Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. [ 50.570240] random: sshd: uninitialized urandom read (32 bytes read) 2019/10/02 15:29:43 fuzzer started [ 50.765840] audit: type=1400 audit(1570030183.537:36): avc: denied { map } for pid=6792 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.558433] random: cc1: uninitialized urandom read (8 bytes read) 2019/10/02 15:29:45 dialing manager at 10.128.0.105:35767 2019/10/02 15:29:45 syscalls: 2500 2019/10/02 15:29:45 code coverage: enabled 2019/10/02 15:29:45 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/10/02 15:29:45 extra coverage: extra coverage is not supported by the kernel 2019/10/02 15:29:45 setuid sandbox: enabled 2019/10/02 15:29:45 namespace sandbox: enabled 2019/10/02 15:29:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/02 15:29:45 fault injection: enabled 2019/10/02 15:29:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/02 15:29:45 net packet injection: enabled 2019/10/02 15:29:45 net device setup: enabled [ 53.488942] random: crng init done 15:31:47 executing program 0: 15:31:47 executing program 5: 15:31:47 executing program 1: 15:31:47 executing program 2: 15:31:47 executing program 3: 15:31:47 executing program 4: r0 = socket$packet(0x11, 0x2000100000000a, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000040)=[{0xb1}, {0x80000006}]}, 0x10) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) [ 174.975617] audit: type=1400 audit(1570030307.747:37): avc: denied { map } for pid=6792 comm="syz-fuzzer" path="/root/syzkaller-shm084494609" dev="sda1" ino=16489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 175.030173] audit: type=1400 audit(1570030307.777:38): avc: denied { map } for pid=6810 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13758 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 175.172145] IPVS: ftp: loaded support on port[0] = 21 [ 175.289451] chnl_net:caif_netlink_parms(): no params data found [ 175.297762] IPVS: ftp: loaded support on port[0] = 21 [ 175.331043] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.337751] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.344945] device bridge_slave_0 entered promiscuous mode [ 175.352403] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.358760] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.365797] device bridge_slave_1 entered promiscuous mode [ 175.388856] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.399249] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.420668] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.427987] team0: Port device team_slave_0 added [ 175.435936] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.443027] team0: Port device team_slave_1 added [ 175.452292] IPVS: ftp: loaded support on port[0] = 21 [ 175.459581] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.467081] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.541890] device hsr_slave_0 entered promiscuous mode [ 175.580353] device hsr_slave_1 entered promiscuous mode [ 175.636173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 175.645290] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 175.699862] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.706416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.713430] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.714364] IPVS: ftp: loaded support on port[0] = 21 [ 175.719783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.734206] chnl_net:caif_netlink_parms(): no params data found [ 175.825352] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.832814] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.839649] device bridge_slave_0 entered promiscuous mode [ 175.848368] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.854818] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.861898] device bridge_slave_1 entered promiscuous mode [ 175.879425] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.888975] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.908908] chnl_net:caif_netlink_parms(): no params data found [ 175.953172] IPVS: ftp: loaded support on port[0] = 21 [ 175.961120] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 175.967200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.975035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.984700] team0: Port device team_slave_0 added [ 176.010761] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.017900] team0: Port device team_slave_1 added [ 176.046803] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 176.055553] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.063651] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.072932] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.079268] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.086281] device bridge_slave_0 entered promiscuous mode [ 176.095877] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.102330] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.109209] device bridge_slave_1 entered promiscuous mode [ 176.151237] chnl_net:caif_netlink_parms(): no params data found [ 176.163373] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.171291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.189556] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.196761] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.252976] device hsr_slave_0 entered promiscuous mode [ 176.290368] device hsr_slave_1 entered promiscuous mode [ 176.367545] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.380967] IPVS: ftp: loaded support on port[0] = 21 [ 176.388584] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 176.404567] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 176.413705] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 176.419798] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.441757] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 176.452914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.461773] team0: Port device team_slave_0 added [ 176.481678] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.488804] team0: Port device team_slave_1 added [ 176.499077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.517180] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.524312] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.531261] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.538222] device bridge_slave_0 entered promiscuous mode [ 