[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 61.912030][ T26] audit: type=1800 audit(1572361158.457:25): pid=9106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.960115][ T26] audit: type=1800 audit(1572361158.467:26): pid=9106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 62.009214][ T26] audit: type=1800 audit(1572361158.467:27): pid=9106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. 2019/10/29 14:59:30 fuzzer started 2019/10/29 14:59:31 dialing manager at 10.128.0.26:34715 2019/10/29 14:59:32 syscalls: 2541 2019/10/29 14:59:32 code coverage: enabled 2019/10/29 14:59:32 comparison tracing: enabled 2019/10/29 14:59:32 extra coverage: extra coverage is not supported by the kernel 2019/10/29 14:59:32 setuid sandbox: enabled 2019/10/29 14:59:32 namespace sandbox: enabled 2019/10/29 14:59:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/29 14:59:32 fault injection: enabled 2019/10/29 14:59:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/29 14:59:32 net packet injection: enabled 2019/10/29 14:59:32 net device setup: enabled 2019/10/29 14:59:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 15:01:40 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:40 executing program 1: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="f00400000000b832126e1519"], 0xc) unlink(&(0x7f0000001e00)='./bus\x00') creat(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000280)='selinuxfs\x00', 0x0, &(0x7f0000000300)='\'\x00') sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) syzkaller login: [ 203.648777][ T9272] IPVS: ftp: loaded support on port[0] = 21 15:01:40 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) [ 203.905863][ T9272] chnl_net:caif_netlink_parms(): no params data found [ 203.924721][ T9275] IPVS: ftp: loaded support on port[0] = 21 [ 204.082634][ T9272] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.094911][ T9272] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.105153][ T9272] device bridge_slave_0 entered promiscuous mode [ 204.124439][ T9272] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.134605][ T9272] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.143931][ T9272] device bridge_slave_1 entered promiscuous mode [ 204.146234][ T9277] IPVS: ftp: loaded support on port[0] = 21 15:01:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@srh={0x0, 0x0, 0x4, 0x1000000000000087}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xa808) [ 204.259636][ T9272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.338473][ T9272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.363048][ T9275] chnl_net:caif_netlink_parms(): no params data found [ 204.458970][ T9272] team0: Port device team_slave_0 added [ 204.481816][ T9280] IPVS: ftp: loaded support on port[0] = 21 [ 204.509985][ T9275] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.524181][ T9275] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.533474][ T9275] device bridge_slave_0 entered promiscuous mode [ 204.546799][ T9272] team0: Port device team_slave_1 added [ 204.560923][ T9275] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.593387][ T9275] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.614354][ T9275] device bridge_slave_1 entered promiscuous mode 15:01:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001200)={0x1, &(0x7f00000001c0)=[{}]}) tkill(0x0, 0x0) [ 204.737836][ T9272] device hsr_slave_0 entered promiscuous mode [ 204.793313][ T9272] device hsr_slave_1 entered promiscuous mode 15:01:41 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x20000}, 0xc) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 204.892200][ T9275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.922705][ T9282] IPVS: ftp: loaded support on port[0] = 21 [ 204.957171][ T9275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.089582][ T9275] team0: Port device team_slave_0 added [ 205.101729][ T9275] team0: Port device team_slave_1 added [ 205.128406][ T9277] chnl_net:caif_netlink_parms(): no params data found [ 205.201887][ T9285] IPVS: ftp: loaded support on port[0] = 21 [ 205.222084][ T9277] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.232462][ T9277] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.244562][ T9277] device bridge_slave_0 entered promiscuous mode [ 205.259299][ T9277] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.269834][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.282627][ T9277] device bridge_slave_1 entered promiscuous mode [ 205.309200][ T9277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.394981][ T9275] device hsr_slave_0 entered promiscuous mode [ 205.453344][ T9275] device hsr_slave_1 entered promiscuous mode [ 205.523187][ T9275] debugfs: Directory 'hsr0' with parent '/' already present! [ 205.538851][ T9277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.571482][ T9277] team0: Port device team_slave_0 added [ 205.620889][ T9280] chnl_net:caif_netlink_parms(): no params data found [ 205.650713][ T9277] team0: Port device team_slave_1 added [ 205.709822][ T9282] chnl_net:caif_netlink_parms(): no params data found [ 205.769222][ T9280] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.778464][ T9280] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.788437][ T9280] device bridge_slave_0 entered promiscuous mode [ 205.831759][ T9280] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.840580][ T9280] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.851150][ T9280] device bridge_slave_1 entered promiscuous mode [ 205.900567][ T9282] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.910226][ T9282] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.922162][ T9282] device bridge_slave_0 entered promiscuous mode [ 205.976599][ T9277] device hsr_slave_0 entered promiscuous mode [ 206.043213][ T9277] device hsr_slave_1 entered promiscuous mode [ 206.093056][ T9277] debugfs: Directory 'hsr0' with parent '/' already present! [ 206.132572][ T9282] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.141604][ T9282] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.156888][ T9282] device bridge_slave_1 entered promiscuous mode [ 206.172722][ T9280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.188674][ T9280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.275177][ T9272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.311091][ T9280] team0: Port device team_slave_0 added [ 206.337861][ T9282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.359407][ T9280] team0: Port device team_slave_1 added [ 206.369408][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.379958][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.390803][ T9282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.403218][ T9285] chnl_net:caif_netlink_parms(): no params data found [ 206.420638][ T9272] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.515930][ T9280] device hsr_slave_0 entered promiscuous mode [ 206.563284][ T9280] device hsr_slave_1 entered promiscuous mode [ 206.643030][ T9280] debugfs: Directory 'hsr0' with parent '/' already present! [ 206.661291][ T9282] team0: Port device team_slave_0 added [ 206.676681][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.692053][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.704288][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.716204][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.729316][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.767291][ T9282] team0: Port device team_slave_1 added [ 206.797781][ T9285] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.807446][ T9285] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.818137][ T9285] device bridge_slave_0 entered promiscuous mode [ 206.830307][ T9285] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.837865][ T9285] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.846162][ T9285] device bridge_slave_1 entered promiscuous mode [ 206.908010][ T9282] device hsr_slave_0 entered promiscuous mode [ 206.943307][ T9282] device hsr_slave_1 entered promiscuous mode [ 207.003059][ T9282] debugfs: Directory 'hsr0' with parent '/' already present! [ 207.046996][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.061276][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.074278][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.082538][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.092633][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.109249][ T9285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.122282][ T9285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.163007][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.186352][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.198093][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.209103][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.236402][ T9275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.265096][ T9285] team0: Port device team_slave_0 added [ 207.278734][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.290867][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.312279][ T9272] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 207.325208][ T9272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.348017][ T9285] team0: Port device team_slave_1 added [ 207.362519][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.374509][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.384941][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 207.393792][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.404296][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.413190][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.421572][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 207.476266][ T9275] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.486830][ T9272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.503562][ T9277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.566363][ T9285] device hsr_slave_0 entered promiscuous mode [ 207.613242][ T9285] device hsr_slave_1 entered promiscuous mode [ 207.663139][ T9285] debugfs: Directory 'hsr0' with parent '/' already present! [ 207.694508][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.714571][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.725869][ T9288] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.734460][ T9288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.743017][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.753766][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.764556][ T9288] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.773090][ T9288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.781794][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.791784][ T9288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.812235][ T9277] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.848880][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.865326][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.881694][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.893703][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.906727][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.916341][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.924078][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.933522][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.947089][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.959560][ T2936] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.968330][ T2936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.982007][ T2936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.006973][ T9275] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 208.024166][ T9275] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.069464][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.088816][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 15:01:44 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) [ 208.120412][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.139870][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.153228][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.163892][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.175351][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.186800][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.214560][ T9280] 8021q: adding VLAN 0 to HW filter on device bond0 15:01:44 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) [ 208.262380][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.282648][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.304807][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.327869][ T9275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.351838][ T9280] 8021q: adding VLAN 0 to HW filter on device team0 15:01:44 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) [ 208.379858][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.409649][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 15:01:45 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_delete(0x0) [ 208.442535][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.493546][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 15:01:45 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_delete(0x0) [ 208.543929][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.556429][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.572371][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.584176][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.593412][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.602133][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.616223][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.626409][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.635950][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state 15:01:45 executing program 0: r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_delete(0x0) [ 208.645764][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.664009][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.678267][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.690404][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.739928][ T9277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.760942][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 15:01:45 executing program 0: gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) [ 208.789389][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.819027][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.831544][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.846284][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.859680][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.881088][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.891487][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.909465][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.924789][ T9282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.971114][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.980101][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.004380][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.020200][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.029178][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.060323][ T9280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.085836][ T9280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.101063][ T9328] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000500) [ 209.109508][ T9328] FAT-fs (loop1): Filesystem has been set read-only [ 209.117346][ T9328] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000500) 15:01:45 executing program 1: [ 209.157064][ T9282] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.169276][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.182119][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.191206][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.199914][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.207837][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.228705][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.245738][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.252975][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.267979][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.290749][ T9277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.338605][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.352045][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.362357][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.369535][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.379014][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.407988][ T9285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.422241][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.441707][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.451460][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.461783][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.471339][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.480811][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.489676][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.498201][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.509522][ T9280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.523607][ T9282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.535591][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.560884][ T9285] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.568197][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.579075][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.589497][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.597639][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.619878][ T9282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.651688][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.664574][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.673979][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.681062][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.689973][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.705772][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.719470][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.726658][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.748859][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 15:01:46 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x18, 0x101, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@RTA_GATEWAY={0x8, 0x5, @dev}]}, 0x24}}, 0x0) [ 209.787044][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.818359][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.830629][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.847744][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.858601][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.872511][ T3533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.898888][ T9285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.921456][ C0] hrtimer: interrupt took 27986 ns [ 209.922657][ T9285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.959772][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.969679][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.001628][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.029215][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 15:01:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@srh={0x0, 0x0, 0x4, 0x1000000000000087}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xa808) [ 210.049732][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.088819][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.112392][ T9285] 8021q: adding VLAN 0 to HW filter on device batadv0 15:01:46 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$unix(0x1, 0x100000000000001, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup2(r0, r1) 15:01:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x20000}, 0xc) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 15:01:47 executing program 0: gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:47 executing program 1: r0 = syz_open_procfs(0x0, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) r1 = gettid() prctl$PR_CAPBSET_READ(0x17, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) getgroups(0x0, 0x0) keyctl$join(0x1, 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r0, &(0x7f00000000c0)={0x7, 0x1b, 0x2}, 0x7) syz_open_pts(r2, 0x0) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000000)) futimesat(0xffffffffffffff9c, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) tkill(r1, 0x1000000000013) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) 15:01:47 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0xb9b) 15:01:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000100)=@srh={0x0, 0x0, 0x4, 0x1000000000000087}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xa808) 15:01:47 executing program 0: gettid() rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:47 executing program 4: 15:01:47 executing program 1: 15:01:47 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001600090107001900"], 0x14}}, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) 15:01:47 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x223e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xf98}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') process_vm_writev(0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/21, 0x15}], 0x10000000000000ca, 0x0, 0x0, 0x0) writev(r3, &(0x7f0000000080), 0x5b) 15:01:47 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x82) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup3(r0, r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r2, 0x5000aea5, 0x0) dup2(r3, r2) 15:01:47 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) inotify_rm_watch(0xffffffffffffffff, r3) sendmsg$nl_generic(r2, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x50000294}, 0xc, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYPTR=&(0x7f0000000440)=ANY=[@ANYPTR, @ANYRESOCT=r3, @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR, @ANYRES32, @ANYRESHEX, @ANYPTR, @ANYRES32=0x0, @ANYPTR64, @ANYRESOCT=r0, @ANYPTR64]], @ANYRESHEX], 0x2}, 0x1, 0x0, 0x0, 0x800}, 0x8000) r4 = syz_open_dev$admmidi(&(0x7f0000000740)='/dev/admmidi#\x00', 0x8000, 0x151801) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r4, 0x84, 0x16, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f0000000680)=""/42, 0x2a}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)=0xcb, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, 0x1c) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0086be8e9657f374e7b40ffc7a8c4d000000"], 0x16}}], 0x2, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000dc0)=[{&(0x7f0000000ac0)="a9c488ce378b88f69cc70100000000000000c832571c66389753cc4447ac59530ba96d1e9cd640c53a5b0f3b861a9d7d4d078bf8af79b69b2ace3ee7204d4ebe92f71a4c9af137495b3e8f3a6c90a8c5a1d7532035f4c44c12404fef517e11d5646f97d7fb4f13beef7163f16c5e2001ee7dfb", 0x73}, {&(0x7f0000000b80)="f02eeb573a4f797be00534d5624365571a44497f03b81dfacba61c8cf76f50c0e5fdc0aa3d1a4cea07f529d6ac5d18de44b4728521e23faf213ca0133dfcbd543cb917b06a0db12205771455f99d264614c30bf95305c63342dfc2972f0fc50ae4d304fec65acd14aadd6fb144af64956e3ded2b92ed20fb39b628c0cce526085deea1b3befd51bc1263a21669b90e84c5c335dff10c2fc87fc10843c49c8c365d6ae96c382c46438a880cdc493f15004c0ac96bcfe913da0a5c3cc7e8959f780e739a33c6812e9ad7074183dd", 0xcd}, {&(0x7f0000000c80)="3a1d5018ff082e9b04714072445ce063521de85b95643dc07cb189c9d7c7c9782f3b88e8ba17a586e8bd3a983fb4c710060b06e61f65d8ec7ff9d0bf5ffb628db8cd81b3d02d728f2ea4cd957012cf36fe3628e793b3188e0cb9025177d921e94004370380d95d2ffe5ddd596c12f145d77288601b697cb3bee7dbd3f2e4318284601535a5096dbc00357d2406043311e1ca3a9ef561d17e2c71aa83d39b59a53c36b9b5e9385f57338515edc20c7810ee", 0xb1}, {&(0x7f0000000d80)="44905e6ad317be5307b062676e", 0xd}], 0x4, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd000026", 0xf) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x400000000040, 0x444040) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r7, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r8 = socket(0x10, 0x80002, 0x8000000010) sendmmsg$alg(r8, &(0x7f0000000080), 0x492492492492751, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000300)='Q\xd2\xedb', 0xfffffffffffffd19) sendto$inet(r7, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789f4295317d17c138abe5fa9044a44792e9aecfb3f9130ff673786a8ef2b14c4999c29a5713c2fb5e35f2fae0d58b64355a697efd45e36528e57c68a62c6", 0x169, 0x0, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 15:01:47 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x223e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xf98}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') process_vm_writev(0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/21, 0x15}], 0x10000000000000ca, 0x0, 0x0, 0x0) writev(r1, &(0x7f0000000080), 0x5b) 15:01:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x82) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup3(r0, r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r2, 0x4040ae9e, 0x0) dup2(r3, r2) 15:01:47 executing program 3: r0 = socket$inet6(0xa, 0x100000003, 0x3a) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") sendto$inet6(r0, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141403}}, 