[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.158679][ T26] audit: type=1800 audit(1572950724.949:25): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.180378][ T26] audit: type=1800 audit(1572950724.959:26): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.246362][ T26] audit: type=1800 audit(1572950724.959:27): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. 2019/11/05 10:45:36 fuzzer started 2019/11/05 10:45:38 dialing manager at 10.128.0.26:42879 2019/11/05 10:45:38 syscalls: 2566 2019/11/05 10:45:38 code coverage: enabled 2019/11/05 10:45:38 comparison tracing: enabled 2019/11/05 10:45:38 extra coverage: extra coverage is not supported by the kernel 2019/11/05 10:45:38 setuid sandbox: enabled 2019/11/05 10:45:38 namespace sandbox: enabled 2019/11/05 10:45:38 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/05 10:45:38 fault injection: enabled 2019/11/05 10:45:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/05 10:45:38 net packet injection: enabled 2019/11/05 10:45:38 net device setup: enabled 2019/11/05 10:45:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/05 10:45:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 10:47:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:47:37 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x10000, 0x4, 0xfffffff7, 0x400}, 0x10) setsockopt(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) sendto$inet6(r0, &(0x7f0000000000), 0xb478, 0x0, 0x0, 0x4d97) syzkaller login: [ 187.332045][ T8823] IPVS: ftp: loaded support on port[0] = 21 10:47:37 executing program 2: r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @remote, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x28, 0x29, 0x2, "0000000000000000000000000000000004"}], 0x28}, 0x0) [ 187.521764][ T8825] IPVS: ftp: loaded support on port[0] = 21 [ 187.563643][ T8823] chnl_net:caif_netlink_parms(): no params data found [ 187.692835][ T8823] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.702275][ T8823] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.711582][ T8823] device bridge_slave_0 entered promiscuous mode [ 187.732017][ T8823] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.739137][ T8823] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.748694][ T8823] device bridge_slave_1 entered promiscuous mode [ 187.761601][ T8828] IPVS: ftp: loaded support on port[0] = 21 10:47:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000000)={{0x100000080}, 'port1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f00000000c0)={{0x0, 0x1}, {0x80}, 0x0, 0x5}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) [ 187.822057][ T8823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.853511][ T8823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.877200][ T8825] chnl_net:caif_netlink_parms(): no params data found [ 187.972133][ T8823] team0: Port device team_slave_0 added [ 187.992307][ T8831] IPVS: ftp: loaded support on port[0] = 21 [ 188.024825][ T8823] team0: Port device team_slave_1 added [ 188.035832][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.059544][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.067195][ T8825] device bridge_slave_0 entered promiscuous mode [ 188.083053][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.090403][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.098498][ T8825] device bridge_slave_1 entered promiscuous mode 10:47:37 executing program 4: [ 188.212479][ T8823] device hsr_slave_0 entered promiscuous mode 10:47:38 executing program 5: r0 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) shutdown(0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) truncate(0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x2044c0, 0x58) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) socket(0x1000000010, 0x4008000000803, 0x0) getsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000380), &(0x7f00000003c0)=0x10) prctl$PR_SET_TSC(0x1a, 0x2) tkill(r0, 0x1000000000016) [ 188.319849][ T8823] device hsr_slave_1 entered promiscuous mode [ 188.397382][ T8825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.428304][ T8828] chnl_net:caif_netlink_parms(): no params data found [ 188.442451][ T8834] IPVS: ftp: loaded support on port[0] = 21 [ 188.460825][ T8825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.543926][ T8836] IPVS: ftp: loaded support on port[0] = 21 [ 188.548208][ T8823] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.556994][ T8823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.564800][ T8823] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.571909][ T8823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.583969][ T8825] team0: Port device team_slave_0 added [ 188.612568][ T2882] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.622610][ T2882] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.634506][ T8825] team0: Port device team_slave_1 added [ 188.693248][ T8828] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.701695][ T8828] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.709323][ T8828] device bridge_slave_0 entered promiscuous mode [ 188.717367][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.724510][ T8828] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.732634][ T8828] device bridge_slave_1 entered promiscuous mode [ 188.757168][ T8828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.802566][ T8825] device hsr_slave_0 entered promiscuous mode [ 188.849779][ T8825] device hsr_slave_1 entered promiscuous mode [ 188.879609][ T8825] debugfs: Directory 'hsr0' with parent '/' already present! [ 