176.545341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.553757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.561346] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.567711] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.579196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.594957] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.602304] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.608694] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.616174] device bridge_slave_1 entered promiscuous mode [ 176.629000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.638216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.645826] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.652244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.660407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 176.667976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 176.727918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.738476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 176.803525] device hsr_slave_0 entered promiscuous mode [ 176.850361] device hsr_slave_1 entered promiscuous mode [ 176.891271] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.902136] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.910521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.919530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.928311] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 176.935886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.957005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.965674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.974060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.982895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.990886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.998268] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 177.006729] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.014004] team0: Port device team_slave_0 added [ 177.019138] chnl_net:caif_netlink_parms(): no params data found [ 177.036754] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 177.063350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.070620] team0: Port device team_slave_1 added [ 177.075951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.086637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.094116] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.104543] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.117357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.133214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 177.150559] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.156942] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.164343] device bridge_slave_0 entered promiscuous mode [ 177.176085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.185084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.196073] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 177.202362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.218094] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.225251] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.234487] device bridge_slave_1 entered promiscuous mode [ 177.292097] device hsr_slave_0 entered promiscuous mode [ 177.330487] device hsr_slave_1 entered promiscuous mode [ 177.400758] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.439708] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 177.447390] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 177.458742] chnl_net:caif_netlink_parms(): no params data found [ 177.486799] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.495593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.504193] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.511702] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 177.519259] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.533742] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 177.555991] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 177.564171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.571222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.578019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.585071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.592787] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.614206] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.633689] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 177.639809] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.648815] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.656046] team0: Port device team_slave_0 added [ 177.662365] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.669548] team0: Port device team_slave_1 added [ 177.675067] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.682533] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.688880] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.697235] device bridge_slave_0 entered promiscuous mode [ 177.704193] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.710713] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.717674] device bridge_slave_1 entered promiscuous mode [ 177.729398] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 177.736869] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.744715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.753578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.777587] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.787533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.806059] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.815199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.824498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.832771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.841156] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.847518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.854472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.863394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.871060] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.877406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.884621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.892061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.952157] device hsr_slave_0 entered promiscuous mode [ 177.990483] device hsr_slave_1 entered promiscuous mode [ 178.035031] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 