0x1c) [ 211.016262][ T9429] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 15:01:47 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:47 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x223e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xf98}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') process_vm_writev(0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/21, 0x15}], 0x10000000000000ca, 0x0, 0x0, 0x0) writev(r1, &(0x7f0000000080), 0x5b) 15:01:47 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) inotify_rm_watch(0xffffffffffffffff, r3) sendmsg$nl_generic(r2, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x50000294}, 0xc, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYPTR=&(0x7f0000000440)=ANY=[@ANYPTR, @ANYRESOCT=r3, @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR, @ANYRES32, @ANYRESHEX, @ANYPTR, @ANYRESOCT, @ANYRES32=0x0, @ANYPTR64, @ANYRESOCT=r0, @ANYPTR64]], @ANYRESHEX], 0x2}, 0x1, 0x0, 0x0, 0x800}, 0x8000) r4 = syz_open_dev$admmidi(&(0x7f0000000740)='/dev/admmidi#\x00', 0x8000, 0x151801) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r4, 0x84, 0x16, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f0000000680)=""/42, 0x2a}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)=0xcb, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="24000000fb0000002900000032000000ff020000000000000001000000000000", @ANYRES32=r6, @ANYBLOB="0086be8e9657f374e7b40ffc7a8c4d000000"], 0x28}}], 0x2, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000dc0)=[{&(0x7f0000000ac0)="a9c488ce378b88f69cc70100000000000000c832571c66389753cc4447ac59530ba96d1e9cd640c53a5b0f3b861a9d7d4d078bf8af79b69b2ace3ee7204d4ebe92f71a4c9af137495b3e8f3a6c90a8c5a1d7532035f4c44c12404fef517e11d5646f97d7fb4f13beef7163f16c5e2001ee7dfb235293e83a00"/131, 0x83}, {&(0x7f0000000b80)="f02eeb573a4f797be00534d5624365571a44497f03b81dfacba61c8cf76f50c0e5fdc0aa3d1a4cea07f529d6ac5d18de44b4728521e23faf213ca0133dfcbd543cb917b06a0db12205771455f99d264614c30bf95305c63342dfc2972f0fc50ae4d304fec65acd14aadd6fb144af64956e3ded2b92ed20fb39b628c0cce526085deea1b3befd51bc1263a21669b90e84c5c335dff10c2fc87fc10843c49c8c365d6ae96c382c46438a880cdc493f15004c0ac96bcfe913da0a5c3cc7e8959f780e739a33c6812e9ad7074183dd", 0xcd}, {&(0x7f0000000c80)="3a1d5018ff082e9b04714072445ce063521de85b95643dc07cb189c9d7c7c9782f3b88e8ba17a586e8bd3a983fb4c710060b06e61f65d8ec7ff9d0bf5ffb628db8cd81b3d02d728f2ea4cd957012cf36fe3628e793b3188e0cb9025177d921e94004370380d95d2ffe5ddd596c12f145d77288601b697cb3bee7dbd3f2e4318284601535a5096dbc00357d2406043311e1ca3a9ef561d17e2c71aa83d39b59a53c36b9b5e9385f57338515edc20c7810ee6500e3a6ddd59573ad5b1407e2c427e81d2362cd4759cf63a69ec12045d36927", 0xd1}, {&(0x7f0000000d80)="44905e6ad317be5307b062676e", 0xd}], 0x4, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd000026", 0xf) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x400000000040, 0x444040) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r7, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r8 = socket(0x10, 0x80002, 0x8000000010) sendmmsg$alg(r8, &(0x7f0000000080), 0x492492492492751, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000300)='Q\xd2\xedb', 0xfffffffffffffd19) sendto$inet(r7, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789f4295317d17c138abe5fa9044a44792e9aecfb3f9130ff673786a8ef2b14c4999c29a5713c2fb5e35f2fae0d58b64355a697efd45e36528e57c68a62c6edc7879962e05419c7c5fa64ec92e670821df50d0f3a7312d2120f363954e72ba0322fc4318f819b1e2b1a17fb939a5db9c1a0a83b44abcffc3dd555d4dd30c0a4bd524c29d4d57bc906c012446c99a882162f3f72cce0702d7394288807fe2a308e01adc9bbf2a9cd78fabaa3c10640777e0813726a70df3323924035b235fd39ae4ab08d3f09bd231b38dca4389b098b0d3538dd3ef5bf068c1df8fbe00b0b2aa9ec3de5d3fba56594328a643c2799b8371adc6ecdfd9b9c4e52102eaa83b57da14645e442b4b7ad5f555d872dc50c330d145ca853b768b990dbaa18", 0x246, 0x0, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) sendfile(r0, r0, 0x0, 0x40fdf) [ 211.234615][ C1] protocol 88fb is buggy, dev hsr_slave_0 15:01:47 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') process_vm_writev(0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/21, 0x15}], 0x10000000000000ca, 0x0, 0x0, 0x0) writev(r2, &(0x7f0000000080), 0x5b) 15:01:48 executing program 5: r0 = socket(0x40000000015, 0x5, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$inet6(0xa, 0x6, 0x0) r2 = io_uring_setup(0xa4, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000280)=[r1], 0x1) io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x0) 15:01:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x82) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup3(r0, r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r2, 0x8090ae81, 0x0) dup2(r3, r2) 15:01:48 executing program 0: rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) [ 211.840450][ T9472] ================================================================== [ 211.849209][ T9472] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 211.856859][ T9472] Write of size 