[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. Debian GNU/Linux 9 syzkaller ttyS0 2020/08/02 10:33:11 fuzzer started 2020/08/02 10:33:11 dialing manager at 10.128.0.26:41089 2020/08/02 10:33:12 syscalls: 3270 2020/08/02 10:33:12 code coverage: enabled 2020/08/02 10:33:12 comparison tracing: enabled 2020/08/02 10:33:12 extra coverage: enabled 2020/08/02 10:33:12 setuid sandbox: enabled 2020/08/02 10:33:12 namespace sandbox: enabled 2020/08/02 10:33:12 Android sandbox: enabled 2020/08/02 10:33:12 fault injection: enabled 2020/08/02 10:33:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/02 10:33:12 net packet injection: enabled 2020/08/02 10:33:12 net device setup: enabled 2020/08/02 10:33:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/02 10:33:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/02 10:33:12 USB emulation: enabled 2020/08/02 10:33:12 hci packet injection: enabled 10:35:08 executing program 0: r0 = memfd_create(&(0x7f0000000000)='#em\x06\x00\x00\x00', 0x0) ioctl$TUNSETVNETLE(r0, 0x5452, &(0x7f0000000000)) syzkaller login: [ 182.040816][ T27] audit: type=1400 audit(1596364508.595:8): avc: denied { execmem } for pid=6855 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 182.199180][ T6856] IPVS: ftp: loaded support on port[0] = 21 10:35:08 executing program 1: r0 = eventfd(0x0) r1 = fcntl$dupfd(r0, 0x0, r0) close(r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e5e, @dev}, 0x10) write$binfmt_script(r1, 0x0, 0x0) [ 182.368874][ T6856] chnl_net:caif_netlink_parms(): no params data found [ 182.475133][ T6856] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.482503][ T6856] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.490286][ T6856] device bridge_slave_0 entered promiscuous mode [ 182.518040][ T6856] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.527069][ T6856] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.536071][ T6856] device bridge_slave_1 entered promiscuous mode [ 182.566381][ T6856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.578312][ T6856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.581693][ T6986] IPVS: ftp: loaded support on port[0] = 21 [ 182.608748][ T6856] team0: Port device team_slave_0 added [ 182.620321][ T6856] team0: Port device team_slave_1 added [ 182.654684][ T6856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.661651][ T6856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. 10:35:09 executing program 2: r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0) sync() rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000540)='./file1\x00') pwrite64(r0, &(0x7f0000000040)="c2", 0x1, 0x0) [ 182.712425][ T6856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.749889][ T6856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.763439][ T6856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.792168][ T6856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.890097][ T6856] device hsr_slave_0 entered promiscuous mode 10:35:09 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0xffff, 0x8, &(0x7f00000000c0), 0x4) [ 182.942994][ T6856] device hsr_slave_1 entered promiscuous mode [ 183.066444][ T7044] IPVS: ftp: loaded support on port[0] = 21 [ 183.257859][ T6986] chnl_net:caif_netlink_parms(): no params data found 10:35:09 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) utimensat(r0, 0x0, 0x0, 0x0) [ 183.525819][ T7185] IPVS: ftp: loaded support on port[0] = 21 [ 183.588063][ T7044] chnl_net:caif_netlink_parms(): no params data found [ 183.609105][ T6856] netdevsim netdevsim0 netdevsim0: renamed from eth0 10:35:10 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) close(r2) socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) [ 183.746243][ T6856] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.758535][ T7294] IPVS: ftp: loaded support on port[0] = 21 [ 183.802952][ T6986] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.810038][ T6986] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.823773][ T6986] device bridge_slave_0 entered promiscuous mode [ 183.859385][ T6856] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 183.931784][ T6986] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.940180][ T6986] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.948978][ T6986] device bridge_slave_1 entered promiscuous mode [ 183.974670][ T6856] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 184.055315][ T7310] IPVS: ftp: loaded support on port[0] = 21 [ 184.102385][ T6986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.115608][ T6986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.134496][ T7044] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.141585][ T7044] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.150342][ T7044] device bridge_slave_0 entered promiscuous mode [ 184.184308][ T7044] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.191755][ T7044] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.201852][ T7044] device bridge_slave_1 entered promiscuous mode [ 184.215606][ T6986] team0: Port device team_slave_0 added [ 184.258252][ T6986] team0: Port device team_slave_1 added [ 184.288319][ T7044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.300779][ T7044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.321605][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.328813][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.355945][ T6986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.370598][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.378285][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.405969][ T6986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.440187][ T7044] team0: Port device team_slave_0 added [ 184.449912][ T7044] team0: Port device team_slave_1 added [ 184.546607][ T7044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.553643][ T7044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.580656][ T7044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.647128][ T6986] device hsr_slave_0 entered promiscuous mode [ 184.692605][ T6986] device hsr_slave_1 entered promiscuous mode [ 184.732412][ T6986] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.740141][ T6986] Cannot create hsr debugfs directory [ 184.762287][ T7044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.769246][ T7044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.796143][ T7044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.855963][ T7044] device hsr_slave_0 entered promiscuous mode [ 184.912925][ T7044] device hsr_slave_1 entered promiscuous mode [ 184.952358][ T7044] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.959927][ T7044] Cannot create hsr debugfs directory [ 184.995347][ T7294] chnl_net:caif_netlink_parms(): no params data found [ 185.119578][ T7185] chnl_net:caif_netlink_parms(): no params data found [ 185.179765][ T7310] chnl_net:caif_netlink_parms(): no params data found [ 185.195783][ T6856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.266573][ T7294] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.277160][ T7294] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.285980][ T7294] device bridge_slave_0 entered promiscuous mode [ 185.329519][ T7294] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.336985][ T7294] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.346652][ T7294] device bridge_slave_1 entered promiscuous mode [ 185.367909][ T7185] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.375438][ T7185] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.384470][ T7185] device bridge_slave_0 entered promiscuous mode [ 185.397505][ T7185] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.404726][ T7185] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.413684][ T7185] device bridge_slave_1 entered promiscuous mode [ 185.439118][ T6856] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.450981][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.461515][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.501205][ T7294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.543674][ T7294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.592783][ T7185] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.609420][ T6986] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 