Warning: Permanently added '[localhost]:19815' (ECDSA) to the list of known hosts.
2022/08/24 10:24:54 fuzzer started
2022/08/24 10:24:55 dialing manager at localhost:41483
[   93.493879][ T3674] cgroup: Unknown subsys name 'net'
[   93.747282][ T3674] cgroup: Unknown subsys name 'rlimit'
2022/08/24 10:24:56 syscalls: 3738
2022/08/24 10:24:56 code coverage: enabled
2022/08/24 10:24:56 comparison tracing: enabled
2022/08/24 10:24:56 extra coverage: enabled
2022/08/24 10:24:56 delay kcov mmap: enabled
2022/08/24 10:24:56 setuid sandbox: enabled
2022/08/24 10:24:56 namespace sandbox: enabled
2022/08/24 10:24:56 Android sandbox: /sys/fs/selinux/policy does not exist
2022/08/24 10:24:56 fault injection: enabled
2022/08/24 10:24:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2022/08/24 10:24:56 net packet injection: enabled
2022/08/24 10:24:56 net device setup: enabled
2022/08/24 10:24:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/08/24 10:24:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/08/24 10:24:56 USB emulation: enabled
2022/08/24 10:24:56 hci packet injection: enabled
2022/08/24 10:24:56 wifi device emulation: failed to parse kernel version (6.0.0-rc2-syzkaller-00054-gc40e8341e3b3                          )
2022/08/24 10:24:56 802.15.4 emulation: enabled
2022/08/24 10:24:56 fetching corpus: 0, signal 0/0 (executing program)
2022/08/24 10:24:56 fetching corpus: 0, signal 0/0 (executing program)
2022/08/24 10:25:00 starting 4 fuzzer processes
10:25:00 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
mount$bind(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
openat$cgroup_int(r0, &(0x7f0000000100)='cpu.weight\x00', 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
umount2(&(0x7f0000000380)='./file0\x00', 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={0x0}}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
process_vm_readv(0x0, &(0x7f0000001880)=[{&(0x7f0000000580)=""/140, 0x8c}, {&(0x7f0000000280)=""/26, 0x1a}, {&(0x7f0000000640)=""/198, 0xc6}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/43, 0x2b}, {0x0}], 0x7, &(0x7f0000002cc0)=[{0x0}, {&(0x7f0000000500)=""/62, 0x3e}, {&(0x7f0000002900)=""/48, 0x30}, {&(0x7f0000002940)=""/50, 0x32}, {0x0}, {&(0x7f0000002a80)=""/149, 0x95}, {&(0x7f0000002b40)=""/50, 0x32}, {&(0x7f0000002b80)=""/88, 0x58}, {0x0}], 0x9, 0x0)

10:25:00 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x13, 0x4, &(0x7f0000000040)=@framed={{}, [@alu={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4a}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

10:25:00 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)=@v1={0x0, @adiantum, 0x0, @desc1})
r1 = add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "33ce9cd62ca7d5ded205c44c78d8e6c4426d716fae01002183b1831bb555212432d4e0d0f53109223931f7ee0dd474517e97dfa500000000000000070000bcde"}, 0x48, 0xfffffffffffffffd)
keyctl$setperm(0x5, r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x0)

10:25:00 executing program 2:
syz_mount_image$vfat(&(0x7f00000007c0), &(0x7f0000000800)='./file0\x00', 0x0, 0x0, &(0x7f0000001a40), 0x1000481, &(0x7f0000001ac0)={[{@fat=@fmask}]})

[  100.314683][ T3692] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.328512][ T3692] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.333689][ T3695] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  100.341311][ T3692] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.348960][ T3695] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  100.375133][ T3695] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  100.375492][ T3692] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.395179][ T3695] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  100.395993][ T3695] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  100.396294][ T3695] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  100.461251][ T3695] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  100.462088][ T3692] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  100.488491][ T3695] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  100.494883][ T3692] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.517543][ T3695] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  100.578872][ T3692] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  100.586259][ T3692] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  100.607083][ T3692] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  100.719299][ T3688] chnl_net:caif_netlink_parms(): no params data found
[  101.209322][ T3688] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.217830][ T3688] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.225776][ T3688] device bridge_slave_0 entered promiscuous mode
[  101.269482][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.276479][ T3688] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.284756][ T3688] device bridge_slave_1 entered promiscuous mode
[  101.437303][ T3688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.449971][ T3688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.648786][ T3687] chnl_net:caif_netlink_parms(): no params data found
[  101.708898][ T3688] team0: Port device team_slave_0 added
[  101.779950][ T3690] chnl_net:caif_netlink_parms(): no params data found
[  101.814707][ T3688] team0: Port device team_slave_1 added
[  102.163138][ T3688] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.168469][ T3688] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.199757][ T3688] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.280580][ T3688] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.286272][ T3688] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.332811][ T3688] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.453824][ T3697] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  102.455192][   T40] Bluetooth: hci1: command 0x0409 tx timeout
[  102.538423][  T820] Bluetooth: hci0: command 0x0409 tx timeout
[  102.613860][ T3687] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.619075][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.630918][ T3687] device bridge_slave_0 entered promiscuous mode
[  102.694068][  T172] Bluetooth: hci3: command 0x0409 tx timeout
[  102.748970][ T3687] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.754240][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.761498][ T3687] device bridge_slave_1 entered promiscuous mode
[  102.785703][ T3688] device hsr_slave_0 entered promiscuous mode
[  102.836464][ T3688] device hsr_slave_1 entered promiscuous mode
[  102.942187][ T3690] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.949861][ T3690] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.960189][ T3690] device bridge_slave_0 entered promiscuous mode
[  103.012782][ T3690] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.018442][ T3690] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.027620][ T3690] device bridge_slave_1 entered promiscuous mode
[  103.246957][ T3687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.291432][ T3690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.355232][ T3687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.385109][ T3690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.534806][ T3690] team0: Port device team_slave_0 added
[  103.613209][ T3690] team0: Port device team_slave_1 added
