[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.229945][ T26] audit: type=1800 audit(1566917026.975:25): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 53.251567][ T26] audit: type=1800 audit(1566917026.975:26): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 53.271749][ T26] audit: type=1800 audit(1566917026.975:27): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. 2019/08/27 14:43:56 fuzzer started 2019/08/27 14:43:59 dialing manager at 10.128.0.26:45029 2019/08/27 14:43:59 syscalls: 2487 2019/08/27 14:43:59 code coverage: enabled 2019/08/27 14:43:59 comparison tracing: enabled 2019/08/27 14:43:59 extra coverage: extra coverage is not supported by the kernel 2019/08/27 14:43:59 setuid sandbox: enabled 2019/08/27 14:43:59 namespace sandbox: enabled 2019/08/27 14:43:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/27 14:43:59 fault injection: enabled 2019/08/27 14:43:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/27 14:43:59 net packet injection: enabled 2019/08/27 14:43:59 net device setup: enabled 14:46:14 executing program 0: set_mempolicy(0x3, &(0x7f0000000000)=0xfffffffeffffffff, 0x77) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 14:46:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x0, 0x40002000}, 0xc) syzkaller login: [ 201.076840][ T8280] IPVS: ftp: loaded support on port[0] = 21 [ 201.254298][ T8280] chnl_net:caif_netlink_parms(): no params data found [ 201.272178][ T8283] IPVS: ftp: loaded support on port[0] = 21 14:46:15 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) [ 201.344326][ T8280] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.353913][ T8280] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.362185][ T8280] device bridge_slave_0 entered promiscuous mode [ 201.381336][ T8280] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.390295][ T8280] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.398434][ T8280] device bridge_slave_1 entered promiscuous mode [ 201.478853][ T8286] IPVS: ftp: loaded support on port[0] = 21 [ 201.485291][ T8280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.513497][ T8283] chnl_net:caif_netlink_parms(): no params data found [ 201.524095][ T8280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.575977][ T8280] team0: Port device team_slave_0 added [ 201.604133][ T8280] team0: Port device team_slave_1 added [ 201.618028][ T8283] bridge0: port 1(bridge_slave_0) entered blocking state 14:46:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, &(0x7f0000000200)="b9800000c00f3235000100000f3048b8568b929eb42e3b020f23c00f21f835010003000f23f8440f01ca66b858008ec00f20d835200000000f22d866bad004ec650f01cf66baf80cb8bb6e038fef66bafc0cec363e450f3066b85e008ed8", 0x5e}], 0x1, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000003c0)={{{@in=@dev, @in=@multicast2}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1040000004, 0x0, 0x0, 0x0, 0x4cc]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 201.625184][ T8283] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.634451][ T8283] device bridge_slave_0 entered promiscuous mode [ 201.693928][ T8283] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.709411][ T8283] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.737484][ T8283] device bridge_slave_1 entered promiscuous mode 14:46:15 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) readv(r0, &(0x7f00000018c0)=[{&(0x7f0000000240)=""/111, 0x6f}], 0x1) write$FUSE_DIRENT(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="3000000000000000020000000000000007000000000019debbfe8efe2bcf765200000000000027dd0000000007000000007e4fd7ba118996000000637075736574"], 0x30) [ 201.830108][ T8280] device hsr_slave_0 entered promiscuous mode [ 201.908868][ T8280] device hsr_slave_1 entered promiscuous mode 14:46:15 executing program 5: syz_open_dev$vbi(&(0x7f0000000440)='/dev/vbi#\x00', 0x3, 0x2) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000480)={0x200000005, 0x3, 0x5, 0x0, 0x0, 0x1, 0xfffffffffffffffb, 0x0, 0xaa, 0x20, 0x4c, 0x2}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000640)='TIPCv2\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000500), 0xc, 0x0}, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000540)={0x0, 0x0, 0x10001, 0x5}) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000006c0)={0x0, 0x7ff}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYRES16=0x0, @ANYBLOB="fb686e0dd505cd"], 0x2}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 202.016317][ T8280] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.023490][ T8280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.031245][ T8280] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.038334][ T8280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.065239][ T8290] IPVS: ftp: loaded support on port[0] = 21 [ 202.065330][ T8292] IPVS: ftp: loaded support on port[0] = 21 [ 202.098890][ T8283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.115841][ T8286] chnl_net:caif_netlink_parms(): no params data found [ 202.142844][ T8283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.203043][ T8283] team0: Port device team_slave_0 added [ 202.215868][ T8286] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.224878][ T8286] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.232619][ T8286] device bridge_slave_0 entered promiscuous mode [ 202.242637][ T8283] team0: Port device team_slave_1 added [ 202.254566][ T8294] IPVS: ftp: loaded support on port[0] = 21 [ 202.261307][ T3501] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.269697][ T3501] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.282681][ T8286] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.291086][ T8286] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.298799][ T8286] device bridge_slave_1 entered promiscuous mode [ 202.400239][ T8283] device hsr_slave_0 entered promiscuous mode [ 202.457939][ T8283] device hsr_slave_1 entered promiscuous mode [ 202.497690][ T8283] debugfs: Directory 'hsr0' with parent '/' already present! [ 202.523617][ T8286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.534559][ T8280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.560670][ T8286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.607165][ T8286] team0: Port device team_slave_0 added [ 202.616373][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.624642][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.646402][ T8286] team0: Port device team_slave_1 added [ 202.671866][ T8290] chnl_net:caif_netlink_parms(): no params data found [ 202.681834][ T8280] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.769237][ T8286] device hsr_slave_0 entered promiscuous mode [ 202.817936][ T8286] device hsr_slave_1 entered promiscuous mode [ 202.887618][ T8286] debugfs: Directory 'hsr0' with parent '/' already present! [ 202.931446][ T8292] chnl_net:caif_netlink_parms(): no params data found [ 202.972477][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.981699][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.990066][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.997090][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.024031][ T8294] chnl_net:caif_netlink_parms(): no params data found [ 203.038804][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.047366][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.057279][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.064381][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.072090][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.080950][ T8290] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.088229][ T8290] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.095798][ T8290] device bridge_slave_0 entered promiscuous mode [ 203.106818][ T8290] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.114432][ T8290] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.122053][ T8290] device bridge_slave_1 entered promiscuous mode [ 203.146453][ T8290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.162712][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.171402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.180429][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.189261][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.197855][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.212968][ T8292] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.220260][ T8292] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.228116][ T8292] device bridge_slave_0 entered promiscuous mode [ 203.235530][ T8292] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.242667][ T8292] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.250648][ T8292] device bridge_slave_1 entered promiscuous mode [ 203.276564][ T8290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.294368][ T8280] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 203.305413][ T8280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.317044][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.325122][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.333387][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.342056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.350603][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.367332][ T8294] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.375926][ T8294] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.384116][ T8294] device bridge_slave_0 entered promiscuous mode [ 203.395759][ T8294] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.403050][ T8294] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.410756][ T8294] device bridge_slave_1 entered promiscuous mode [ 203.434153][ T8294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.444784][ T8292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.454381][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.471465][ T8294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.485188][ T8292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.507141][ T8290] team0: Port device team_slave_0 added [ 203.516385][ T8290] team0: Port device team_slave_1 added [ 203.536271][ T8292] team0: Port device team_slave_0 added [ 203.543538][ T8292] team0: Port device team_slave_1 added [ 203.560195][ T8280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.570993][ T8294] team0: Port device team_slave_0 added [ 203.580276][ T8294] team0: Port device team_slave_1 added [ 203.640089][ T8292] device hsr_slave_0 entered promiscuous mode [ 203.677809][ T8292] device hsr_slave_1 entered promiscuous mode [ 203.717653][ T8292] debugfs: Directory 'hsr0' with parent '/' already present! [ 203.790386][ T8294] device hsr_slave_0 entered promiscuous mode [ 203.827745][ T8294] device hsr_slave_1 entered promiscuous mode [ 203.877835][ T8294] debugfs: Directory 'hsr0' with parent '/' already present! [ 203.889739][ T8283] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.940701][ T8290] device hsr_slave_0 entered promiscuous mode [ 203.967818][ T8290] device hsr_slave_1 entered promiscuous mode [ 204.018185][ T8290] debugfs: Directory 'hsr0' with parent '/' already present! [ 204.055389][ T8286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.090626][ T8283] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.105653][ T8286] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.118209][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.125910][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.136682][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.144525][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.158852][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.170170][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.178920][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.186078][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.245035][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.262324][ T8306] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 204.264913][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.313791][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.322396][ T8295] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.329498][ T8295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.337185][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.346317][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.354988][ T8295] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.362090][ T8295] bridge0: port 2(bridge_slave_1) entered forwarding state 14:46:18 executing program 0: r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000003fc0)={0x0}) recvmmsg(r0, 0x0, 0x0, 0x20, &(0x7f0000004000)={r1}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0xc) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fchdir(r2) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) [ 204.387212][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.404291][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.413251][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.424558][ T8295] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.431653][ T8295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.439296][ T8295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.490887][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.502378][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.511245][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.519897][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.529285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.537387][ C1] hrtimer: interrupt took 22508 ns [ 204.537798][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.552043][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.560897][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.581659][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.595923][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.604714][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.622124][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 14:46:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000000080)=@ethtool_drvinfo={0x3, "776632a5636c718c945d5e2b436c5f4159c120a9c334e58468c0d7538d8ad5a2", "d19ab304da0cc0def3ddc32a768aec9b8a150f4e1f6b09cae2ef2391169f2ef6", "4962c2e654f18fa04f715366d6f40213814a1496951f26d2b4b8a57d7c1ed7eb", "65a189a85aff864082a89879288d1dc7a5f3bd2f7b6440405ad855baf8d924a5", "c7a49fb5b4c551a7628c9d32b441a0547cfcce38967414a88024b4286ea484b9", "fed3f62f3bfdb6e6f5e995df"}}) [ 204.638833][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.647207][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.662544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.682826][ T8286] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.710905][ T8286] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.725549][ T8292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.733655][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.742016][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.749755][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 14:46:18 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_proto_private(r0, 0x1000000000089e1, &(0x7f0000000080)) [ 204.758066][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.776476][ T8292] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.793040][ T8294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.815222][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.829052][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.836688][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.855328][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.866629][ T8286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.878768][ T8283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.894097][ T8294] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.904314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.919121][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.928084][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.935150][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.943032][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.950966][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.969197][ T8290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.994999][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.003350][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:46:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) pipe(&(0x7f0000000e80)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000009c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000002540)=[{{&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x2, 0x3, 0x1, 0x4, "57f8af0aac92b95376ef296db6dc7ded6df5e78d4833c11994630e5be5a63873b4b64ddd468f71eff3c462cb96f6e746d696dfdc981de2c5be6a13898cb7be", 0x3a}, 0x80, 0x0, 0x0, &(0x7f00000007c0)=[{0x48, 0x10c, 0x0, "3315a46f94810863e2b6d1bb1a933d10063dc92cf1ddf6182df28fae20de631dfc6380fb29916cc42b9b4f7b1020ddd1982c5d53313079dcd516"}, {0xb4, 0xf5b72db7fe3c494d, 0x4, "08ef15eff1e5e6db1d117115a451b6aa223fa72ad05c0e76e78e862b1ebcd2f39657e7319f06d57ec09d23918e14c5674218041c40c170917c1b255f166f11230b44eb030864d73d7b4314bfd642452e1fae1fce2dfae8c5dcd965115c3781cd4ebb0af7a7e250ac366b40d88f9009d95f550b60b5b45eef1533b3153e166c54bdf3844da152790694887a2d190eba4ec6c367280e1f673e25c877a26f63d43d8410db6285"}], 0xfc}}, {{&(0x7f0000000a00)=@ipx={0x4, 0x1, 0x211e, "c332149ae98c", 0xbcc}, 0x80, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="df9d1bfbbc6c", 0x6}, {0x0}, {&(0x7f0000000c80)="5fdef6864d83dbaa393a7cb9c9ff8efb65480133046ab144f3a486e6731c708b29b905a3e942cbf527e3ba5cbd2dfedc7d90b02a218e42db", 0x38}, {&(0x7f0000000d40)="91f63720badfe55d81e104c1085261ac74d05e965c916741e980105912b8d7ee6dfc11b47524b4227fd11dd42f8b5be5ef2eddea07dadbef28797933088e07247736af4de2df3e8641606ca79444fac89423fb135e8a9c73a649e687499433fefb6d3855b4a18c5b", 0x68}, {&(0x7f0000000e80)}], 0x7, &(0x7f0000001fc0)=[{0x34, 0x0, 0x0, "79510f0ccad7d4a019f42cd0eca6c240fcd6e1fd70630c6e17f187d263ffdf3237b5460b416e"}], 0x34}}], 0x2, 0x8000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) [ 205.029572][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.044857][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.051979][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.070731][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.079588][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.096077][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.106861][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.115951][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.123048][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.131718][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.133598][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 205.140389][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.159658][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.166732][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.174713][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.183283][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.191812][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.200443][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.210098][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.218867][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.227036][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.235802][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.244595][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.253331][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.268198][ T8290] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.279882][ T8294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.292299][ T8294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.306438][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.314141][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.322063][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.330584][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.339301][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.350541][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.359162][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.375784][ T8292] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 205.386480][ T8292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.410251][ T8294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.418033][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.426454][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.465877][ T8287] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.473025][ T8287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.507255][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.519586][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.535914][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.547656][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.556166][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.565128][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.581378][ T8283] 8021q: adding VLAN 0 to HW filter on device batadv0 14:46:19 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) [ 205.609876][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.617944][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.626041][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.645872][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.667252][ T8287] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.674359][ T8287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.706559][ T8287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 14:46:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) pipe(&(0x7f0000000e80)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000009c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000002540)=[{{&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x2, 0x3, 0x1, 0x4, "57f8af0aac92b95376ef296db6dc7ded6df5e78d4833c11994630e5be5a63873b4b64ddd468f71eff3c462cb96f6e746d696dfdc981de2c5be6a13898cb7be", 0x3a}, 0x80, 0x0, 0x0, &(0x7f00000007c0)=[{0x48, 0x10c, 0x0, "3315a46f94810863e2b6d1bb1a933d10063dc92cf1ddf6182df28fae20de631dfc6380fb29916cc42b9b4f7b1020ddd1982c5d53313079dcd516"}, {0xb4, 0xf5b72db7fe3c494d, 0x4, "08ef15eff1e5e6db1d117115a451b6aa223fa72ad05c0e76e78e862b1ebcd2f39657e7319f06d57ec09d23918e14c5674218041c40c170917c1b255f166f11230b44eb030864d73d7b4314bfd642452e1fae1fce2dfae8c5dcd965115c3781cd4ebb0af7a7e250ac366b40d88f9009d95f550b60b5b45eef1533b3153e166c54bdf3844da152790694887a2d190eba4ec6c367280e1f673e25c877a26f63d43d8410db6285"}], 0xfc}}, {{&(0x7f0000000a00)=@ipx={0x4, 0x1, 0x211e, "c332149ae98c", 0xbcc}, 0x80, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="df9d1bfbbc6c", 0x6}, {0x0}, {&(0x7f0000000c80)="5fdef6864d83dbaa393a7cb9c9ff8efb65480133046ab144f3a486e6731c708b29b905a3e942cbf527e3ba5cbd2dfedc7d90b02a218e42db", 0x38}, {&(0x7f0000000d40)="91f63720badfe55d81e104c1085261ac74d05e965c916741e980105912b8d7ee6dfc11b47524b4227fd11dd42f8b5be5ef2eddea07dadbef28797933088e07247736af4de2df3e8641606ca79444fac89423fb135e8a9c73a649e687499433fefb6d3855b4a18c5b", 0x68}, {&(0x7f0000000e80)}], 0x7, &(0x7f0000001fc0)=[{0x34, 0x0, 0x0, "79510f0ccad7d4a019f42cd0eca6c240fcd6e1fd70630c6e17f187d263ffdf3237b5460b416e"}], 0x34}}], 0x2, 0x8000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) [ 205.741220][ T8292] 8021q: adding VLAN 0 to HW filter on device batadv0 14:46:19 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) [ 205.786185][ T8299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.817257][ T8290] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 205.874873][ T8290] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.914099][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.926337][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.945705][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.964559][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.984873][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.996895][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 206.023870][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 206.041331][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 206.054163][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 206.064582][ T8323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 206.107248][ T8290] 8021q: adding VLAN 0 to HW filter on device batadv0 14:46:20 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) 14:46:20 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) [ 206.475509][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.479802][ T8389] fuse: Bad value for 'subtype' [ 206.504074][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.505607][ T8390] fuse: Bad value for 'subtype' [ 206.515219][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.530859][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.548899][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.563096][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.575334][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.585883][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.597123][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 [ 206.606062][ T8385] kvm [8383]: vcpu0, guest rIP: 0x205 Hyper-V unhandled rdmsr: 0x40000004 14:46:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, &(0x7f0000000200)="b9800000c00f3235000100000f3048b8568b929eb42e3b020f23c00f21f835010003000f23f8440f01ca66b858008ec00f20d835200000000f22d866bad004ec650f01cf66baf80cb8bb6e038fef66bafc0cec363e450f3066b85e008ed8", 0x5e}], 0x1, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000003c0)={{{@in=@dev, @in=@multicast2}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1040000004, 0x0, 0x0, 