8 at addr 0000000000000004 by task syz-executor.5/9472 [ 211.865198][ T9472] [ 211.867552][ T9472] CPU: 0 PID: 9472 Comm: syz-executor.5 Not tainted 5.4.0-rc5-next-20191029 #0 [ 211.876672][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.886741][ T9472] Call Trace: [ 211.890047][ T9472] dump_stack+0x172/0x1f0 [ 211.894399][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 211.899441][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 211.904398][ T9472] __kasan_report.cold+0x5/0x41 [ 211.909284][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 211.914259][ T9472] kasan_report+0x12/0x20 [ 211.918741][ T9472] check_memory_region+0x134/0x1a0 [ 211.924485][ T9472] __kasan_check_write+0x14/0x20 [ 211.929443][ T9472] io_wq_cancel_all+0x28/0x2a0 [ 211.934239][ T9472] io_uring_flush+0x35a/0x4e0 [ 211.939014][ T9472] ? exit_sem+0x9a4/0x1d89 [ 211.943453][ T9472] ? io_wake_function+0x260/0x260 [ 211.948491][ T9472] ? exit_files+0x7b/0xb0 [ 211.952843][ T9472] ? finish_wait+0x260/0x260 [ 211.957442][ T9472] ? exit_files+0x7b/0xb0 [ 211.961793][ T9472] ? io_wake_function+0x260/0x260 [ 211.966836][ T9472] filp_close+0xbd/0x170 [ 211.971103][ T9472] put_files_struct+0x1d7/0x2f0 [ 211.975969][ T9472] exit_files+0x83/0xb0 [ 211.980224][ T9472] do_exit+0x8d2/0x2e60 [ 211.984396][ T9472] ? mm_update_next_owner+0x640/0x640 [ 211.989962][ T9472] ? lock_downgrade+0x920/0x920 [ 211.994843][ T9472] ? _raw_spin_unlock_irq+0x23/0x80 [ 212.000067][ T9472] ? get_signal+0x392/0x24f0 [ 212.004673][ T9472] ? _raw_spin_unlock_irq+0x23/0x80 [ 212.009887][ T9472] do_group_exit+0x135/0x360 [ 212.014496][ T9472] get_signal+0x47c/0x24f0 [ 212.019017][ T9472] ? lock_downgrade+0x920/0x920 [ 212.023910][ T9472] do_signal+0x87/0x1700 [ 212.028429][ T9472] ? __kasan_check_read+0x11/0x20 [ 212.033482][ T9472] ? _copy_to_user+0x118/0x160 [ 212.038533][ T9472] ? setup_sigcontext+0x7d0/0x7d0 [ 212.043596][ T9472] ? exit_to_usermode_loop+0x43/0x380 [ 212.049177][ T9472] ? do_syscall_64+0x65f/0x760 [ 212.053965][ T9472] ? exit_to_usermode_loop+0x43/0x380 [ 212.059436][ T9472] ? lockdep_hardirqs_on+0x421/0x5e0 [ 212.064738][ T9472] ? trace_hardirqs_on+0x67/0x240 [ 212.069780][ T9472] exit_to_usermode_loop+0x286/0x380 [ 212.075167][ T9472] do_syscall_64+0x65f/0x760 [ 212.079782][ T9472] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.085707][ T9472] RIP: 0033:0x459f49 [ 212.089603][ T9472] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.109378][ T9472] RSP: 002b:00007fad7d4b9cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 212.117987][ T9472] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 212.125946][ T9472] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 212.133914][ T9472] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 15:01:48 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='.\x00', 0xc0000080) inotify_rm_watch(0xffffffffffffffff, r3) sendmsg$nl_generic(r2, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x50000294}, 0xc, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYPTR=&(0x7f0000000440)=ANY=[@ANYPTR, @ANYRESOCT=r3, @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR, @ANYRES32, @ANYRESHEX, @ANYPTR, @ANYRES32=0x0, @ANYPTR64, @ANYRESOCT=r0, @ANYPTR64]], @ANYRESHEX], 0x2}, 0x1, 0x0, 0x0, 0x800}, 0x8000) r4 = syz_open_dev$admmidi(&(0x7f0000000740)='/dev/admmidi#\x00', 0x8000, 0x151801) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r4, 0x84, 0x16, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f0000000680)=""/42, 0x2a}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)=0xcb, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, 0x1c) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0086be8e9657f374e7b40ffc7a8c4d000000"], 0x16}}], 0x2, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000dc0)=[{&(0x7f0000000ac0)="a9c488ce378b88f69cc70100000000000000c832571c66389753cc4447ac59530ba96d1e9cd640c53a5b0f3b861a9d7d4d078bf8af79b69b2ace3ee7204d4ebe92f71a4c9af137495b3e8f3a6c90a8c5a1d7532035f4c44c12404fef517e11d5646f97d7fb4f13beef7163f16c5e2001ee7dfb", 0x73}, {&(0x7f0000000b80)="f02eeb573a4f797be00534d5624365571a44497f03b81dfacba61c8cf76f50c0e5fdc0aa3d1a4cea07f529d6ac5d18de44b4728521e23faf213ca0133dfcbd543cb917b06a0db12205771455f99d264614c30bf95305c63342dfc2972f0fc50ae4d304fec65acd14aadd6fb144af64956e3ded2b92ed20fb39b628c0cce526085deea1b3befd51bc1263a21669b90e84c5c335dff10c2fc87fc10843c49c8c365d6ae96c382c46438a880cdc493f15004c0ac96bcfe913da0a5c3cc7e8959f780e739a33c6812e9ad7074183dd", 0xcd}, {&(0x7f0000000c80)="3a1d5018ff082e9b04714072445ce063521de85b95643dc07cb189c9d7c7c9782f3b88e8ba17a586e8bd3a983fb4c710060b06e61f65d8ec7ff9d0bf5ffb628db8cd81b3d02d728f2ea4cd957012cf36fe3628e793b3188e0cb9025177d921e94004370380d95d2ffe5ddd596c12f145d77288601b697cb3bee7dbd3f2e4318284601535a5096dbc00357d2406043311e1ca3a9ef561d17e2c71aa83d39b59a53c36b9b5e9385f57338515edc20c7810ee", 0xb1}, {&(0x7f0000000d80)="44905e6ad317be5307b062676e", 0xd}], 0x4, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) write(0xffffffffffffffff, &(0x7f0000cc2fed)="130000003e0005ffffe3ffbd000026", 