185.687970][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.697417][ T2720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.707158][ T2720] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.714464][ T2720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.739734][ T7294] team0: Port device team_slave_0 added [ 185.749609][ T7185] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.779570][ T6986] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 185.816516][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.825593][ T7310] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.833934][ T7310] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.841652][ T7310] device bridge_slave_0 entered promiscuous mode [ 185.851150][ T7294] team0: Port device team_slave_1 added [ 185.868318][ T7185] team0: Port device team_slave_0 added [ 185.875495][ T6986] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 185.948689][ T7310] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.955897][ T7310] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.965465][ T7310] device bridge_slave_1 entered promiscuous mode [ 185.993311][ T7185] team0: Port device team_slave_1 added [ 186.009824][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.018851][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.028313][ T2572] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.035466][ T2572] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.044184][ T6986] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 186.112684][ T7294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.119663][ T7294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.147419][ T7294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.165742][ T7044] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 186.222388][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.239308][ T7310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.249533][ T7294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.256776][ T7294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.283553][ T7294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.305445][ T7044] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 186.376845][ T7310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.387810][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.414201][ T7185] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.421270][ T7185] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.450676][ T7185] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.466024][ T7044] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 186.495543][ T7044] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 186.604805][ T7294] device hsr_slave_0 entered promiscuous mode [ 186.633303][ T7294] device hsr_slave_1 entered promiscuous mode [ 186.692376][ T7294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.699957][ T7294] Cannot create hsr debugfs directory [ 186.708065][ T7185] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.715364][ T7185] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.741384][ T7185] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.762285][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.771141][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.824614][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.836958][ T7310] team0: Port device team_slave_0 added [ 186.886483][ T7310] team0: Port device team_slave_1 added [ 186.904287][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.916326][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.987104][ T7185] device hsr_slave_0 entered promiscuous mode [ 187.044455][ T7185] device hsr_slave_1 entered promiscuous mode [ 187.102948][ T7185] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.110585][ T7185] Cannot create hsr debugfs directory [ 187.137207][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.147164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.181442][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.191259][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.218140][ T7310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.231288][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.239069][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.265210][ T7310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.278327][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.289263][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.300825][ T6856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.416835][ T7310] device hsr_slave_0 entered promiscuous mode [ 187.475898][ T7310] device hsr_slave_1 entered promiscuous mode [ 187.542689][ T7310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.550268][ T7310] Cannot create hsr debugfs directory [ 187.576085][ T6986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.615867][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.625821][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.681697][ T7044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.699454][ T6986] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.731464][ T6856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.745911][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.754619][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.794524][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.805174][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.814456][ T2572] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.821492][ T2572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.830362][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.839245][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.868560][ T7044] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.893183][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.902763][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.911317][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.920029][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.927157][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.935592][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.944761][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.960081][ T7294] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 188.007915][ T7294] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 188.077747][ T7294] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 188.137987][ T7294] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 188.219941][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.229984][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.271627][ T7185] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 188.305434][ T7185] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 188.365742][ T7185] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 188.416856][ T7185] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 188.476618][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.487294][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.496283][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.505263][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.512387][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.520333][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.529669][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.538483][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.548108][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.557261][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.566055][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.574936][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.582311][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.590714][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.644583][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.653625][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.661788][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.671174][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.680090][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 188.688813][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.697955][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.707591][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.726728][ T6856] device veth0_vlan entered promiscuous mode [ 188.748645][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.756757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 188.787527][ T6856] device veth1_vlan entered promiscuous mode [ 188.804019][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.814388][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.823224][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.831759][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.840667][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.885822][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.895676][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.904828][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 188.912689][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.939854][ T6986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.957282][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.965945][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.996120][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.005674][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.024007][ T7044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.040159][ T6856] device veth0_macvtap entered promiscuous mode [ 189.075719][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.084272][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 189.093834][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 189.103901][ T6856] device veth1_macvtap entered promiscuous mode [ 189.115587][ T7310] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 189.179244][ T7310] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 189.245315][ T7310] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 189.349532][ T6986] device veth0_vlan entered promiscuous mode [ 189.358873][ T7310] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 189.426961][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.436738][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 189.444396][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 189.451854][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.460248][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.472708][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.480476][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.490841][ T6856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.517245][ T6986] device veth1_vlan entered promiscuous mode [ 189.537541][ T7044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.549467][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 189.562837][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 189.571330][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 189.587259][ T7185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.609226][ T6856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.627151][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.638388][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.660432][ T7294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.713901][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 189.727604][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 189.736645][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 189.749217][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.757215][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.924365][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.933329][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.954953][ T6986] device veth0_macvtap entered promiscuous mode [ 189.963193][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.971193][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.979383][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.991032][ T7185] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.007715][ T7294] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.018778][ T6986] device veth1_macvtap entered promiscuous mode [ 190.032317][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 190.040586][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 190.049786][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 190.058103][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 190.069510][ T7044] device veth0_vlan entered promiscuous mode [ 190.100727][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.109658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.119009][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.126129][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.135695][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.145544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.156547][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.163696][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.178550][ T7044] device veth1_vlan entered promiscuous mode [ 190.194394][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.205194][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.216866][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.226487][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 190.238774][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.247158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.260863][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.269778][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.276903][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.285481][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.294334][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.303061][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.310137][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.317928][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.326966][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.335803][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.345279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.365842][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 190.374327][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.390942][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.404581][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.415932][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.449017][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 190.458109][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.468970][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.477831][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.487088][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.496260][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.505791][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.515153][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.523806][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.532523][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.576791][ T7044] device veth0_macvtap entered promiscuous mode [ 190.586773][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.595937][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 190.604224][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.618169][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.628602][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.637766][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.646804][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.657875][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.798483][ T7294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.809342][ T7044] device veth1_macvtap entered promiscuous mode [ 190.836637][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 190.844781][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.854909][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.868399][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.877724][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.887028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.895956][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.905189][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.941420][ T7185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.951948][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 190.960611][ T2513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 10:35:17 executing program 0: [ 191.061133][ T7044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 10:35:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4138ae84, &(0x7f0000000100)) [ 191.127098][ T7044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.179108][ T7044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 191.219304][ T8124] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 191.222348][ T7044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 10:35:17 executing program 0: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x401012fc, &(0x7f0000000140)=ANY=[]) [ 191.339381][ T7044] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.377442][ T7294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.394479][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 191.413503][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.451081][ T7044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.474668][ T7044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.492099][ T7044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 10:35:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1801, 0x4) sendmmsg(r0, &(0x7f00000075c0)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f26d6c91f25104caa92162d00eba54e68088986aa066431445c5412f138db82e75760578858a6259283c4958956ef0217ed787072bbfb32de603a48f306d3e6346b7c9328b5b8f805a4dc61538e3bc88cdc349dabf717313af026ca16b9669abd0f8323058da774c0f518d781a7a8672c", 0x82}, {&(0x7f0000001b40)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b198e5032c69cf8ebe9d42dd43d2f19d49ebb5e33cf00ec91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07f5b039820be20d5e3e2718fde4de9831bcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee7714903088dfd546a136d40646857b851b65a7a93f879f49436bbbd87586553407860397d48842400126f8", 0xed}, {&(0x7f0000000000)="40c11437fb00d6eab04b0c06251f8168813a461ace70236fa0348db1d319fe147c2390db325b8f9969aec8c50d", 0x2d}, {&(0x7f0000001780)="46a43e3f510e3eac779206060abfc1e723fc59d595e9948e6d03be0d6c89d8702d5f2332fe4e991d8ce010dd173f3035a16bc1ae729800e6c53d5b3b7deacf114c931c707559610cd1366220890b11cd862202abfbcd24a76a2f0f7044964480ebd12d0bca901ac0e4e3188cb74f2b45bc4f37e1694a1e15a039e34cf59a4c86cb1dc5210f4be91e84888a860ab5286ba2a1", 0x92}, {&(0x7f0000001880)="bdcc25945d5320762605855bdd5022bce4d5ecd21753f95ce22bbec3d78b5644a4f358945013c7228ccdf35e86770ac02760d99e9206acc59036a49f4b8971cf78556f3c6ca383a03d95fc318a9aeaccfa469ba8a16aa00a2bd34222049e1c038f769d461fd8e623ef4860aee8c34c32e6b311045684f83aae6d36aeb6430fcb2939da257013f355311245f449", 0x8d}, {&(0x7f0000001940)="cd96bdb578810f358b2aaaf2bacafe0e46d11b73fd", 0x15}], 0x6}}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f00000023c0)="8f093e579a0ad13bbfa6dfcf5f92e9137fcecd3422187adb2613d1cb2a10ac11024822cad9f16a8b47c13f163ae0a1beeec0926acde449fbfe0e5541045b2c313750354dae2754d463a826ce2b09b2eb64c86efa836eea20911ce18f946766d536d35ca564c311661d07ca773364206c8285e48e3b87ccda84470e53bc7fa7890408e5bf60729724f9055e5d06344f5370cc2c0ac6733aa800c59b6f75a7f1275cf02513256e1adad6711430cf488290e1803ab5afe0cbabd4c4d6d7e2bff5b6fd56784a95153d1eb664dd00000000000000000000000000b25abb15bdb7638b9eb6d24ee51380329f6df5aa2e1ebcaf222eb328895ac1bb04b9b20572325865f5c925caef49ea16564f4d5ee5728b606482a69e9933b38db13ebaa6be9dd5be362bcb326426cf8e7f5819f9a7b75cb0b15824afd2e33eac13fbbc6ada21ab5357ba0103e9799ca018db6f00b00c972959d5687ee7257cc5c3a70230532afb1f530f8b481cfea0e5", 0x168}], 0x1}}], 0x2, 0x0) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) [ 191.522109][ T7044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.547956][ T7044] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.596068][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.608268][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 191.630507][ T7310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.692589][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.706240][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.761421][ T7185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.825655][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.842876][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.855754][ T7310] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.957207][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 191.974501][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.992229][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.000917][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.010279][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.017401][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.025867][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.155214][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.179918][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.209135][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.216310][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.226718][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.236740][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.247563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.263367][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.303596][ T7294] device veth0_vlan entered promiscuous mode 10:35:18 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$9p_tcp(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=']) [ 192.325003][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.341876][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.350921][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.367604][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.380363][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.413237][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 10:35:19 executing program 1: perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x440}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="4800000010000d07cd", @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x101) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x810, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xe004000c, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x2000012, 0x1f4}, 0xe}], 0x1, 0x100, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, 0xffffffffffffffff, 0x2, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', r1}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x21c, 0x1c030011, 0x0, 0x1c030011, 0x64, 0x64000000, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@ip={@multicast1=0xe000e400, @remote}, 0xa000000, 0x70, 0xb8, 0x258, {0x900000000000000}}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@ip={@remote, @empty, 0x0, 0x0, '\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xd0, 0x0, {0xec00000000000000}}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94, 0x0, {0xa}}, {0x24}}}}, 0x278) 10:35:19 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) [ 192.430775][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.448904][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.459106][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.503621][ T7294] device veth1_vlan entered promiscuous mode [ 192.539374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 192.571278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.587709][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.596250][ T27] audit: type=1800 audit(1596364519.146:9): pid=8167 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15750 res=0 [ 192.625118][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.646125][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.676082][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.698029][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.779479][ T7185] device veth0_vlan entered promiscuous mode [ 192.790856][ C1] hrtimer: interrupt took 65822 ns [ 192.800924][ T7310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.823044][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.845591][ T7883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.888035][ T7185] device veth1_vlan entered promiscuous mode [ 192.978683][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 193.009683][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 193.023416][ T2491] Bluetooth: hci0: command 0x0409 tx timeout 10:35:19 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) [ 