0x0, 0x4cc]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:46:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) pipe(&(0x7f0000000e80)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000009c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000002540)=[{{&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x2, 0x3, 0x1, 0x4, "57f8af0aac92b95376ef296db6dc7ded6df5e78d4833c11994630e5be5a63873b4b64ddd468f71eff3c462cb96f6e746d696dfdc981de2c5be6a13898cb7be", 0x3a}, 0x80, 0x0, 0x0, &(0x7f00000007c0)=[{0x48, 0x10c, 0x0, "3315a46f94810863e2b6d1bb1a933d10063dc92cf1ddf6182df28fae20de631dfc6380fb29916cc42b9b4f7b1020ddd1982c5d53313079dcd516"}, {0xb4, 0xf5b72db7fe3c494d, 0x4, "08ef15eff1e5e6db1d117115a451b6aa223fa72ad05c0e76e78e862b1ebcd2f39657e7319f06d57ec09d23918e14c5674218041c40c170917c1b255f166f11230b44eb030864d73d7b4314bfd642452e1fae1fce2dfae8c5dcd965115c3781cd4ebb0af7a7e250ac366b40d88f9009d95f550b60b5b45eef1533b3153e166c54bdf3844da152790694887a2d190eba4ec6c367280e1f673e25c877a26f63d43d8410db6285"}], 0xfc}}, {{&(0x7f0000000a00)=@ipx={0x4, 0x1, 0x211e, "c332149ae98c", 0xbcc}, 0x80, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="df9d1bfbbc6c", 0x6}, {0x0}, {&(0x7f0000000c80)="5fdef6864d83dbaa393a7cb9c9ff8efb65480133046ab144f3a486e6731c708b29b905a3e942cbf527e3ba5cbd2dfedc7d90b02a218e42db", 0x38}, {&(0x7f0000000d40)="91f63720badfe55d81e104c1085261ac74d05e965c916741e980105912b8d7ee6dfc11b47524b4227fd11dd42f8b5be5ef2eddea07dadbef28797933088e07247736af4de2df3e8641606ca79444fac89423fb135e8a9c73a649e687499433fefb6d3855b4a18c5b", 0x68}, {&(0x7f0000000e80)}], 0x7, &(0x7f0000001fc0)=[{0x34, 0x0, 0x0, "79510f0ccad7d4a019f42cd0eca6c240fcd6e1fd70630c6e17f187d263ffdf3237b5460b416e"}], 0x34}}], 0x2, 0x8000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 14:46:20 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) setregid(0x0, 0x0) rt_sigpending(&(0x7f0000000200), 0x8) utime(&(0x7f0000000040)='./file0//ile0\x00', &(0x7f00000000c0)={0xffffffffffffffff, 0x3f}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x2000, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) rmdir(&(0x7f0000000240)='./file0//ile0\x00') mkdir(&(0x7f0000000000)='./file0//ile0\x00', 0x2) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 14:46:20 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) close(r0) 14:46:20 executing program 4: r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000003fc0)={0x0}) recvmmsg(r0, 0x0, 0x0, 0x20, &(0x7f0000004000)={r1}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0xc) fchdir(r2) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) [ 206.938759][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 14:46:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) pipe(&(0x7f0000000e80)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000009c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000002540)=[{{&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x2, 0x3, 0x1, 0x4, "57f8af0aac92b95376ef296db6dc7ded6df5e78d4833c11994630e5be5a63873b4b64ddd468f71eff3c462cb96f6e746d696dfdc981de2c5be6a13898cb7be", 0x3a}, 0x80, 0x0, 0x0, &(0x7f00000007c0)=[{0x48, 0x10c, 0x0, "3315a46f94810863e2b6d1bb1a933d10063dc92cf1ddf6182df28fae20de631dfc6380fb29916cc42b9b4f7b1020ddd1982c5d53313079dcd516"}, {0xb4, 0xf5b72db7fe3c494d, 0x4, "08ef15eff1e5e6db1d117115a451b6aa223fa72ad05c0e76e78e862b1ebcd2f39657e7319f06d57ec09d23918e14c5674218041c40c170917c1b255f166f11230b44eb030864d73d7b4314bfd642452e1fae1fce2dfae8c5dcd965115c3781cd4ebb0af7a7e250ac366b40d88f9009d95f550b60b5b45eef1533b3153e166c54bdf3844da152790694887a2d190eba4ec6c367280e1f673e25c877a26f63d43d8410db6285"}], 0xfc}}, {{&(0x7f0000000a00)=@ipx={0x4, 0x1, 0x211e, "c332149ae98c", 0xbcc}, 0x80, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="df9d1bfbbc6c", 0x6}, {0x0}, {&(0x7f0000000c80)="5fdef6864d83dbaa393a7cb9c9ff8efb65480133046ab144f3a486e6731c708b29b905a3e942cbf527e3ba5cbd2dfedc7d90b02a218e42db", 0x38}, {&(0x7f0000000d40)="91f63720badfe55d81e104c1085261ac74d05e965c916741e980105912b8d7ee6dfc11b47524b4227fd11dd42f8b5be5ef2eddea07dadbef28797933088e07247736af4de2df3e8641606ca79444fac89423fb135e8a9c73a649e687499433fefb6d3855b4a18c5b", 0x68}, {&(0x7f0000000e80)}], 0x7, &(0x7f0000001fc0)=[{0x34, 0x0, 0x0, "79510f0ccad7d4a019f42cd0eca6c240fcd6e1fd70630c6e17f187d263ffdf3237b5460b416e"}], 0x34}}], 0x2, 0x8000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 14:46:20 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) close(r0) 14:46:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)=""/44, 0x2c}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xfffffec8, 0x0, 0x0, 0x800e00539) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r3, &(0x7f0000003680)=[{&(0x7f00000000c0)=""/158, 0x9e}, {0x0}, {0x0}, {0x0}], 0x4) shutdown(r2, 0x0) 14:46:20 executing program 1: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6104) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) r2 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$P9_RREMOVE(r3, &(0x7f0000000500)={0x1b0}, 0xff7f) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000100)={0x0, r3}) 14:46:20 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000013c0)="ab553fec", 