[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. 2020/04/26 04:57:00 fuzzer started 2020/04/26 04:57:02 dialing manager at 10.128.0.26:43799 2020/04/26 04:57:02 syscalls: 3000 2020/04/26 04:57:02 code coverage: enabled 2020/04/26 04:57:02 comparison tracing: enabled 2020/04/26 04:57:02 extra coverage: enabled 2020/04/26 04:57:02 setuid sandbox: enabled 2020/04/26 04:57:02 namespace sandbox: enabled 2020/04/26 04:57:02 Android sandbox: /sys/fs/selinux/policy does not exist 2020/04/26 04:57:02 fault injection: enabled 2020/04/26 04:57:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/04/26 04:57:02 net packet injection: enabled 2020/04/26 04:57:02 net device setup: enabled 2020/04/26 04:57:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/04/26 04:57:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/04/26 04:57:02 USB emulation: /dev/raw-gadget does not exist 04:58:57 executing program 0: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600084e002000a00900cda40ff1ad5c96824", 0x12, 0x400}, {&(0x7f0000000ac0)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494febcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf40c09d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f579740d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5ff9b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bf19e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb0464cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978bcd0b64cc5eb401837abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e4016a385634bf6cb9d0b2b8776fc26", 0x309, 0x34f9}], 0x0, 0x0) syzkaller login: [ 178.622475][ T7069] IPVS: ftp: loaded support on port[0] = 21 04:58:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 178.773415][ T7069] chnl_net:caif_netlink_parms(): no params data found [ 178.927571][ T7069] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.954934][ T7069] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.973765][ T7069] device bridge_slave_0 entered promiscuous mode [ 178.995235][ T7069] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.002379][ T7069] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.025019][ T7069] device bridge_slave_1 entered promiscuous mode 04:58:57 executing program 2: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8) r1 = memfd_create(&(0x7f00000002c0)='\t\x00ste`\xad\x96\x9aum$\x00', 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r1, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) prctl$PR_SET_DUMPABLE(0x4, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='attr/sockcreate\x00') [ 179.055938][ T7199] IPVS: ftp: loaded support on port[0] = 21 [ 179.081227][ T7069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.121854][ T7069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.208744][ T7069] team0: Port device team_slave_0 added [ 179.247680][ T7069] team0: Port device team_slave_1 added [ 179.328202][ T7069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.344398][ T7069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. 04:58:58 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, {0x3015}}) [ 179.388762][ T7069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.417908][ T7069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.428149][ T7069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.455716][ T7069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.485637][ T7199] chnl_net:caif_netlink_parms(): no params data found [ 179.517063][ T7286] IPVS: ftp: loaded support on port[0] = 21 [ 179.549571][ T7069] device hsr_slave_0 entered promiscuous mode [ 179.606209][ T7069] device hsr_slave_1 entered promiscuous mode [ 179.744633][ T7338] IPVS: ftp: loaded support on port[0] = 21 04:58:58 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) close(r0) close(0xffffffffffffffff) [ 179.918858][ T7199] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.927956][ T7199] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.939106][ T7199] device bridge_slave_0 entered promiscuous mode [ 180.027814][ T7199] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.041920][ T7199] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.065879][ T7199] device bridge_slave_1 entered promiscuous mode 04:58:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="1321aec3d6bd14ccf39cd99bc1703670affd5f7fd0b28e089bf5ebdcf62c7bb7fd85f12249f8c79ef14ec3ef6a5a5c425bddfe4d392ecd64e3a9e98802004f5e96d2ef443e05a002c029a696546e276dee4cde791a6a6da9b68042995c2de09591de22402cb8be878323cbce21f86bacf996b18100000000000038e87f3d0bf16170a731ad9f1b775ac418d4017fa6e84d6b49596ac5000000000079a40753f777000000000000000000001b9b30535fb47c0df16cd0d1eb34819572b40ec3046845aaba62160069c670d6e457f0f5aaa5638e44f007580152b233ee3fa48235e26c1b21316f3cc158235f0c01704b90adb8b4a268726114a433ad9bc3e5a3697edc3077642009a08a32e45f54ede3e1ee392d24a162a722d4445fd5be195fcd7fa05cb39dd29ed743bd53", @ANYRESHEX, @ANYRES64], 0x0, 0x147}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 180.210287][ T7199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.242167][ T7286] chnl_net:caif_netlink_parms(): no params data found [ 180.267386][ T7199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.387409][ T7199] team0: Port device team_slave_0 added [ 180.406651][ T7563] IPVS: ftp: loaded support on port[0] = 21 [ 180.423964][ T7199] team0: Port device team_slave_1 added [ 180.480961][ T7338] chnl_net:caif_netlink_parms(): no params data found [ 180.497328][ T7069] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 180.571483][ T7069] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 180.618540][ T7069] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 180.691034][ T7199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.698119][ T7199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.725145][ T7199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.741833][ T7199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.748877][ T7199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.774984][ T7199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.791632][ T7069] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 180.896389][ T7649] IPVS: ftp: loaded support on port[0] = 21 [ 181.005832][ T7199] device hsr_slave_0 entered promiscuous mode [ 181.023955][ T7199] device hsr_slave_1 entered promiscuous mode [ 181.063991][ T7199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.071843][ T7199] Cannot create hsr debugfs directory [ 181.093493][ T7286] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.100647][ T7286] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.109229][ T7286] device bridge_slave_0 entered promiscuous mode [ 181.152100][ T7286] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.160888][ T7286] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.169452][ T7286] device bridge_slave_1 entered promiscuous mode [ 181.188546][ T7338] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.198107][ T7338] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.206397][ T7338] device bridge_slave_0 entered promiscuous mode [ 181.248608][ T7286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.264121][ T7286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.274464][ T7338] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.281517][ T7338] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.290544][ T7338] device bridge_slave_1 entered promiscuous mode [ 181.350326][ T7286] team0: Port device team_slave_0 added [ 181.385656][ T7286] team0: Port device team_slave_1 added [ 181.413125][ T7338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.427283][ T7338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.476813][ T7286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.485837][ T7286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.515259][ T7286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.531039][ T7286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.538739][ T7286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.565800][ T7286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.632932][ T7338] team0: Port device team_slave_0 added [ 181.642202][ T7338] team0: Port device team_slave_1 added [ 181.681953][ T7338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.690069][ T7338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.717814][ T7338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.732095][ T7338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.739114][ T7338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.765815][ T7338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.868908][ T7286] device hsr_slave_0 entered promiscuous mode [ 181.914183][ T7286] device hsr_slave_1 entered promiscuous mode [ 181.943656][ T7286] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.951232][ T7286] Cannot create hsr debugfs directory [ 181.957749][ T7563] chnl_net:caif_netlink_parms(): no params data found [ 182.039869][ T7649] chnl_net:caif_netlink_parms(): no params data found [ 182.097163][ T7338] device hsr_slave_0 entered promiscuous mode [ 182.124209][ T7338] device hsr_slave_1 entered promiscuous mode [ 182.184152][ T7338] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.191720][ T7338] Cannot create hsr debugfs directory [ 182.202210][ T7069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.333423][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.341986][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.359988][ T7563] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.369404][ T7563] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.378538][ T7563] device bridge_slave_0 entered promiscuous mode [ 182.387000][ T7199] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 182.438829][ T7069] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.460944][ T7563] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.468253][ T7563] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.477864][ T7563] device bridge_slave_1 entered promiscuous mode [ 182.501711][ T7199] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 182.564209][ T7199] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 182.627630][ T7563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.645744][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.654619][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.663030][ T2671] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.670271][ T2671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.678503][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.687972][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.696585][ T2671] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.703714][ T2671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.715210][ T7199] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 182.783368][ T7563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.797572][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.882042][ T7563] team0: Port device team_slave_0 added [ 182.898261][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.907534][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.922378][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.930937][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.939476][ T7649] device bridge_slave_0 entered promiscuous mode [ 182.948943][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.956413][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.965481][ T7649] device bridge_slave_1 entered promiscuous mode [ 182.982508][ T7563] team0: Port device team_slave_1 added [ 183.015014][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.029365][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.060096][ T7649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.073304][ T7649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.091804][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.101310][ T7563] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.109065][ T7563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.135327][ T7563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.181455][ T7563] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.195881][ T7563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.223722][ T7563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.235724][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.246432][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.265915][ T7649] team0: Port device team_slave_0 added [ 183.275916][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.284892][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.293795][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.303158][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.327820][ T7338] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 183.401977][ T7069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.411914][ T7649] team0: Port device team_slave_1 added [ 183.431753][ T7338] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 183.480900][ T7338] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 183.597818][ T7563] device hsr_slave_0 entered promiscuous mode [ 183.663962][ T7563] device hsr_slave_1 entered promiscuous mode [ 183.703447][ T7563] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 183.711053][ T7563] Cannot create hsr debugfs directory [ 183.747530][ T7649] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.756780][ T7649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.785375][ T7649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.796961][ T7338] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 183.835864][ T7286] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 183.875948][ T7286] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 183.931319][ T7286] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 183.986959][ T7286] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 184.051907][ T7649] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.058932][ T7649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.085222][ T7649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.130011][ T7069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.145548][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 184.153000][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 184.257638][ T7649] device hsr_slave_0 entered promiscuous mode [ 184.304022][ T7649] device hsr_slave_1 entered promiscuous mode [ 184.345021][ T7649] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.352665][ T7649] Cannot create hsr debugfs directory [ 184.365444][ T7199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.437160][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 184.449171][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 184.520055][ T7199] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.543523][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.554500][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.562540][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.573062][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.582881][ T2671] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.590033][ T2671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.598153][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 184.607540][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 184.637112][ T7069] device veth0_vlan entered promiscuous mode [ 