193.087832][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 193.096909][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.115479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.123865][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.133484][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.154919][ T7294] device veth0_macvtap entered promiscuous mode [ 193.173479][ T7294] device veth1_macvtap entered promiscuous mode [ 193.247421][ T7310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.249611][ T27] audit: type=1800 audit(1596364519.806:10): pid=8180 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15753 res=0 [ 193.288011][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 193.309997][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.367056][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.404568][ T7185] device veth0_macvtap entered promiscuous mode [ 193.451668][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 10:35:20 executing program 2: perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x440}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="4800000010000d07cd", @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x101) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x810, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xe004000c, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x2000012, 0x1f4}, 0xe}], 0x1, 0x100, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, 0xffffffffffffffff, 0x2, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', r1}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x21c, 0x1c030011, 0x0, 0x1c030011, 0x64, 0x64000000, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@ip={@multicast1=0xe000e400, @remote}, 0xa000000, 0x70, 0xb8, 0x258, {0x900000000000000}}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@ip={@remote, @empty, 0x0, 0x0, '\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xd0, 0x0, {0xec00000000000000}}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94, 0x0, {0xa}}, {0x24}}}}, 0x278) [ 193.514900][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.554856][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 193.600390][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.656059][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 193.701367][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.739038][ T7294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.777231][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 193.798343][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.843225][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.088957][ T7185] device veth1_macvtap entered promiscuous mode [ 194.138128][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.146988][ T2572] Bluetooth: hci1: command 0x0409 tx timeout [ 194.177118][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.198353][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.209719][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.222522][ T7294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.271201][ T7294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.364133][ T7294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.410716][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.482793][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.491605][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.594385][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.615929][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.626589][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.637389][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.647667][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.659244][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.669405][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 194.680250][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.696920][ T7185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.745478][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.758488][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.767796][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.780030][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.792641][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.804046][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.815185][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.826285][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.836593][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.847579][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.858044][ T7185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 194.869415][ T7185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.881538][ T7185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.900964][ T7310] device veth0_vlan entered promiscuous mode [ 194.908931][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.918417][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.927275][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.936948][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 195.002564][ T7310] device veth1_vlan entered promiscuous mode [ 195.011125][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 195.019844][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 195.029090][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 195.112895][ T12] Bluetooth: hci0: command 0x041b tx timeout [ 195.183567][ T12] Bluetooth: hci2: command 0x0409 tx timeout [ 195.314049][ T7310] device veth0_macvtap entered promiscuous mode [ 195.326690][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 195.334749][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.349065][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.358094][ T8062] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.370551][ T7310] device veth1_macvtap entered promiscuous mode [ 195.390116][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.401254][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.411527][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.423163][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.433223][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.443739][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.453620][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.464135][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.474003][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.484513][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.496235][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.506462][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.516279][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.525085][ T2572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.536734][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.547841][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.558334][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.569263][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.579556][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.591784][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.601683][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.612293][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.622177][ T7310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.632670][ T7310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.643951][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.681827][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.690485][ T2491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 196.222848][ T12] Bluetooth: hci1: command 0x041b tx timeout 10:35:23 executing program 3: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xab, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}]}) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) 10:35:23 executing program 1: perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x440}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="4800000010000d07cd", @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x101) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x810, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0xe004000c, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x2000012, 0x1f4}, 0xe}], 0x1, 0x100, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, 