0x4) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{&(0x7f0000001240)=@alg, 0x80, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}, {0x0}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x3, &(0x7f0000004780)=""/245, 0xf5}}], 0x1, 0x0, &(0x7f0000008000)={0x0, 0x989680}) 14:46:20 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) close(r0) [ 207.275692][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 207.275705][ T26] audit: type=1804 audit(1566917181.015:31): pid=8429 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir254770063/syzkaller.wdoq4u/3/bus" dev="sda1" ino=16543 res=1 14:46:21 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x10}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48) [ 207.396601][ T26] audit: type=1804 audit(1566917181.075:32): pid=8434 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir254770063/syzkaller.wdoq4u/3/bus" dev="sda1" ino=16543 res=1 14:46:21 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x800002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab31, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 207.469292][ T26] audit: type=1804 audit(1566917181.135:33): pid=8434 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir254770063/syzkaller.wdoq4u/3/bus" dev="sda1" ino=16543 res=1 14:46:21 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) 14:46:21 executing program 1: r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x401) ioctl$FS_IOC_RESVSP(r0, 0x402c5828, &(0x7f00000000c0)={0x0, 0x4, 0x2, 0x3}) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/udp\x00') r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20008}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="84582e738f785d81a0a5c9786b35333810d1419d19d06e3eacaa897f13067b58351314c5f28b2fc9f762c50bbee6b6b1d7472557fabbcdd6165a00f8fd384f757d3fe53bbad07385cd34db1ff991b52bed41bc5b897f13e95759dcd89b4aedf07c24001a", @ANYRES16=r2, @ANYBLOB="04002abd7000fcdbdf25020000004c00070008000100040000000c00030061f9ffffffffffff0c00030002000000000000000c0003000500000000000000080001000300000008000200cb0000000c00030040000000000000002c000200080001000100000008000100050000000800020004000000080002000600000008000100ff030000280007000800020020000000080001000600000008000200ffffffff0c000300ff070000000000002c000900080001000000000008000200050000000800010004000000080001003f000000080001007f000000"], 0xe0}, 0x1, 0x0, 0x0, 0x4000001}, 0x40010) write$P9_RSTATFS(r1, &(0x7f0000000040)={0x43, 0x9, 0x0, {0x80, 0x6, 0x2, 0x6, 0x2, 0x80, 0x20, 0x4, 0x70}}, 0x43) socket$can_bcm(0x1d, 0x2, 0x2) inotify_init() recvmmsg(0xffffffffffffffff, &(0x7f0000004200)=[{{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001ac0)=""/94, 0x5e}], 0x1}}], 0x1, 0x0, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000000)) preadv(r1, &(0x7f00000017c0), 0x100000000000019d, 0xf0ffffff7f0000) [ 207.506794][ T26] audit: type=1804 audit(1566917181.165:34): pid=8440 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir254770063/syzkaller.wdoq4u/3/bus" dev="sda1" ino=16543 res=1 14:46:21 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000001c0)={'lo\x00\x00\x00\x00\x00\x00\xed\xff\xff\xff\xff\xff\xff\xff'}) r1 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00\x00\x00\x00\x04\x00\x00\x00\x00\x06\x00', 0xfd}) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev, 0xfffffffffffffffe}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x32, &(0x7f0000000000)={@dev, 0xfffffffe}, 0x20) 14:46:21 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) 14:46:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) pipe(&(0x7f0000000e80)) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000009c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000002540)=[{{&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x2, 0x3, 0x1, 0x4, "57f8af0aac92b95376ef296db6dc7ded6df5e78d4833c11994630e5be5a63873b4b64ddd468f71eff3c462cb96f6e746d696dfdc981de2c5be6a13898cb7be", 0x3a}, 0x80, 0x0, 0x0, &(0x7f00000007c0)=[{0x48, 0x10c, 0x0, "3315a46f94810863e2b6d1bb1a933d10063dc92cf1ddf6182df28fae20de631dfc6380fb29916cc42b9b4f7b1020ddd1982c5d53313079dcd516"}, {0xb4, 0xf5b72db7fe3c494d, 0x4, "08ef15eff1e5e6db1d117115a451b6aa223fa72ad05c0e76e78e862b1ebcd2f39657e7319f06d57ec09d23918e14c5674218041c40c170917c1b255f166f11230b44eb030864d73d7b4314bfd642452e1fae1fce2dfae8c5dcd965115c3781cd4ebb0af7a7e250ac366b40d88f9009d95f550b60b5b45eef1533b3153e166c54bdf3844da152790694887a2d190eba4ec6c367280e1f673e25c877a26f63d43d8410db6285"}], 0xfc}}, {{&(0x7f0000000a00)=@ipx={0x4, 0x1, 0x211e, "c332149ae98c", 0xbcc}, 0x80, &(0x7f0000001f40)=[{0x0}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="df9d1bfbbc6c", 0x6}, {0x0}, {&(0x7f0000000c80)="5fdef6864d83dbaa393a7cb9c9ff8efb65480133046ab144f3a486e6731c708b29b905a3e942cbf527e3ba5cbd2dfedc7d90b02a218e42db", 0x38}, {&(0x7f0000000d40)="91f63720badfe55d81e104c1085261ac74d05e965c916741e980105912b8d7ee6dfc11b47524b4227fd11dd42f8b5be5ef2eddea07dadbef28797933088e07247736af4de2df3e8641606ca79444fac89423fb135e8a9c73a649e687499433fefb6d3855b4a18c5b", 0x68}, {&(0x7f0000000e80)}], 0x7, &(0x7f0000001fc0)=[{0x34, 0x0, 