178.044538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.053987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.062923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.071367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.079466] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.085855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.093528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.101418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.108914] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.115294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.123881] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 178.148735] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.157721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.170469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.178535] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.186501] team0: Port device team_slave_0 added 15:31:51 executing program 0: 15:31:51 executing program 0: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) sched_rr_get_interval(0x0, &(0x7f0000000100)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={[{@attr2='attr2'}]}) [ 178.201024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.208861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.219729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.231756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.242656] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.284670] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.292189] team0: Port device team_slave_1 added [ 178.297691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.306264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.314084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.321892] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.329471] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.341624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.351176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 178.371156] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 178.377284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.384330] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.392438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.402187] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.409779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.417564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.427412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.435754] XFS (loop0): Invalid superblock magic number [ 178.444025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 178.454542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.463159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.469340] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 178.478198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.486734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.496881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.509847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.519662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.528124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 178.537379] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 178.544539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.568529] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 178.575586] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 15:31:51 executing program 0: sched_rr_get_interval(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={[{@attr2='attr2'}]}) [ 178.584861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.592600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.609419] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 178.617611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 178.676070] device hsr_slave_0 entered promiscuous mode [ 178.685218] XFS (loop0): Invalid superblock magic number [ 178.730401] device hsr_slave_1 entered promiscuous mode [ 178.737860] XFS (loop0): Invalid superblock magic number 15:31:51 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhost-net\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x300000000) [ 178.772918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 178.780772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.795821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.808318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.816332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.824338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.831919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.843579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 178.853673] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 178.864541] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready 15:31:51 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) [ 178.870696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.877713] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 178.885745] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 178.906018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.917395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 15:31:51 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 15:31:51 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x400040, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000380)=0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file0/file0\x00', r1, &(0x7f0000000140)='./file0\x00') ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000040)={0x20, 0x2, 0x7f, 0x400, 0xffffffffffffa628}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup3(r5, r4, 0x0) syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x202080) r7 = creat(&(0x7f0000000000)='./file1\x00', 0x0) r8 = inotify_init1(0x0) dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x10ffffffff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f00000001c0)={0xc, 0x8, 0xfa0e, {0x0}}, 0x9918) dup3(r2, r3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 178.926669] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 178.934137] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.958707] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 178.970762] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 178.986736] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.008751] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.014807] hrtimer: interrupt took 26936 ns [ 