184.656757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.665150][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 184.672758][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 184.680785][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.689503][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.698914][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.706045][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.713866][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.787415][ T7069] device veth1_vlan entered promiscuous mode [ 184.799991][ T7563] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 184.858659][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 184.866846][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.880257][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.890563][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.908803][ T7563] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 184.958460][ T7563] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 185.022095][ T7286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.031103][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 185.039394][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.059805][ T7563] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 185.161597][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.173035][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.201986][ T7286] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.221699][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.234366][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.242567][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.251171][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.281882][ T7649] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 185.328488][ T7069] device veth0_macvtap entered promiscuous mode [ 185.341967][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 185.351037][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 185.360610][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.370867][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.379675][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.389022][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.397804][ T3565] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.404925][ T3565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.415487][ T7199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.427514][ T7649] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 185.493514][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 185.501658][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.511230][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.521142][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.530520][ T3563] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.537653][ T3563] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.556569][ T7649] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 185.634952][ T7069] device veth1_macvtap entered promiscuous mode [ 185.642384][ T7649] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 185.691161][ T7338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.708021][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 185.719446][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.730906][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.753375][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.762770][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.774509][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.804070][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.812738][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.839438][ T7069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.870601][ T7069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.880175][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.888330][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.898266][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 185.907431][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 185.916726][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.925998][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.934758][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.943023][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.951745][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 185.960567][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 185.972668][ T7338] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.998575][ T7286] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.021868][ T7563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.030657][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.041880][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 186.057955][ T7199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.108554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.117419][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.126827][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.133965][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.141475][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.150800][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.159368][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.166509][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.175744][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.187097][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.202340][ T7563] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.253808][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.261591][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.271057][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.280449][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.289323][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 186.297715][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.307953][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.351557][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.359476][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.371066][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.380467][ T3565] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.387607][ T3565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.396025][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.405348][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.424255][ T7286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.431433][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.440773][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.449965][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.459669][ T3565] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.466812][ T3565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.564396][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 186.573170][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.586382][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.596519][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.607906][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.617340][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.720627][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.731661][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.745747][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 04:59:05 executing program 0: openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x0, 0x0) socket(0x10, 0x80002, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyprintk\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000840)='/dev/autofs\x00', 0x301800, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x16d}, 0x0, 0x0, 0x0, 0x0) [ 