[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. 2020/05/28 04:50:13 fuzzer started 2020/05/28 04:50:14 dialing manager at 10.128.0.26:41905 2020/05/28 04:50:14 syscalls: 3055 2020/05/28 04:50:14 code coverage: enabled 2020/05/28 04:50:14 comparison tracing: enabled 2020/05/28 04:50:14 extra coverage: enabled 2020/05/28 04:50:14 setuid sandbox: enabled 2020/05/28 04:50:14 namespace sandbox: enabled 2020/05/28 04:50:14 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/28 04:50:14 fault injection: enabled 2020/05/28 04:50:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/28 04:50:14 net packet injection: enabled 2020/05/28 04:50:14 net device setup: enabled 2020/05/28 04:50:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/28 04:50:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/28 04:50:14 USB emulation: enabled 04:51:33 executing program 0: syzkaller login: [ 144.563512][ T6821] IPVS: ftp: loaded support on port[0] = 21 04:51:34 executing program 1: [ 144.740987][ T6821] chnl_net:caif_netlink_parms(): no params data found [ 144.910711][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.918541][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.931139][ T6935] IPVS: ftp: loaded support on port[0] = 21 [ 144.941400][ T6821] device bridge_slave_0 entered promiscuous mode [ 144.963671][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.971384][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.981885][ T6821] device bridge_slave_1 entered promiscuous mode [ 145.024703][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.037243][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 04:51:34 executing program 2: [ 145.106581][ T6821] team0: Port device team_slave_0 added [ 145.144037][ T6821] team0: Port device team_slave_1 added [ 145.272010][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 145.279422][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.330386][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 145.381756][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 145.388723][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 145.416664][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.434372][ T6935] chnl_net:caif_netlink_parms(): no params data found [ 145.442722][ T7006] IPVS: ftp: loaded support on port[0] = 21 04:51:34 executing program 3: [ 145.575517][ T6821] device hsr_slave_0 entered promiscuous mode [ 145.649383][ T6821] device hsr_slave_1 entered promiscuous mode [ 145.836332][ T7104] IPVS: ftp: loaded support on port[0] = 21 04:51:35 executing program 4: [ 145.880502][ T6935] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.888499][ T6935] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.904232][ T6935] device bridge_slave_0 entered promiscuous mode [ 145.951338][ T6935] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.958527][ T6935] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.981459][ T6935] device bridge_slave_1 entered promiscuous mode [ 146.116476][ T6935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.153989][ T6935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.289990][ T7006] chnl_net:caif_netlink_parms(): no params data found [ 146.321992][ T6935] team0: Port device team_slave_0 added 04:51:35 executing program 5: [ 146.377754][ T6935] team0: Port device team_slave_1 added [ 146.485102][ T7306] IPVS: ftp: loaded support on port[0] = 21 [ 146.543286][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.556191][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.587007][ T6935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.627254][ T6821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.672736][ T7006] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.680244][ T7006] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.688046][ T7006] device bridge_slave_0 entered promiscuous mode [ 146.704030][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.711140][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.738501][ T6935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.757900][ T6821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 146.801095][ T7006] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.808490][ T7006] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.819339][ T7006] device bridge_slave_1 entered promiscuous mode [ 146.843167][ T7379] IPVS: ftp: loaded support on port[0] = 21 [ 146.847708][ T6821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 146.913571][ T6821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 146.983118][ T7104] chnl_net:caif_netlink_parms(): no params data found [ 147.040840][ T7006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.081189][ T6935] device hsr_slave_0 entered promiscuous mode [ 147.129226][ T6935] device hsr_slave_1 entered promiscuous mode [ 147.168980][ T6935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 147.176864][ T6935] Cannot create hsr debugfs directory [ 147.223136][ T7006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.337153][ T7006] team0: Port device team_slave_0 added [ 147.361184][ T7104] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.368332][ T7104] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.384646][ T7104] device bridge_slave_0 entered promiscuous mode [ 147.395973][ T7104] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.404340][ T7104] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.412741][ T7104] device bridge_slave_1 entered promiscuous mode [ 147.430872][ T7006] team0: Port device team_slave_1 added [ 147.529539][ T7104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.580998][ T7104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.596390][ T7006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.606895][ T7006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.633667][ T7006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.683221][ T7006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.691986][ T7006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.719100][ T7006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.731207][ T7306] chnl_net:caif_netlink_parms(): no params data found [ 147.766703][ T7104] team0: Port device team_slave_0 added [ 147.776120][ T7104] team0: Port device team_slave_1 added [ 147.934266][ T7006] device hsr_slave_0 entered promiscuous mode [ 147.979470][ T7006] device hsr_slave_1 entered promiscuous mode [ 148.038731][ T7006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.046319][ T7006] Cannot create hsr debugfs directory [ 148.055430][ T7104] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.063008][ T7104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.089049][ T7104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.106213][ T7104] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.113975][ T7104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.141147][ T7104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.159966][ T6935] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 148.241868][ T6935] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 148.315956][ T6935] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 148.398071][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.405705][ T7379] chnl_net:caif_netlink_parms(): no params data found [ 148.417138][ T6935] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 148.509242][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.516322][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.525523][ T7306] device bridge_slave_0 entered promiscuous mode [ 148.534497][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.542075][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.551229][ T7306] device bridge_slave_1 entered promiscuous mode [ 148.613340][ T7104] device hsr_slave_0 entered promiscuous mode [ 148.659047][ T7104] device hsr_slave_1 entered promiscuous mode [ 148.708680][ T7104] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.716299][ T7104] Cannot create hsr debugfs directory [ 148.822750][ T7306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.838188][ T6821] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.848353][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.858701][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.903387][ T7306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.948007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.962219][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.972994][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.980304][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.996690][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 149.024956][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.033571][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.043545][ T7379] device bridge_slave_0 entered promiscuous mode [ 149.054424][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.063665][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.073182][ T7379] device bridge_slave_1 entered promiscuous mode [ 149.092478][ T7306] team0: Port device team_slave_0 added [ 149.104065][ T7306] team0: Port device team_slave_1 added [ 149.128734][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.137451][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.160142][ T2592] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.167223][ T2592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.215393][ T7306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.225044][ T7306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.259800][ T7306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.282844][ T7379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.300552][ T7379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.324756][ T7306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.332908][ T7306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.360613][ T7306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.388216][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 149.461040][ T7379] team0: Port device team_slave_0 added [ 149.475580][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 149.484363][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 149.495066][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.504300][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.514350][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.553157][ T7379] team0: Port device team_slave_1 added [ 149.584213][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.592679][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.604447][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.673028][ T7306] device hsr_slave_0 entered promiscuous mode [ 149.718994][ T7306] device hsr_slave_1 entered promiscuous mode [ 149.758497][ T7306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.766098][ T7306] Cannot create hsr debugfs directory [ 149.786121][ T7006] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 149.842192][ T7006] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 149.906994][ T7006] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 149.982921][ T7379] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.990143][ T7379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.016957][ T7379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.041270][ T7379] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.048244][ T7379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.075104][ T7379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.101248][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 150.110670][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 150.120057][ T7006] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 150.177661][ T6935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.207584][ T6821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 150.260616][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 150.269690][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 150.287412][ T7104] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 150.321988][ T7104] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 150.390792][ T7104] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 150.466649][ T6935] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.521294][ T7379] device hsr_slave_0 entered promiscuous mode [ 150.548992][ T7379] device hsr_slave_1 entered promiscuous mode [ 150.598708][ T7379] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.606497][ T7379] Cannot create hsr debugfs directory [ 150.613651][ T7104] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 150.699907][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 150.712061][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 150.723488][ T2587] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.731311][ T2587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.741515][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.822232][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 150.832204][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 150.841714][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.849012][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.856762][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 150.866002][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 150.874248][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 150.931478][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.943370][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.008044][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.020396][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 151.029399][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 151.037891][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 151.112744][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 151.121904][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 151.131310][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 151.140384][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 151.150714][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 151.159784][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 151.168653][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 151.181935][ T6935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 151.212603][ T7306] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 151.302249][ T7306] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 151.351823][ T7306] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 151.422289][ T7306] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 151.514793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 151.522579][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 151.535231][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 151.543939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 151.560260][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.571260][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 151.579731][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 151.591109][ T7006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.601248][ T6821] device veth0_vlan entered promiscuous mode [ 151.623337][ T7006] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.670298][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.678102][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.700203][ T6821] device veth1_vlan entered promiscuous mode [ 151.752369][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 151.762237][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.773564][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.782668][ T2587] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.790669][ T2587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.835520][ T7379] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 151.870189][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 151.879106][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.887148][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.896484][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.905541][ T2474] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.912658][ T2474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.921322][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 151.930417][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 151.951181][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.960977][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.976404][ T7104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.984489][ T7379] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 152.057591][ T6821] device veth0_macvtap entered promiscuous mode [ 152.076980][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.087925][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.097883][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.107862][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.117547][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 152.126945][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.136068][ T7379] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 152.184224][ T7379] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 152.259477][ T6821] device veth1_macvtap entered promiscuous mode [ 152.280062][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.288743][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 152.296839][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 152.305479][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 152.315613][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 152.333375][ T7006] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.346696][ T7006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.385733][ T6935] device veth0_vlan entered promiscuous mode [ 152.397630][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 152.406099][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 152.415594][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.425113][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.435000][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.444623][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.465562][ T7104] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.490512][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.504397][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 152.514266][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.522982][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.531583][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 152.540524][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 152.554171][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.563861][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.572904][ T2587] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.580038][ T2587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.592013][ T6935] device veth1_vlan entered promiscuous