.810727][ T8749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.824504][ T8749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.868429][ T8759] IPVS: ftp: loaded support on port[0] = 21 [ 232.883856][ T8749] team0: Port device team_slave_0 added [ 232.892138][ T8749] team0: Port device team_slave_1 added [ 233.037630][ T8749] device hsr_slave_0 entered promiscuous mode [ 233.085987][ T8749] device hsr_slave_1 entered promiscuous mode [ 233.146442][ T8749] debugfs: Directory 'hsr0' with parent '/' already present! [ 233.217257][ T8752] chnl_net:caif_netlink_parms(): no params data found [ 233.300490][ T8754] chnl_net:caif_netlink_parms(): no params data found [ 233.317782][ T8749] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 233.391459][ T8749] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 233.455556][ T8749] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 233.487088][ T8749] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 233.557938][ T8756] chnl_net:caif_netlink_parms(): no params data found [ 233.578688][ T8752] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.585948][ T8752] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.593606][ T8752] device bridge_slave_0 entered promiscuous mode [ 233.602677][ T8752] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.610255][ T8752] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.618612][ T8752] device bridge_slave_1 entered promiscuous mode [ 233.654247][ T8756] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.662313][ T8756] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.671531][ T8756] device bridge_slave_0 entered promiscuous mode [ 233.691759][ T8752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.721349][ T8754] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.729347][ T8754] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.737258][ T8754] device bridge_slave_0 entered promiscuous mode [ 233.744363][ T8756] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.751889][ T8756] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.759806][ T8756] device bridge_slave_1 entered promiscuous mode [ 233.768288][ T8752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.789506][ T8752] team0: Port device team_slave_0 added [ 233.802523][ T8754] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.809660][ T8754] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.817899][ T8754] device bridge_slave_1 entered promiscuous mode [ 233.837857][ T8746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.846039][ T8752] team0: Port device team_slave_1 added [ 233.872329][ T8756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.918832][ T8756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.939324][ T8754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.954803][ T8754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.972371][ T8759] chnl_net:caif_netlink_parms(): no params data found [ 234.047371][ T8752] device hsr_slave_0 entered promiscuous mode [ 234.105601][ T8752] device hsr_slave_1 entered promiscuous mode [ 234.165364][ T8752] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.179407][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.188163][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.197851][ T8746] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.214151][ T8756] team0: Port device team_slave_0 added [ 234.221690][ T8756] team0: Port device team_slave_1 added [ 234.257832][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.267221][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.276082][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.283236][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.291291][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.300709][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.309141][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.316229][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.327389][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.348684][ T8754] team0: Port device team_slave_0 added [ 234.408011][ T8756] device hsr_slave_0 entered promiscuous mode [ 234.455880][ T8756] device hsr_slave_1 entered promiscuous mode [ 234.495413][ T8756] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.506083][ T8754] team0: Port device team_slave_1 added [ 234.522097][ T8759] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.529408][ T8759] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.537681][ T8759] device bridge_slave_0 entered promiscuous mode [ 234.547535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.556407][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.564828][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.574924][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.620234][ T8759] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.628831][ T8759] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.636810][ T8759] device bridge_slave_1 entered promiscuous mode [ 234.644062][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 234.652072][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.660802][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.706810][ T8749] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.713683][ T8752] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 234.757790][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.766941][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.775584][ T8756] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 234.878729][ T8754] device hsr_slave_0 entered promiscuous mode [ 234.925640][ T8754] device hsr_slave_1 entered promiscuous mode [ 234.965397][ T8754] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.994899][ T8749] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.001949][ T8752] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 235.058010][ T8752] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 235.097249][ T8756] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 235.149285][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.156975][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.166341][ T8759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.177888][ T8759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.195795][ T8752] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 235.237154][ T8756] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 235.287951][ T8756] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 235.342626][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.351462][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.359906][ T3104] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.366990][ T3104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.374569][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.383326][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.391704][ T3104] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.398781][ T3104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.406432][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.414843][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 235.423192][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 235.434938][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.452645][ T8746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 235.475757][ T8759] team0: Port device team_slave_0 added [ 235.499382][ T8754] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 235.558787][ T8759] team0: Port device team_slave_1 added [ 235.567619][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.578968][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.588222][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.596873][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 235.604258][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 235.616067][ T8754] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 235.729080][ T8759] device hsr_slave_0 entered promiscuous mode [ 235.787019][ T8759] device hsr_slave_1 entered promiscuous mode [ 235.845491][ T8759] debugfs: Directory 'hsr0' with parent '/' already present! [ 235.857278][ T8746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.875630][ T8749] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 235.889196][ T8749] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 235.900822][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 235.909190][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.918023][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.926384][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 235.934501][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 235.942932][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 235.951263][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 235.959587][ T8754] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 236.044770][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 236.052705][ T8754] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 236.124669][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 236.134186][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 236.148733][ T8749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.202648][ T8759] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 236.264142][ T8759] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 236.271193][ C1] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 04:44:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f000000b000)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800210400000000000000001c140000fe0000010000000014001200010072d8fba3640c8ab7b980d5efd2ff"], 0x30}}, 0x0) [ 236.369078][ T8752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.387631][ T8759] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 236.428233][ T8759] netdevsim netdevsim5 netdevsim3: renamed from eth3 04:44:49 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x80000, 0x0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0x2, 0x1, 0x9, 0x4, 0x0, 0x5}, 0xd0}, 0xa) sendmsg$rds(r0, &(0x7f0000001280)={&(0x7f0000000400)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000a40)=[{&(0x7f0000000440)=""/207, 0xcf}, {&(0x7f0000000540)=""/197, 0xc5}, {&(0x7f0000002340)=""/4096, 0x1000}, {&(0x7f0000000640)=""/142, 0x8e}, {&(0x7f0000000700)}, {&(0x7f0000000740)=""/59, 0x3b}, {&(0x7f0000000780)=""/233, 0xe9}, {&(0x7f0000000880)=""/98, 0x62}, {&(0x7f0000000900)=""/96, 0x60}, {&(0x7f0000000980)=""/129, 0x81}], 