188.896487][ T8831] chnl_net:caif_netlink_parms(): no params data found [ 188.917620][ T8828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.957855][ T8828] team0: Port device team_slave_0 added [ 188.966558][ T8828] team0: Port device team_slave_1 added [ 188.987616][ T8831] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.995501][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.003530][ T8831] device bridge_slave_0 entered promiscuous mode [ 189.028431][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.038247][ T8831] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.046298][ T8831] device bridge_slave_1 entered promiscuous mode [ 189.064599][ T8831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.079658][ T8831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.191799][ T8828] device hsr_slave_0 entered promiscuous mode [ 189.229868][ T8828] device hsr_slave_1 entered promiscuous mode [ 189.290543][ T8828] debugfs: Directory 'hsr0' with parent '/' already present! [ 189.319300][ T8831] team0: Port device team_slave_0 added [ 189.359009][ T8831] team0: Port device team_slave_1 added [ 189.407008][ T8836] chnl_net:caif_netlink_parms(): no params data found [ 189.415835][ T8834] chnl_net:caif_netlink_parms(): no params data found [ 189.440173][ T8823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.461198][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.468302][ T8828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.515116][ T8834] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.522687][ T8834] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.531023][ T8834] device bridge_slave_0 entered promiscuous mode [ 189.611441][ T8831] device hsr_slave_0 entered promiscuous mode [ 189.649837][ T8831] device hsr_slave_1 entered promiscuous mode [ 189.699617][ T8831] debugfs: Directory 'hsr0' with parent '/' already present! [ 189.708353][ T8834] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.715802][ T8834] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.723616][ T8834] device bridge_slave_1 entered promiscuous mode [ 189.748288][ T8823] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.756143][ T2882] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.769143][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.777721][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.790200][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.797254][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.805650][ T8836] device bridge_slave_0 entered promiscuous mode [ 189.815252][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.824619][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.832737][ T8836] device bridge_slave_1 entered promiscuous mode [ 189.845986][ T8834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.864395][ T8834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.918469][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.940237][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.948766][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.958695][ T2882] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.965785][ T2882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.980456][ T8834] team0: Port device team_slave_0 added [ 189.988818][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.005364][ T8825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.021575][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.031634][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.041063][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.048097][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.057237][ T8834] team0: Port device team_slave_1 added [ 190.078177][ T8836] team0: Port device team_slave_0 added [ 190.102120][ T8836] team0: Port device team_slave_1 added [ 190.109138][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.117981][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.172786][ T8834] device hsr_slave_0 entered promiscuous mode [ 190.220777][ T8834] device hsr_slave_1 entered promiscuous mode [ 190.260044][ T8834] debugfs: Directory 'hsr0' with parent '/' already present! [ 190.275104][ T8825] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.286067][ T8828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.295390][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.304789][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.313346][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.322005][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.361542][ T8836] device hsr_slave_0 entered promiscuous mode [ 190.389863][ T8836] device hsr_slave_1 entered promiscuous mode [ 190.430007][ T8836] debugfs: Directory 'hsr0' with parent '/' already present! [ 190.462427][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.473842][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.482425][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.493219][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.501892][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.510605][ T2882] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.517636][ T2882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.525285][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.534075][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.542540][ T2882] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.549606][ T2882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.557247][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.566434][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.595768][ T8828] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.638986][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.647556][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.656241][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.666203][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.675463][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.684617][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.693387][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.702393][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.711073][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.719149][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.727697][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.735953][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.744440][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.753266][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.776926][ T8825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.802751][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.812170][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.821832][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.830945][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.838931][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.847897][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.856309][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.863358][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.871566][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.880351][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.888754][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.897089][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.936981][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.946053][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.954720][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.963543][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.972568][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.990703][ T8823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.011843][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.019311][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.030628][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.038874][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.047856][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.056380][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.066662][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.110747][ T8831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.126262][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.137484][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.152693][ T8825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.197630][ T8831] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.218688][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.226973][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.244315][ T8828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.273926][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.292853][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.315526][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.324846][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.339982][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.347055][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.357235][ T8856] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 191.373584][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.383045][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.392127][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.399211][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.409379][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.422345][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.441103][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.449361][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.478704][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.493802][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.503552][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.515940][ T8834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.559931][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.568464][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.591011][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.615005][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.633697][ T8836] 8021q: adding VLAN 0 to HW filter on device team0 10:47:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast2}, 0x1c) symlinkat(0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x8) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) open(0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 191.656248][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 10:47:41 executing program 1: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) dup2(r0, r1) [ 191.708656][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.760355][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.785019][ T2882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.825702][ T8834] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.859424][ C0] hrtimer: interrupt took 45963 ns 10:47:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000040)={{0x0, 0x0, @identifier="f7eb683d57c9622261b6621b895913a4"}}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 