mode [ 152.609448][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.636601][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.645798][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 152.656400][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 152.671390][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 152.680688][ T2474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 152.717483][ T7306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.732428][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 152.745311][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.754755][ T2568] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.761884][ T2568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.770049][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 152.781538][ T7006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.873465][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 152.940255][ T7306] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.959812][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.970787][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.982276][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.990847][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.000535][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.009794][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.018715][ T2592] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.025775][ T2592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.034466][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.043843][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.168378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.177826][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.196835][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.207638][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.225334][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.232519][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.248932][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.266226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 04:51:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') close(0xffffffffffffffff) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil}) [ 153.276155][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.293817][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.318971][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.353919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.373710][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.420312][ C1] hrtimer: interrupt took 47550 ns [ 153.436811][ T6935] device veth0_macvtap entered promiscuous mode [ 153.470696][ T7104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.520007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.538884][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.565375][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.586618][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 153.605381][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.639979][ T7379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.650546][ T6935] device veth1_macvtap entered promiscuous mode [ 153.682904][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.697837][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 153.717817][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.735623][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.740147][ T8079] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 153.745590][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.775741][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.820502][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.847333][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.896641][ T7306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 153.942678][ T7306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.986161][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.995412][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.013838][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.037851][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 04:51:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') close(0xffffffffffffffff) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil}) [ 154.080678][ T7379] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.089525][ T7006] device veth0_vlan entered promiscuous mode [ 154.126860][ T7104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.228336][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 154.235938][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 154.271376][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 154.280248][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.300772][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 154.328003][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.341375][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.356402][ T7006] device veth1_vlan entered promiscuous mode [ 154.399662][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 154.407879][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.427410][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.437829][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.445106][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.454008][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.463774][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.473192][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.480381][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.489252][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.499824][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.510000][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 154.517841][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 154.525993][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.535681][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.551556][ T6935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 154.563736][ T6935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.584455][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.633032][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 154.641684][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.691277][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 154.700827][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.710459][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 154.720760][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 154.731303][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 154.759924][ T7306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.822052][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.842931][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.878913][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 154.939182][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 154.996720][ T7006] device veth0_macvtap entered promiscuous mode [ 155.109724][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.120731][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.136846][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 155.152227][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 155.170784][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 155.186594][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 155.197668][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.214460][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.230278][ T7006] device veth1_macvtap entered promiscuous mode [ 155.252038][ T7104] device veth0_vlan entered promiscuous mode [ 155.323481][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 155.341514][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 155.357337][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 155.368855][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 155.446353][ T7379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 155.503544][ T7104] device veth1_vlan entered promiscuous mode [ 155.531467][ T7006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 155.588210][ T7006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.620065][ T7006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 04:51:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') close(0xffffffffffffffff) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil}) [ 155.670208][ T7006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.718352][ T7006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.749669][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 155.768067][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 155.807659][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 155.858997][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 155.907297][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 156.043977][ T7006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 156.111578][ T7006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.150704][ T7006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 156.209122][ T7006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.268848][ T7006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.343597][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 156.363003][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.396265][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.428243][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.456084][ T7306] device veth0_vlan entered promiscuous mode 04:51:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 156.512522][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 156.531126][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.563369][ T7379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.588505][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.601161][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.746739][ T7306] device veth1_vlan entered promiscuous mode 04:51:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 156.827963][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 156.862495][ T7104] device veth0_macvtap entered promiscuous mode [ 156.910879][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 156.932788][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.004748][ T7104] device veth1_macvtap entered promiscuous mode 04:51:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x4}}]}, 0x30}}, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(0x0) 04:51:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 157.052389][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.079598][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.138997][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 157.163759][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.209028][ T7306] device veth0_macvtap entered promiscuous mode [ 157.265555][ T8136] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 157.317656][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 04:51:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 157.366737][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.432799][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 157.493262][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.543994][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 04:51:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 157.607908][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.638566][ T7104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.658925][ T7306] device veth1_macvtap entered promiscuous mode [ 157.682662][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.710557][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.728235][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.743295][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.755265][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 157.771008][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.783943][ T8141] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 157.847922][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 157.884951][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.920828][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 157.948193][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.961599][ T7104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 157.974426][ T7104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.995597][ T7104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.022010][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.040035][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.060020][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 158.078599][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.095776][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 158.108233][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.121568][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 158.133289][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.144082][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 158.155869][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.169632][ T7306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.188151][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 158.197044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.221015][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 158.230815][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 158.246544][ T7379] device veth0_vlan entered promiscuous mode [ 158.258439][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 158.266447][ T2592] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 158.283393][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 158.302941][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.324571][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 158.378554][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.397714][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 158.411672][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.423125][ T7306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 158.435586][ T7306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.451243][ T7306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.470131][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.499529][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.586925][ T7379] device veth1_vlan entered promiscuous mode 04:51:48 executing program 3: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46802) io_setup(0x2e, &(0x7f0000000400)=0x0) io_submit(r1, 0x45, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$P9_RREMOVE(r2, &(0x7f0000000280)={0xfffffffffffffcd2}, 0xff7f) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000200)={0x100002, r2}) [ 158.900855][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 158.934689][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready 04:51:48 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) [ 158.965537][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 158.989621][ T8074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 159.009401][ T7379] device veth0_macvtap entered promiscuous mode [ 159.029258][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 159.073526][ T7379] device veth1_macvtap entered promiscuous mode [ 159.112399][ T29] audit: type=1800 audit(1590641508.439:2): pid=8177 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=15771 res=0 [ 159.151149][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 159.162194][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.173798][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 159.194019][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.206036][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 159.218562][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.229406][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 159.240791][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.253027][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 159.264402][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.277454][ T7379] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.289416][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.318885][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 159.362069][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 159.373956][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.392398][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 159.403818][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.414740][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 159.426254][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.437024][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 159.448591][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.461461][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 159.473134][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.487008][ T7379] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.499049][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.510216][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 04:51:49 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x100000, 0x0) mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xf080, 0x0) mount(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x80000, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x2) 04:51:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:49 executing program 2: io_submit(0x0, 0x0, &(0x7f0000000540)) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) open(0x0, 0x141042, 0x0) fdatasync(r0) 04:51:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') close(0xffffffffffffffff) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x21000000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000d3c000/0x2000)=nil}) 04:51:49 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:49 executing program 3: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000005, 0x4000ae172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0xe000, 0x3, &(0x7f0000ff2000/0xe000)=nil) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffd000/0x2000)=nil) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 04:51:49 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 04:51:49 executing program 3: sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) write(r0, &(0x7f0000000000)="b6", 0xfffffe7e) msgget$private(0x0, 0x0) 04:51:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000006040)=[{{0x0, 0x0, 0x0}, 0xc}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000006c0)={0x0, 0xed1, 0x5, 0x1f, 0x5, [{0x0, 0x8, 0x0, [], 0x1000}, {0x2bda, 0x400, 0x2, [], 0x903}, {0x8, 0x400, 0x400, [], 0x1000}, {0x80000001, 0x6, 0xb7af, [], 0x600}, {0x996, 0xffff, 0xffffffffffff0001, [], 0x2000}]}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fuse\x00', 0x2, 0x0) write$P9_RLOCK(r3, &(0x7f0000000100)={0x8, 0x35, 0x2, 0x1}, 0x8) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, 