0xa, &(0x7f0000004340)=ANY=[@ANYBLOB="580000000000000014010000080000000900000081000000", @ANYPTR=&(0x7f0000000b00)=ANY=[@ANYBLOB="63b26b5600000000"], @ANYPTR=&(0x7f0000000b40)=ANY=[@ANYBLOB="0100010000000000"], @ANYBLOB="ffffffff0000000008000000000000000000000001000000018000000000000050000000000000000600000000000000580000000000000014010000090000000002000004000000", @ANYPTR=&(0x7f0000000b80)=ANY=[@ANYBLOB="ff01000000000000"], @ANYPTR=&(0x7f0000000bc0)=ANY=[@ANYBLOB="8000000000000000"], @ANYBLOB="00000000000000000900000000000000090000000000000000000000000000001000000000000000000000000100000030000000000000001401000003000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000ff00000000000000000061d451da635d8757fa488004dc000000000000"], @ANYBLOB='-\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000c40)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="110000000000000058000000000000001401000006000000000020003f000000", @ANYPTR=&(0x7f0000000c80)=ANY=[@ANYBLOB="fe0b000000000000"], @ANYPTR=&(0x7f0000000cc0)=ANY=[@ANYBLOB='J\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="09000000000000006d1a000000000000ffff000000000000c1ffffffffffffff08000000000000000900000000000000580000000000000014010000060000000700000001000000", @ANYPTR=&(0x7f0000000d00)=ANY=[@ANYBLOB="ff0f000000000000"], @ANYPTR=&(0x7f0000000d40)=ANY=[@ANYBLOB="0200000000000000"], @ANYBLOB="00000100000000007f000000000000000700000000000000ff030000000000003000000000000000000000000000000048000000000000001401000001000000ffffff7f01000080", @ANYPTR=&(0x7f0000000d80)=ANY=[@ANYBLOB='\x00'/113], @ANYBLOB='q\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001200)=ANY=[@ANYPTR=&(0x7f0000003340)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="001000"/24, @ANYPTR=&(0x7f0000000f40)=ANY=[@ANYBLOB='\x00'/51], @ANYBLOB='3\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00'/200], @ANYBLOB="c800000000000000", @ANYPTR=&(0x7f0000001080)=ANY=[@ANYBLOB='\x00'/114], @ANYBLOB='r\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000001100)=ANY=[@ANYBLOB='\x00'/240], @ANYBLOB="f000000000000000"], @ANYBLOB="06000000000000000200000000000000fbffffffffffffff"], 0x1d8, 0x404c085}, 0x4000020) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000000)={&(0x7f0000001340)=""/4096, 0x0, 0x1800}, 0x83) getpeername$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r1) write$P9_RREADDIR(r1, 0x0, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60352668004484004081000000810e0000000000000000aafe8000000000000000000000000000aa0420655800000000628bf289000086dd080088be0000000010000000010000000000264e6f240e9b18d667b02d0328cb9a0000080022eb00000000200000000200000000000000655800000000000000000000ac1a8dfe4c427eafb140a55242cbd93218fa5ff40b82c9165e0ef45c9847a0c841c101fc15ec74acac3200f4dca8bc82a217787d080a87dbe8cd966d9aa271244165f2cc64b648df2be9fd767321cb2d1aa4a44cbcf1cfe5120ad9835ea010c56390b254fd606a5b079665b8bcd15a5fea03d850ac91d318c8f3e588c2f25760a5a9c4b1ded8f1fb8d616f98ea455d87df358400357eeb4a51b9cbd833c8bd42f2ed14608edd52347deaf09f6a2c61d001aeaa316418c6be084351f6d1fd6a5252ef1227eeb78969026c68e1d2405bdd9acbfeff0b0e3942a87c4f7368f64bebfbf5baf2e97fb13552765563375152a9461af88a4dd8b47650fafbd409ca5fdc124fc906eec2adeacc7cacf3f41e3bcbe4c9764993c3fd4386d2819fc040e5ba7e7b6ea2d6580971d8e62afdedae7fcfcc"], 0x0) 04:44:49 executing program 1: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x10d, 0xa00000000f, &(0x7f0000000040)="03", 0x1) connect$inet(r0, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) [ 236.479596][ T8756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.492483][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.512401][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.540861][ T8752] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.568621][ T8754] 8021q: adding VLAN 0 to HW filter on device bond0 04:44:49 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0xff}, 0x20) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) wait4(0x0, 0x0, 0x0, 0x0) [ 236.673372][ T8754] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.691487][ T8756] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.702920][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.713190][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:44:49 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) fremovexattr(r0, &(0x7f0000000040)=@known='trusted.overlay.redirect\x00') [ 236.722044][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.731308][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.740171][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.747315][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.772865][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.783759][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.807508][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.814583][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state 04:44:49 executing program 0: fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000140)={0x0, 0x2, 0x3f, 0xcbe}) fcntl$lock(r2, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x1}) fcntl$lock(r2, 0x26, &(0x7f0000000080)) dup3(r1, r2, 0x0) [ 236.848704][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.887754][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:44:49 executing program 0: setreuid(0x0, 0xee00) r0 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setreuid(r0, 0x0) r3 = getpid() prlimit64(r3, 0x0, 0x0, 0x0) [ 236.906544][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.930419][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.012712][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.027059][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.036444][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.049109][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 