0xf) syz_open_dev$amidi(&(0x7f0000000100)='/dev/\x02\xedidi#\x00', 0x400000000040, 0x444040) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r7, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r8 = socket(0x10, 0x80002, 0x8000000010) sendmmsg$alg(r8, &(0x7f0000000080), 0x492492492492751, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000300)='Q\xd2\xedb', 0xfffffffffffffd19) sendto$inet(r7, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789f4295317d17c138abe5fa9044a44792e9aecfb3f9130ff673786a8ef2b14c4999c29a5713c2fb5e35f2fae0d58b64355a697efd45e36528e57c68a62c6", 0x169, 0x0, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 15:01:48 executing program 0: rt_sigprocmask(0x0, &(0x7f0000000080)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x18, 0x4}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, 0x0) timer_delete(0x0) 15:01:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) mbind(&(0x7f0000d3b000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f00000005c0), 0x10) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f00000004c0)={0x1000000a, 0xfffbffffffffffff}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) [ 212.141872][ T9472] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 212.150453][ T9472] R13: 00007fffce37bfcf R14: 00007fad7d4ba9c0 R15: 000000000075bfd4 [ 212.158436][ T9472] ================================================================== [ 212.166603][ T9472] Disabling lock debugging due to kernel taint [ 212.221674][ T9472] Kernel panic - not syncing: panic_on_warn set ... [ 212.228306][ T9472] CPU: 0 PID: 9472 Comm: syz-executor.5 Tainted: G B 5.4.0-rc5-next-20191029 #0 [ 212.231348][ T9468] kobject: 'kvm' (00000000d3aa2565): kobject_uevent_env [ 212.238631][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.238636][ T9472] Call Trace: [ 212.238655][ T9472] dump_stack+0x172/0x1f0 [ 212.238667][ T9472] panic+0x2e3/0x75c [ 212.238677][ T9472] ? add_taint.cold+0x16/0x16 [ 212.238689][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 212.238700][ T9472] ? preempt_schedule+0x4b/0x60 [ 212.238711][ T9472] ? ___preempt_schedule+0x16/0x18 [ 212.238730][ T9472] ? trace_hardirqs_on+0x5e/0x240 [ 212.256404][ T9468] kobject: 'kvm' (00000000d3aa2565): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.259150][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 212.259164][ T9472] end_report+0x47/0x4f [ 212.259181][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 212.317198][ T9472] __kasan_report.cold+0xe/0x41 [ 212.322034][ T9472] ? io_wq_cancel_all+0x28/0x2a0 [ 212.327042][ T9472] kasan_report+0x12/0x20 [ 212.331350][ T9472] check_memory_region+0x134/0x1a0 [ 212.336452][ T9472] __kasan_check_write+0x14/0x20 [ 212.341379][ T9472] io_wq_cancel_all+0x28/0x2a0 [ 212.346130][ T9472] io_uring_flush+0x35a/0x4e0 [ 212.350804][ T9472] ? exit_sem+0x9a4/0x1d89 [ 212.355381][ T9472] ? io_wake_function+0x260/0x260 [ 212.360485][ T9472] ? exit_files+0x7b/0xb0 [ 212.364804][ T9472] ? finish_wait+0x260/0x260 [ 212.369374][ T9472] ? exit_files+0x7b/0xb0 [ 212.373708][ T9472] ? io_wake_function+0x260/0x260 [ 212.378716][ T9472] filp_close+0xbd/0x170 [ 212.382942][ T9472] put_files_struct+0x1d7/0x2f0 [ 212.388145][ T9472] exit_files+0x83/0xb0 [ 212.392390][ T9472] do_exit+0x8d2/0x2e60 [ 212.396555][ T9472] ? mm_update_next_owner+0x640/0x640 [ 212.402010][ T9472] ? lock_downgrade+0x920/0x920 [ 212.406849][ T9472] ? _raw_spin_unlock_irq+0x23/0x80 [ 212.412075][ T9472] ? get_signal+0x392/0x24f0 [ 212.416700][ T9472] ? _raw_spin_unlock_irq+0x23/0x80 [ 212.422068][ T9472] do_group_exit+0x135/0x360 [ 212.426647][ T9472] get_signal+0x47c/0x24f0 [ 212.431146][ T9472] ? lock_downgrade+0x920/0x920 [ 212.436077][ T9472] do_signal+0x87/0x1700 [ 212.440477][ T9472] ? __kasan_check_read+0x11/0x20 [ 212.446297][ T9472] ? _copy_to_user+0x118/0x160 [ 212.451082][ T9472] ? setup_sigcontext+0x7d0/0x7d0 [ 212.456107][ T9472] ? exit_to_usermode_loop+0x43/0x380 [ 212.461831][ T9472] ? do_syscall_64+0x65f/0x760 [ 212.466594][ T9472] ? exit_to_usermode_loop+0x43/0x380 [ 212.471968][ T9472] ? lockdep_hardirqs_on+0x421/0x5e0 [ 212.477324][ T9472] ? trace_hardirqs_on+0x67/0x240 [ 212.482363][ T9472] exit_to_usermode_loop+0x286/0x380 [ 212.487679][ T9472] do_syscall_64+0x65f/0x760 [ 212.492263][ T9472] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.498138][ T9472] RIP: 0033:0x459f49 [ 212.502017][ T9472] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.521790][ T9472] RSP: 002b:00007fad7d4b9cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 212.530444][ T9472] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f49 [ 212.538397][ T9472] RDX: 00000000004cddf8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 212.546471][ T9472] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 212.554805][ T9472] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 212.562854][ T9472] R13: 00007fffce37bfcf R14: 00007fad7d4ba9c0 R15: 000000000075bfd4 [ 212.572452][ T9472] Kernel Offset: disabled [ 212.576795][ T9472] Rebooting in 86400 seconds..