0xffffffffffffffff, 0x2, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', r1}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x21c, 0x1c030011, 0x0, 0x1c030011, 0x64, 0x64000000, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@ip={@multicast1=0xe000e400, @remote}, 0xa000000, 0x70, 0xb8, 0x258, {0x900000000000000}}, @unspec=@CT0={0x48, 'CT\x00'}}, {{@ip={@remote, @empty, 0x0, 0x0, '\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0xd0, 0x0, {0xec00000000000000}}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94, 0x0, {0xa}}, {0x24}}}}, 0x278) [ 196.644323][ T8226] overlayfs: filesystem on './bus' not supported as upperdir 10:35:23 executing program 5: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4095, 0xfff}], 0x1) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pkey_alloc(0x0, 0x0) 10:35:23 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:23 executing program 2: r0 = mq_open(&(0x7f0000000040)='cgroup2\x00', 0x0, 0x0, 0x0) read(r0, &(0x7f0000000200)=""/111, 0x6f) 10:35:23 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 10:35:23 executing program 3: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xab, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}]}) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) [ 197.183027][ T12] Bluetooth: hci0: command 0x040f tx timeout [ 197.265364][ T12] Bluetooth: hci2: command 0x041b tx timeout [ 197.432441][ T27] audit: type=1800 audit(1596364523.986:11): pid=8246 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15782 res=0 10:35:24 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0xff01}) 10:35:24 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) [ 197.568429][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 10:35:24 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$packet(0x11, 0x2, 0x300) msgget(0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f000001dc00)={0x1b, 0x0, 0x0, 0x2000}, 0x40) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) nanosleep(0x0, &(0x7f0000000100)) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 197.695527][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.726484][ T8247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 10:35:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) flistxattr(r0, &(0x7f0000000000)=""/117, 0x75) [ 197.784406][ T27] audit: type=1800 audit(1596364524.346:12): pid=8262 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15690 res=0 10:35:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4008ae90, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) 10:35:24 executing program 2: creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_tcp(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=tcp,', {'port', 0x3d, 0x300000000000000}}) syz_genetlink_get_family_id$tipc2(0x0) [ 198.100569][ T8247] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 198.173209][ T8275] 9pnet: p9_fd_create_tcp (8275): problem connecting socket to 127.0.0.1 [ 198.220905][ T8280] 9pnet: p9_fd_create_tcp (8280): problem connecting socket to 127.0.0.1 [ 198.233971][ T2491] Bluetooth: hci3: command 0x0409 tx timeout 10:35:24 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) [ 198.263185][ T8247] syz-executor.4 (8247) used greatest stack depth: 23320 bytes left [ 198.302278][ T12] Bluetooth: hci1: command 0x040f tx timeout [ 198.466712][ T7883] Bluetooth: hci4: command 0x0409 tx timeout [ 198.486148][ T8290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 198.535629][ T8290] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 198.561615][ T8290] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 10:35:25 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000000)={&(0x7f00000000c0)=""/200, 0xc8}) 10:35:25 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x807812f0, &(0x7f0000000140)=ANY=[]) 10:35:25 executing program 1: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$setregset(0x4205, r1, 0x202, &(0x7f0000000180)={0x0}) 10:35:25 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x121402) ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381) 10:35:25 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) socket$packet(0x11, 0x2, 0x300) sendfile(r0, r2, 0x0, 0x8000fffffffe) [ 198.737215][ T8299] ptrace attach of "/root/syz-executor.1"[6986] was attempted by "/root/syz-executor.1"[8299] [ 198.749962][ T27] audit: type=1800 audit(1596364525.306:13): pid=8302 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15795 res=0 [ 198.834931][ T8310] ptrace attach of "/root/syz-executor.5"[7310] was attempted by "/root/syz-executor.5"[8310] 10:35:25 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x121402) flistxattr(r0, &(0x7f0000000000)=""/117, 0x75) 10:35:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r2, 0x4080aebf, &(0x7f0000000100)) 10:35:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4}) ioctl$KVM_SET_CPUID(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000080)) 10:35:25 executing program 5: perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x400812fa, &(0x7f0000000140)=ANY=[]) 10:35:25 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 10:35:25 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f00000002c0)) [ 199.022250][ T2572] Bluetooth: hci5: command 0x0409 tx timeout [ 199.160037][ T8328] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 10:35:25 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/mdstat\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) openat$vcs(0xffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x200140, 0x0) write(r2, &(0x7f00000001c0), 0xfffffef3) mq_open(&(0x7f0000000040)='cgroup2\x00', 0x40, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 10:35:25 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setresuid(0x0, r6, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@local, 0x4e22, 0x5a, 0x4e23, 0x0, 0x0, 0x80, 0x80, 0x2c, r4, r6}, {0xf71, 0x1ff, 0x0, 0x1, 0x1, 0x7ff, 0x0, 0x1000}, {0x2, 0x0, 0x100000001, 0x200}, 0x1, 0x6e6bc0, 0x0, 0x0, 0x1, 0x1}, {{@in6=@local, 0x0, 0x3c}, 0x2, @in=@remote, 0x34ff, 0x2, 0x2, 0x4, 0x78, 0xfffffe00, 0x6}}, 0xe4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x191) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) [ 199.217833][ T8328] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.262163][ T2572] Bluetooth: hci0: command 0x0419 tx timeout [ 199.275892][ T8328] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 10:35:25 executing program 1: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x401012fc, &(0x7f0000000140)=ANY=[]) [ 199.359208][ T8062] Bluetooth: hci2: command 0x040f tx timeout 10:35:26 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0x4}}]}, 0x38}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@local, 0x0, 0x5a}, {0x0, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@local}, 0x0, @in=@remote, 0x0, 0x0, 0x0, 0x4, 0x78, 0x0, 0x6}}, 0xe4) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 10:35:26 executing program 1: connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f0000000100)={0x1, 0x8, [{}]}) 10:35:26 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) socket$packet(0x11, 0x2, 0x300) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:26 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)=0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:35:26 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setresuid(0x0, r6, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@local, 0x4e22, 0x5a, 0x4e23, 0x0, 0x0, 0x80, 0x80, 0x2c, r4, r6}, {0xf71, 0x1ff, 0x0, 0x1, 0x1, 0x7ff, 0x0, 0x1000}, {0x2, 0x0, 0x100000001, 0x200}, 0x1, 0x6e6bc0, 0x0, 0x0, 0x1, 0x1}, {{@in6=@local, 0x0, 0x3c}, 0x2, @in=@remote, 0x34ff, 0x2, 0x2, 0x4, 0x78, 0xfffffe00, 0x6}}, 0xe4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x191) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) [ 199.874613][ T27] audit: type=1800 audit(1596364526.436:14): pid=8365 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15776 res=0 [ 200.306577][ T2572] Bluetooth: hci3: command 0x041b tx timeout [ 200.444201][ T2572] Bluetooth: hci1: command 0x0419 tx timeout [ 200.542487][ T8062] Bluetooth: hci4: command 0x041b tx timeout 10:35:26 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) socket$packet(0x11, 