0x0, 0x8044) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004) [ 160.195912][ T8215] fuse: Bad value for 'fd' 04:51:49 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:49 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:49 executing program 4: signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:49 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:52 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) getpid() pipe(&(0x7f0000000100)) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) msgget$private(0x0, 0x0) syz_open_dev$evdev(&(0x7f000004a000)='/dev/input/event#\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000480)='./file0\x00', 0xe000, 0x2, &(0x7f0000000380)=[{&(0x7f00000000c0)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}, {0x0}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x0) 04:51:52 executing program 4: signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:52 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(r1, &(0x7f00000001c0)=""/31, 0xfffffffffffffe3c, 0x0, &(0x7f0000001880), 0x17c) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f00000000c0), 0xfffffdda, 0x4000000, 0x0, 0x30) 04:51:52 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="ebe7f68fdb66732e666134000204015b66000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="a0e9120f0004"], 0x17) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000280)='./bus\x00') sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) creat(&(0x7f0000000780)='./file0\x00', 0x51) socket$alg(0x26, 0x5, 0x0) 04:51:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000480)=ANY=[], 0x4b) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) memfd_create(0x0, 0x0) 04:51:52 executing program 4: signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:52 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 162.869985][ T8263] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 162.895091][ T8262] FAT-fs (loop5): bogus number of FAT sectors [ 162.941040][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 162.965495][ T8262] FAT-fs (loop5): Can't find a valid FAT filesystem [ 162.995362][ T8270] FAT-fs (loop1): bogus number of FAT sectors [ 163.032786][ T8270] FAT-fs (loop1): Can't find a valid FAT filesystem 04:51:52 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 04:51:52 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200)}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x4b) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@initdev, @in6}}, {{@in6=@loopback}}}, &(0x7f0000000000)=0xe8) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'ah\x00'}, &(0x7f0000000240)=0x1e) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x0, @private0}, &(0x7f00000003c0)=0x1c) r1 = memfd_create(&(0x7f00000001c0)='\xbb\x06\x00\xef\xff\xf7\x110xffffffffffffffff}) r1 = socket$inet(0x2, 0x80001, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x4a, &(0x7f0000000a00)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0cfdff", 0x14, 0x6, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) [ 163.654592][ T8262] FAT-fs (loop5): bogus number of FAT sectors [ 163.663427][ T8262] FAT-fs (loop5): Can't find a valid FAT filesystem [ 163.674927][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 163.747610][ T29] audit: type=1804 audit(1590641513.070:3): pid=8309 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir595014998/syzkaller.AWco66/3/file0/file0" dev="sda1" ino=15813 res=1 04:51:53 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="ebe7f68fdb66732e666134000204015b66000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="a0e9120f0004"], 0x17) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000280)='./bus\x00') sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) creat(&(0x7f0000000780)='./file0\x00', 0x51) socket$alg(0x26, 0x5, 0x0) 04:51:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:53 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) 04:51:53 executing program 3: prlimit64(0x0, 0x0, &(0x7f0000000240), 0x0) getpid() socket$inet6(0xa, 0x0, 0x0) pipe(0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 163.893419][ T8301] FAT-fs (loop1): bogus number of FAT sectors [ 163.905906][ T8315] syz-executor.2 (8315) used greatest stack depth: 22232 bytes left [ 163.909148][ T8301] FAT-fs (loop1): Can't find a valid FAT filesystem [ 163.924639][ T29] audit: type=1804 audit(1590641513.260:4): pid=8301 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir018534065/syzkaller.cGwOfc/4/file0/file0" dev="sda1" ino=15799 res=1 04:51:53 executing program 1: 04:51:53 executing program 2: 04:51:53 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) 04:51:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) [ 164.055732][ T8330] FAT-fs (loop5): bogus number of FAT sectors 04:51:53 executing program 4: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x4000ae172, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) [ 164.098857][ T8330] FAT-fs (loop5): Can't find a valid FAT filesystem 04:51:53 executing program 4: 04:51:53 executing program 3: 04:51:53 executing program 2: 04:51:54 executing program 5: 04:51:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:54 executing program 1: 04:51:54 executing program 3: 04:51:54 executing program 4: 04:51:54 executing program 2: 04:51:54 executing program 3: 04:51:54 executing program 4: 04:51:54 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000500)='+\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x0) write$binfmt_misc(r2, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r1, r2, &(0x7f0000000000), 0xffff) r3 = socket$packet(0x11, 0x3, 0x300) r4 = dup3(r3, r2, 0x0) dup3(r4, r0, 0x0) 04:51:54 executing program 1: 04:51:54 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:54 executing program 5: 04:51:54 executing program 3: 04:51:54 executing program 4: 04:51:54 executing program 1: 04:51:54 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:54 executing program 2: 04:51:54 executing program 3: 04:51:54 executing program 5: 04:51:54 executing program 4: 04:51:54 executing program 1: 04:51:54 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:54 executing program 3: 04:51:54 executing program 2: 04:51:54 executing program 5: 04:51:54 executing program 4: 04:51:54 executing program 1: 04:51:54 executing program 2: 04:51:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:54 executing program 5: 04:51:54 executing program 3: 04:51:55 executing program 4: 04:51:55 executing program 1: 04:51:55 executing program 2: 04:51:55 executing program 5: 04:51:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:55 executing program 3: 04:51:55 executing program 1: 04:51:55 executing program 4: 04:51:55 executing program 5: 04:51:55 executing program 2: 04:51:55 executing program 4: 04:51:55 executing program 3: 04:51:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:55 executing program 1: 04:51:55 executing program 2: 04:51:55 executing program 5: 04:51:55 executing program 3: 04:51:55 executing program 4: 04:51:55 executing program 5: 04:51:55 executing program 2: 04:51:55 executing program 1: 04:51:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:55 executing program 4: 04:51:55 executing program 3: 04:51:55 executing program 2: 04:51:55 executing program 5: 04:51:55 executing program 1: 04:51:55 executing program 4: 04:51:55 executing program 3: 04:51:55 executing program 2: 04:51:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:55 executing program 5: 04:51:55 executing program 1: 04:51:56 executing program 3: 04:51:56 executing program 4: 04:51:56 executing program 5: 04:51:56 executing program 1: 04:51:56 executing program 2: 04:51:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000001b0001c0"]) 04:51:56 executing program 3: 04:51:56 executing program 5: 04:51:56 executing program 1: 04:51:56 executing program 2: 04:51:56 executing program 4: 04:51:56 executing program 3: 04:51:56 executing program 5: 04:51:56 executing program 1: 04:51:56 executing program 2: 04:51:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, 0x0) 04:51:56 executing program 3: 04:51:56 executing program 5: 04:51:56 executing program 4: 04:51:56 executing program 1: 04:51:56 executing program 2: 04:51:56 executing program 5: 04:51:56 executing program 3: 04:51:56 executing program 5: 04:51:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, 0x0) 04:51:56 executing program 4: 04:51:56 executing program 1: 04:51:56 executing program 2: 04:51:56 executing program 3: [ 167.487460][ T8488] [ 167.489830][ T8488] ============================= [ 167.494689][ T8488] WARNING: suspicious RCU usage [ 167.499545][ T8488] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 167.507705][ T8488] ----------------------------- [ 167.512953][ T8488] kernel/rcu/tree.c:715 RCU dynticks_nesting counter underflow/zero!! [ 167.521154][ T8488] [ 167.521154][ T8488] other info that might help us debug this: [ 167.521154][ T8488] [ 167.531421][ T8488] [ 167.531421][ T8488] RCU used illegally from idle CPU! [ 167.531421][ T8488] rcu_scheduler_active = 2, debug_locks = 1 [ 167.544508][ T8488] RCU used illegally from extended quiescent state! [ 167.551078][ T8488] no locks held by syz-executor.0/8488. [ 167.556599][ T8488] [ 167.556599][ T8488] stack backtrace: [ 167.562477][ T8488] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 167.573469][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.583504][ T8488] Call Trace: [ 