[  103.647459][ T3687] team0: Port device team_slave_0 added
[  103.674492][ T3687] team0: Port device team_slave_1 added
[  103.823785][ T3690] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.828668][ T3690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.866449][ T3690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.919343][ T3687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.932988][ T3687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.971251][ T3687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.987372][ T3687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.992880][ T3687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.028273][ T3687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.046271][ T3690] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.051334][ T3690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.083209][ T3690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.098054][ T3688] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.112878][ T3688] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.205287][ T3688] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.265422][ T3688] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.467814][ T3690] device hsr_slave_0 entered promiscuous mode
[  104.488497][ T3690] device hsr_slave_1 entered promiscuous mode
[  104.510801][ T3690] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.520198][ T3690] Cannot create hsr debugfs directory
[  104.616577][ T3687] device hsr_slave_0 entered promiscuous mode
[  104.643696][  T820] Bluetooth: hci0: command 0x041b tx timeout
[  104.648836][  T820] Bluetooth: hci1: command 0x041b tx timeout
[  104.666466][ T3687] device hsr_slave_1 entered promiscuous mode
[  104.687419][ T3687] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.693138][ T3687] Cannot create hsr debugfs directory
[  104.783562][   T34] Bluetooth: hci3: command 0x041b tx timeout
[  105.223028][ T3688] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.284010][ T3688] 8021q: adding VLAN 0 to HW filter on device team0
[  105.340175][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  105.351060][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.431510][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  105.438279][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.452711][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.467027][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.480113][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.494631][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.505603][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.514952][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.528308][ T3687] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.577308][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.585148][ T3687] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.628909][ T3687] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.714331][ T3694] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  105.720156][ T3687] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.721349][ T3694] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  105.742325][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  105.750147][ T3694] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  105.751117][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  105.767740][ T3694] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  105.785164][ T3694] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  105.790929][ T3694] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  105.858759][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  105.884046][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.897277][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  105.910699][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.921065][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  105.931384][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.946678][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.956305][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.971802][ T3690] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.994258][ T3690] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.010494][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  106.046114][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.065051][ T3690] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.075608][ T3690] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.160097][ T3688] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.190137][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  106.196938][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  106.422754][ T3687] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.518199][ T3719] chnl_net:caif_netlink_parms(): no params data found
[  106.573138][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  106.583259][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  106.595313][ T3687] 8021q: adding VLAN 0 to HW filter on device team0
[  106.696626][ T3716] Bluetooth: hci1: command 0x040f tx timeout
[  106.707403][ T3716] Bluetooth: hci0: command 0x040f tx timeout
[  106.855536][ T3719] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.861197][ T3719] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.870269][ T3719] device bridge_slave_0 entered promiscuous mode
[  106.873667][   T34] Bluetooth: hci3: command 0x040f tx timeout
[  106.904324][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  106.934259][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  106.964825][   T15] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.970280][   T15] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.994452][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.018681][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.025807][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.046309][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.053570][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.077758][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.090089][ T3719] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.095650][ T3719] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.105396][ T3719] device bridge_slave_1 entered promiscuous mode
[  107.204078][ T3690] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.267479][ T3719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.297435][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.332347][ T3690] 8021q: adding VLAN 0 to HW filter on device team0