0x2, 0x300) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:26 executing program 4: 10:35:26 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setresuid(0x0, r6, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@local, 0x4e22, 0x5a, 0x4e23, 0x0, 0x0, 0x80, 0x80, 0x2c, r4, r6}, {0xf71, 0x1ff, 0x0, 0x1, 0x1, 0x7ff, 0x0, 0x1000}, {0x2, 0x0, 0x100000001, 0x200}, 0x1, 0x6e6bc0, 0x0, 0x0, 0x1, 0x1}, {{@in6=@local, 0x0, 0x3c}, 0x2, @in=@remote, 0x34ff, 0x2, 0x2, 0x4, 0x78, 0xfffffe00, 0x6}}, 0xe4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x191) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) 10:35:26 executing program 1: 10:35:27 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252002cb18f6e2e2aba000000012e0b3836005404b0e0301a7b2c75f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1f0816f1f6000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0x4}}]}, 0x38}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in6=@local, 0x0, 0x5a}, {0x0, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@local}, 0x0, @in=@remote, 0x0, 0x0, 0x0, 0x4, 0x78, 0x0, 0x6}}, 0xe4) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 10:35:27 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/mdstat\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) openat$vcs(0xffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x200140, 0x0) write(r2, &(0x7f00000001c0), 0xfffffef3) mq_open(&(0x7f0000000040)='cgroup2\x00', 0x40, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 10:35:27 executing program 4: [ 200.738296][ T27] audit: type=1800 audit(1596364527.296:15): pid=8408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15814 res=0 10:35:27 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e5e, @dev}, 0x10) r1 = dup(r0) write$cgroup_subtree(r1, 0x0, 0x0) 10:35:27 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e5e, @dev}, 0x10) r1 = dup(r0) write$cgroup_subtree(r1, 0x0, 0xe) 10:35:27 executing program 4: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @random="3f42c22d165c", @val, {@ipv6}}, 0x0) 10:35:27 executing program 3: 10:35:27 executing program 2: [ 201.102198][ T2572] Bluetooth: hci5: command 0x041b tx timeout [ 201.421913][ T8062] Bluetooth: hci2: command 0x0419 tx timeout 10:35:28 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:28 executing program 1: 10:35:28 executing program 3: 10:35:28 executing program 2: 10:35:28 executing program 4: 10:35:28 executing program 5: 10:35:28 executing program 3: 10:35:28 executing program 5: 10:35:28 executing program 1: 10:35:28 executing program 2: 10:35:28 executing program 4: 10:35:28 executing program 3: [ 201.765191][ T27] audit: type=1800 audit(1596364528.326:16): pid=8442 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15828 res=0 10:35:28 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:28 executing program 5: 10:35:28 executing program 4: 10:35:28 executing program 2: 10:35:28 executing program 1: 10:35:28 executing program 3: 10:35:28 executing program 2: 10:35:29 executing program 1: [ 202.382117][ T8062] Bluetooth: hci3: command 0x040f tx timeout 10:35:29 executing program 5: 10:35:29 executing program 4: 10:35:29 executing program 3: 10:35:29 executing program 1: [ 202.557036][ T27] audit: type=1800 audit(1596364529.106:17): pid=8462 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15819 res=0 10:35:29 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) ftruncate(r3, 0x208200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:29 executing program 4: 10:35:29 executing program 5: 10:35:29 executing program 2: 10:35:29 executing program 3: [ 202.621790][ T2572] Bluetooth: hci4: command 0x040f tx timeout 10:35:29 executing program 1: 10:35:29 executing program 5: 10:35:29 executing program 4: 10:35:29 executing program 2: [ 202.785180][ T27] audit: type=1800 audit(1596364529.336:18): pid=8476 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15812 res=0 10:35:29 executing program 3: 10:35:29 executing program 1: 10:35:29 executing program 4: 10:35:29 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:29 executing program 2: 10:35:29 executing program 5: 10:35:29 executing program 3: 10:35:29 executing program 1: 10:35:29 executing program 4: 10:35:29 executing program 5: 10:35:29 executing program 2: [ 203.181840][ T8062] Bluetooth: hci5: command 0x040f tx timeout 10:35:29 executing program 1: 10:35:29 executing program 3: 10:35:29 executing program 4: 10:35:29 executing program 5: [ 203.375057][ T27] audit: type=1800 audit(1596364529.926:19): pid=8492 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15824 res=0 10:35:30 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:30 executing program 1: 10:35:30 executing program 2: 10:35:30 executing program 5: 10:35:30 executing program 4: 10:35:30 executing program 3: 10:35:30 executing program 2: 10:35:30 executing program 1: 10:35:30 executing program 5: 10:35:30 executing program 4: 10:35:30 executing program 3: [ 203.675891][ T27] audit: type=1800 audit(1596364530.216:20): pid=8507 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15802 res=0 10:35:30 executing program 2: 10:35:30 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$CHAR_RAW_ZEROOUT(r3, 0x127f, &(0x7f0000000140)) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:30 executing program 5: 10:35:30 executing program 1: 10:35:30 executing program 4: 10:35:30 executing program 3: 10:35:30 executing program 2: 10:35:30 executing program 5: 10:35:30 executing program 1: 10:35:30 executing program 4: 10:35:30 executing program 5: 10:35:30 executing program 3: [ 204.045809][ T27] audit: type=1800 audit(1596364530.596:21): pid=8520 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15837 res=0 10:35:30 executing program 2: 10:35:30 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:30 executing program 4: 10:35:30 executing program 1: 10:35:30 executing program 3: 10:35:30 executing program 2: 10:35:30 executing program 5: 10:35:30 executing program 4: 10:35:30 executing program 1: [ 204.339150][ T27] audit: type=1800 audit(1596364530.886:22): pid=8534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15842 res=0 10:35:30 executing program 2: 10:35:30 executing program 3: 10:35:31 executing program 1: 10:35:31 executing program 4: [ 204.461924][ T8062] Bluetooth: hci3: command 0x0419 tx timeout [ 204.701728][ T38] Bluetooth: hci4: command 0x0419 tx timeout 10:35:31 executing program 1: 10:35:31 executing program 5: 10:35:31 executing program 2: 10:35:31 executing program 3: 10:35:31 executing program 4: 10:35:31 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:31 executing program 4: syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_resolv_list_size}}, 0x8) 10:35:31 executing program 2: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e07000320"], 0xa) 10:35:31 executing program 3: 10:35:31 executing program 1: 10:35:31 executing program 5: [ 205.268534][ T8062] Bluetooth: hci5: command 0x0419 tx timeout [ 205.311210][ T27] audit: type=1800 audit(1596364531.856:23): pid=8556 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15820 res=0 10:35:31 executing program 5: 10:35:31 executing program 4: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_read_resolv_list_size={{}, {0x5}}}}, 0x8) 10:35:31 executing program 3: syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x5}, {0x1, [{0xc8, 0x9}]}}}, 0x8) 10:35:31 executing program 2: syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, "eb9f754a5c5c3e98ee4e67ca92e37c13095425a674a9f8fe40cca63f185308c4f414d51ccc203530a27c412b84c7255dfb511764b4fd2b1d465d5be8b93214a5c38ec75c6d278f9c2d655e45f5a0aa48cd7d4e421ca3375d4aa10185d19f244f99379b64fdc9a50e5062dac6501c3dadc6418d4ab108f202cbea7b99a04fd732e1afd30b4238aeba9b1c2ab6b58279e42d4668da324ddf4f1516108e68727cbc63750a7badf81054d4df3a47f932cce38455c8f2cdd2e50e6086a6ea2c1cf63b86cbb73db2b00da3246f73895f99dd1eb5cf5f95dcc0ae13795ca4347f38089f2c"}, 0xe2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x20}, @l2cap_cid_le_signaling={{0x1c}, [@l2cap_disconn_rsp={{0x7, 0x3f, 0x4}, {0x2, 0x4}}, @l2cap_disconn_rsp={{0x7, 0x8, 0x4}, {0x7ff, 0x69}}, @l2cap_ecred_conn_req={{0x17, 0xff, 0x8}, {0x3a4c, 0x401, 0x6, 0x7}}]}}, 0x25) syz_emit_vhci(&(0x7f0000000c80)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_le_read_supported_states={{0x7}, {0xc4, "b30fa781c2b3020e"}}}}, 