0x0, "79510f0ccad7d4a019f42cd0eca6c240fcd6e1fd70630c6e17f187d263ffdf3237b5460b416e"}], 0x34}}], 0x2, 0x8000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 14:46:21 executing program 2: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(r0) [ 207.891123][ T8447] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 207.937565][ T8447] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 207.980026][ T8447] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 208.012462][ T8447] EXT4-fs error (device loop5): ext4_fill_super:4469: inode #2: comm syz-executor.5: iget: root inode unallocated [ 208.035199][ T8447] EXT4-fs (loop5): get root inode failed [ 208.043774][ T8447] EXT4-fs (loop5): mount failed [ 208.066525][ T8447] ------------[ cut here ]------------ [ 208.072022][ T8447] ODEBUG: free active (active state 0) object type: percpu_counter hint: 0x0 [ 208.081032][ T8447] WARNING: CPU: 0 PID: 8447 at lib/debugobjects.c:481 debug_print_object+0x168/0x250 [ 208.090518][ T8447] Kernel panic - not syncing: panic_on_warn set ... [ 208.097110][ T8447] CPU: 0 PID: 8447 Comm: syz-executor.5 Not tainted 5.3.0-rc6-next-20190826 #73 [ 208.106113][ T8447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.116167][ T8447] Call Trace: [ 208.119451][ T8447] dump_stack+0x172/0x1f0 [ 208.123778][ T8447] ? debug_print_object+0x90/0x250 [ 208.128882][ T8447] panic+0x2dc/0x755 [ 208.132773][ T8447] ? add_taint.cold+0x16/0x16 [ 208.137450][ T8447] ? __kasan_check_write+0x14/0x20 [ 208.142562][ T8447] ? __warn.cold+0x14/0x3c [ 208.145044][ T3891] kobject: 'loop1' (000000007ac71442): kobject_uevent_env [ 208.146977][ T8447] ? debug_print_object+0x168/0x250 [ 208.159331][ T8447] __warn.cold+0x2f/0x3c [ 208.163574][ T8447] ? debug_print_object+0x168/0x250 [ 208.168764][ T8447] report_bug+0x289/0x300 [ 208.172998][ T3891] kobject: 'loop1' (000000007ac71442): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 208.173087][ T8447] do_error_trap+0x11b/0x200 [ 208.187774][ T8447] do_invalid_op+0x37/0x50 [ 208.192183][ T8447] ? debug_print_object+0x168/0x250 [ 208.197375][ T8447] invalid_op+0x23/0x30 [ 208.201527][ T8447] RIP: 0010:debug_print_object+0x168/0x250 [ 208.207334][ T8447] Code: dd 60 6c e6 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 60 6c e6 87 48 c7 c7 c0 61 e6 87 e8 20 31 01 fe <0f> 0b 83 05 f3 67 83 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3 [ 208.226927][ T8447] RSP: 0018:ffff888058d6f938 EFLAGS: 00010086 [ 208.232511][ T3891] kobject: 'loop4' (000000004f680083): kobject_uevent_env [ 208.232982][ T8447] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 208.248009][ T8447] RDX: 0000000000040000 RSI: ffffffff815bd606 RDI: ffffed100b1adf19 [ 208.255971][ T8447] RBP: ffff888058d6f978 R08: ffff888096e66180 R09: ffffed1015d04109 [ 208.263925][ T8447] R10: ffffed1015d04108 R11: ffff8880ae820847 R12: 0000000000000001 [ 208.271886][ T8447] R13: ffffffff8935e800 R14: 0000000000000000 R15: ffff88809c9f5428 [ 208.279851][ T8447] ? vprintk_func+0x86/0x189 [ 208.284418][ T8447] ? debug_print_object+0x168/0x250 [ 208.289597][ T8447] debug_check_no_obj_freed+0x2d4/0x43f [ 208.295119][ T8447] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 208.300646][ T8447] kfree+0xf8/0x2c0 [ 208.304429][ T8447] ext4_fill_super+0x8cb/0xcc80 [ 208.309277][ T8447] ? ext4_calculate_overhead+0x1250/0x1250 [ 208.315057][ T8447] ? vsprintf+0x40/0x40 [ 208.319185][ T8447] ? wait_for_completion+0x440/0x440 [ 208.324442][ T8447] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 208.330134][ T8447] ? set_blocksize+0x2bf/0x340 [ 208.334878][ T8447] mount_bdev+0x304/0x3c0 [ 208.339179][ T8447] ? mount_bdev+0x304/0x3c0 [ 208.343652][ T8447] ? ext4_calculate_overhead+0x1250/0x1250 [ 208.349435][ T8447] ext4_mount+0x35/0x40 [ 208.353568][ T8447] ? ext4_nfs_get_inode+0xe0/0xe0 [ 208.358568][ T8447] legacy_get_tree+0x113/0x220 [ 208.363303][ T8447] ? ns_capable_common+0x93/0x100 [ 208.368309][ T8447] vfs_get_tree+0x8f/0x380 [ 208.372700][ T8447] do_mount+0x13b3/0x1c30 [ 208.377007][ T8447] ? copy_mount_string+0x40/0x40 [ 208.381918][ T8447] ? copy_mount_options+0x270/0x3f0 [ 208.387097][ T8447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.393308][ T8447] ? copy_mount_options+0x2e8/0x3f0 [ 208.398486][ T8447] ksys_mount+0xdb/0x150 [ 208.402703][ T8447] __x64_sys_mount+0xbe/0x150 [ 208.407354][ T8447] do_syscall_64+0xfa/0x760 [ 208.411835][ T8447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.417703][ T8447] RIP: 0033:0x45c2ca [ 208.421570][ T8447] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 208.441142][ T8447] RSP: 002b:00007fd21144da88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 208.449527][ T8447] RAX: ffffffffffffffda RBX: 00007fd21144db40 RCX: 000000000045c2ca [ 208.457475][ T8447] RDX: 00007fd21144dae0 RSI: 0000000020000000 RDI: 00007fd21144db00 [ 208.465958][ T8447] RBP: 0000000000001000 R08: 00007fd21144db40 R09: 00007fd21144dae0 [ 208.473903][ T8447] R10: 0000000000000001 R11: 0000000000000206 R12: 0000000000000005 [ 208.481846][ T8447] R13: 00000000004c89d6 R14: 00000000004df8f8 R15: 00000000ffffffff [ 208.491503][ T8447] Kernel Offset: disabled [ 208.496585][ T8447] Rebooting in 86400 seconds..