[  107.356507][ T3719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.387384][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.394095][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.402051][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  107.428370][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  107.452799][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  107.477795][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.485569][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.492034][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.514457][ T3720] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.535636][ T3720] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.542859][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  107.567554][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.575362][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.584791][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.613200][ T3720] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.636745][ T3720] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.659279][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.668218][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.754056][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  107.760475][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.769486][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.775954][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.794561][   T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.821429][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.832580][ T3719] team0: Port device team_slave_0 added
[  107.866634][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.876102][ T3719] team0: Port device team_slave_1 added
[  107.908173][   T34] Bluetooth: hci2: command 0x0409 tx timeout
[  108.020416][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  108.027739][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  108.048954][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  108.078080][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.088354][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  108.104771][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.113871][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.149027][ T3690] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  108.159722][ T3690] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  108.194783][ T3688] device veth0_vlan entered promiscuous mode
[  108.205254][ T3719] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.211247][ T3719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.257679][ T3719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.267508][ T3719] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.287539][ T3719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.330539][ T3719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.375522][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  108.382634][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  108.405037][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  108.412464][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  108.421191][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  108.445254][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  108.466705][ T3688] device veth1_vlan entered promiscuous mode
[  108.562921][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  108.569728][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  108.586241][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  108.591653][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  108.601700][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  108.611061][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.638930][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.674099][ T3688] device veth0_macvtap entered promiscuous mode
[  108.761501][ T3719] device hsr_slave_0 entered promiscuous mode
[  108.773723][  T820] Bluetooth: hci0: command 0x0419 tx timeout
[  108.778811][  T820] Bluetooth: hci1: command 0x0419 tx timeout
[  108.796725][ T3719] device hsr_slave_1 entered promiscuous mode
[  108.810832][ T3719] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.831775][ T3719] Cannot create hsr debugfs directory
[  108.850076][ T3688] device veth1_macvtap entered promiscuous mode
[  108.862213][ T3690] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.877468][ T3687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.935581][   T34] Bluetooth: hci3: command 0x0419 tx timeout
[  109.041926][ T3688] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.056282][ T3688] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.089812][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  109.096204][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  109.106929][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  109.119190][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  109.130883][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  109.149800][ T3716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  109.194370][ T3688] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.202538][ T3688] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.228430][ T3688] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.236022][ T3688] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.617917][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  109.625315][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  109.775484][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  109.785551][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  109.826772][ T3687] device veth0_vlan entered promiscuous mode
[  109.877098][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  109.883147][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  109.949765][ T3690] device veth0_vlan entered promiscuous mode
[  109.981531][ T3721] Bluetooth: hci2: command 0x041b tx timeout
[  110.021482][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  110.028946][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  110.036804][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  110.044530][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  110.054986][ T3687] device veth1_vlan entered promiscuous mode
[  110.080438][ T3690] device veth1_vlan entered promiscuous mode
[  110.099773][ T3719] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  110.118458][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  110.128602][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
10:25:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x13, 0x4, &(0x7f0000000040)=@framed={{}, [@alu={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4a}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  110.195023][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  110.202423][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  110.217734][ T3738] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
10:25:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x13, 0x4, &(0x7f0000000040)=@framed={{}, [@alu={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4a}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  110.257544][ T3719] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  110.267020][ T3719] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  110.311028][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  110.320557][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  110.333855][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  110.357926][ T3719] netdevsim netdevsim2 netdevsim3: renamed from eth3
10:25:12 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x13, 0x4, &(0x7f0000000040)=@framed={{}, [@alu={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4a}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[  110.372251][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  110.395897][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  110.413418][ T3690] device veth0_macvtap entered promiscuous mode