179.026071] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.034454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.045833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.058092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.066878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.079582] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.086016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.093814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.105536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.115581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.127004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.137883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.148138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.158619] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.165136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.172108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.179978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.187739] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.194123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.204065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.213103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.226757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.234291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.242269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.249875] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.256253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.263876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.275175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.292257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.305377] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.314814] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.324653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.332885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.340925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.353016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.366668] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.380902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.402897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.411221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.418871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.428367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.436885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.445544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.454173] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.465072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 179.476961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.484612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.497027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.510477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.518301] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.526363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.538873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.557512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 179.568689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 179.577834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.588882] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 179.598170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.606714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.614302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.621991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.629420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.638853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 179.647613] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.655201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.662792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.670437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.677335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.686911] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 179.693325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.706232] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.712457] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.724869] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.733526] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.739898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.747972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.757008] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.763437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.771489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.782300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.791492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.805243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.813922] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.820352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.829547] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.838100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.848234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.855599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.867858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.877911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.895871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.916390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.927329] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.935417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.943834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.952526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.964584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.972490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.981382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 179.991722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 180.002262] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 180.015402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.025813] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 180.035001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.042926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.050590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.058195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.065893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.077433] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 180.089116] 8021q: adding VLAN 0 to HW filter on device batadv0 15:31:53 executing program 5: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) 15:31:53 executing program 1: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) 15:31:53 executing program 2: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) 15:31:53 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x400040, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000380)=0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file0/file0\x00', r1, &(0x7f0000000140)='./file0\x00') ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000040)={0x20, 0x2, 0x7f, 0x400, 0xffffffffffffa628}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup3(r5, r4, 0x0) syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x202080) r7 = creat(&(0x7f0000000000)='./file1\x00', 0x0) r8 = inotify_init1(0x0) dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x10ffffffff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f00000001c0)={0xc, 0x8, 0xfa0e, {0x0}}, 0x9918) dup3(r2, r3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 15:31:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x26, 0x400200007fe, &(0x7f00000000c0)={0x2, 0x10084e23, @local}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xffffffff) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff012}], 0x1, &(0x7f0000000200)=""/20, 0xc2b, 0x3f00}, 0x300) 15:31:53 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x400040, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000380)=0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file0/file0\x00', r1, &(0x7f0000000140)='./file0\x00') ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000040)={0x20, 0x2, 0x7f, 0x400, 0xffffffffffffa628}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000044000)) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in6}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup3(r5, r4, 0x0) syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x202080) r7 = creat(&(0x7f0000000000)='./file1\x00', 0x0) r8 = inotify_init1(0x0) dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x10ffffffff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f00000001c0)={0xc, 0x8, 0xfa0e, {0x0}}, 0x9918) dup3(r2, r3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 15:31:53 executing program 5: r0 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1a) listen(r0, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @random="192bce5e2dfb", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x28, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "5fd98e8144a1c55ed705b4dc6ee7c1a0"}]}}}}}}}}, 0x0) 15:31:53 executing program 5: r0 = gettid() openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) setitimer(0x0, 0x0, 0x0) mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1, 0x0) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000015) [ 181.084899] syz-executor.5 calls setitimer() with new_value NULL pointer. Misfeature support will be removed 15:31:53 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cd390b081bf2", @random="d2289d0fd7d4", [], {@ipv6={0x86dd, {0x0, 0x6, "020810", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "7605a2", 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, [@hopopts]}}}}}}}, 0x0) 15:31:53 executing program 1: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) 15:31:53 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0xfff, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x9a0000, 0x7, 0x0, [], &(0x7f00000000c0)={0x9a0913, 0x0, [], @ptr}}) 15:31:54 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000040)={0x0, 0x4, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "e2922de1"}, 0x0, 0x0, @userptr, 0x4}) 15:31:54 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0) syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x2) r1 = syz_open_dev$admmidi(0x0, 0x7fffffff, 0x10002) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp6\x00') read$FUSE(r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000340)) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={r3, 0x101}, 0x0) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f0000000000)) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r5 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00'}, 0x10) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$ION_IOC_HEAP_QUERY(r5, 0xc0184908, &(0x7f0000000300)={0x34, 0x0, &(0x7f0000000180)}) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) write$uinput_user_dev(r4, &(0x7f0000000600)={'syz\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00', {0x0, 0x1, 0x6a, 0x8f60}, 0x0, [0x1, 0x3, 0x0, 0x5a, 0x0, 0x0, 0x1, 0x3, 0x0, 0x8, 0x0, 0x3ff, 0x0, 0x5, 0x0, 0x9, 0x2, 0x2, 0x3, 0x4, 0x0, 0x6, 0x0, 0x5, 0x3f, 0x20, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x40, 0x1ff, 0x0, 0x0, 0x8, 0x6, 0x0, 0xfffffffffffffffe, 0x5, 0xae8, 0x0, 0x101, 0x0, 0xfffffffffffffff7, 0x9, 0x0, 0x7, 0x1000, 0x0, 0x0, 0x5, 0xfffffffffffffff8, 0x9, 0x800, 0x2, 0x0, 0x0, 0xffffffffffff0001], [0x0, 0xfffffffffffffff9, 0x0, 0x2, 0x7, 0x8000, 0x1000, 0x0, 0xbe, 0x100000000, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x8ffe, 0x1, 0x0, 0xe27, 0xe3, 0x0, 0x0, 0x0, 0x8, 0x7, 0x10001, 0x0, 0x7ff, 0x6, 0x0, 0x7fff, 0x0, 0x80000000, 0x2, 0x8001, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x6, 0x9, 0x9, 0x43, 0x6, 0x9, 0x8, 0x8000, 0x1, 0x0, 0x5, 0x3ae9, 0x6, 0x0, 0x4, 0x9, 0x2, 0x7, 0x8000, 0x0, 0x8, 0xab0], [0x4, 0x1f, 0xfff, 0x0, 0x5a, 0x7, 0x0, 0x200, 0x0, 0x0, 0x4, 0x3ff, 0xc5, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x6, 0x4, 0xff, 0x0, 0x400, 0x0, 0x7, 0x4, 0x8, 0x7fff, 0x0, 0xffff, 0x8, 0x4, 0xd, 0x80000000, 0x0, 0x20, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x80000001, 0x6, 0xfffffffffffffffb, 0x0, 0x7, 0x800, 0x0, 0x40, 0x200, 0x7ff, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x7fff, 0x0, 0x9, 0x800, 0x2, 0x7, 0x2, 0x7], [0x2, 0x2325, 0x5d, 0x0, 0x0, 0x0, 0x8de, 0x10001, 0xffff, 0x3ff, 0x401, 0xe16, 0x2, 0x0, 0x2, 0x1, 0x200, 0x401, 0x0, 0x0, 0x9, 0x5, 0x1c8, 0x40, 0x22, 0x0, 0x0, 0x0, 0x9, 0x5, 0x0, 0x8, 0x81, 0x56e4, 0x0, 0x3, 0x10000, 0xfffffffffffff000, 0x1, 0x20, 0x10000000, 0x0, 0x0, 0x6, 0x3, 0x6878000000000000, 0x9, 0x0, 0x2, 0x0, 0x2, 0x2, 0x9, 0x8, 0x60ef, 0x8, 0xffffffffafd63bfb, 0x80, 0x7fffffff, 0x0, 0x0, 0x2, 0x100, 0x2]}, 0x45c) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000) mount$9p_virtio(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x202002, &(0x7f0000000500)=ANY=[@ANYBLOB="7472616e733d76ff000000000000007273696fbd567e35a798966e3d3970323030302e4c2c6d6d61702c736d61636b66736465663d747275737465642e6f7665726c61792e6f726967696e002c726f6f74636f6e746578743d73797374656d5f752c736d61636b6673666c6f6f723d2f6465762f61646d6d69646923"]) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) 15:31:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffa7) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) 15:31:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$kcm(0x10, 0x800000003, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) fchown(r0, r2, 0x0) [ 181.307766] audit: type=1400 audit(1570030314.077:39): avc: denied { map } for pid=7004 comm="syz-executor.