Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. 2019/10/07 11:14:50 fuzzer started 2019/10/07 11:14:51 dialing manager at 10.128.0.105:39369 2019/10/07 11:14:51 syscalls: 2523 2019/10/07 11:14:51 code coverage: enabled 2019/10/07 11:14:51 comparison tracing: enabled 2019/10/07 11:14:51 extra coverage: extra coverage is not supported by the kernel 2019/10/07 11:14:51 setuid sandbox: enabled 2019/10/07 11:14:51 namespace sandbox: enabled 2019/10/07 11:14:51 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/07 11:14:51 fault injection: enabled 2019/10/07 11:14:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/07 11:14:51 net packet injection: enabled 2019/10/07 11:14:51 net device setup: enabled 2019/10/07 11:14:51 concurrency sanitizer: enabled 11:14:55 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) syzkaller login: [ 48.225117][ T7230] IPVS: ftp: loaded support on port[0] = 21 11:14:55 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 48.314300][ T7230] chnl_net:caif_netlink_parms(): no params data found [ 48.369989][ T7230] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.403639][ T7230] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.411682][ T7230] device bridge_slave_0 entered promiscuous mode [ 48.434284][ T7230] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.441675][ T7230] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.453570][ T7230] device bridge_slave_1 entered promiscuous mode [ 48.507610][ T7230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.525271][ T7230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.550634][ T7230] team0: Port device team_slave_0 added [ 48.558405][ T7230] team0: Port device team_slave_1 added 11:14:56 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) [ 48.646283][ T7230] device hsr_slave_0 entered promiscuous mode [ 48.683953][ T7230] device hsr_slave_1 entered promiscuous mode [ 48.749595][ T7230] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.757354][ T7230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.768136][ T7230] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.775234][ T7230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.832223][ T7233] IPVS: ftp: loaded support on port[0] = 21 [ 48.891817][ T7230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.917801][ T7230] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.926722][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:14:56 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9c0100000107030200000000ddffffffffffffff8801070008000200000400000800010011e66bf27c39030faafa675a0f19c00d4fa9d36a410000008000000000660aed6e29105039302534191050490ff9a6015ecd568271dd", @ANYRES32, @ANYBLOB="14008100fe8000000000000000000000000000bb08003000ac1414aa1e84d855c47b9ff6e90ed3f5a516a5d44520792da8bfa0e8431c4149858548b5ea36aa4b754761ac0309a8a1d709c0b7c419fa797c67e766b085ffd202bdc86c7fa2c890041fd409c523e34d36156e29c15773d41e20a3370ae0a3fff0e1051e0000008204b2ef1cff5dbcf02d918b67bf3c9fe1310dc09069aaaf281a34d1bdd3f0544e12a621d5bc34ac14a18eb61d09004775d572d95f30b94b8b395ee974344be8a1f8a96d948871407dd7182f40fe6cf74ff2adaf544a5f473d4efe9b259c3838c5eb0796b31dc61d68d008cff5c265674bfd867a103f3cbae9942b74bd1df591ef841e092b7eef5927f7d6cc164feb5f8d9017d132d71262383d2fb827a44fba2d4e78bafabd18ec74703e7a9e9b45b15e5970d908f73da9b6cfb02f059bf9"], 0x19c}}, 0x0) [ 48.936144][ T7235] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.960636][ T7235] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.970503][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.011774][ T7236] IPVS: ftp: loaded support on port[0] = 21 [ 49.026009][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.038198][ T7235] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.047697][ T7235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.063598][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.071967][ T7235] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.080301][ T7235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.137481][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.148269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.157703][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.178265][ T7230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.213668][ T7230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.261794][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.279730][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.303007][ T7230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.331649][ T7233] chnl_net:caif_netlink_parms(): no params data found [ 49.373432][ T7240] IPVS: ftp: loaded support on port[0] = 21 [ 49.406614][ T7233] bridge0: port 1(bridge_slave_0) entered blocking state 11:14:56 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) [ 49.420592][ T7233] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.431324][ T7233] device bridge_slave_0 entered promiscuous mode [ 49.482887][ T7233] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.495220][ T7233] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.516110][ T7233] device bridge_slave_1 entered promiscuous mode [ 49.609411][ T7233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.666567][ T7233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.704030][ T7236] chnl_net:caif_netlink_parms(): no params data found [ 49.799750][ T7233] team0: Port device team_slave_0 added [ 49.831838][ T7233] team0: Port device team_slave_1 added [ 49.876716][ T7236] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.893642][ T7236] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.901505][ T7236] device bridge_slave_0 entered promiscuous mode [ 49.924501][ T7240] chnl_net:caif_netlink_parms(): no params data found [ 49.945598][ T7236] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.952666][ T7236] bridge0: port 2(bridge_slave_1) entered disabled state 11:14:57 executing program 5: sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xffffffffbffffffe) [ 