[  110.429611][ T3687] device veth0_macvtap entered promiscuous mode
[  110.444423][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  110.470109][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  110.502683][ T3690] device veth1_macvtap entered promiscuous mode
[  110.538784][ T3687] device veth1_macvtap entered promiscuous mode
10:25:12 executing program 1:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x20, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x20}}, 0x0)

[  110.625855][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  110.636795][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.665905][ T3687] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.690196][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  110.705811][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.718647][ T3687] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.754136][  T820] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  110.768449][  T820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  110.795404][  T820] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  110.800514][  T820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  110.828578][ T3690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  110.840195][ T3690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.862977][ T3690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  110.891224][ T3690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  110.907067][ T3690] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.922690][ T3687] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.936484][ T3687] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.952296][ T3687] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.962467][ T3687] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.007829][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  111.015639][ T3739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  111.027197][ T3690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  111.036268][ T3690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.045966][ T3690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  111.058725][ T3690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.070794][ T3690] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.095697][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  111.116368][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  111.159270][ T3690] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.175903][ T3690] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.187897][ T3690] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.206586][ T3690] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.300791][ T3719] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.362592][ T3719] 8021q: adding VLAN 0 to HW filter on device team0
[  111.426271][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.435885][ T3720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.486721][ T3212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.515559][ T3212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.521587][ T3212] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.532199][ T3212] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.553783][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.625602][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  111.632732][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  111.665464][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.671084][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.730367][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  111.756458][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  111.764772][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  111.779294][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  111.802024][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  111.844917][ T3772] syz-executor.0 (pid 3772) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  111.857178][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  111.863187][ T3767] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  111.886655][ T3732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  111.896219][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  111.909145][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  111.995590][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.012051][ T3715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.062463][ T3719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.072212][  T820] Bluetooth: hci2: command 0x040f tx timeout
[  112.095628][ T3774] ------------[ cut here ]------------
[  112.111641][ T3774] WARNING: CPU: 3 PID: 3774 at kernel/cpu.c:347 lockdep_assert_cpus_held+0xbd/0xe0
[  112.120030][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  112.120161][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  112.135199][ T3774] Modules linked in:
[  112.144985][ T3774] CPU: 3 PID: 3774 Comm: kvm-nx-lpage-re Not tainted 6.0.0-rc2-syzkaller-00054-gc40e8341e3b3 #0
[  112.150056][ T3719] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.169735][ T3774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  112.206618][ T3774] RIP: 0010:lockdep_assert_cpus_held+0xbd/0xe0
[  112.212326][ T3774] Code: e8 38 0c 34 00 be ff ff ff ff 48 c7 c7 70 64 e3 8b e8 37 71 37 08 31 ff 89 c3 89 c6 e8 dc 08 34 00 85 db 75 d5 e8 13 0c 34 00 <0f> 0b eb cc 48 c7 c7 44 66 de 8d e8 d3 73 80 00 e9 62 ff ff ff 48
[  112.252910][ T3774] RSP: 0018:ffffc900043ffc28 EFLAGS: 00010293
[  112.263118][ T3774] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  112.276867][ T3774] RDX: ffff888014b08000 RSI: ffffffff8147ff0d RDI: 0000000000000005
[  112.291938][ T3774] RBP: ffff8880570fd000 R08: 0000000000000005 R09: 0000000000000000
[  112.326127][ T3774] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900043ffde0
[  112.356506][ T3774] R13: ffffffff8bfdc2a0 R14: 1ffff9200087ff8c R15: ffffc900043ffe04
[  112.383057][ T3774] FS:  0000000000000000(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000
[  112.419128][ T3774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  112.443734][ T3774] CR2: 00000000f6f39874 CR3: 000000000bc8e000 CR4: 0000000000152ee0
[  112.449616][ T3774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  112.466347][ T3774] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  112.472654][ T3774] Call Trace:
[  112.476014][ T3774]  <TASK>
[  112.478675][ T3774]  cpuset_attach+0x92/0x520
[  112.497440][ T3774]  ? guarantee_online_cpus+0x4d0/0x4d0
[  112.502936][ T3774]  cgroup_migrate_execute+0xbc7/0x1220
[  112.518218][ T3774]  cgroup_attach_task+0x416/0x7c0
[  112.522579][ T3774]  ? cgroup_migrate+0x1f0/0x1f0
[  112.529972][ T3774]  ? _raw_spin_unlock_irq+0x1f/0x40
[  112.538575][ T3774]  ? _raw_spin_unlock_irq+0x1f/0x40
[  112.544958][ T3774]  cgroup_attach_task_all+0xde/0x140
[  112.549490][ T3774]  kvm_vm_worker_thread+0xdd/0x5a0
[  112.554088][ T3774]  ? kvm_mmu_pte_write+0xdc0/0xdc0
[  112.558374][ T3774]  ? __bpf_trace_kvm_async_pf_nopresent_ready+0xe0/0xe0
[  112.564339][ T3774]  kthread+0x2e4/0x3a0
[  112.567652][ T3774]  ? kthread_complete_and_exit+0x40/0x40
[  112.572249][ T3774]  ret_from_fork+0x1f/0x30
[  112.577877][ T3774]  </TASK>
[  112.581303][ T3774] Kernel panic - not syncing: panic_on_warn set ...