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26662 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 [ 181.352095] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 181.359007] audit: type=1800 audit(1570030314.117:40): pid=7015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=16558 res=0 [ 181.422772] audit: type=1804 audit(1570030314.127:41): pid=7015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir201621814/syzkaller.t4LCAs/3/file0" dev="sda1" ino=16558 res=1 [ 181.465305] audit: type=1804 audit(1570030314.227:42): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir201621814/syzkaller.t4LCAs/3/file0" dev="sda1" ino=16558 res=1 15:31:54 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x800, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000003c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xfffffffffffffcc1, &(0x7f0000000080)={0x0, 0xfffffdf7}}, 0x0) socket$packet(0x11, 0x2, 0x300) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) r4 = shmget$private(0x0, 0x200000, 0x0, &(0x7f0000e00000/0x200000)=nil) shmctl$SHM_LOCK(r4, 0xb) 15:31:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) 15:31:54 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$USBDEVFS_BULK(r0, 0xc0185502, 0x0) r1 = creat(&(0x7f0000000080)='./file1\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) pipe(&(0x7f0000000340)={0xffffffffffffffff}) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) setxattr$security_evm(0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="d3cf"], 0x1, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = creat(&(0x7f0000000080)='./file1\x00', 0x0) fallocate(r9, 0x11, 0x7ffd, 0x8000) r10 = creat(&(0x7f0000000080)='./file1\x00', 0x0) fallocate(r10, 0x11, 0x0, 0x8000) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r9, 0x9, 0x8, r10}) ioctl$UI_GET_SYSNAME(r10, 0x8040552c, &(0x7f0000000040)) bind$bt_sco(r10, &(0x7f00000000c0)={0x1f, {0x81, 0x1, 0x47, 0x58, 0x5, 0xe2}}, 0x8) socket$inet6_dccp(0xa, 0x6, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) 15:31:54 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="cd390b081bf2", @random="d2289d0fd7d4", [], {@ipv6={0x86dd, {0x0, 0x6, "020810", 0x38, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "7605a2", 0x0, 0x32, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, [@hopopts]}}}}}}}, 0x0) 15:31:54 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="1c0000001a009b8a14e5f40700090400ff0000000000000500000000", 0x1c) 15:31:54 executing program 3: ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, 0x0) creat(&(0x7f0000000080)='./file1\x00', 0x0) pipe(0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) setxattr$security_evm(0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="d3cf"], 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) creat(0x0, 0x0) creat(0x0, 0x0) 15:31:54 executing program 0: syz_emit_ethernet(0x86, &(0x7f0000000000)={@random="cd390b081bf2", @random="d2289d0fd7d4", [], {@ipv6={0x86dd, {0x0, 0x6, "020810", 0x50, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "7605a2", 0x0, 0x33, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @loopback, [@hopopts={0x32, 0x2, [], [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}}}}}}}, 0x0) 15:31:54 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x10001) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000040)=0x20, 0x1) r2 = openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x101020, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x2, r2, 0x0) fcntl$setstatus(r3, 0x4, 0x42000) fcntl$getownex(r3, 0x10, &(0x7f0000000a80)) getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, 0x0, &(0x7f00000004c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x0, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "07a30cd41929926a9335701c068b17b9fc07cd039f5a47009833063800"}}) dup(0xffffffffffffffff) ioctl$VIDIOC_ENUMAUDIO(0xffffffffffffffff, 0xc0345641, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000003c0)={r5, 0x57, "81a3a51b1c30e8f0ae2ede5285251f147fb8d227c9ef569fb3c792426fda754ac767ba8235836bc208fd99c740002967a3a6af25b0110dd1220ccae8abc46920ecabca1e1ba165993cba605bd1b57afc02d1528c5c8328"}, &(0x7f0000000440)=0x5f) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x68, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='syz0\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x40600c0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000080)=ANY=[], 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x0, 0x0) [ 181.820266] audit: type=1800 audit(1570030314.587:43): pid=7040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16541 res=0 [ 181.924804] ================================================================== [ 181.932391] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 181.939855] Write of size 24 at addr (null) by task syz-executor.3/7036 [ 181.947496] [ 181.947513] CPU: 1 PID: 7036 Comm: syz-executor.3 Not tainted 4.14.146 #0 [ 181.947519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.947524] Call Trace: [ 181.947548] dump_stack+0x138/0x197 15:31:54 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") r1 = socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000480)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000300)={{&(0x7f0000012000/0x4000)=nil, 0x4000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x1c, 0x0, &(0x7f00000000c0)) r4 = dup2(r1, r3) dup3(r4, r2, 0x0) [ 181.947562] ? vprintk_func+0x65/0x159 [ 181.956249] ? kvm_write_guest_virt_system+0x64/0x90 [ 181.956261] kasan_report.cold+0x127/0x2af [ 181.956272] check_memory_region+0x123/0x190 [ 181.956280] memset+0x24/0x40 [ 181.956291] kvm_write_guest_virt_system+0x64/0x90 [ 181.956304] handle_vmread+0x548/0x730 [ 