49.971955][ T7236] device bridge_slave_1 entered promiscuous mode [ 50.036657][ T7233] device hsr_slave_0 entered promiscuous mode [ 50.073889][ T7233] device hsr_slave_1 entered promiscuous mode [ 50.113564][ T7233] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.159153][ T7253] IPVS: ftp: loaded support on port[0] = 21 [ 50.185454][ T7236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.211457][ T7236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.235860][ T7233] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.242948][ T7233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.250456][ T7233] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.257534][ T7233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.296533][ T7240] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.308879][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.321046][ T7240] device bridge_slave_0 entered promiscuous mode [ 50.337983][ T7236] team0: Port device team_slave_0 added [ 50.350419][ T7240] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.358310][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.366863][ T7240] device bridge_slave_1 entered promiscuous mode [ 50.385784][ T7236] team0: Port device team_slave_1 added [ 50.409932][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.418801][ T7255] IPVS: ftp: loaded support on port[0] = 21 [ 50.438451][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.479912][ T7240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.490828][ T7240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 11:14:58 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) [ 50.574473][ T7236] device hsr_slave_0 entered promiscuous mode [ 50.613967][ T7236] device hsr_slave_1 entered promiscuous mode [ 50.666419][ T7236] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.738557][ T7240] team0: Port device team_slave_0 added [ 50.783931][ T7240] team0: Port device team_slave_1 added [ 50.817879][ T7253] chnl_net:caif_netlink_parms(): no params data found [ 50.840490][ T7233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.907034][ T7240] device hsr_slave_0 entered promiscuous mode 11:14:58 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) [ 50.963990][ T7240] device hsr_slave_1 entered promiscuous mode [ 51.003642][ T7240] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.014799][ T7233] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.034386][ T7236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.071732][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.079590][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.087588][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.099721][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.108838][ T7256] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.115934][ T7256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.151861][ T7236] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.169422][ T7233] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 51.197234][ T7233] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.227757][ C0] hrtimer: interrupt took 27951 ns [ 51.228229][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.241911][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.254387][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.261448][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.272864][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.282009][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.293211][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.301365][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.313849][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.322404][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.334683][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.343268][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.355586][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.366081][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.375866][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.386617][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.423324][ T7255] chnl_net:caif_netlink_parms(): no params data found [ 51.447341][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.455922][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.464093][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.472870][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.481523][ T7258] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.488716][ T7258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.497185][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.506169][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.514838][ T7258] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.521905][ T7258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.530284][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.539723][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.549291][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.558280][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.567530][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.584657][ T7258] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.598062][ T7233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.606099][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.613177][ T7253] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.621681][ T7253] device bridge_slave_0 entered promiscuous mode [ 51.638952][ T7253] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.653567][ T7253] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.661639][ T7253] device bridge_slave_1 entered promiscuous mode 11:14:59 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) [ 51.690368][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.698999][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.710279][ T7253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.723166][ T7240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.748801][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.761266][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.772673][ T7236] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.788095][ T7236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.799140][ T7253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.823404][ T7240] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.856154][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.866993][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.878177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.888917][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.906142][ T7236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.945423][ T7255] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.952626][ T7255] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.994750][ T7255] device bridge_slave_0 entered promiscuous mode [ 52.016792][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.034654][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.053035][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.060153][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.080124][ T7253] team0: Port device team_slave_0 added [ 52.086817][ T7284] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 52.105011][ T7253] team0: Port device team_slave_1 added [ 52.110735][ T7255] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.141884][ T7255] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.158387][ T7255] device bridge_slave_1 entered promiscuous mode [ 52.173436][ T7240] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.201695][ T7240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.219309][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.228405][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.241619][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.253068][ T3509] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.260200][ T3509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.273329][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.283020][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.296777][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.308051][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.318906][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.330508][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.342144][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.353187][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.366898][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.379512][ T3509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.391602][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.402972][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.430512][ T7240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.470638][ T7255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 11:15:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 52.557029][ T7253] device hsr_slave_0 entered promiscuous mode [ 52.572494][ T7294] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 52.591274][ T7294] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. 11:15:00 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) [ 52.643869][ T7253] device hsr_slave_1 entered promiscuous mode [ 52.673662][ T7253] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.682810][ T7255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.837009][ T7255] team0: Port device team_slave_0 added [ 52.855273][ T7306] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 52.856170][ T7255] team0: Port device team_slave_1 added 11:15:00 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) 11:15:00 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) 11:15:00 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 52.970793][ T7253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.091315][ T7255] device hsr_slave_0 entered promiscuous mode [ 53.101732][ T7312] netlink: 372 bytes leftover after parsing attributes in process `syz-executor.3'. [ 53.133021][ T7316] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 53.154083][ T7255] device hsr_slave_1 entered promiscuous mode 11:15:00 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9c0100000107030200000000ddffffffffffffff8801070008000200000400000800010011e66bf27c39030faafa675a0f19c00d4fa9d36a410000008000000000660aed6e29105039302534191050490ff9a6015ecd568271dd", @ANYRES32, @ANYBLOB="14008100fe8000000000000000000000000000bb08003000ac1414aa1e84d855c47b9ff6e90ed3f5a516a5d44520792da8bfa0e8431c4149858548b5ea36aa4b754761ac0309a8a1d709c0b7c419fa797c67e766b085ffd202bdc86c7fa2c890041fd409c523e34d36156e29c15773d41e20a3370ae0a3fff0e1051e0000008204b2ef1cff5dbcf02d918b67bf3c9fe1310dc09069aaaf281a34d1bdd3f0544e12a621d5bc34ac14a18eb61d09004775d572d95f30b94b8b395ee974344be8a1f8a96d948871407dd7182f40fe6cf74ff2adaf544a5f473d4efe9b259c3838c5eb0796b31dc61d68d008cff5c265674bfd867a103f3cbae9942b74bd1df591ef841e092b7eef5927f7d6cc164feb5f8d9017d132d71262383d2fb827a44fba2d4e78bafabd18ec74703e7a9e9b45b15e5970d908f73da9b6cfb02f059bf9"], 0x19c}}, 0x0) [ 53.213831][ T7255] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.236937][ T7253] 8021q: adding VLAN 0 to HW filter on device team0 11:15:00 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) [ 53.280342][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.301239][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.395951][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.414271][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.441686][ T7321] netlink: 372 bytes leftover after parsing attributes in process `syz-executor.3'. [ 53.455594][ T7325] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 53.470172][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.474284][ T7325] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 