0xf) 10:35:31 executing program 0: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) r1 = socket$inet6(0xa, 0x3, 0xff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = open(&(0x7f0000000180)='./bus\x00', 0x11250c2, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r3, 0x208200) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4) sendfile(r0, r2, 0x0, 0x8000fffffffe) 10:35:32 executing program 1: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_inq_rsp_tx_power={{0x7}, {0x6, 0x2c}}}}, 0x8) syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, "9e2ba7d23041232a917dce09072a1eb509d08decaa67f2da4aa8e0b032ae6cd0228774dfca4c9f7585e00740c71b8435b530517f219414b561a77ccc5552d5b7679584f111bf2e191db324e7093078792797042c2bd41f3f614e0037bb0db6fdb9a498e8d2999b3e5e64fa0a06af0874c40d638a9a45a7b1e97d28e07b29b521282c7fdecde486422607b4c21b5f13c144b86937cdccc38a13a7c0f41c4a6b7e9edb96ecbd975c846d3da945d1ba58ee339f1561f18a1bce04ca7331494478cf68276b327d33e0ae91217b5fa20b26cd"}, 0xd1) 10:35:32 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_tx_power={{}, {0xb5}}}}, 0xa) 10:35:32 executing program 5: syz_emit_vhci(&(0x7f0000001840)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xff}, {0x1, [{@any, 0x0, 0x0, "f83d30", 0x0, 0x0, "0b8051951da9c24d044e6761e7d59fe41508db3f5d8c0b30254e573c297fc83135b5952341839f7c00cb01d27599551728c43f07f42d0109ba5f2773fae73a2aab6db4ec1858a8e9221f8d3ac8791bae02caf5805abac0a3ff0a7500287e1c9b923893ba125ba043d42a6a389474717df1c060595649123bcbed1cad06156bf06deaa9bae99da25ebd404202ab2fe4226d74ce1a07c60e9179306a7f4fc1e83498ccfb760dda55149f6a2d5d4dbb56689c7de64e30928cfba2d2db47f5bd702f3c30c8c1f9881f606ce19df2ddf783cc80aadd66349fd07c71660e4439cf8b082ed8a5d0a9227f7f33dff05a823efda6"}]}}}, 0x102) [ 205.530193][ T8114] Bluetooth: hci2: SCO packet for unknown connection handle 4075 [ 205.538731][ T8114] Bluetooth: hci2: SCO packet for unknown connection handle 4075 10:35:32 executing program 2: syz_emit_vhci(&(0x7f0000003dc0)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x4}}}, 0x6) [ 205.576433][ T27] audit: type=1800 audit(1596364532.106:24): pid=8574 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15855 res=0 [ 205.615727][ T8114] Bluetooth: hci1: SCO packet for unknown connection handle 2974 10:35:32 executing program 4: syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0430035ec8"], 0x6) 10:35:32 executing program 1: syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}}}, 0x7) syz_emit_vhci(&(0x7f0000000700)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}}}, 0x6) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_phy_link_complete={{0x40, 0x2}}}, 0x5) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="e4c216e5b112c68fcd35db4064ebc75876"], 0xe) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0xc0, @any, "b18e32e380ba39c42805ffd0b06da32e32dbe706a37f488c23ed583fdcb906d4145709fecd55c40518d0c1b83aaf0f017d6a726a0a53363f044e34459ea05907f07ec66e98eb7e8f9044020d12558fc92dd39c774e1b6c8aae742e25b8358d8468e43b87ef57eeac88419bd782967a6aac888284c4a242f67f34eb599ae0c810bd726fb9c36d8d7307c8926d43584353d87a03c6e6e9f288acc40e99bb01c6ab26964b2ad67a4d51d38d3856aaf05ed6c18da854b21ebca6133aee95ef58e54c6b2907b344dcb391993ff4a69a7a56f5dc1db28f644863c5585907d86077474cb908231a64e9f84484adaf068b293c368e550ce1ed760056"}}}, 0x102) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) [ 205.795773][ T8114] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN [ 205.807514][ T8114] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 205.815929][ T8114] CPU: 1 PID: 8114 Comm: kworker/u5:1 Not tainted 5.8.0-rc7-syzkaller #0 [ 205.824328][ T8114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.834391][ T8114] Workqueue: hci1 hci_rx_work [ 205.839077][ T8114] RIP: 0010:hci_phy_link_complete_evt.isra.0+0x23e/0x790 [ 205.846098][ T8114] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3e 05 00 00 48 8b 9d 30 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 205.865699][ T8114] RSP: 0018:ffffc90016c7fa38 EFLAGS: 00010202 [ 205.871761][ T8114] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff871af0e3 [ 205.879732][ T8114] RDX: 0000000000000002 RSI: ffffffff871af0f0 RDI: 0000000000000010 [ 205.887701][ T8114] RBP: ffff8880a2e7c000 R08: 0000000000000001 R09: ffff88809106abc8 [ 205.895672][ T8114] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 205.903647][ T8114] R13: ffff8880923b5110 R14: ffff8880a2b2940b R15: 00000000000000c8 [ 205.911622][ T8114] FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 205.920555][ T8114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 205.927132][ T8114] CR2: 0000000000768000 CR3: 000000008a01a000 CR4: 00000000001406e0 [ 205.935104][ T8114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 205.943069][ T8114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 205.951031][ T8114] Call Trace: [ 205.954325][ T8114] hci_event_packet+0x481a/0x86f5 [ 205.959353][ T8114] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 205.965329][ T8114] ? __lock_acquire+0x16e3/0x56e0 [ 205.970353][ T8114] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 205.975901][ T8114] ? lock_acquire+0x1f1/0xad0 [ 205.980576][ T8114] ? skb_dequeue+0x1c/0x180 [ 205.985074][ T8114] ? find_held_lock+0x2d/0x110 [ 205.989840][ T8114] ? mark_lock+0xbc/0x1710 [ 205.994258][ T8114] ? mark_held_locks+0x9f/0xe0 [ 205.999021][ T8114] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 206.004827][ T8114] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 206.010804][ T8114] ? trace_hardirqs_on+0x5f/0x220 [ 206.015825][ T8114] ? lockdep_hardirqs_on+0x6a/0xe0 [ 206.020940][ T8114] hci_rx_work+0x22e/0xb10 [ 206.025360][ T8114] process_one_work+0x94c/0x1670 [ 206.030301][ T8114] ? lock_release+0x8d0/0x8d0 [ 206.034976][ T8114] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 206.040344][ T8114] ? rwlock_bug.part.0+0x90/0x90 10:35:32 executing program 3: syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_si_security={{0x2, 0x7}, {0x1}}}, 0xa) [ 206.045281][ T8114] ? lockdep_hardirqs_off+0x66/0xa0 [ 206.050479][ T8114] worker_thread+0x64c/0x1120 [ 206.055160][ T8114] ? process_one_work+0x1670/0x1670 [ 206.060354][ T8114] kthread+0x3b5/0x4a0 [ 206.064421][ T8114] ? __kthread_bind_mask+0xc0/0xc0 [ 206.069530][ T8114] ? __kthread_bind_mask+0xc0/0xc0 [ 206.074647][ T8114] ret_from_fork+0x1f/0x30 [ 206.079054][ T8114] Modules linked in: 10:35:32 executing program 5: syz_emit_vhci(&(0x7f0000000440)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_conf_rsp={{0x5, 0x6, 0x6}}, @l2cap_disconn_req={{0x6, 0x8, 0x4}}]}}, 0x1b) 10:35:32 executing program 4: syz_emit_vhci(&(0x7f0000001640)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_remote_feat_complete={{}, {0x0, 0xc8, "38fae405aa636a27"}}}}, 0xf) syz_emit_vhci(&(0x7f0000002c40)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_request={{0x31, 0x6}}}, 0x9) [ 206.095792][ T8114] ---[ end trace f3eb6afb00b35faa ]--- [ 206.101393][ T8114] RIP: 0010:hci_phy_link_complete_evt.isra.0+0x23e/0x790 [ 206.108625][ T8114] Code: 48 c1 ea 03 80 3c 02 00 0f 85 3e 05 00 00 48 8b 9d 30 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 da 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 206.128404][ T8114] RSP: 0018:ffffc90016c7fa38 EFLAGS: 00010202 [ 206.134852][ T8114] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff871af0e3 [ 206.152732][ T8114] RDX: 0000000000000002 RSI: ffffffff871af0f0 RDI: 0000000000000010 [ 206.160778][ T8114] RBP: ffff8880a2e7c000 R08: 0000000000000001 R09: ffff88809106abc8 [ 206.168847][ T8114] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 206.176946][ T8114] R13: ffff8880923b5110 R14: ffff8880a2b2940b R15: 00000000000000c8 [ 206.184989][ T8114] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 206.193991][ T8114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 206.200612][ T8114] CR2: 00007f259a8bf018 CR3: 00000000a7168000 CR4: 00000000001406f0 [ 206.211611][ T8114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 206.219640][ T8114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 206.230606][ T8114] Kernel panic - not syncing: Fatal exception [ 206.237966][ T8114] Kernel Offset: disabled [ 206.242301][ T8114] Rebooting in 86400 seconds..