181.956316] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 181.956330] ? __lock_is_held+0xb6/0x140 [ 181.956343] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 181.956351] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 181.956360] vmx_handle_exit+0x20d/0x1330 [ 181.956369] ? ___preempt_schedule+0x16/0x18 [ 181.956383] vcpu_enter_guest+0xf28/0x5210 [ 181.956391] ? kvm_arch_vcpu_ioctl_run+0x450/0x1000 [ 181.956406] ? emulator_read_emulated+0x50/0x50 [ 181.956414] ? lock_acquire+0x16f/0x430 [ 181.956423] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 181.956437] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 181.956444] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 181.956459] kvm_vcpu_ioctl+0x401/0xd10 [ 181.991124] audit: type=1804 audit(1570030314.597:44): pid=7040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir499284595/syzkaller.eQIogq/6/file0" dev="sda1" ino=16541 res=1 [ 181.992491] ? kvm_vcpu_block+0xbb0/0xbb0 [ 181.992504] ? trace_hardirqs_on+0x10/0x10 [ 181.992516] ? __might_fault+0x110/0x1d0 [ 181.992527] ? save_trace+0x290/0x290 [ 181.992541] ? __might_fault+0x110/0x1d0 [ 181.992552] ? __fget+0x210/0x370 [ 181.998650] audit: type=1804 audit(1570030314.667:45): pid=7033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir499284595/syzkaller.eQIogq/6/file0" dev="sda1" ino=16541 res=1 [ 182.000628] ? find_held_lock+0x35/0x130 [ 182.000641] ? __fget+0x210/0x370 [ 182.000654] ? kvm_vcpu_block+0xbb0/0xbb0 [ 182.000663] do_vfs_ioctl+0x7ae/0x1060 [ 182.000674] ? selinux_file_mprotect+0x5d0/0x5d0 [ 182.000682] ? lock_downgrade+0x6e0/0x6e0 [ 182.000691] ? ioctl_preallocate+0x1c0/0x1c0 [ 182.000701] ? __fget+0x237/0x370 [ 182.000717] ? security_file_ioctl+0x89/0xb0 [ 182.000727] SyS_ioctl+0x8f/0xc0 [ 182.000735] ? do_vfs_ioctl+0x1060/0x1060 [ 182.000746] do_syscall_64+0x1e8/0x640 [ 182.000753] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.000768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.000775] RIP: 0033:0x459a29 [ 182.000780] RSP: 002b:00007f07a1f67c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.000790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 182.000795] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 182.000800] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 182.000806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f07a1f686d4 [ 182.000810] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 182.000824] ================================================================== [ 182.000827] Disabling lock debugging due to kernel taint [ 182.027997] Kernel panic - not syncing: panic_on_warn set ... [ 182.027997] [ 182.171282] kobject: 'loop2' (ffff8880a49e6660): kobject_uevent_env [ 182.172271] CPU: 1 PID: 7036 Comm: syz-executor.3 Tainted: G B 4.14.146 #0 [ 182.172279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.181152] kobject: 'loop2' (ffff8880a49e6660): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 182.184541] Call Trace: [ 182.184556] dump_stack+0x138/0x197 [ 182.184569] ? kvm_write_guest_virt_system+0x64/0x90 [ 182.184578] panic+0x1f2/0x426 [ 182.254892] kobject: 'kvm' (ffff888219f91610): kobject_uevent_env [ 182.260508] ? add_taint.cold+0x16/0x16 [ 182.260524] ? ___preempt_schedule+0x16/0x18 [ 182.260537] kasan_end_report+0x47/0x4f [ 182.260543] kasan_report.cold+0x130/0x2af [ 182.260551] check_memory_region+0x123/0x190 [ 182.260558] memset+0x24/0x40 [ 182.260569] kvm_write_guest_virt_system+0x64/0x90 [ 182.260577] handle_vmread+0x548/0x730 [ 182.260589] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 182.273229] kobject: 'kvm' (ffff888219f91610): fill_kobj_path: path = '/devices/virtual/misc/kvm' 15:31:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x0, 0x102000}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x276, 0x0, 0x0, 0xfffffe3d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x73, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r3, 0x4, 0x42000) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 182.273390] ? __lock_is_held+0xb6/0x140 [ 182.309365] kvm: emulating exchange as write [ 182.312909] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 182.312920] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 182.312928] vmx_handle_exit+0x20d/0x1330 [ 182.312936] ? ___preempt_schedule+0x16/0x18 [ 182.312948] vcpu_enter_guest+0xf28/0x5210 [ 182.312955] ? kvm_arch_vcpu_ioctl_run+0x450/0x1000 [ 182.312966] ? emulator_read_emulated+0x50/0x50 [ 182.312973] ? lock_acquire+0x16f/0x430 [ 182.312982] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 182.312995] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 182.411889] kobject: 'kvm' (ffff888219f91610): kobject_uevent_env [ 182.412241] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 182.412255] kvm_vcpu_ioctl+0x401/0xd10 [ 182.419008] kobject: 'kvm' (ffff888219f91610): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 182.420876] ? kvm_vcpu_block+0xbb0/0xbb0 [ 182.420886] ? trace_hardirqs_on+0x10/0x10 [ 182.420896] ? __might_fault+0x110/0x1d0 [ 182.420903] ? save_trace+0x290/0x290 [ 182.420910] ? __might_fault+0x110/0x1d0 [ 182.420918] ? __fget+0x210/0x370 [ 182.420926] ? find_held_lock+0x35/0x130 [ 182.420934] ? __fget+0x210/0x370 [ 182.441359] kobject: 'kvm' (ffff888219f91610): kobject_uevent_env [ 182.442472] ? kvm_vcpu_block+0xbb0/0xbb0 [ 182.442482] do_vfs_ioctl+0x7ae/0x1060 [ 182.442497] ? selinux_file_mprotect+0x5d0/0x5d0 [ 182.446598] kobject: 'kvm' (ffff888219f91610): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 182.455473] ? lock_downgrade+0x6e0/0x6e0 [ 182.455487] ? ioctl_preallocate+0x1c0/0x1c0 [ 182.455497] ? __fget+0x237/0x370 [ 182.455509] ? security_file_ioctl+0x89/0xb0 [ 182.455516] SyS_ioctl+0x8f/0xc0 [ 182.455523] ? do_vfs_ioctl+0x1060/0x1060 [ 182.455532] do_syscall_64+0x1e8/0x640 [ 182.455539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.455551] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.455558] RIP: 0033:0x459a29 [ 182.455562] RSP: 002b:00007f07a1f67c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.559652] kobject: 'kvm' (ffff888219f91610): kobject_uevent_env [ 182.564122] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 182.564127] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 182.564131] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 182.564135] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f07a1f686d4 [ 182.564138] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 182.565555] Kernel Offset: disabled