53.481221][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.486396][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.526277][ T7328] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 53.533022][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.546411][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.553544][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.606867][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.624958][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.674470][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.738899][ T7253] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.765135][ T7253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.791772][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.801301][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.811729][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.821953][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.832592][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.841536][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.850605][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.859652][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.869169][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.877891][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.916203][ T7255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.924814][ T7253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.940294][ T7255] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.954691][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.962648][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.994767][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.004739][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.013162][ T7235] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.020345][ T7235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.028567][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.038099][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.047081][ T7235] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.054207][ T7235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.062095][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.071312][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.080209][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.088968][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.098118][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.107479][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.116392][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.124902][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.133343][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.141956][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.152948][ T7255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.169476][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.183323][ T7235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.197895][ T7255] 8021q: adding VLAN 0 to HW filter on device batadv0 11:15:01 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) 11:15:01 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) 11:15:01 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) 11:15:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:01 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:01 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9c0100000107030200000000ddffffffffffffff8801070008000200000400000800010011e66bf27c39030faafa675a0f19c00d4fa9d36a410000008000000000660aed6e29105039302534191050490ff9a6015ecd568271dd", @ANYRES32, @ANYBLOB="14008100fe8000000000000000000000000000bb08003000ac1414aa1e84d855c47b9ff6e90ed3f5a516a5d44520792da8bfa0e8431c4149858548b5ea36aa4b754761ac0309a8a1d709c0b7c419fa797c67e766b085ffd202bdc86c7fa2c890041fd409c523e34d36156e29c15773d41e20a3370ae0a3fff0e1051e0000008204b2ef1cff5dbcf02d918b67bf3c9fe1310dc09069aaaf281a34d1bdd3f0544e12a621d5bc34ac14a18eb61d09004775d572d95f30b94b8b395ee974344be8a1f8a96d948871407dd7182f40fe6cf74ff2adaf544a5f473d4efe9b259c3838c5eb0796b31dc61d68d008cff5c265674bfd867a103f3cbae9942b74bd1df591ef841e092b7eef5927f7d6cc164feb5f8d9017d132d71262383d2fb827a44fba2d4e78bafabd18ec74703e7a9e9b45b15e5970d908f73da9b6cfb02f059bf9"], 0x19c}}, 0x0) [ 54.373008][ T7349] futex_wake_op: syz-executor.5 tries to shift op by -1; fix this program 11:15:01 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) [ 54.458317][ T7355] netlink: 372 bytes leftover after parsing attributes in process `syz-executor.3'. [ 54.481346][ T7356] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. 11:15:02 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="9c0100000107030200000000ddffffffffffffff8801070008000200000400000800010011e66bf27c39030faafa675a0f19c00d4fa9d36a410000008000000000660aed6e29105039302534191050490ff9a6015ecd568271dd", @ANYRES32, @ANYBLOB="14008100fe8000000000000000000000000000bb08003000ac1414aa1e84d855c47b9ff6e90ed3f5a516a5d44520792da8bfa0e8431c4149858548b5ea36aa4b754761ac0309a8a1d709c0b7c419fa797c67e766b085ffd202bdc86c7fa2c890041fd409c523e34d36156e29c15773d41e20a3370ae0a3fff0e1051e0000008204b2ef1cff5dbcf02d918b67bf3c9fe1310dc09069aaaf281a34d1bdd3f0544e12a621d5bc34ac14a18eb61d09004775d572d95f30b94b8b395ee974344be8a1f8a96d948871407dd7182f40fe6cf74ff2adaf544a5f473d4efe9b259c3838c5eb0796b31dc61d68d008cff5c265674bfd867a103f3cbae9942b74bd1df591ef841e092b7eef5927f7d6cc164feb5f8d9017d132d71262383d2fb827a44fba2d4e78bafabd18ec74703e7a9e9b45b15e5970d908f73da9b6cfb02f059bf9"], 0x19c}}, 0x0) 11:15:02 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f000044f000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @random="a54f1132d482", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x18, 0x6, 0x0, @rand_addr="f2e4cce5057c69820b48a886038cfac0", @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x2, 0x2}]}}}}}}}}, 0x0) 11:15:02 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) 11:15:02 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) 11:15:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 54.844846][ T7372] netlink: 372 bytes leftover after parsing attributes in process `syz-executor.3'. [ 54.884722][ T7373] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. 