186.765885][ T27] audit: type=1800 audit(1587877145.467:2): pid=8325 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=15748 res=0 [ 186.783996][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 186.794744][ T8325] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 186.801339][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.829059][ T7069] minix_free_inode: bit 1 already cleared [ 186.835425][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.878705][ T7649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.899426][ T7338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.919824][ T7199] device veth0_vlan entered promiscuous mode 04:59:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000001a40)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db500800000000000008f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047666865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000080)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 186.958074][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 186.973962][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 186.993351][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.014012][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 187.022872][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 187.061394][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.063807][ T8335] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 187.084316][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.122985][ T7199] device veth1_vlan entered promiscuous mode [ 187.180575][ T7649] 8021q: adding VLAN 0 to HW filter on device team0 04:59:06 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = socket$packet(0x11, 0x2, 0x300) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) accept4(r0, 0x0, 0x0, 0x0) [ 187.227491][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 187.239764][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.256328][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.286575][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.300359][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.324177][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.332158][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.360717][ T7563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.388495][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.399114][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.408023][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 187.419587][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 187.446785][ T7286] device veth0_vlan entered promiscuous mode [ 187.465429][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 187.480324][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 187.506466][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.528738][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.541948][ T3566] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.549117][ T3566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.584716][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.598531][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.608190][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.617334][ T3559] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.624438][ T3559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.632577][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.641626][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.649611][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.660167][ T7338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.668460][ T7286] device veth1_vlan entered promiscuous mode 04:59:06 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000300)=ANY=[@ANYBLOB='1'], 0x1) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x1012, r3, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000080)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x185243, 0x0) dup2(r4, r5) [ 187.691395][ T7199] device veth0_macvtap entered promiscuous mode [ 187.723408][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 187.731862][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 187.743953][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 187.752627][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.764328][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.783516][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.796319][ T7199] device veth1_macvtap entered promiscuous mode [ 187.822513][ T7563] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.840068][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 187.849821][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.862844][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 187.872153][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.894243][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.911345][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.929432][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.940760][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.955212][ T27] audit: type=1804 audit(1587877146.657:3): pid=8355 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 187.986029][ T7649] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.014155][ T27] audit: type=1804 audit(1587877146.707:4): pid=8351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 188.021658][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.057237][ T27] audit: type=1804 audit(1587877146.757:5): pid=8355 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 188.080350][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.094409][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.102678][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.115543][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.151107][ T7199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.168388][ T27] audit: type=1804 audit(1587877146.867:6): pid=8351 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 188.173156][ T7199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.205804][ T27] audit: type=1804 audit(1587877146.897:7): pid=8355 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 188.211289][ T7199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.229567][ T27] audit: type=1804 audit(1587877146.907:8): pid=8356 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir391965016/syzkaller.L5ZaWM/4/bus" dev="sda1" ino=15749 res=1 [ 188.255013][ T7286] device veth0_macvtap entered promiscuous mode 04:59:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x3, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x21, 0x5}, [], {0x95, 0x0, 0x2b00}}, &(0x7f0000281ffc)='GPL\x00'}, 0x48) [ 188.289366][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 188.299026][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 188.308971][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 188.319361][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 188.329243][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 188.338917][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.351251][ T7199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.363948][ T7199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.376723][ T7199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.396574][ T7286] device veth1_macvtap entered promiscuous mode [ 188.413503][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 188.421749][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.432347][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 04:59:07 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) [ 188.444715][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 188.462006][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 