04:44:49 executing program 1: r0 = getpid() ptrace$getregs(0xe, r0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000380)={{0x0, 0x0, 0x0, 0x0, '\x00', 0x3d6b}, 0x0, 0x1, 0xfffffff7, 0x0, 0x2, 0x0, 'syz0\x00', &(0x7f0000000140)=['/dev/kvm\x00', '$(securitybdev\x00'], 0x18, [], [0x9ca, 0x0, 0x84, 0x1ff]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000007c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002f3753a9c3b630bf92dd696125265586f2043649b89ec9b91dc174d5701424fa24052b2fe97409000000058e4bf0391702519694cd73608fadb119a5ffc8f1460c55bcce412bc1cc14a1f64ad78f7efc6f2251217bae2233bacac999cbb0468424c2e8ab6cafc7bed227046c4ef20a09f4a46c382c1e7016a71a704c7b3cddf5306b500fda7b4a72bedb7c33a4c7e1f0c42819df5c26d28b450e2a9980b62fe2a57ac040892270e005a2e4ead36494a405cb500badb2b544edf5491d98896b66851b823d3dc390934ea9062dd57a13ddb0ce78dbf6619bb0148e4dbb7ac738"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r1, 0x18000000000002a0, 0xe0, 0x900, &(0x7f00000006c0)="b9ff0300000d698cb89e40f088a8d501890600de0500000077fb7f11c72be9", 0x0, 0x100}, 0x28) [ 237.058430][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.074044][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.081149][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.095020][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.100803][ C0] hrtimer: interrupt took 58172 ns [ 237.103774][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.115630][ T8805] BPF:hdr_len not found [ 237.123095][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.130190][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.144561][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.153434][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.168509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.177327][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.184386][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.193317][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.201907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.210374][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.217471][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.225041][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.233835][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.242774][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.250973][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.258783][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.303840][ T8756] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 237.319880][ T8756] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 237.336067][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.344853][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.354524][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.363122][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.371910][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.381207][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.390022][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.398890][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.407577][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.416083][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.424223][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.432541][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.441191][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.449733][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.457958][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.466987][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.475143][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.483390][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.491350][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.499253][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.528798][ T8752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 237.540955][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.549268][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.558183][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.566334][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.577777][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.586042][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.594186][ T3104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.608886][ T8759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.626426][ T8754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.636833][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.644248][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.669323][ T8759] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.682257][ T8756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.694810][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.703373][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.724567][ T8754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.739836][ T8752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.754591][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.762288][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.770152][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.783488][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.790992][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.800151][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.808577][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.815663][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.846643][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.854595][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.865884][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.874162][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.881219][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.890018][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.898779][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.907462][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.916373][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.925232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.940931][ T8765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.949853][ T8765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.964907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.982084][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.002658][ T8759] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 238.015254][ T8759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.034709][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.044964][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.077051][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 238.092833][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 238.103312][ T8759] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.121450][ T8820] ptrace attach of "/root/syz-executor.2"[8752] was attempted by "/root/syz-executor.2"[8820] [ 238.135548][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 238.141470][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 238.214389][ T8828] ptrace attach of "/root/syz-executor.2"[8752] was attempted by "/root/syz-executor.2"[8828] 04:44:51 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000080)={0x72b5}) 04:44:51 executing program 1: r0 = getpid() ptrace$getregs(0xe, r0, 0x250, &(0x7f0000000200)=""/93) r1 = getpid() r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x28001, 0x2) ioctl$int_in(r2, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r1, r2, 0x0, 0x8, &(0x7f0000000080)='keyring\x00', r3}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x11, 0x200000000000002, 0x300) r5 = getpid() sched_setscheduler(r5, 0x5, &(0x7f00000001c0)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000dc0)={{{@in6=@mcast1, @in=@dev}}, {{@in=@multicast2}, 0x0, @in6=@mcast2}}, &(0x7f00000000c0)=0xe8) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000380)={{0x4, 0x3, 0xa0000000, 0x2000000, '\x00', 0x3d6b}, 0x6, 0x1, 0xfffffff7, r5, 0x3, 0x101, 'syz0\x00', &(0x7f0000000140)=['/dev/kvm\x00', '/dev/kvm\x00', '$(securitybdev\x00'], 0x21, [], [0x9ca, 0x0, 0x84, 0x1ff]}) r6 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$cgroup_pid(r6, &(0x7f0000000180)=r5, 0x12) r7 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0x12, &(0x7f00000000c0)=r7, 0x4) close(0xffffffffffffffff) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000007c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002f3753a9c3b630bf92dd696125265586f2043649b89ec9b91dc174d5701424fa24052b2fe97409000000058e4bf0391702519694cd73608fadb119a5ffc8f1460c55bcce412bc1cc14a1f64ad78f7efc6f2251217bae2233bacac999cbb0468424c2e8ab6cafc7bed227046c4ef20a09f4a46c382c1e7016a71a704c7b3cddf5306b500fda7b4a72bedb7c33a4c7e1f0c42819df5c26d28b450e2a9980b62fe2a57ac040892270e005a2e4ead36494a405cb500badb2b544edf5491d98896b66851b823d3dc390934ea9062dd57a13ddb0ce78dbf6619bb0148e4dbb7ac738"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r8, 0x18000000000002a0, 0xe0, 0x900, &(0x7f00000006c0)="b9ff0300000d698cb89e40f088a8d501890600de0500000077fb7f11c72be9", 0x0, 0x100}, 0x28) 04:44:51 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000003c0)={0x0, 0xb3, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@mcast1, @mcast1, @dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, r3}) 04:44:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) 04:44:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_G_FREQUENCY(r1, 0xc02c5638, &(0x7f00000012c0)) 04:44:51 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) 04:44:51 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x22, 0x0, &(0x7f0000000080)) 04:44:51 executing program 2: r0 = msgget(0x0, 0x0) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/59) [ 238.475411][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 238.481217][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:44:51 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0xff}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = socket$inet(0x10, 0x3, 0x0) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) wait4(0x0, 0x0, 0x2, 0x0) 04:44:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) dup2(r0, r1) 04:44:51 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket(0x400000000010, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0x2c}}]}, 0x38}}, 0x0) 04:44:51 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x2a, 0x0, &(0x7f0000000080)) 04:44:51 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x60000000, &(0x7f0000000100)=[{&(0x7f00000003c0)="2e0000002300817ee45de087185082cf0124b0eba06ec4a86e8f32e00586f9835b3f00009148790000f8de84c5e2", 0xec0}], 0x1}, 0x0) 04:44:51 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x40000000000013, 0x96}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 