11:15:02 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:02 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:02 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0xfffffffffffffffe}) 11:15:02 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:02 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:02 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 2: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:03 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:04 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:04 executing program 2: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11:15:04 executing program 3: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:04 executing program 0: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:04 executing program 4: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:04 executing program 3: openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) getpid() pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) 11:15:04 executing program 5: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000500)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) 11:15:04 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 57.511848][ T7470] ================================================================== [ 57.520092][ T7470] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 57.528493][ T7470] [ 57.530823][ T7470] write to 0xffff88812ae81428 of 8 bytes by task 7480 on cpu 0: [ 57.538465][ T7470] ext4_es_lookup_extent+0x3d3/0x510 [ 57.543758][ T7470] ext4_da_get_block_prep+0x159/0xa60 [ 57.549167][ T7470] ext4_block_write_begin+0x33e/0xb90 [ 57.554570][ T7470] ext4_da_write_begin+0x1da/0x7e0 11:15:05 executing program 5: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000500)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) [ 57.559679][ T7470] generic_perform_write+0x136/0x320 [ 57.564964][ T7470] __generic_file_write_iter+0x251/0x380 [ 57.570623][ T7470] ext4_file_write_iter+0x1fc/0xa40 [ 57.575819][ T7470] new_sync_write+0x388/0x4a0 [ 57.580507][ T7470] __vfs_write+0xb1/0xc0 [ 57.584755][ T7470] vfs_write+0x18a/0x390 [ 57.588999][ T7470] ksys_write+0xd5/0x1b0 [ 57.593249][ T7470] __x64_sys_write+0x4c/0x60 [ 57.597854][ T7470] do_syscall_64+0xcf/0x2f0 [ 57.602368][ T7470] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.608247][ T7470] [ 57.610614][ T7470] read to 0xffff88812ae81428 of 8 bytes by task 7470 on cpu 1: [ 57.618174][ T7470] ext4_es_lookup_extent+0x3ba/0x510 [ 57.623491][ T7470] ext4_da_get_block_prep+0x159/0xa60 [ 57.628865][ T7470] ext4_block_write_begin+0x33e/0xb90 [ 57.634260][ T7470] ext4_da_write_begin+0x1da/0x7e0 [ 57.639373][ T7470] generic_perform_write+0x136/0x320 [ 57.644670][ T7470] __generic_file_write_iter+0x251/0x380 [ 57.650306][ T7470] ext4_file_write_iter+0x1fc/0xa40 [ 57.655512][ T7470] new_sync_write+0x388/0x4a0 [ 57.660190][ T7470] __vfs_write+0xb1/0xc0 [ 57.664439][ T7470] vfs_write+0x18a/0x390 [ 57.669119][ T7470] ksys_write+0xd5/0x1b0 [ 57.673363][ T7470] __x64_sys_write+0x4c/0x60 [ 57.678117][ T7470] do_syscall_64+0xcf/0x2f0 [ 57.682608][ T7470] [ 57.684925][ T7470] Reported by Kernel Concurrency Sanitizer on: [ 57.691082][ T7470] CPU: 1 PID: 7470 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 57.698653][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.708735][ T7470] ================================================================== [ 57.716794][ T7470] Kernel panic - not syncing: panic_on_warn set ... [ 57.723379][ T7470] CPU: 1 PID: 7470 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 57.730928][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.741068][ T7470] Call Trace: [ 57.744364][ T7470] dump_stack+0xf5/0x159 [ 57.748617][ T7470] panic+0x209/0x639 [ 57.752519][ T7470] ? vprintk_func+0x8d/0x140 [ 57.757113][ T7470] kcsan_report.cold+0x57/0xeb [ 57.761886][ T7470] __kcsan_setup_watchpoint+0x342/0x500 [ 57.767437][ T7470] __tsan_read8+0x2c/0x30 [ 57.771772][ T7470] ext4_es_lookup_extent+0x3ba/0x510 [ 57.777092][ T7470] ext4_da_get_block_prep+0x159/0xa60 [ 57.782470][ T7470] ? _raw_spin_unlock+0x4b/0x60 [ 57.787337][ T7470] ? create_empty_buffers+0x20c/0x3e0 [ 57.792757][ T7470] ext4_block_write_begin+0x33e/0xb90 [ 57.798161][ T7470] ? ext4_bmap+0x220/0x220 [ 57.802590][ T7470] ? __tsan_read4+0x2c/0x30 [ 57.807100][ T7470] ext4_da_write_begin+0x1da/0x7e0 11:15:05 executing program 5: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000500)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) [ 57.812228][ T7470] generic_perform_write+0x136/0x320 [ 57.817525][ T7470] __generic_file_write_iter+0x251/0x380 [ 57.823173][ T7470] ext4_file_write_iter+0x1fc/0xa40 [ 57.828400][ T7470] new_sync_write+0x388/0x4a0 [ 57.833084][ T7470] __vfs_write+0xb1/0xc0 [ 57.837341][ T7470] vfs_write+0x18a/0x390 [ 57.841589][ T7470] ksys_write+0xd5/0x1b0 [ 57.845843][ T7470] __x64_sys_write+0x4c/0x60 [ 57.850440][ T7470] do_syscall_64+0xcf/0x2f0 [ 57.855364][ T7470] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.861301][ T7470] RIP: 0033:0x459a59 [ 57.865210][ T7470] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.885672][ T7470] RSP: 002b:00007f0aa8552c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.894089][ T7470] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 57.902064][ T7470] RDX: 000000005aa78d33 RSI: 0000000020000200 RDI: 0000000000000003 [ 57.910059][ T7470] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 57.918334][ T7470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0aa85536d4 [ 57.926754][ T7470] R13: 00000000004c9a73 R14: 00000000004e13e8 R15: 00000000ffffffff [ 57.936904][ T7470] Kernel Offset: disabled [ 57.941231][ T7470] Rebooting in 86400 seconds..