188.471452][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 188.489311][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.519294][ T7649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.536552][ T7338] device veth0_vlan entered promiscuous mode 04:59:07 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) [ 188.637019][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.654018][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.692437][ T7338] device veth1_vlan entered promiscuous mode [ 188.733922][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.755780][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.783111][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.795251][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.808760][ T7286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.918597][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 188.927873][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 188.941250][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.953840][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.982682][ T7286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.001701][ T7286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.041941][ T7286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.118853][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.130072][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.140378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.151014][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.173679][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.184231][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.192456][ T7563] device veth0_vlan entered promiscuous mode 04:59:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 189.221781][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 189.248539][ T3566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 189.434545][ T7563] device veth1_vlan entered promiscuous mode [ 189.473406][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.485578][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.513726][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.522271][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.540475][ T7338] device veth0_macvtap entered promiscuous mode [ 189.551623][ T7649] device veth0_vlan entered promiscuous mode [ 189.558160][ T8399] sctp: [Deprecated]: syz-executor.2 (pid 8399) Use of struct sctp_assoc_value in delayed_ack socket option. [ 189.558160][ T8399] Use struct sctp_sack_info instead [ 189.597616][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.611543][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.631962][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 04:59:08 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="85000000630000007f0000000000000095000000000000000a621cf434b9dbafdc0a00e9bfde03afe9c81a9cf05725caf1cae63587ff7f0000cde5c019080096e2c43f6b8fd41b7e7666ada01543b7185a4650732b48588a84f8347a1b5efd079137038277beb5e0615c40dbb7005fbd189981feb0a514c168646ea716bb5b94bd00009b4f22389c753acb8026fd808f25bfc91c15d7dc2adcdefba0868942577d8953191eeb79379829652b10737d4e25a22695df1cff25340af4fc990000099fff70b24f8228bd07741c710ebde4bf17dc8f3259ec78e5b39515991b1428fa5301000004398f6500000000000000a3024871b76f1b2c8fea54fb3726850310bd480355921c9c0c120d049000b3190974f06e53eb9e0000cc4bd12f5d44b172a4a2f72bb3fd2656551881b945861d8f3eb0a543de4c71e4f306767a7b542258becc9fa5987a7000009fdf95541c4148a3c0322a5d2c539b749491ce88e47b147884df676eb8a8f4d844ff1e3c2160cb9b0000000000a39bbd19344c7c498ce255f79fc8e77e3ba393f8401af9077cca6d65a63d47b53ad6f1be43adaee63a10c540cda8df0b4e3cb1d53f32ff3e2ce03dd70707d2dd1db91f842e36a8a3f7f89258943e32023d6670910d1fdc9db9d03f84340aafe8bf00677ad1dea3e2fec13ce0b92489cba78d5517600a9518b811a8bf9de074bf1bd738045b63c76bf1908d1ece9177c4b9b6f1224a598004d1d9f09c317f7a0bed457e82b97d41ccae8c8c0ded87dfe708d57233a95f78e3aafa6551eb8eaf62ae8917a56fb6a82cadc189f5e98a5a30df3ec44e772a7b356c4ce3628ec559afc7b4a955fdc1503f89bb44f0ec0bd45b70933c32b6909644ad5b5f4c20206cc2c7b2f5e64270d30aaf2fe5dabdd463b705d87fe885a47d2e0696268ef0a939bcd4b4b48e80fbfea60ab1bc0d6c8833c5bbbcc1eb127fdd658361255042a6fe51ff83d6f42fea5f61c3d78724c93853fc79b6489813c315a1dac8d932066e43c072"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x4c5047}}, 0x48) [ 189.645423][ T7338] device veth1_macvtap entered promiscuous mode [ 189.700759][ T7563] device veth0_macvtap entered promiscuous mode [ 189.720712][ T7649] device veth1_vlan entered promiscuous mode [ 189.733871][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 189.742092][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.752500][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.767935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.793872][ T7563] device veth1_macvtap entered promiscuous mode [ 189.822118][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 189.831626][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.863898][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.880225][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.902440][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.914325][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.926731][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.937154][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.948128][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.961014][ T7338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.993826][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.002610][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.032444][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.053871][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.064379][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.075750][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.086426][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.097576][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.109062][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.119903][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.131684][ T7563] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.151503][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.160178][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.170402][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.182898][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.193810][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.204289][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.214554][ T7338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.225155][ T7338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.236408][ T7338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.251671][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 190.261624][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.272334][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.284569][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.295358][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.306466][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.320869][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.334140][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.344090][ T7563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.354857][ T7563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.366745][ T7563] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.391561][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 190.408838][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.479965][ T7649] device veth0_macvtap entered promiscuous mode [ 190.489512][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.501425][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.510805][ T8110] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 190.579812][ T7649] device veth1_macvtap entered promiscuous mode 04:59:09 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/tcp\x00') preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/84, 0x54}], 0x1, 0x4) [ 190.816874][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.850353][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.901699][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.928442][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.938772][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.952115][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.964447][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.976004][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.986936][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.999619][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.015449][ T7649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.036972][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 191.049440][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 191.061229][ T3565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.075288][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.087855][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.099634][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.112501][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.125020][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.136309][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.147436][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.158716][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.169408][ T7649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.181106][ T7649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.194762][ T7649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.215113][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.224685][ T3563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 04:59:10 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) close(r0) close(0xffffffffffffffff) [ 191.588570][ C0] hrtimer: interrupt took 26935 ns 04:59:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="1321aec3d6bd14ccf39cd99bc1703670affd5f7fd0b28e089bf5ebdcf62c7bb7fd85f12249f8c79ef14ec3ef6a5a5c425bddfe4d392ecd64e3a9e98802004f5e96d2ef443e05a002c029a696546e276dee4cde791a6a6da9b68042995c2de09591de22402cb8be878323cbce21f86bacf996b18100000000000038e87f3d0bf16170a731ad9f1b775ac418d4017fa6e84d6b49596ac5000000000079a40753f777000000000000000000001b9b30535fb47c0df16cd0d1eb34819572b40ec3046845aaba62160069c670d6e457f0f5aaa5638e44f007580152b233ee3fa48235e26c1b21316f3cc158235f0c01704b90adb8b4a268726114a433ad9bc3e5a3697edc3077642009a08a32e45f54ede3e1ee392d24a162a722d4445fd5be195fcd7fa05cb39dd29ed743bd53", @ANYRESHEX, @ANYRES64], 0x0, 0x147}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:59:13 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:13 executing program 2: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000200)={0x0, 0x989680}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 04:59:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x29, 0x5d}}, &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) 04:59:13 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) close(r0) close(0xffffffffffffffff) 04:59:13 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:13 executing program 0: getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:13 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000240)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(r0, &(0x7f0000000380), 0x1002) 04:59:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:13 executing program 0: getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:13 executing program 0: getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="1321aec3d6bd14ccf39cd99bc1703670affd5f7fd0b28e089bf5ebdcf62c7bb7fd85f12249f8c79ef14ec3ef6a5a5c425bddfe4d392ecd64e3a9e98802004f5e96d2ef443e05a002c029a696546e276dee4cde791a6a6da9b68042995c2de09591de22402cb8be878323cbce21f86bacf996b18100000000000038e87f3d0bf16170a731ad9f1b775ac418d4017fa6e84d6b49596ac5000000000079a40753f777000000000000000000001b9b30535fb47c0df16cd0d1eb34819572b40ec3046845aaba62160069c670d6e457f0f5aaa5638e44f007580152b233ee3fa48235e26c1b21316f3cc158235f0c01704b90adb8b4a268726114a433ad9bc3e5a3697edc3077642009a08a32e45f54ede3e1ee392d24a162a722d4445fd5be195fcd7fa05cb39dd29ed743bd53", @ANYRESHEX, @ANYRES64], 0x0, 0x147}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:59:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:16 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:16 executing program 2: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000200)={0x0, 0x989680}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 04:59:16 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) close(r0) close(0xffffffffffffffff) 04:59:16 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000240)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$FUSE(r0, &(0x7f0000000380), 0x1002) 04:59:16 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:16 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:16 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="1321aec3d6bd14ccf39cd99bc1703670affd5f7fd0b28e089bf5ebdcf62c7bb7fd85f12249f8c79ef14ec3ef6a5a5c425bddfe4d392ecd64e3a9e98802004f5e96d2ef443e05a002c029a696546e276dee4cde791a6a6da9b68042995c2de09591de22402cb8be878323cbce21f86bacf996b18100000000000038e87f3d0bf16170a731ad9f1b775ac418d4017fa6e84d6b49596ac5000000000079a40753f777000000000000000000001b9b30535fb47c0df16cd0d1eb34819572b40ec3046845aaba62160069c670d6e457f0f5aaa5638e44f007580152b233ee3fa48235e26c1b21316f3cc158235f0c01704b90adb8b4a268726114a433ad9bc3e5a3697edc3077642009a08a32e45f54ede3e1ee392d24a162a722d4445fd5be195fcd7fa05cb39dd29ed743bd53", @ANYRESHEX, @ANYRES64], 0x0, 0x147}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:59:19 executing program 3: syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000001340)="2e36510c20c5a23c502b0732d29580b7f8b83aa7b350cea68d0d87770740c9a3e7e88534b38237cb4334ec47f80d117e2d9be86f7853c4b1ac95c0d6acb71228e62b1c7f039f14fac050bbb9b48f2f768101746dd9", 0x55}], 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 04:59:19 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:19 executing program 2: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x16, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000200)={0x0, 0x989680}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 04:59:19 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) close(r0) 04:59:19 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000040)) 04:59:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) 04:59:19 executing program 3: syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000001340)="2e36510c20c5a23c502b0732d29580b7f8b83aa7b350cea68d0d87770740c9a3e7e88534b38237cb4334ec47f80d117e2d9be86f7853c4b1ac95c0d6acb71228e62b1c7f039f14fac050bbb9b48f2f768101746dd9", 0x55}], 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 04:59:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) 04:59:19 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) 04:59:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="1321aec3d6bd14ccf39cd99bc1703670affd5f7fd0b28e089bf5ebdcf62c7bb7fd85f12249f8c79ef14ec3ef6a5a5c425bddfe4d392ecd64e3a9e98802004f5e96d2ef443e05a002c029a696546e276dee4cde791a6a6da9b68042995c2de09591de22402cb8be878323cbce21f86bacf996b18100000000000038e87f3d0bf16170a731ad9f1b775ac418d4017fa6e84d6b49596ac5000000000079a40753f777000000000000000000001b9b30535fb47c0df16cd0d1eb34819572b40ec3046845aaba62160069c670d6e457f0f5aaa5638e44f007580152b233ee3fa48235e26c1b21316f3cc158235f0c01704b90adb8b4a268726114a433ad9bc3e5a3697edc3077642009a08a32e45f54ede3e1ee392d24a162a722d4445fd5be195fcd7fa05cb39dd29ed743bd53", @ANYRESHEX, @ANYRES64], 