191.870650][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.886337][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.923118][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.996984][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 192.004950][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.014118][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.023002][ T8838] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.030099][ T8838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.053394][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.085360][ T8831] 8021q: adding VLAN 0 to HW filter on device batadv0 10:47:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast2}, 0x1c) symlinkat(0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x8) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) open(0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) 10:47:41 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast2}, 0x1c) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x8) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 192.100107][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.109799][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.136997][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.144138][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.151971][ T8886] kvm: emulating exchange as write [ 192.196153][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.205037][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.218554][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.225721][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state 10:47:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000080)={0xefb}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x729d0213259b769a, 0x0, 0xfffffffd}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:47:42 executing program 2: creat(0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0xeffdffff, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 192.269984][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.294890][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.341166][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.348284][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state 10:47:42 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='sessionid\x00') getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) init_module(&(0x7f0000000080)='}\x00', 0x2, &(0x7f00000000c0)='em0\\wlan0eth0eth0vmnet1#securityeth0\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 10:47:42 executing program 0: r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000100)={0xa1}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 192.405495][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.415012][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.425055][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.526777][ T8836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.565921][ T8836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.601242][ T8902] kvm: pic: single mode not supported [ 192.601389][ T8902] kvm: pic: non byte read [ 192.615310][ T8902] kvm: pic: non byte write [ 192.619015][ T8834] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.628208][ T8902] kvm: pic: level sensitive irq not supported [ 192.628313][ T8902] kvm: pic: non byte read [ 192.646179][ T8913] usb usb2: usbfs: process 8913 (syz-executor.0) did not claim interface 0 before use [ 192.670538][ T8834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.677516][ T8902] kvm: pic: non byte write [ 192.692425][ T8902] kvm: pic: single mode not supported [ 192.692431][ T8902] kvm: pic: level sensitive irq not supported [ 192.698412][ T8902] kvm: pic: non byte read [ 192.717411][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.726517][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.731321][ T8902] kvm: pic: non byte write [ 192.739111][ T8902] kvm: pic: single mode not supported [ 192.739116][ T8902] kvm: pic: level sensitive irq not supported [ 192.751583][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.752384][ T8902] kvm: pic: non byte read [ 192.758500][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.769830][ T8902] kvm: pic: non byte write [ 192.774496][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.787848][ T8902] kvm: pic: single mode not supported [ 192.787853][ T8902] kvm: pic: level sensitive irq not supported [ 192.792023][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.800627][ T8902] kvm: pic: non byte read [ 192.803264][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.816070][ T8902] kvm: pic: non byte write [ 192.823378][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.827463][ T8902] kvm: pic: single mode not supported [ 192.827468][ T8902] kvm: pic: level sensitive irq not supported [ 192.835862][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.846576][ T8902] kvm: pic: non byte read [ 192.847303][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.855171][ T8902] kvm: pic: non byte write [ 192.859865][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.872602][ T8902] kvm: pic: single mode not supported [ 192.872606][ T8902] kvm: pic: level sensitive irq not supported [ 192.880370][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.888607][ T8902] kvm: pic: non byte read [ 192.891471][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.900570][ T8902] kvm: pic: non byte write [ 192.903954][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.917545][ T8902] kvm: pic: single mode not supported [ 192.917550][ T8902] kvm: pic: level sensitive irq not supported [ 192.925459][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.930067][ T8902] kvm: pic: non byte read [ 192.936283][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.948855][ T8902] kvm: pic: non byte write [ 192.956422][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.960442][ T8902] kvm: pic: single mode not supported [ 192.960447][ T8902] kvm: pic: level sensitive irq not supported [ 192.968634][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.978963][ T8902] kvm: pic: non byte read [ 192.981457][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.999673][ T8902] kvm: pic: non byte write [ 193.000247][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.004222][ T8902] kvm: pic: single mode not supported [ 193.004228][ T8902] kvm: pic: level sensitive irq not supported [ 193.012064][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.024874][ T8902] kvm: pic: non byte read [ 193.031006][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.037349][ T8902] kvm: pic: non byte write [ 193.059629][ T8902] kvm: pic: single mode not supported [ 193.059635][ T8902] kvm: pic: level sensitive irq not supported [ 193.126544][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.136347][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.148896][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 10:47:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, {0x2, 0x1ff}, 0xaa}, 0xa) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x11cc1}, 0x2) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) dup2(r1, r0) [ 193.172364][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.192747][ T8836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.255033][ T8834] 8021q: adding VLAN 0 to HW filter on device batadv0 10:47:43 executing program 4: syz_open_procfs(0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000180)) 10:47:43 executing program 5: 10:47:43 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='sessionid\x00') getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) init_module(&(0x7f0000000080)='}\x00', 0x2, &(0x7f00000000c0)='em0\\wlan0eth0eth0vmnet1#securityeth0\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) 10:47:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:47:43 executing program 1: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video35\x00', 0x2, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$VIDIOC_DQEVENT(r2, 0x80885659, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x3, 0x1081000981900, 0x1}) 10:47:43 executing program 3: socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0xeffdffff, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 10:47:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = syz_open_dev$dri(0x0, 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r4 = dup(r3) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4}) r5 = dup(r4) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000000)=0x5) 10:47:43 executing program 5: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000080)={0xa925, 0x1d, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3}) r4 = dup(r3) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000000)=0x5) 10:47:43 executing program 2: syz_read_part_table(0x0, 0x1, &(0x7f0000000780)=[{&(0x7f0000000cc0)="643124165ad4fb499caea26bd0bfb3c354740d3fcaeacee286cf70f9a2579f4e92e542491477bde885aee5140936d5949a470532adbf34f6daab9662249799609e193c8d444c732f9b343385d6689f1f7a290962c0a7345457c18efe74c9cc5567c2808d6a2021461dcf89240e51694290169b4749577a508abc3164d3ac1261c030f2543087c71093afbf61d7a5d2611ca4f55a39542cfe24e994a8353324feba77caa6c8ec7c13f95dcb949c156749ef78e9f649e62060af4d131c248b617c289a3553584d497f59555a3d671b4d1039ecf654fefab20c094b8ae3f023ca17cfea547703d64b166047847138f72f86432bf27a1f4ca53f94d90ee8d5e8b3044a04007b36b9a3e403cf9257e7de80cba33e91c632d275387c33989f92215b5a951851b2018cff6c444aa31442f6255728709ee38950bc2a78279f1c57af067073bba6a2befb25435f3802ef21073ec05fef1ecb65a1a4cef8abb66108a54b6b6685ca4d69484fa5796011c8f528d5a07702d7cd47f6fd2687a14c62b64a0c695abc354f7fd36122c324f5af9c10986ab0d8306508db354182227c30c921c21df7c64bf0841d807956cbb6d85f3a3113610879770eabe57c4a85f0515d1013f03a3c943b60d5b61ff97f02ad5976cd73d963490f484e11e1a95fe6d9ac3c94f5808f1ef8ba5749cdbc6291258e5c3aa6433f096624a6d97be3a39a", 0x1fb, 0x5}]) 10:47:43 executing program 4: syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa029cce98941b86dd6076605100303afffef49c000000000000000000000000ffff020000000000000000000000000001860090780014000060c5961e00000000ff0100000000000018ceeb9f9fb927162b020000000000000000000080000001"], 0x0) 10:47:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340), 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x4c, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8fd}, @IPVS_CMD_ATTR_DEST={0x18, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x4c}}, 0x40) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="5300000044a6aeabec2e1520000000000000001000fff64017db9820000000003b08d403ffff633b27e59aa144175dd106736d17c3f2c876d699010000000000000025da3f0dc7ec6e2656000008"], 0x4e) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000080)={0x14, 0x69, 0x0, {0x1, 0x4, 0x5}}, 0x14) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000e26000)='/dev/sequencer2\x00', 0x0, 0x0) dup2(r1, 0xffffffffffffffff) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000140)={0xffffff80, 0x6}, 0x10) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000580)={0x0, 0xce0, 0x8001, 0x0, 0x0, [], [], [], 0x16, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000000c0)={{0x2, 