[  112.587778][ T3774] CPU: 3 PID: 3774 Comm: kvm-nx-lpage-re Not tainted 6.0.0-rc2-syzkaller-00054-gc40e8341e3b3 #0
[  112.596100][ T3774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[  112.603099][ T3774] Call Trace:
[  112.605893][ T3774]  <TASK>
[  112.608329][ T3774]  dump_stack_lvl+0xcd/0x134
[  112.612255][ T3774]  panic+0x2c8/0x627
[  112.615430][ T3774]  ? panic_print_sys_info.part.0+0x10b/0x10b
[  112.619863][ T3774]  ? __warn.cold+0x248/0x2c4
[  112.623313][ T3774]  ? lockdep_assert_cpus_held+0xbd/0xe0
[  112.627713][ T3774]  __warn.cold+0x259/0x2c4
[  112.631669][ T3774]  ? lockdep_assert_cpus_held+0xbd/0xe0
[  112.637820][ T3774]  report_bug+0x1bc/0x210
[  112.642464][ T3774]  handle_bug+0x3c/0x60
[  112.645635][ T3774]  exc_invalid_op+0x14/0x40
[  112.650410][ T3774]  asm_exc_invalid_op+0x16/0x20
[  112.655626][ T3774] RIP: 0010:lockdep_assert_cpus_held+0xbd/0xe0
[  112.661746][ T3774] Code: e8 38 0c 34 00 be ff ff ff ff 48 c7 c7 70 64 e3 8b e8 37 71 37 08 31 ff 89 c3 89 c6 e8 dc 08 34 00 85 db 75 d5 e8 13 0c 34 00 <0f> 0b eb cc 48 c7 c7 44 66 de 8d e8 d3 73 80 00 e9 62 ff ff ff 48
[  112.682341][ T3774] RSP: 0018:ffffc900043ffc28 EFLAGS: 00010293
[  112.686653][ T3774] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  112.698966][ T3774] RDX: ffff888014b08000 RSI: ffffffff8147ff0d RDI: 0000000000000005
[  112.709633][ T3774] RBP: ffff8880570fd000 R08: 0000000000000005 R09: 0000000000000000
[  112.719395][ T3774] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900043ffde0
[  112.730171][ T3774] R13: ffffffff8bfdc2a0 R14: 1ffff9200087ff8c R15: ffffc900043ffe04
[  112.743224][ T3774]  ? lockdep_assert_cpus_held+0xbd/0xe0
[  112.750875][ T3774]  ? lockdep_assert_cpus_held+0xbd/0xe0
[  112.758725][ T3774]  cpuset_attach+0x92/0x520
[  112.764869][ T3774]  ? guarantee_online_cpus+0x4d0/0x4d0
[  112.771907][ T3774]  cgroup_migrate_execute+0xbc7/0x1220
[  112.777166][ T3774]  cgroup_attach_task+0x416/0x7c0
[  112.781883][ T3774]  ? cgroup_migrate+0x1f0/0x1f0
[  112.785802][ T3774]  ? _raw_spin_unlock_irq+0x1f/0x40
[  112.790232][ T3774]  ? _raw_spin_unlock_irq+0x1f/0x40
[  112.794561][ T3774]  cgroup_attach_task_all+0xde/0x140
[  112.798841][ T3774]  kvm_vm_worker_thread+0xdd/0x5a0
[  112.803200][ T3774]  ? kvm_mmu_pte_write+0xdc0/0xdc0
[  112.807042][ T3774]  ? __bpf_trace_kvm_async_pf_nopresent_ready+0xe0/0xe0
[  112.813047][ T3774]  kthread+0x2e4/0x3a0
[  112.816270][ T3774]  ? kthread_complete_and_exit+0x40/0x40
[  112.820702][ T3774]  ret_from_fork+0x1f/0x30
[  112.824105][ T3774]  </TASK>
[  112.833851][ T3774] Kernel Offset: disabled
[  112.837526][ T3774] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:25:16  Registers:
info registers vcpu 0
RAX=00000000000395ff RBX=ffffffff8bcbc980 RCX=ffffffff897f7af5 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff8bc07e18
R8 =0000000000000001 R9 =ffff88802c834c4b R10=ffffed1005906989 R11=0000000000000001
R12=fffffbfff1797930 R13=0000000000000000 R14=ffffffff8dde9610 R15=0000000000000000
RIP=ffffffff89827d2b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff88802c800000 000fffff 00000000