04:44:51 executing program 3: r0 = socket$inet6(0xa, 0x401000000001, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r1 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x208200) sendfile(r0, r1, 0x0, 0x8000fffffffe) 04:44:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000000)={0x0, 0xe2, &(0x7f00000000c0)={&(0x7f0000000100)={0x6c, r1, 0x5, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2, [0x0, 0xc202]}, 0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}]}]}, 0x6c}}, 0x0) 04:44:51 executing program 5: syz_open_dev$sndtimer(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f00000003c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000002000000070600000ee60000bf050000000000001f650000000000006507000002000000270700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000029cc11ce043098b7939b912e7bd8c5004acf53be3ea114ff2047eab21d3fd7044bacfc39e0e6a2697029692400a88625427fac8f24c19e086ff689429343cceed49bfb10125e71cc5f3d852cffd10efbbd7774a7b9d318a688fcd62779d29458de9c2afd4c965ee02ee994fb40cd9355a5e30eecbaecbbd348906d47990d11fd024c856da2fd37dd3843494d72c5126cf3a4fbecf2190cd2d5e8363f264fe7510137db289b13a2d2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x0) 04:44:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r2, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) mknod$loop(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0xffffffffffffffff) read$FUSE(r2, &(0x7f0000000780), 0x1000) write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_ENTRY(r2, &(0x7f00000005c0)={0x90, 0x0, 0x2}, 0x90) 04:44:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="3b00000002"]}) [ 239.150784][ T8897] Started in network mode 04:44:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x69, 0x10, 0x54}, [@ldst={0x5, 0x3, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffda4, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) [ 239.197555][ T8897] Own node identity ff020002000000000000000000000001, cluster identity 4711 [ 239.236609][ T8897] Enabling of bearer rejected, failed to enable media [ 239.353331][ T8897] Enabling of bearer rejected, failed to enable media 04:44:52 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) clock_gettime(0x0, 0x0) futex(&(0x7f0000000100), 0x4, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x1, 0x0) 04:44:52 executing program 5: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0xfffffcba) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = msgget$private(0x0, 0x0) msgrcv(r1, 0x0, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) fchmodat(r2, &(0x7f0000000000)='./file0\x00', 0x0) msgctl$IPC_RMID(r1, 0x0) 04:44:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x1b, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000040)="04c51ec5") r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:44:52 executing program 3: r0 = socket$inet6(0xa, 0x401000000001, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r1 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x208200) sendfile(r0, r1, 0x0, 0x8000fffffffe) 04:44:52 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/l\x01op-contl\x00', 0x20000, 0x0) r1 = socket$inet6(0xa, 0x401000000001, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0xfffffffffffffff8, 0x4143) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f00000001c0)={0x1, 0x0, {0x3c, 0x1f, 0x0, 0x7, 0x6, 0x20, 0x3, 0x142, 0xffffffffffffffff}}) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f00000000c0)={{0x2, 0x4e21, @multicast1}, {0x306}, 0x0, {0x2, 0x4e23, @multicast1}, 'bond0\x00'}) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r4, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r4) close(r1) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r5 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r6, 0x208200) sendfile(r1, r5, 0x0, 0x8000fffffffe) sync_file_range(r5, 0x0, 0x0, 0x4) ioctl$sock_inet_sctp_SIOCINQ(r6, 0x541b, &(0x7f0000000140)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) close(r0) [ 239.714629][ T8931] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 04:44:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1a) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0x0, 0xc, 0x0, 0xffff}, 0x20) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 04:44:52 executing program 4: r0 = socket(0x400000000010, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000600)=@allocspi={0xf8, 0x16, 0x109, 0x0, 0x0, {{{@in=@dev, @in6=@loopback}, {@in6=@rand_addr="852ec48280f0123306ceec9272df11a2", 0x0, 0x32}, @in6=@local}}}, 0xf8}}, 0x0) 04:44:52 executing program 3: r0 = socket$inet6(0xa, 0x401000000001, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r1 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x208200) sendfile(r0, r1, 0x0, 0x8000fffffffe) 04:44:52 executing program 2: unshare(0x20060400) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 04:44:52 executing program 4: syz_mount_image$vfat(&(0x7f0000002040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe002, 0x1, &(0x7f0000000140)=[{&(0x7f0000002000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000000600)='4', 0x1) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) write$FUSE_DIRENT(r3, &(0x7f0000000180)=ANY=[@ANYRESHEX], 0x12) sendfile(r3, r4, 0x0, 0x7fffffff) 04:44:53 executing program 2: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xd5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_POLL(r0, &(0x7f00000000c0)={0xfffffffffffffe51}, 