0x1, 0x7, 0x0, 0x8ce}}) 10:47:43 executing program 3: socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0xeffdffff, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 10:47:43 executing program 4: [ 193.998848][ T8969] Dev loop2: unable to read RDB block 1 [ 194.017179][ T8969] loop2: unable to read partition table 10:47:43 executing program 4: [ 194.053092][ T8969] loop2: partition table beyond EOD, truncated [ 194.089139][ T8969] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) 10:47:44 executing program 0: 10:47:44 executing program 5: [ 194.325272][ T8969] Dev loop2: unable to read RDB block 1 [ 194.336966][ T8969] loop2: unable to read partition table [ 194.361996][ T8969] loop2: partition table beyond EOD, truncated 10:47:44 executing program 1: 10:47:44 executing program 4: 10:47:44 executing program 3: 10:47:44 executing program 0: [ 194.398513][ T8969] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) 10:47:44 executing program 2: 10:47:44 executing program 5: 10:47:44 executing program 3: 10:47:44 executing program 4: 10:47:44 executing program 0: 10:47:44 executing program 1: 10:47:44 executing program 2: 10:47:44 executing program 4: 10:47:44 executing program 5: 10:47:44 executing program 3: 10:47:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 10:47:44 executing program 0: r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000040)=@secondary='builtin_and_secondary_trusted\x00') add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0) 10:47:44 executing program 4: 10:47:44 executing program 2: 10:47:44 executing program 5: 10:47:44 executing program 3: 10:47:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x6, 0x0) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000000)) write$P9_RLOPEN(r2, &(0x7f0000000040)={0x18}, 0x18) write$binfmt_aout(r1, &(0x7f0000000780)=ANY=[@ANYBLOB='*'], 0x1) 10:47:44 executing program 4: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="7c0000002e00010700"/20, @ANYRES32, @ANYBLOB="000007000000000003000000080001006270660050000200080004000000000004000500400002003c0001000000ff030004000000000400000000000000e6290000000000000000110000000000000000000000000000000000000000001c00000000006b8af1fa454921483b79b0ed762852a47e69e60c061f9c871cc39500000000a04912c9e69817f049ec6df0e44a2b27bc64af847665f32224e4d778548bc7cba4aad65985da75ad8f3dcb3ee4b78dd97dc5e138da76d28c07639b67c57cc5df12fe95535049"], 0x7c}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x25e, 0x0) 10:47:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") unshare(0x400) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000180)=0x4) 10:47:44 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) 10:47:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 10:47:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffa0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080), 0xffffffe2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x5, 0x0, 0x0, 0x0, 0x401, 0x0, 0xc5e]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x1000000080}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:47:45 executing program 4: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0xa, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=0xb31}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000900)={0xffffffffffffffff, r2, 0x0, 0x7, &(0x7f00000005c0)='bdev\'-\x00', r3}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000002c0), 0xc) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc0045878, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x5) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000019c0)='schedstat\x00') bind$inet6(r4, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0) r5 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r5, 0xc0045878, 0x0) write$P9_RSTAT(0xffffffffffffffff, 0x0, 0x0) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x16, 0x0) ptrace(0xffffffffffffffff, r6) socket(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r7) r8 = getpid() rt_tgsigqueueinfo(0x0, r8, 0x0, 0x0) ptrace(0x10, r8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, 0x0) stat(&(0x7f0000001000)='./file0\x00', &(0x7f0000001040)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001100)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000010c0)='\x00', 0xffffffffffffffff}, 0x30) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r0, r1, 0x0, 0x10000) 10:47:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") unshare(0x400) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000180)=0x4) 10:47:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000003a40)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0xbb8) [ 195.456810][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 195.456823][ T26] audit: type=1800 audit(1572950865.249:31): pid=9071 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16559 res=0 10:47:45 executing program 2: perf_event_open(&(0x7f0000001200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x100000000, 0x4480) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x2002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4068aea3, &(0x7f0000000080)) r4 = dup3(r1, r2, 0x0) r5 = dup2(r4, r3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000004c0)={0x0}) r7 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000240)={r6, 0x5, 0x9}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) ioctl$KVM_PPC_GET_PVINFO(0xffffffffffffffff, 0x4080aea1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x40000000}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff) request_key(&(0x7f0000000340)='user\x00', 