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f265ca20300 CR3=000000002c526000 CR4=00152ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000008 XMM01=00007ff5b40125a0000055e49559a300
XMM02=00000000000003f80000000000000000 XMM03=00007ff652216d6b0000000000000000
XMM04=f7a1f3c5000601010212340143004400 XMM05=46ab85859a86e4b8982a010001005634
XMM06=1a0f0c060379010e3701013563538263 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=ffff8880212b9d80
RSI=ffffffff8161e5f2 RDI=0000000000000001 RBP=ffffc900041f6f20 RSP=ffffc900041f6ee8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000017
R12=0000000000000033 R13=ffff888014b08000 R14=0000000000000200 R15=ffffc900041f6f70
RIP=ffffffff8161e5f4 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c900000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f7e9837c CR3=000000002c526000 CR4=00152ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=8b6657eac51efb8b98041131e316cf71 XMM01=bd2f12c06b63193894511325aeafb07f
XMM02=4ce1c1f31c42e5d3b0efd4b06abc0a38 XMM03=7c17a5e8e188a4fac4189e6a8355d35c
XMM04=000000000000000000000000253a9d00 XMM05=00000000000000000000402000004020
XMM06=00000000000000000000000000004020 XMM07=0000402000004020253a9d009e000000
XMM08=5a0000004c000000b800000090000000 XMM09=00000000000000000000000000000000
XMM10=1acd5c8ac90ca23447c2d81bd024bf84 XMM11=9bcb6096c73dd708e88294fdbc3b18d5
XMM12=0d0c0f0e09080b0a0504070601000302 XMM13=0c0f0e0d080b0a090407060500030201
XMM14=00000000000000000000000000004a80 XMM15=00000000000000000000000000000040
info registers vcpu 2
RAX=0000000000000000 RBX=ffff88802cb42460 RCX=0000000000000000 RDX=ffff8880150d0000
RSI=ffffffff81715af1 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900006d7948
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed100596848d R13=0000000000000003 R14=dffffc0000000000 R15=0000000000000001
RIP=ffffffff81715af8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f6f39874 CR3=000000000bc8e000 CR4=00152ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a XMM01=00000000000000000000000000ffff00
XMM02=00000000000000000000000000ffff00 XMM03=444441203a36765049205d3635542020
XMM04=682e6674316c2f6e6c75762d77682f65 XMM05=6c2f6c6d74682f636f642f67726f2e6c
XMM06=6820646e6120363436332d383130322d XMM07=70206b61656c2061746164202c6e6f20
XMM08=736574616c2f6c6d74682f636f000079 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=ffff888014b08000
RSI=ffffffff8161e5f2 RDI=0000000000000001 RBP=ffffc900043ff980 RSP=ffffc900043ff948
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=000000000000004c R13=ffff8880212b9d80 R14=0000000000000200 R15=ffffc900043ff9d0
RIP=ffffffff8161e5f4 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000c000509000 CR3=0000000057797000 CR4=00152ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000008 XMM01=00007ff5b40125a0000055e49559a300
XMM02=00000000000003f80000000000000000 XMM03=00007ff652216d6b0000000000000000
XMM04=0f02000a0202000a0000000000000000 XMM05=00000000000000000000000000000600
XMM06=14000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=3100a12b13a037e614eb371e82df9579 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000