0x0, 0x147}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140)=""/71, 0x47}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x7, r0, 0x0, 0x0) 04:59:22 executing program 3: syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000001340)="2e36510c20c5a23c502b0732d29580b7f8b83aa7b350cea68d0d87770740c9a3e7e88534b38237cb4334ec47f80d117e2d9be86f7853c4b1ac95c0d6acb71228e62b1c7f039f14fac050bbb9b48f2f768101746dd9", 0x55}], 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 04:59:22 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000340)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc0585611, &(0x7f00000002c0)={0x0, 0x9, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "805bd88a"}, 0x0, 0x0, @planes=0x0}) 04:59:22 executing program 4: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x3, 0x2) r1 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x6) ftruncate(r1, 0x1000000) sendfile(r0, r1, &(0x7f00000000c0)=0xf18001, 0xeefffdef) 04:59:22 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25GETINFO(r0, 0x890c, 0x0) 04:59:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) dup3(r1, r2, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000000000004d564b0011400279"]) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) dup2(r4, r3) r5 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 04:59:22 executing program 2: clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000000000400bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060004000000812d6405000000000025040400010000001704000009000a40b7040000000100016a0a00fe00000000850000001a100000b7000000000000009500000000000000d83986832ffdd40a409f01f6147c8f6fd267bf410e76c5c4ce81e97719ea969f2a019a6137ad1efc966f1cfdc4ea29f673efc20c07ec082bc6de68ab0f5ebf4ee60253518172b4226cc871311ab25868a0142636973f338d2d41c41e415a2bcc922a3aa71489fa000000004bcff56cf5a863efb43ea723476ab7140606791e81960ea3fc1ec6f5b226252c0e000aa088a2c113ea74c2cde2dedd424a4596f98e3e70a6f1d8abce75f01dbb60bdf7316a57b39031cc158a0a4c6dd4880c76e5837f39a161b0d0abc5a34588ea19114caebb79951084e7113c77ae25a0121de52e5e8cceddf2cb4b9895a592558509d6bc95bfb57834fdb2b8c0738fda3ea38c09e75b1f39ae8af2c746fbb43e3e30767d8ee296487c0e650ead90b20d774c8fee2e02ece680c0d3d19b2b62fc202240219f497e89548a2977f86137ecb5750b3902b115132e857d4e409f01de73162e32fa7bf3fff7bac57901133ead73bc917fee52d52a1dda4b700a1737"], &(0x7f0000000100)='GPL\x00'}, 0x48) pipe(0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000640)="8a", 0x13}], 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0) 04:59:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000100)) pipe(&(0x7f0000000100)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000540)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x0, 0x6}}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:59:22 executing program 3: syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000001440)=[{&(0x7f0000001340)="2e36510c20c5a23c502b0732d29580b7f8b83aa7b350cea68d0d87770740c9a3e7e88534b38237cb4334ec47f80d117e2d9be86f7853c4b1ac95c0d6acb71228e62b1c7f039f14fac050bbb9b48f2f768101746dd9", 0x55}], 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 04:59:22 executing program 2: sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0xc0, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x2}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x7}, @WGDEVICE_A_PEERS={0x68, 0x8, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @multicast1}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @local}}]}, {0x2c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast2}}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ALLOWEDIPS={0x4}]}]}, @WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "47655691cea76fa610e3190b86b2dc6dc0be221e3bb6b01a8977aa3deb497f91"}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 04:59:22 executing program 2: sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0xc0, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x2}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x7}, @WGDEVICE_A_PEERS={0x68, 0x8, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @multicast1}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @local}}]}, {0x2c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @multicast2}}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ALLOWEDIPS={0x4}]}]}, @WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "47655691cea76fa610e3190b86b2dc6dc0be221e3bb6b01a8977aa3deb497f91"}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) [ 204.243699][ T8646] ================================================================== [ 204.252068][ T8646] BUG: KASAN: slab-out-of-bounds in kvm_read_guest_page+0x4b5/0x4d0 [ 204.260063][ T8646] Read of size 8 at addr ffff8880a1ccb468 by task syz-executor.0/8646 [ 204.268217][ T8646] [ 204.270558][ T8646] CPU: 0 PID: 8646 Comm: syz-executor.0 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 204.280463][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.290517][ T8646] Call Trace: [ 204.293828][ T8646] dump_stack+0x188/0x20d [ 204.298180][ T8646] print_address_description.constprop.0.cold+0xd3/0x315 [ 204.305210][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 204.310512][ T8646] __kasan_report.cold+0x35/0x4d [ 204.315482][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 204.320919][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 204.326207][ T8646] kasan_report+0x33/0x50 [ 204.330551][ T8646] kvm_read_guest_page+0x4b5/0x4d0 [ 204.335673][ T8646] kvm_read_guest+0x51/0xd0 [ 204.340184][ T8646] kvm_set_msr_common+0xdf3/0x27c0 [ 204.345297][ T8646] ? vmx_vcpu_load_vmcs+0x27f/0x960 [ 204.350501][ T8646] ? get_kvmclock_ns+0x370/0x370 [ 204.355458][ T8646] vmx_set_msr+0xa83/0x26a0 [ 204.359969][ T8646] ? pt_update_intercept_for_msr+0x960/0x960 [ 204.366122][ T8646] ? lock_downgrade+0x840/0x840 [ 204.370991][ T8646] __kvm_set_msr+0x15f/0x2d0 [ 204.375588][ T8646] ? kvm_enable_efer_bits+0x20/0x20 [ 204.380789][ T8646] ? __might_fault+0x190/0x1d0 [ 204.385559][ T8646] ? _copy_from_user+0x13c/0x1a0 [ 204.390505][ T8646] ? do_get_msr+0x100/0x100 [ 204.395014][ T8646] msr_io+0x173/0x290 [ 204.399016][ T8646] ? emulator_write_std+0xb0/0xb0 [ 204.404149][ T8646] kvm_arch_vcpu_ioctl+0x1004/0x2c00 [ 204.409438][ T8646] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c00 [ 204.414814][ T8646] ? lockdep_hardirqs_on+0x463/0x620 [ 204.420104][ T8646] ? _raw_spin_unlock_irq+0x55/0x80 [ 204.425313][ T8646] ? kvm_arch_vcpu_put+0x530/0x530 [ 204.430431][ T8646] ? find_held_lock+0x2d/0x110 [ 204.435201][ T8646] ? __mutex_lock+0xae5/0x13c0 [ 204.439975][ T8646] ? lock_downgrade+0x840/0x840 [ 204.444832][ T8646] ? do_raw_spin_lock+0x129/0x2e0 [ 204.449866][ T8646] ? rwlock_bug.part.0+0x90/0x90 [ 204.454815][ T8646] ? do_raw_spin_unlock+0x171/0x260 [ 204.460022][ T8646] ? _raw_spin_unlock+0x24/0x40 [ 204.464883][ T8646] ? __mutex_lock+0x458/0x13c0 [ 204.469657][ T8646] ? kvm_vcpu_ioctl+0x175/0xe60 [ 204.474519][ T8646] ? mutex_trylock+0x2c0/0x2c0 [ 204.479302][ T8646] ? __fget_files+0x30d/0x500 [ 204.483994][ T8646] kvm_vcpu_ioctl+0x866/0xe60 [ 204.488681][ T8646] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 204.495882][ T8646] ? ioctl_file_clone+0x180/0x180 [ 204.500916][ T8646] ? __fget_files+0x32f/0x500 [ 204.505602][ T8646] ? do_dup2+0x520/0x520 [ 204.509849][ T8646] ? __x64_sys_futex+0x380/0x4f0 [ 204.514801][ T8646] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 204.521219][ T8646] ksys_ioctl+0x11a/0x180 [ 204.525557][ T8646] __x64_sys_ioctl+0x6f/0xb0 [ 204.530156][ T8646] ? lockdep_hardirqs_on+0x463/0x620 [ 204.535447][ T8646] do_syscall_64+0xf6/0x7d0 [ 204.539960][ T8646] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 204.545849][ T8646] RIP: 0033:0x45c829 [ 204.549747][ T8646] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.569355][ T8646] RSP: 002b:00007fda1fca4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.577773][ T8646] RAX: ffffffffffffffda RBX: 00000000004e7c80 RCX: 000000000045c829 [ 204.586008][ T8646] RDX: 0000000020000180 RSI: 000000004008ae89 RDI: 0000000000000006 [ 204.593979][ T8646] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.601952][ T8646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 204.609928][ T8646] R13: 00000000000003c7 R14: 00000000004c653e R15: 00007fda1fca56d4 [ 204.617911][ T8646] [ 204.620235][ T8646] Allocated by task 8639: [ 204.624562][ T8646] save_stack+0x1b/0x40 [ 204.628805][ T8646] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 204.634434][ T8646] kvmalloc_node+0x61/0xf0 [ 204.638940][ T8646] kvm_set_memslot+0x115/0x1530 [ 204.643792][ T8646] __kvm_set_memory_region+0xcf7/0x1320 [ 204.649344][ T8646] __x86_set_memory_region+0x2a3/0x5a0 [ 204.654806][ T8646] vmx_create_vcpu+0x2107/0x2b40 [ 204.659833][ T8646] kvm_arch_vcpu_create+0x6ef/0xb80 [ 204.665033][ T8646] kvm_vm_ioctl+0x1614/0x2400 [ 204.669707][ T8646] ksys_ioctl+0x11a/0x180 [ 204.674038][ T8646] __x64_sys_ioctl+0x6f/0xb0 [ 204.678628][ T8646] do_syscall_64+0xf6/0x7d0 [ 204.683139][ T8646] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 204.689022][ T8646] [ 204.691344][ T8646] Freed by task 9: [ 204.695062][ T8646] save_stack+0x1b/0x40 [ 204.699218][ T8646] __kasan_slab_free+0xf7/0x140 [ 204.704077][ T8646] kfree+0x109/0x2b0 [ 204.707981][ T8646] skb_free_head+0x8b/0xa0 [ 204.712400][ T8646] skb_release_data+0x617/0x8a0 [ 204.717251][ T8646] skb_release_all+0x46/0x60 [ 204.721843][ T8646] kfree_skb+0xfa/0x410 [ 204.725999][ T8646] ip6_mc_input+0x9a8/0xec0 [ 204.730501][ T8646] ip6_rcv_finish+0x1d9/0x310 [ 204.735178][ T8646] ipv6_rcv+0xf8/0x3f0 [ 204.739249][ T8646] __netif_receive_skb_one_core+0xf5/0x160 [ 204.745051][ T8646] __netif_receive_skb+0x27/0x1c0 [ 204.750076][ T8646] process_backlog+0x21e/0x7a0 [ 204.754839][ T8646] net_rx_action+0x4c2/0x1070 [ 204.759517][ T8646] __do_softirq+0x26c/0x9f7 [ 204.765140][ T8646] [ 204.767501][ T8646] The buggy address belongs to the object at ffff8880a1ccb000 [ 204.767501][ T8646] which belongs to the cache kmalloc-2k of size 2048 [ 204.781555][ T8646] The buggy address is located 1128 bytes inside of [ 204.781555][ T8646] 2048-byte region [ffff8880a1ccb000, ffff8880a1ccb800) [ 204.795081][ T8646] The buggy address belongs to the page: [ 204.800727][ T8646] page:ffffea00028732c0 refcount:1 mapcount:0 mapping:000000004ce4cfed index:0x0 [ 204.809859][ T8646] flags: 0xfffe0000000200(slab) [ 204.814745][ T8646] raw: 00fffe0000000200 ffffea00016e6108 ffffea00016e6188 ffff8880aa000e00 [ 204.823424][ T8646] raw: 0000000000000000 ffff8880a1ccb000 0000000100000001 0000000000000000 [ 204.832182][ T8646] page dumped because: kasan: bad access detected [ 204.838597][ T8646] [ 204.840926][ T8646] Memory state around the buggy address: [ 204.846560][ T8646] ffff8880a1ccb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.854650][ T8646] ffff8880a1ccb380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.862721][ T8646] >ffff8880a1ccb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 204.870802][ T8646] ^ [ 204.878264][ T8646] ffff8880a1ccb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.886327][ T8646] ffff8880a1ccb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.894382][ T8646] ================================================================== [ 204.902783][ T8646] Disabling lock debugging due to kernel taint [ 204.991508][ T8646] Kernel panic - not syncing: panic_on_warn set ... [ 204.998132][ T8646] CPU: 0 PID: 8646 Comm: syz-executor.0 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 205.009313][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.019361][ T8646] Call Trace: [ 205.022658][ T8646] dump_stack+0x188/0x20d [ 205.026987][ T8646] panic+0x2e3/0x75c [ 205.030879][ T8646] ? add_taint.cold+0x16/0x16 [ 205.035553][ T8646] ? preempt_schedule_common+0x5e/0xc0 [ 205.041007][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 205.046292][ T8646] ? preempt_schedule_thunk+0x16/0x18 [ 205.051659][ T8646] ? trace_hardirqs_on+0x55/0x220 [ 205.056692][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 205.061985][ T8646] end_report+0x4d/0x53 [ 205.066149][ T8646] __kasan_report.cold+0xd/0x4d [ 205.070999][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 205.076280][ T8646] ? kvm_read_guest_page+0x4b5/0x4d0 [ 205.081566][ T8646] kasan_report+0x33/0x50 [ 205.085894][ T8646] kvm_read_guest_page+0x4b5/0x4d0 [ 205.091004][ T8646] kvm_read_guest+0x51/0xd0 [ 205.095515][ T8646] kvm_set_msr_common+0xdf3/0x27c0 [ 205.100623][ T8646] ? vmx_vcpu_load_vmcs+0x27f/0x960 [ 205.105819][ T8646] ? get_kvmclock_ns+0x370/0x370 [ 205.110757][ T8646] vmx_set_msr+0xa83/0x26a0 [ 205.115258][ T8646] ? pt_update_intercept_for_msr+0x960/0x960 [ 205.121230][ T8646] ? lock_downgrade+0x840/0x840 [ 205.126081][ T8646] __kvm_set_msr+0x15f/0x2d0 [ 205.130671][ T8646] ? kvm_enable_efer_bits+0x20/0x20 [ 205.135868][ T8646] ? __might_fault+0x190/0x1d0 [ 205.140631][ T8646] ? _copy_from_user+0x13c/0x1a0 [ 205.145562][ T8646] ? do_get_msr+0x100/0x100 [ 205.150066][ T8646] msr_io+0x173/0x290 [ 205.154052][ T8646] ? emulator_write_std+0xb0/0xb0 [ 205.159081][ T8646] kvm_arch_vcpu_ioctl+0x1004/0x2c00 [ 205.164371][ T8646] ? kvm_arch_vcpu_ioctl+0xfb5/0x2c00 [ 205.169747][ T8646] ? lockdep_hardirqs_on+0x463/0x620 [ 205.175032][ T8646] ? _raw_spin_unlock_irq+0x55/0x80 [ 205.180227][ T8646] ? kvm_arch_vcpu_put+0x530/0x530 [ 205.185341][ T8646] ? find_held_lock+0x2d/0x110 [ 205.190101][ T8646] ? __mutex_lock+0xae5/0x13c0 [ 205.194840][ T8646] ? lock_downgrade+0x840/0x840 [ 205.199663][ T8646] ? do_raw_spin_lock+0x129/0x2e0 [ 205.204660][ T8646] ? rwlock_bug.part.0+0x90/0x90 [ 205.209571][ T8646] ? do_raw_spin_unlock+0x171/0x260 [ 205.214742][ T8646] ? _raw_spin_unlock+0x24/0x40 [ 205.219606][ T8646] ? __mutex_lock+0x458/0x13c0 [ 205.224347][ T8646] ? kvm_vcpu_ioctl+0x175/0xe60 [ 205.229173][ T8646] ? mutex_trylock+0x2c0/0x2c0 [ 205.233913][ T8646] ? __fget_files+0x30d/0x500 [ 205.238565][ T8646] kvm_vcpu_ioctl+0x866/0xe60 [ 205.243214][ T8646] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 205.249604][ T8646] ? ioctl_file_clone+0x180/0x180 [ 205.255391][ T8646] ? __fget_files+0x32f/0x500 [ 205.260052][ T8646] ? do_dup2+0x520/0x520 [ 205.264313][ T8646] ? __x64_sys_futex+0x380/0x4f0 [ 205.269231][ T8646] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 205.275653][ T8646] ksys_ioctl+0x11a/0x180 [ 205.279972][ T8646] __x64_sys_ioctl+0x6f/0xb0 [ 205.284537][ T8646] ? lockdep_hardirqs_on+0x463/0x620 [ 205.289824][ T8646] do_syscall_64+0xf6/0x7d0 [ 205.294310][ T8646] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 205.300176][ T8646] RIP: 0033:0x45c829 [ 205.304065][ T8646] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.323657][ T8646] RSP: 002b:00007fda1fca4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.332476][ T8646] RAX: ffffffffffffffda RBX: 00000000004e7c80 RCX: 000000000045c829 [ 205.340433][ T8646] RDX: 0000000020000180 RSI: 000000004008ae89 RDI: 0000000000000006 [ 205.348392][ T8646] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 205.356338][ T8646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 205.364284][ T8646] R13: 00000000000003c7 R14: 00000000004c653e R15: 00007fda1fca56d4 [ 205.373534][ T8646] Kernel Offset: disabled [ 205.377846][ T8646] Rebooting in 86400 seconds..