0x1f1) [ 240.448055][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 240.448068][ T26] audit: type=1800 audit(1574052293.146:31): pid=8968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="loop4" ino=22 res=0 [ 240.491115][ T8968] attempt to access beyond end of device 04:44:53 executing program 4: syz_mount_image$vfat(&(0x7f0000002040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe002, 0x1, &(0x7f0000000140)=[{&(0x7f0000002000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) write(r1, &(0x7f0000000600)='4', 0x1) creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) write$FUSE_DIRENT(r3, &(0x7f0000000180)=ANY=[@ANYRESHEX], 0x12) sendfile(r3, r4, 0x0, 0x7fffffff) [ 240.503234][ T8968] loop4: rw=2049, want=130, limit=112 [ 240.521970][ T26] audit: type=1804 audit(1574052293.216:32): pid=8968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir258267904/syzkaller.tzXk4Y/6/file0/file0" dev="loop4" ino=22 res=1 [ 240.588012][ T26] audit: type=1804 audit(1574052293.216:33): pid=8971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir258267904/syzkaller.tzXk4Y/6/file0/file0" dev="loop4" ino=22 res=1 [ 240.598863][ T274] attempt to access beyond end of device [ 240.647909][ T26] audit: type=1804 audit(1574052293.246:34): pid=8968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir258267904/syzkaller.tzXk4Y/6/file0/file0" dev="loop4" ino=22 res=1 [ 240.647930][ T8953] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 240.740876][ T274] loop4: rw=1, want=146, limit=112 [ 240.912639][ T26] audit: type=1800 audit(1574052293.606:35): pid=8987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16524 res=0 [ 402.545541][ T1081] INFO: task :8924 can't die for more than 143 seconds. [ 402.552724][ T1081] R running task 28144 8924 8749 0x00004006 [ 402.572348][ T1081] Call Trace: [ 402.577047][ T1081] __schedule+0x8e9/0x1f30 [ 402.581472][ T1081] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.592390][ T1081] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.598287][ T1081] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.603811][ T1081] ? lockdep_hardirqs_on+0x421/0x5e0 [ 402.613529][ T1081] ? retint_kernel+0x2b/0x2b [ 402.618418][ T1081] ? trace_hardirqs_on_caller+0x6a/0x240 [ 402.624161][ T1081] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.634155][ T1081] ? preempt_schedule_irq+0xf3/0x160 [ 402.639769][ T1081] ? irq_work_sync+0xe5/0x1d0 [ 402.644516][ T1081] ? check_memory_region+0x41/0x1a0 [ 402.654448][ T1081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 402.661248][ T1081] ? irq_work_sync+0xd1/0x1d0 [ 402.670396][ T1081] ? _free_event+0x89/0x13b0 [ 402.674995][ T1081] ? __kasan_check_write+0x14/0x20 [ 402.681278][ T1081] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 402.691941][ T1081] ? mark_held_locks+0xa4/0xf0 [ 402.697447][ T1081] ? ring_buffer_attach+0x650/0x650 [ 402.702648][ T1081] ? wait_for_completion+0x440/0x440 [ 402.714723][ T1081] ? put_event+0x47/0x60 [ 402.719308][ T1081] ? perf_event_release_kernel+0x6d5/0xd70 [ 402.725122][ T1081] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 402.736116][ T1081] ? __perf_event_exit_context+0x170/0x170 [ 402.742055][ T1081] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 402.752123][ T1081] ? perf_release+0x37/0x50 [ 402.757686][ T1081] ? __fput+0x2ff/0x890 [ 402.761844][ T1081] ? perf_event_release_kernel+0xd70/0xd70 [ 402.771549][ T1081] ? ____fput+0x16/0x20 [ 402.776706][ T1081] ? task_work_run+0x145/0x1c0 [ 402.781494][ T1081] ? exit_to_usermode_loop+0x316/0x380 [ 402.792758][ T1081] ? do_syscall_64+0x676/0x790 [ 402.798524][ T1081] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.804643][ T1081] [ 402.804643][ T1081] Showing all locks held in the system: [ 402.817518][ T1081] 1 lock held by khungtaskd/1081: [ 402.822549][ T1081] #0: ffffffff88faccc0 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 402.834189][ T1081] 1 lock held by rsyslogd/8616: [ 402.841313][ T1081] #0: ffff888094c700e0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 402.852239][ T1081] 2 locks held by getty/8706: [ 402.859210][ T1081] #0: ffff88809bcef090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 402.871183][ T1081] #1: ffffc90005f1d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 402.883101][ T1081] 2 locks held by getty/8707: [ 402.890018][ T1081] #0: ffff8880a1968090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 402.902254][ T1081] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 402.914710][ T1081] 2 locks held by getty/8708: [ 402.921870][ T1081] #0: ffff888099a51090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 402.933088][ T1081] #1: ffffc90005f252e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 402.944931][ T1081] 2 locks held by getty/8709: [ 402.952647][ T1081] #0: ffff8880a74e0090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 402.964019][ T1081] #1: ffffc90005f432e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 402.977964][ T1081] 2 locks held by getty/8710: [ 402.982710][ T1081] #0: ffff8880a0e91090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 402.993247][ T1081] #1: ffffc90005f3f2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 403.008545][ T1081] 2 locks held by getty/8711: [ 403.013224][ T1081] #0: ffff8880a0882090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 403.023935][ T1081] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 403.037936][ T1081] 2 locks held by getty/8712: [ 403.042620][ T1081] #0: ffff8880a07bb090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 403.053142][ T1081] #1: ffffc90005f112e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 403.067233][ T1081] [ 403.069583][ T1081] ============================================= [ 403.069583][ T1081] [ 403.080922][ T1081] NMI backtrace for cpu 1 [ 403.085309][ T1081] CPU: 1 PID: 1081 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 403.093894][ T1081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.103946][ T1081] Call Trace: [ 403.107286][ T1081] dump_stack+0x197/0x210 [ 403.111615][ T1081] nmi_cpu_backtrace.cold+0x70/0xb2 [ 403.116815][ T1081] ? vprintk_func+0x86/0x189 [ 403.121415][ T1081] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 403.127179][ T1081] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 403.133158][ T1081] arch_trigger_cpumask_backtrace+0x14/0x20 [ 403.139095][ T1081] watchdog+0xc8f/0x1350 [ 403.143339][ T1081] kthread+0x361/0x430 [ 403.147405][ T1081] ? reset_hung_task_detector+0x30/0x30 [ 403.152999][ T1081] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 403.158712][ T1081] ret_from_fork+0x24/0x30 [ 403.163374][ T1081] Sending NMI from CPU 1 to CPUs 0: [ 403.168999][ C0] NMI backtrace for cpu 0 [ 403.169005][ C0] CPU: 0 PID: 8924 Comm: Not tainted 5.4.0-rc7-next-20191115 #0 [ 403.169010][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.169014][ C0] RIP: 0010:irq_work_sync+0xd3/0x1d0 [ 403.169023][ C0] Code: f5 ff 4d 89 e6 4d 89 e5 48 b8 00 00 00 00 00 fc ff df 49 c1 ee 03 41 83 e5 07 49 01 c6 41 83 c5 03 eb 07 e8 7f 87 f5 ff f3 90 78 87 f5 ff be 04 00 00 00 4c 89 e7 e8 ab a6 31 00 41 0f b6 06 [ 403.169027][ C0] RSP: 0018:ffff8880572dfc08 EFLAGS: 00000293 [ 403.169034][ C0] RAX: ffff8880a4bc65c0 RBX: 0000000000000002 RCX: ffffffff817e51f6 [ 403.169039][ C0] RDX: 0000000000000000 RSI: ffffffff817e51c1 RDI: 0000000000000005 [ 403.169043][ C0] RBP: ffff8880572dfc28 R08: ffff8880a4bc65c0 R09: ffffed1012b1b682 [ 403.169048][ C0] R10: ffffed1012b1b681 R11: ffff8880958db40b R12: ffff8880958db408 [ 403.169052][ C0] R13: 0000000000000003 R14: ffffed1012b1b681 R15: ffff8880572dfcc8 [ 403.169057][ C0] FS: 000000000166d940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 403.169061][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 403.169066][ C0] CR2: 00007f51ae896000 CR3: 0000000097d59000 CR4: 00000000001406f0 [ 403.169070][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 403.169075][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 403.169077][ C0] Call Trace: [ 403.169080][ C0] _free_event+0x89/0x13b0 [ 403.169084][ C0] ? __kasan_check_write+0x14/0x20 [ 403.169087][ C0] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 403.169090][ C0] ? mark_held_locks+0xa4/0xf0 [ 403.169093][ C0] ? ring_buffer_attach+0x650/0x650 [ 403.169097][ C0] ? wait_for_completion+0x440/0x440 [ 403.169099][ C0] put_event+0x47/0x60 [ 403.169103][ C0] perf_event_release_kernel+0x6d5/0xd70 [ 403.169107][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 403.169111][ C0] ? __perf_event_exit_context+0x170/0x170 [ 403.169115][ C0] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 403.169118][ C0] perf_release+0x37/0x50 [ 403.169120][ C0] __fput+0x2ff/0x890 [ 403.169124][ C0] ? perf_event_release_kernel+0xd70/0xd70 [ 403.169127][ C0] ____fput+0x16/0x20 [ 403.169130][ C0] task_work_run+0x145/0x1c0 [ 403.169133][ C0] exit_to_usermode_loop+0x316/0x380 [ 403.169136][ C0] do_syscall_64+0x676/0x790 [ 403.169140][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.169143][ C0] RIP: 0033:0x4141d1 [ 403.169153][ C0] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 403.169156][ C0] RSP: 002b:00007ffeb0ac4920 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 403.169164][ C0] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004141d1 [ 403.169169][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 403.169174][ C0] RBP: 0000000000000001 R08: 00000000c26edac9 R09: 00000000c26edacd [ 403.169178][ C0] R10: 00007ffeb0ac4a00 R11: 0000000000000293 R12: 000000000075c9a0 [ 403.169182][ C0] R13: 000000000075c9a0 R14: 0000000000761d68 R15: 000000000075bfd4 [ 403.177512][ T1081] Kernel panic - not syncing: hung_task: blocked tasks [ 403.479819][ T1081] CPU: 1 PID: 1081 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 403.488401][ T1081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.498624][ T1081] Call Trace: [ 403.501918][ T1081] dump_stack+0x197/0x210 [ 403.506389][ T1081] panic+0x2e3/0x75c [ 403.510295][ T1081] ? add_taint.cold+0x16/0x16 [ 403.514966][ T1081] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 403.520597][ T1081] ? ___preempt_schedule+0x16/0x18 [ 403.525725][ T1081] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 403.531883][ T1081] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 403.538049][ T1081] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 403.544296][ T1081] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 403.550459][ T1081] watchdog+0xca0/0x1350 [ 403.554711][ T1081] kthread+0x361/0x430 [ 403.558775][ T1081] ? reset_hung_task_detector+0x30/0x30 [ 403.564322][ T1081] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 403.570082][ T1081] ret_from_fork+0x24/0x30 [ 403.576230][ T1081] Kernel Offset: disabled [ 403.580644][ T1081] Rebooting in 86400 seconds..