0x0, &(0x7f00000003c0)='(^\x00', 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x2}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0xfffffffffffffffa, 0x0, 0x0, 0x20, 0x3}) ioctl$KVM_TRANSLATE(r9, 0xc018ae85, &(0x7f0000000080)) bind$unix(0xffffffffffffffff, 0x0, 0x0) r10 = timerfd_create(0x0, 0x0) timerfd_settime(r10, 0x3, &(0x7f0000000040)={{0x77359400}}, 0x0) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) 10:47:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) keyctl$get_persistent(0x16, 0x0, 0x0) add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 10:47:45 executing program 0: syz_open_dev$loop(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000100)={0xa1}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:47:45 executing program 1: ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsa(&(0x7f00000004c0)='/dev/vcsa#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00008d3000/0x18000)=nil, &(0x7f0000000540)=[@textreal={0x8, &(0x7f0000000500)="0f212a0f9ba600580fbaed59f3c14e005f8673a3b8a5078ec00f6370eadf7807660f388298040066b94b09000066b80000000066ba000000000f30", 0x3b}], 0x1, 0x0, &(0x7f0000000580), 0xc7) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000140)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x14, 0x0, 0x4040000000004, 0x100000001}, 0x3c) bpf$MAP_LOOKUP_ELEM(0x4, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000002c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x4) [ 195.638705][ T26] audit: type=1804 audit(1572950865.299:32): pid=9073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir552583480/syzkaller.7bOoZ5/11/file0" dev="sda1" ino=16559 res=1 [ 195.708119][ T9087] usb usb2: usbfs: process 9087 (syz-executor.0) did not claim interface 0 before use 10:47:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:47:45 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) 10:47:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) dup2(0xffffffffffffffff, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 10:47:46 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'lo\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff}) 10:47:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") unshare(0x400) r1 = socket$inet6(0xa, 0x1000000000005, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000080), &(0x7f0000000140)=0x4) [ 214.349757][ T1044] INFO: task khugepaged:1085 blocked for more than 143 seconds. [ 214.357527][ T1044] Not tainted 5.4.0-rc5-next-20191031 #0 [ 214.367021][ T1044] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 214.376342][ T1044] khugepaged D27376 1085 2 0x80004000 [ 214.382767][ T1044] Call Trace: [ 214.386052][ T1044] __schedule+0x94a/0x1e70 [ 214.390537][ T1044] ? __sched_text_start+0x8/0x8 [ 214.395382][ T1044] ? blk_insert_cloned_request+0x530/0x530 [ 214.401287][ T1044] schedule+0xdc/0x2b0 [ 214.405350][ T1044] io_schedule+0x1c/0x70 [ 214.409637][ T1044] __lock_page+0x422/0xab0 [ 214.414080][ T1044] ? wait_on_page_bit+0xa60/0xa60 [ 214.419089][ T1044] ? page_cache_next_miss+0x340/0x340 [ 214.424564][ T1044] ? ___might_sleep+0x163/0x2c0 [ 214.430167][ T1044] ? __might_sleep+0x95/0x190 [ 214.434846][ T1044] mpage_prepare_extent_to_map+0xb3f/0xf90 [ 214.440741][ T1044] ? mpage_process_page_bufs+0x780/0x780 [ 214.446365][ T1044] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 214.451954][ T1044] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 214.457923][ T1044] ? __kmalloc_node+0xf/0x70 [ 214.462610][ T1044] ext4_writepages+0x954/0x2e70 [ 214.467452][ T1044] ? get_page_from_freelist+0x21fb/0x4330 [ 214.473218][ T1044] ? find_held_lock+0x35/0x130 [ 214.478009][ T1044] ? get_page_from_freelist+0x21fb/0x4330 [ 214.483820][ T1044] ? ext4_mark_inode_dirty+0x9b0/0x9b0 [ 214.489280][ T1044] ? 0xffffffff81000000 [ 214.493486][ T1044] ? mark_lock+0xc2/0x1220 [ 214.497907][ T1044] ? prep_new_page+0x19f/0x200 [ 214.503624][ T1044] ? wbc_attach_and_unlock_inode+0x514/0x920 [ 214.509690][ T1044] ? find_held_lock+0x35/0x130 [ 214.514445][ T1044] ? wbc_attach_and_unlock_inode+0x515/0x920 [ 214.520517][ T1044] ? ext4_mark_inode_dirty+0x9b0/0x9b0 [ 214.525965][ T1044] do_writepages+0xfa/0x2a0 [ 214.530515][ T1044] ? do_writepages+0xfa/0x2a0 [ 214.535187][ T1044] ? lock_downgrade+0x920/0x920 [ 214.540188][ T1044] ? page_writeback_cpu_online+0x20/0x20 [ 214.545816][ T1044] ? __kasan_check_read+0x11/0x20 [ 214.550902][ T1044] ? do_raw_spin_unlock+0x57/0x270 [ 214.556023][ T1044] ? _raw_spin_unlock+0x28/0x40 [ 214.560967][ T1044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.567215][ T1044] ? wbc_attach_and_unlock_inode+0x5bf/0x920 [ 214.573236][ T1044] __filemap_fdatawrite_range+0x2bc/0x3b0 [ 214.578947][ T1044] ? delete_from_page_cache_batch+0xfe0/0xfe0 [ 214.585095][ T1044] ? lockdep_hardirqs_on+0x421/0x5e0 [ 214.590498][ T1044] filemap_flush+0x24/0x30 [ 214.594904][ T1044] collapse_file+0x36b1/0x41a0 [ 214.599764][ T1044] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 214.605934][ T1044] ? khugepaged+0x21c0/0x4360 [ 214.610670][ T1044] ? trace_event_raw_event_mm_collapse_huge_page_isolate+0x370/0x370 [ 214.618743][ T1044] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 214.624563][ T1044] ? khugepaged_find_target_node+0x142/0x180 [ 214.631040][ T1044] khugepaged+0x2da9/0x4360 [ 214.635524][ T1044] ? __kasan_check_read+0x11/0x20 [ 214.640621][ T1044] ? __lock_acquire+0x16f2/0x4a00 [ 214.645650][ T1044] ? _raw_spin_unlock_irq+0x23/0x80 [ 214.650949][ T1044] ? finish_task_switch+0x147/0x750 [ 214.656135][ T1044] ? _raw_spin_unlock_irq+0x23/0x80 [ 214.661417][ T1044] ? lockdep_hardirqs_on+0x421/0x5e0 [ 214.666717][ T1044] ? collapse_pte_mapped_thp+0xbe0/0xbe0 [ 214.672402][ T1044] ? lock_downgrade+0x920/0x920 [ 214.677243][ T1044] ? finish_wait+0x260/0x260 [ 214.681914][ T1044] ? lockdep_hardirqs_on+0x421/0x5e0 [ 214.687194][ T1044] ? trace_hardirqs_on+0x67/0x240 [ 214.692268][ T1044] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 214.698501][ T1044] ? __kthread_parkme+0x108/0x1c0 [ 214.703608][ T1044] ? __kasan_check_read+0x11/0x20 [ 214.708628][ T1044] kthread+0x361/0x430 [ 214.712744][ T1044] ? collapse_pte_mapped_thp+0xbe0/0xbe0 [ 214.718411][ T1044] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 214.724222][ T1044] ret_from_fork+0x24/0x30 [ 214.728739][ T1044] [ 214.728739][ T1044] Showing all locks held in the system: [ 214.736524][ T1044] 4 locks held by kworker/u4:5/394: [ 214.741749][ T1044] #0: ffff8880a7ff6128 ((wq_completion)writeback){+.+.}, at: process_one_work+0x88b/0x1740 [ 214.751905][ T1044] #1: ffff8880a8e8fdc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 214.763722][ T1044] #2: ffff888215a2c0d8 (&type->s_umount_key#32){++++}, at: trylock_super+0x22/0x110 [ 214.773246][ T1044] #3: ffff888215a2e990 (&sbi->s_journal_flag_rwsem){.+.+}, at: do_writepages+0xfa/0x2a0 [ 214.783092][ T1044] 1 lock held by khungtaskd/1044: [ 214.788085][ T1044] #0: ffffffff88faba40 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 214.797460][ T1044] 1 lock held by khugepaged/1085: [ 214.802503][ T1044] #0: ffff888215a2e990 (&sbi->s_journal_flag_rwsem){.+.+}, at: do_writepages+0xfa/0x2a0 [ 214.812408][ T1044] 2 locks held by getty/8786: [ 214.817069][ T1044] #0: ffff8880a8afb090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.826051][ T1044] #1: ffffc90005f452e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.835652][ T1044] 2 locks held by getty/8787: [ 214.840370][ T1044] #0: ffff8880962ad090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.849310][ T1044] #1: ffffc90005f572e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.858925][ T1044] 2 locks held by getty/8788: [ 214.863614][ T1044] #0: ffff888095522090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.872673][ T1044] #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.882260][ T1044] 2 locks held by getty/8789: [ 214.886918][ T1044] #0: ffff88809cac4090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.896547][ T1044] #1: ffffc90005f512e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.906154][ T1044] 2 locks held by getty/8790: [ 214.910954][ T1044] #0: ffff8880a7f97090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.919984][ T1044] #1: ffffc90005f4d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.929600][ T1044] 2 locks held by getty/8791: [ 214.934273][ T1044] #0: ffff8880a6116090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.943267][ T1044] #1: ffffc90005f5b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.952869][ T1044] 2 locks held by getty/8792: [ 214.957518][ T1044] #0: ffff8880a4449090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 214.966481][ T1044] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 214.976082][ T1044] 1 lock held by syz-executor.4/9071: [ 214.981539][ T1044] #0: ffff888215a2c0d8 (&type->s_umount_key#32){++++}, at: thaw_super+0x18/0x30 [ 214.990736][ T1044] [ 214.993053][ T1044] ============================================= [ 214.993053][ T1044] [ 215.001509][ T1044] NMI backtrace for cpu 1 [ 215.005833][ T1044] CPU: 1 PID: 1044 Comm: khungtaskd Not tainted 5.4.0-rc5-next-20191031 #0 [ 215.014476][ T1044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.024506][ T1044] Call Trace: [ 215.027778][ T1044] dump_stack+0x172/0x1f0 [ 215.032085][ T1044] nmi_cpu_backtrace.cold+0x70/0xb2 [ 215.037257][ T1044] ? vprintk_func+0x86/0x189 [ 215.041823][ T1044] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 215.047430][ T1044] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 215.053389][ T1044] arch_trigger_cpumask_backtrace+0x14/0x20 [ 215.059264][ T1044] watchdog+0xc8f/0x1350 [ 215.063497][ T1044] kthread+0x361/0x430 [ 215.067540][ T1044] ? reset_hung_task_detector+0x30/0x30 [ 215.073059][ T1044] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 215.078765][ T1044] ret_from_fork+0x24/0x30 [ 215.083317][ T1044] Sending NMI from CPU 1 to CPUs 0: [ 215.088593][ C0] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0xe/0x10 [ 215.090316][ T1044] Kernel panic - not syncing: hung_task: blocked tasks [ 215.103665][ T1044] CPU: 1 PID: 1044 Comm: khungtaskd Not tainted 5.4.0-rc5-next-20191031 #0 [ 215.112239][ T1044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.122268][ T1044] Call Trace: [ 215.125538][ T1044] dump_stack+0x172/0x1f0 [ 215.129844][ T1044] panic+0x2e3/0x75c [ 215.133712][ T1044] ? add_taint.cold+0x16/0x16 [ 215.138541][ T1044] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 215.144150][ T1044] ? ___preempt_schedule+0x16/0x18 [ 215.149239][ T1044] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 215.155381][ T1044] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 215.161506][ T1044] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 215.167635][ T1044] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 215.173767][ T1044] watchdog+0xca0/0x1350 [ 215.177988][ T1044] kthread+0x361/0x430 [ 215.182033][ T1044] ? reset_hung_task_detector+0x30/0x30 [ 215.187549][ T1044] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 215.193242][ T1044] ret_from_fork+0x24/0x30 [ 215.199139][ T1044] Kernel Offset: disabled [ 215.203464][ T1044] Rebooting in 86400 seconds..