167.586786][ T8488] dump_stack+0x18f/0x20d [ 167.591121][ T8488] rcu_irq_exit_preempt+0x1fa/0x250 [ 167.596310][ T8488] idtentry_exit+0x9e/0xc0 [ 167.600710][ T8488] exc_general_protection+0x23d/0x520 [ 167.606152][ T8488] ? exc_bounds+0x1c0/0x1c0 [ 167.610637][ T8488] ? __debug_object_init+0x4ae/0xdd0 [ 167.615919][ T8488] ? allocate_vpid.part.0+0x53/0x90 [ 167.621115][ T8488] asm_exc_general_protection+0x1e/0x30 [ 167.626642][ T8488] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 167.632618][ T8488] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 167.652223][ T8488] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 167.658299][ T8488] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 167.666270][ T8488] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 167.674233][ T8488] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 167.682203][ T8488] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 167.690241][ T8488] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 167.698239][ T8488] vmx_create_vcpu+0x184/0x2b40 [ 167.703083][ T8488] ? vmx_exec_control+0x1f0/0x1f0 [ 167.708095][ T8488] ? memset+0x20/0x40 [ 167.712073][ T8488] kvm_arch_vcpu_create+0x6a8/0xb30 [ 167.717263][ T8488] kvm_vm_ioctl+0x15b7/0x2460 [ 167.721930][ T8488] ? lock_downgrade+0x840/0x840 [ 167.726765][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 167.732394][ T8488] ? tomoyo_path_number_perm+0x238/0x4d0 [ 167.738012][ T8488] ? tomoyo_execute_permission+0x470/0x470 [ 167.743802][ T8488] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 167.749790][ T8488] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 167.755668][ T8488] ? do_vfs_ioctl+0x27d/0x1090 [ 167.760445][ T8488] ? ioctl_file_clone+0x180/0x180 [ 167.765467][ T8488] ? check_preemption_disabled+0x38/0x220 [ 167.771176][ T8488] ? __fget_files+0x299/0x400 [ 167.775874][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 167.781583][ T8488] ksys_ioctl+0x11a/0x180 [ 167.785906][ T8488] __x64_sys_ioctl+0x6f/0xb0 [ 167.790483][ T8488] do_syscall_64+0x60/0xe0 [ 167.794920][ T8488] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 167.803708][ T8488] RIP: 0033:0x45ca29 [ 167.807586][ T8488] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.827179][ T8488] RSP: 002b:00007f906058dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.835587][ T8488] RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29 [ 167.843553][ T8488] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 167.851516][ T8488] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 167.859484][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 167.867447][ T8488] R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007f906058e6d4 [ 167.875427][ T8488] [ 167.877750][ T8488] ============================= [ 167.882595][ T8488] WARNING: suspicious RCU usage [ 167.887441][ T8488] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 167.893947][ T8488] ----------------------------- [ 167.898787][ T8488] kernel/rcu/tree.c:717 RCU in extended quiescent state!! [ 167.905876][ T8488] [ 167.905876][ T8488] other info that might help us debug this: [ 167.905876][ T8488] [ 167.916099][ T8488] [ 167.916099][ T8488] RCU used illegally from idle CPU! [ 167.916099][ T8488] rcu_scheduler_active = 2, debug_locks = 1 [ 167.929175][ T8488] RCU used illegally from extended quiescent state! [ 167.935835][ T8488] no locks held by syz-executor.0/8488. [ 167.941355][ T8488] [ 167.941355][ T8488] stack backtrace: [ 167.947231][ T8488] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 167.957006][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.967041][ T8488] Call Trace: [ 167.970328][ T8488] dump_stack+0x18f/0x20d [ 167.974665][ T8488] idtentry_exit+0x9e/0xc0 [ 167.979080][ T8488] exc_general_protection+0x23d/0x520 [ 167.984443][ T8488] ? exc_bounds+0x1c0/0x1c0 [ 167.988929][ T8488] ? __debug_object_init+0x4ae/0xdd0 [ 167.994211][ T8488] ? allocate_vpid.part.0+0x53/0x90 [ 167.999417][ T8488] asm_exc_general_protection+0x1e/0x30 [ 168.004955][ T8488] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 168.010916][ T8488] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 168.030501][ T8488] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 168.036548][ T8488] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 168.044589][ T8488] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 168.052762][ T8488] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 168.061428][ T8488] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 168.069380][ T8488] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 168.077357][ T8488] vmx_create_vcpu+0x184/0x2b40 [ 168.082201][ T8488] ? vmx_exec_control+0x1f0/0x1f0 [ 168.087217][ T8488] ? memset+0x20/0x40 [ 168.091363][ T8488] kvm_arch_vcpu_create+0x6a8/0xb30 [ 168.096549][ T8488] kvm_vm_ioctl+0x15b7/0x2460 [ 168.101229][ T8488] ? lock_downgrade+0x840/0x840 [ 168.106065][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 168.111695][ T8488] ? tomoyo_path_number_perm+0x238/0x4d0 [ 168.117313][ T8488] ? tomoyo_execute_permission+0x470/0x470 [ 168.123102][ T8488] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 168.129079][ T8488] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 168.134956][ T8488] ? do_vfs_ioctl+0x27d/0x1090 [ 168.139706][ T8488] ? ioctl_file_clone+0x180/0x180 [ 168.144722][ T8488] ? check_preemption_disabled+0x38/0x220 [ 168.150453][ T8488] ? __fget_files+0x299/0x400 [ 168.155133][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 168.160797][ T8488] ksys_ioctl+0x11a/0x180 [ 168.165121][ T8488] __x64_sys_ioctl+0x6f/0xb0 [ 168.169711][ T8488] do_syscall_64+0x60/0xe0 [ 168.174128][ T8488] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.180019][ T8488] RIP: 0033:0x45ca29 [ 168.183897][ T8488] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.203567][ T8488] RSP: 002b:00007f906058dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.211959][ T8488] RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29 [ 168.219909][ T8488] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 168.227968][ T8488] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 168.235919][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 168.243871][ T8488] R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007f906058e6d4 [ 168.251908][ C1] [ 168.251912][ C1] ============================= [ 168.251915][ C1] WARNING: suspicious RCU usage [ 168.251919][ C1] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 168.251923][ C1] ----------------------------- [ 168.251928][ C1] include/linux/rcupdate.h:635 rcu_read_lock() used illegally while idle! [ 168.251930][ C1] 04:51:57 executing program 2: [ 168.251934][ C1] other info that might help us debug this: [ 168.251936][ C1] [ 168.251939][ C1] [ 168.251942][ C1] RCU used illegally from idle CPU! [ 168.251946][ C1] rcu_scheduler_active = 2, debug_locks = 1 [ 168.251951][ C1] RCU used illegally from extended quiescent state! [ 168.251955][ C1] 2 locks held by syz-executor.0/8488: [ 168.251957][ C1] #0: ffffffff899b47b8 (logbuf_lock){-.-.}-{2:2}, at: vprintk_emit+0x11a/0x720 [ 168.251978][ C1] #1: ffffffff899bfd00 (rcu_read_lock){....}-{1:2}, at: __bpf_address_lookup+0x0/0x290 [ 168.251996][ C1] [ 168.251999][ C1] stack backtrace: [ 168.252005][ C1] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 168.252011][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.252013][ C1] Call Trace: [ 168.252016][ C1] dump_stack+0x18f/0x20d [ 168.252020][ C1] __bpf_address_lookup+0x23a/0x290 [ 168.252023][ C1] kallsyms_lookup+0x234/0x2d0 [ 168.252027][ C1] ? widen_string+0xdd/0x2a0 04:51:57 executing program 2: [ 168.252030][ C1] __sprint_symbol+0x9c/0x1c0 [ 168.252033][ C1] ? kallsyms_lookup+0x2d0/0x2d0 [ 168.252036][ C1] ? mark_lock+0x11f/0xdd0 [ 168.252039][ C1] ? string_nocheck+0x1a9/0x220 [ 168.252042][ C1] ? print_usage_bug+0x240/0x240 [ 168.252045][ C1] symbol_string+0x14f/0x200 [ 168.252048][ C1] ? ptr_to_id+0x3e0/0x3e0 [ 168.252052][ C1] ? mark_lock+0x11f/0xdd0 [ 168.252054][ C1] ? widen_string+0xdd/0x2a0 [ 168.252058][ C1] ? set_precision+0x170/0x170 [ 168.252061][ C1] ? print_usage_bug+0x240/0x240 [ 168.252064][ C1] ? string_nocheck+0x1a9/0x220 [ 168.252067][ C1] ? number+0x82a/0xb00 [ 168.252070][ C1] pointer+0x15e/0x7c0 [ 168.252074][ C1] ? file_dentry_name+0x120/0x120 [ 168.252077][ C1] ? hex_string+0x4c0/0x4c0 [ 168.252080][ C1] vsnprintf+0x5ac/0x14f0 [ 168.252082][ C1] ? pointer+0x7c0/0x7c0 [ 168.252086][ C1] ? lock_release+0x800/0x800 [ 168.252089][ C1] ? lock_downgrade+0x840/0x840 [ 168.252093][ C1] vscnprintf+0x29/0x80 [ 168.252096][ C1] vprintk_store+0x40/0x4b0 [ 168.252099][ C1] vprintk_emit+0x139/0x720 [ 168.252102][ C1] vprintk_func+0x8f/0x1a6 [ 168.252105][ C1] ? irq_work_queue+0x2b/0x80 [ 168.252109][ C1] printk+0xba/0xed [ 168.252112][ C1] ? log_store.cold+0x16/0x16 [ 168.252116][ C1] ? unwind_next_frame+0x105a/0x1df0 [ 168.252119][ C1] show_ip+0x22/0x30 [ 168.252123][ C1] show_iret_regs+0x10/0x32 [ 168.252127][ C1] __show_regs+0x18/0x50 [ 168.252130][ C1] ? rcu_nmi_exit+0x214/0x2c0 [ 168.252134][ C1] show_trace_log_lvl+0x25f/0x2b5 [ 168.252139][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252142][ C1] dump_stack+0x18f/0x20d [ 168.252146][ C1] rcu_irq_exit_preempt+0x1fa/0x250 [ 168.252149][ C1] idtentry_exit+0x9e/0xc0 [ 168.252153][ C1] exc_general_protection+0x23d/0x520 [ 168.252156][ C1] ? exc_bounds+0x1c0/0x1c0 [ 168.252160][ C1] ? __debug_object_init+0x4ae/0xdd0 [ 168.252168][ C1] ? allocate_vpid.part.0+0x53/0x90 [ 168.252172][ C1] asm_exc_general_protection+0x1e/0x30 [ 168.252176][ C1] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 168.252187][ C1] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 168.252192][ C1] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 168.252198][ C1] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 168.252203][ C1] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 168.252209][ C1] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 168.252214][ C1] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 168.252219][ C1] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 168.252223][ C1] vmx_create_vcpu+0x184/0x2b40 [ 168.252227][ C1] ? vmx_exec_control+0x1f0/0x1f0 [ 168.252230][ C1] ? memset+0x20/0x40 [ 168.252234][ C1] kvm_arch_vcpu_create+0x6a8/0xb30 [ 168.252237][ C1] kvm_vm_ioctl+0x15b7/0x2460 [ 168.252240][ C1] ? lock_downgrade+0x840/0x840 [ 168.252243][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 168.252247][ C1] ? tomoyo_path_number_perm+0x238/0x4d0 [ 168.252250][ C1] ? tomoyo_execute_permission+0x470/0x470 [ 168.252254][ C1] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 168.252258][ C1] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 168.252261][ C1] ? do_vfs_ioctl+0x27d/0x1090 [ 168.252264][ C1] ? ioctl_file_clone+0x180/0x180 [ 168.252268][ C1] ? check_preemption_disabled+0x38/0x220 [ 168.252271][ C1] ? __fget_files+0x299/0x400 [ 168.252276][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 168.252279][ C1] ksys_ioctl+0x11a/0x180 [ 168.252282][ C1] __x64_sys_ioctl+0x6f/0xb0 [ 168.252285][ C1] do_syscall_64+0x60/0xe0 [ 168.252289][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252291][ C1] [ 168.252294][ C1] =====0x45ca29 [ 168.252300][ C1] WARNING: suspicious RCU usage [ 168.252304][ C1] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 168.252308][ C1] ----------------------------- [ 168.252314][ C1] include/linux/rcupdate.h:684 rcu_read_unlock() used illegally while idle! [ 168.252316][ C1] [ 168.252320][ C1] other info that might help us debug this: [ 168.252322][ C1] [ 168.252324][ C1] [ 168.252327][ C1] RCU used illegally from idle CPU! [ 168.252331][ C1] rcu_scheduler_active = 2, debug_locks = 1 [ 168.252335][ C1] RCU used illegally from extended quiescent state! [ 168.252338][ C1] 3 locks held by syz-executor.0/8488: [ 168.252340][ C1] #0: ffffffff899b47b8 (logbuf_lock){-.-.}-{2:2}, at: vprintk_emit+0x11a/0x720 [ 168.252355][ C1] #1: ffffffff899bfd00 (rcu_read_lock){....}-{1:2}, at: __bpf_address_lookup+0x0/0x290 [ 168.252371][ C1] #2: ffffffff899bfd00 (rcu_read_lock){....}-{1:2}, at: __bpf_address_lookup+0x0/0x290 [ 168.252386][ C1] [ 168.252389][ C1] stack backtrace: [ 168.252394][ C1] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 168.252400][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.252403][ C1] Call Trace: [ 168.252407][ C1] dump_stack+0x18f/0x20d [ 168.252410][ C1] __bpf_address_lookup+0x1f5/0x290 [ 168.252414][ C1] kallsyms_lookup+0x234/0x2d0 [ 168.252418][ C1] __sprint_symbol+0x9c/0x1c0 [ 168.252421][ C1] ? kallsyms_lookup+0x2d0/0x2d0 [ 168.252425][ C1] ? set_precision+0x170/0x170 [ 168.252429][ C1] symbol_string+0x14f/0x200 [ 168.252432][ C1] ? ptr_to_id+0x3e0/0x3e0 [ 168.252436][ C1] ? string_nocheck+0x220/0x220 [ 168.252440][ C1] ? widen_string+0xdd/0x2a0 [ 168.252445][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252449][ C1] ? set_precision+0x170/0x170 [ 168.252453][ C1] ? string_nocheck+0x1a9/0x220 [ 168.252456][ C1] ? number+0x82a/0xb00 [ 168.252459][ C1] pointer+0x15e/0x7c0 [ 168.252464][ C1] ? file_dentry_name+0x120/0x120 [ 168.252467][ C1] ? hex_string+0x4c0/0x4c0 [ 168.252470][ C1] ? enable_ptr_key_workfn+0x30/0x30 [ 168.252473][ C1] vsnprintf+0x5ac/0x14f0 [ 168.252476][ C1] ? pointer+0x7c0/0x7c0 [ 168.252480][ C1] ? vsnprintf+0x2c6/0x14f0 [ 168.252483][ C1] vscnprintf+0x29/0x80 [ 168.252487][ C1] printk_safe_log_store+0xf5/0x250 [ 168.252490][ C1] ? printk_deferred+0xed/0xed [ 168.252493][ C1] ? irq_work_queue+0x2b/0x80 [ 168.252497][ C1] ? printk_safe_log_store+0x1b7/0x250 [ 168.252500][ C1] vprintk_func+0xef/0x1a6 [ 168.252503][ C1] printk+0xba/0xed [ 168.252506][ C1] ? log_store.cold+0x16/0x16 [ 168.252510][ C1] ? unwind_next_frame+0x105a/0x1df0 [ 168.252513][ C1] show_ip+0x22/0x30 [ 168.252516][ C1] show_iret_regs+0x10/0x32 [ 168.252519][ C1] __show_regs+0x18/0x50 [ 168.252522][ C1] ? rcu_nmi_exit+0x214/0x2c0 [ 168.252526][ C1] show_trace_log_lvl+0x25f/0x2b5 [ 168.252530][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252533][ C1] dump_stack+0x18f/0x20d [ 168.252536][ C1] __bpf_address_lookup+0x23a/0x290 [ 168.252540][ C1] kallsyms_lookup+0x234/0x2d0 [ 168.252544][ C1] ? widen_string+0xdd/0x2a0 [ 168.252547][ C1] __sprint_symbol+0x9c/0x1c0 [ 168.252551][ C1] ? kallsyms_lookup+0x2d0/0x2d0 [ 168.252554][ C1] ? mark_lock+0x11f/0xdd0 [ 168.252558][ C1] ? string_nocheck+0x1a9/0x220 [ 168.252561][ C1] ? print_usage_bug+0x240/0x240 [ 168.252565][ C1] symbol_string+0x14f/0x200 [ 168.252568][ C1] ? ptr_to_id+0x3e0/0x3e0 [ 168.252572][ C1] ? mark_lock+0x11f/0xdd0 [ 168.252575][ C1] ? widen_string+0xdd/0x2a0 [ 168.252579][ C1] ? set_precision+0x170/0x170 [ 168.252583][ C1] ? print_usage_bug+0x240/0x240 [ 168.252586][ C1] ? string_nocheck+0x1a9/0x220 [ 168.252589][ C1] ? number+0x82a/0xb00 [ 168.252592][ C1] pointer+0x15e/0x7c0 [ 168.252596][ C1] ? file_dentry_name+0x120/0x120 [ 168.252600][ C1] ? hex_string+0x4c0/0x4c0 [ 168.252603][ C1] vsnprintf+0x5ac/0x14f0 [ 168.252606][ C1] ? pointer+0x7c0/0x7c0 [ 168.252609][ C1] ? lock_release+0x800/0x800 [ 168.252612][ C1] ? lock_downgrade+0x840/0x840 [ 168.252614][ C1] vscnprintf+0x29/0x80 [ 168.252617][ C1] vprintk_store+0x40/0x4b0 [ 168.252620][ C1] vprintk_emit+0x139/0x720 [ 168.252623][ C1] vprintk_func+0x8f/0x1a6 [ 168.252626][ C1] ? irq_work_queue+0x2b/0x80 [ 168.252629][ C1] printk+0xba/0xed [ 168.252632][ C1] ? log_store.cold+0x16/0x16 [ 168.252635][ C1] ? unwind_next_frame+0x105a/0x1df0 [ 168.252638][ C1] show_ip+0x22/0x30 [ 168.252641][ C1] show_iret_regs+0x10/0x32 [ 168.252645][ C1] __show_regs+0x18/0x50 [ 168.252649][ C1] ? rcu_nmi_exit+0x214/0x2c0 [ 168.252652][ C1] show_trace_log_lvl+0x25f/0x2b5 [ 168.252656][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252659][ C1] dump_stack+0x18f/0x20d [ 168.252663][ C1] rcu_irq_exit_preempt+0x1fa/0x250 [ 168.252666][ C1] idtentry_exit+0x9e/0xc0 [ 168.252671][ C1] exc_general_protection+0x23d/0x520 [ 168.252674][ C1] ? exc_bounds+0x1c0/0x1c0 [ 168.252678][ C1] ? __debug_object_init+0x4ae/0xdd0 [ 168.252681][ C1] ? allocate_vpid.part.0+0x53/0x90 [ 168.252685][ C1] asm_exc_general_protection+0x1e/0x30 [ 168.252688][ C1] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 168.252699][ C1] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 168.252703][ C1] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 168.252710][ C1] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 168.252715][ C1] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 168.252721][ C1] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 168.252726][ C1] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 168.252730][ C1] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 168.252734][ C1] vmx_create_vcpu+0x184/0x2b40 [ 168.252738][ C1] ? vmx_exec_control+0x1f0/0x1f0 [ 168.252741][ C1] ? memset+0x20/0x40 [ 168.252744][ C1] kvm_arch_vcpu_create+0x6a8/0xb30 [ 168.252747][ C1] kvm_vm_ioctl+0x15b7/0x2460 [ 168.252751][ C1] ? lock_downgrade+0x840/0x840 [ 168.252755][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 168.252759][ C1] ? tomoyo_path_number_perm+0x238/0x4d0 [ 168.252763][ C1] ? tomoyo_execute_permission+0x470/0x470 [ 168.252767][ C1] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 168.252771][ C1] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 168.252774][ C1] ? do_vfs_ioctl+0x27d/0x1090 [ 168.252778][ C1] ? ioctl_file_clone+0x180/0x180 [ 168.252781][ C1] ? check_preemption_disabled+0x38/0x220 [ 168.252785][ C1] ? __fget_files+0x299/0x400 [ 168.252789][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 168.252793][ C1] ksys_ioctl+0x11a/0x180 [ 168.252796][ C1] __x64_sys_ioctl+0x6f/0xb0 [ 168.252799][ C1] do_syscall_64+0x60/0xe0 [ 168.252802][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.252804][ C1] RIP: 0033:0x45ca29 [ 168.252815][ C1] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.252818][ C1] RSP: 002b:00 [ 168.252825][ C1] Lost 15 message(s)! [ 169.491086][ T8488] [ 169.493452][ T8488] ============================= [ 169.498296][ T8488] WARNING: suspicious RCU usage [ 169.503147][ T8488] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 169.509643][ T8488] ----------------------------- [ 169.514493][ T8488] include/trace/events/rcu.h:27 suspicious rcu_dereference_check() usage! [ 169.522987][ T8488] [ 169.522987][ T8488] other info that might help us debug this: [ 169.522987][ T8488] [ 169.533324][ T8488] [ 169.533324][ T8488] RCU used illegally from idle CPU! [ 169.533324][ T8488] rcu_scheduler_active = 2, debug_locks = 1 [ 169.546607][ T8488] RCU used illegally from extended quiescent state! [ 169.553212][ T8488] no locks held by syz-executor.0/8488. [ 169.558857][ T8488] [ 169.558857][ T8488] stack backtrace: [ 169.564767][ T8488] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 169.574574][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.584635][ T8488] Call Trace: [ 169.587949][ T8488] dump_stack+0x18f/0x20d [ 169.592302][ T8488] rcu_note_context_switch+0x113d/0x1b20 [ 169.597945][ T8488] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 169.603932][ T8488] ? retint_kernel+0x2b/0x2b [ 169.608520][ T8488] ? trace_hardirqs_on_caller+0x64/0x230 [ 169.614167][ T8488] __schedule+0x22b/0x1fa0 [ 169.618684][ T8488] ? check_preemption_disabled+0x38/0x220 [ 169.624600][ T8488] ? firmware_map_remove+0x19e/0x19e [ 169.629902][ T8488] preempt_schedule_irq+0xb0/0x150 [ 169.635022][ T8488] idtentry_exit+0xb9/0xc0 [ 169.639446][ T8488] exc_general_protection+0x23d/0x520 [ 169.644924][ T8488] ? exc_bounds+0x1c0/0x1c0 [ 169.649433][ T8488] ? __debug_object_init+0x4ae/0xdd0 [ 169.654738][ T8488] ? allocate_vpid.part.0+0x53/0x90 [ 169.659953][ T8488] asm_exc_general_protection+0x1e/0x30 [ 169.665524][ T8488] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 169.671511][ T8488] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 169.691130][ T8488] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 169.697221][ T8488] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 169.706272][ T8488] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 169.714267][ T8488] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 169.722248][ T8488] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 169.730229][ T8488] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 169.738303][ T8488] vmx_create_vcpu+0x184/0x2b40 [ 169.743181][ T8488] ? vmx_exec_control+0x1f0/0x1f0 [ 169.748227][ T8488] ? memset+0x20/0x40 [ 169.752228][ T8488] kvm_arch_vcpu_create+0x6a8/0xb30 [ 169.757449][ T8488] kvm_vm_ioctl+0x15b7/0x2460 [ 169.762140][ T8488] ? lock_downgrade+0x840/0x840 [ 169.767004][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 169.772658][ T8488] ? tomoyo_path_number_perm+0x238/0x4d0 [ 169.778304][ T8488] ? tomoyo_execute_permission+0x470/0x470 [ 169.784127][ T8488] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 169.790136][ T8488] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 169.796042][ T8488] ? do_vfs_ioctl+0x27d/0x1090 [ 169.800823][ T8488] ? ioctl_file_clone+0x180/0x180 [ 169.805878][ T8488] ? check_preemption_disabled+0x38/0x220 [ 169.811619][ T8488] ? __fget_files+0x299/0x400 [ 169.816318][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 169.821970][ T8488] ksys_ioctl+0x11a/0x180 [ 169.826311][ T8488] __x64_sys_ioctl+0x6f/0xb0 [ 169.830909][ T8488] do_syscall_64+0x60/0xe0 [ 169.835350][ T8488] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.841245][ T8488] RIP: 0033:0x45ca29 [ 169.845163][ T8488] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.864798][ T8488] RSP: 002b:00007f906058dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.873307][ T8488] RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29 [ 169.881288][ T8488] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 169.889270][ T8488] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 169.897247][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 169.905224][ T8488] R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007f906058e6d4 [ 169.913873][ T8488] [ 169.918097][ T8488] ============================= [ 169.922933][ T8488] WARNING: suspicious RCU usage [ 169.928123][ T8488] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 169.934612][ T8488] ----------------------------- [ 169.939490][ T8488] include/trace/events/sched.h:629 suspicious rcu_dereference_check() usage! [ 169.948234][ T8488] [ 169.948234][ T8488] other info that might help us debug this: [ 169.948234][ T8488] [ 169.958441][ T8488] [ 169.958441][ T8488] RCU used illegally from idle CPU! [ 169.958441][ T8488] rcu_scheduler_active = 2, debug_locks = 0 [ 169.971507][ T8488] RCU used illegally from extended quiescent state! [ 169.978116][ T8488] 1 lock held by syz-executor.0/8488: [ 169.983455][ T8488] #0: ffff8880ae737d58 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x233/0x1fa0 [ 169.992204][ T8488] [ 169.992204][ T8488] stack backtrace: [ 169.998088][ T8488] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 170.007956][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.017997][ T8488] Call Trace: [ 170.021266][ T8488] dump_stack+0x18f/0x20d [ 170.025602][ T8488] __update_load_avg_se+0x75a/0xc90 [ 170.030863][ T8488] ? __kernel_text_address+0x9/0x30 [ 170.036060][ T8488] ? show_trace_log_lvl+0x1a9/0x2b5 [ 170.041251][ T8488] update_load_avg+0x178/0x1c60 [ 170.046075][ T8488] ? update_load_avg+0x1bb/0x1c60 [ 170.051077][ T8488] set_next_entity+0x295/0x880 [ 170.055830][ T8488] pick_next_task_fair+0x66f/0xc70 [ 170.060931][ T8488] __schedule+0x375/0x1fa0 [ 170.065323][ T8488] ? firmware_map_remove+0x19e/0x19e [ 170.070582][ T8488] preempt_schedule_irq+0xb0/0x150 [ 170.075664][ T8488] idtentry_exit+0xb9/0xc0 [ 170.080053][ T8488] exc_general_protection+0x23d/0x520 [ 170.085397][ T8488] ? exc_bounds+0x1c0/0x1c0 [ 170.089880][ T8488] ? __debug_object_init+0x4ae/0xdd0 [ 170.095145][ T8488] ? allocate_vpid.part.0+0x53/0x90 [ 170.100337][ T8488] asm_exc_general_protection+0x1e/0x30 [ 170.105855][ T8488] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 170.111827][ T8488] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 170.131402][ T8488] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 170.137453][ T8488] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 170.145410][ T8488] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 170.154395][ T8488] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 170.162338][ T8488] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 170.170281][ T8488] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 170.178254][ T8488] vmx_create_vcpu+0x184/0x2b40 [ 170.183122][ T8488] ? vmx_exec_control+0x1f0/0x1f0 [ 170.188141][ T8488] ? memset+0x20/0x40 [ 170.192099][ T8488] kvm_arch_vcpu_create+0x6a8/0xb30 [ 170.197279][ T8488] kvm_vm_ioctl+0x15b7/0x2460 [ 170.201944][ T8488] ? lock_downgrade+0x840/0x840 [ 170.206789][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 170.212398][ T8488] ? tomoyo_path_number_perm+0x238/0x4d0 [ 170.218017][ T8488] ? tomoyo_execute_permission+0x470/0x470 [ 170.223797][ T8488] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 170.229761][ T8488] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 170.235627][ T8488] ? do_vfs_ioctl+0x27d/0x1090 [ 170.240364][ T8488] ? ioctl_file_clone+0x180/0x180 [ 170.245369][ T8488] ? check_preemption_disabled+0x38/0x220 [ 170.251078][ T8488] ? __fget_files+0x299/0x400 [ 170.255733][ T8488] ? kvm_unregister_device_ops+0x60/0x60 [ 170.261338][ T8488] ksys_ioctl+0x11a/0x180 [ 170.265643][ T8488] __x64_sys_ioctl+0x6f/0xb0 [ 170.270206][ T8488] do_syscall_64+0x60/0xe0 [ 170.274614][ T8488] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.280497][ T8488] RIP: 0033:0x45ca29 [ 170.284366][ T8488] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.303940][ T8488] RSP: 002b:00007f906058dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.312321][ T8488] RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29 [ 170.320265][ T8488] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 170.328222][ T8488] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 170.336166][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 170.344110][ T8488] R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007f906058e6d4 [ 170.352088][ C1] [ 170.352092][ C1] ====================================================== [ 170.352098][ C1] WARNING: possible circular locking dependency detected [ 170.352101][ C1] 5.7.0-rc7-next-20200526-syzkaller #0 Not tainted [ 170.352105][ C1] ------------------------------------------------------ [ 170.352108][ C1] syz-executor.0/8488 is trying to acquire lock: [ 170.352111][ C1] ffffffff899b48f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0xe/0x60 [ 170.352121][ C1] [ 170.352124][ C1] but task is already holding lock: [ 170.352126][ C1] ffff8880ae737d58 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x233/0x1fa0 [ 170.352136][ C1] [ 170.352139][ C1] which lock already depends on the new lock. [ 170.352141][ C1] [ 170.352142][ C1] [ 170.352146][ C1] the existing dependency chain (in reverse order) is: [ 170.352148][ C1] [ 170.352150][ C1] -> #2 (&rq->lock){-.-.}-{2:2}: [ 170.352160][ C1] _raw_spin_lock+0x2a/0x40 [ 170.352163][ C1] task_fork_fair+0x6a/0x520 [ 170.352166][ C1] sched_fork+0x3a7/0x8b0 [ 170.352169][ C1] copy_process+0x1d31/0x7130 [ 170.352172][ C1] _do_fork+0x12d/0x1000 [ 170.352175][ C1] kernel_thread+0xb5/0xf0 [ 170.352178][ C1] rest_init+0x23/0x365 [ 170.352180][ C1] start_kernel+0x9be/0x9fb [ 170.352184][ C1] secondary_startup_64+0xa4/0xb0 [ 170.352185][ C1] [ 170.352187][ C1] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 170.352197][ C1] _raw_spin_lock_irqsave+0x8c/0xbf [ 170.352200][ C1] try_to_wake_up+0xa4/0x15e0 [ 170.352203][ C1] up+0x92/0xe0 [ 170.352206][ C1] __up_console_sem+0xad/0x1b0 [ 170.352208][ C1] console_unlock+0x685/0xef0 [ 170.352211][ C1] vt_ioctl+0x1bfc/0x2640 [ 170.352214][ C1] tty_ioctl+0xedc/0x1440 [ 170.352217][ C1] ksys_ioctl+0x11a/0x180 [ 170.352220][ C1] __x64_sys_ioctl+0x6f/0xb0 [ 170.352223][ C1] do_syscall_64+0x60/0xe0 [ 170.352226][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.352227][ C1] [ 170.352229][ C1] -> #0 ((console_sem).lock){-.-.}-{2:2}: [ 170.352242][ C1] __lock_acquire+0x2a9a/0x48b0 [ 170.352245][ C1] lock_acquire+0x1f2/0x8f0 [ 170.352249][ C1] _raw_spin_lock_irqsave+0x8c/0xbf [ 170.352253][ C1] down_trylock+0xe/0x60 [ 170.352257][ C1] __down_trylock_console_sem+0xa3/0x210 [ 170.352261][ C1] console_trylock+0x12/0x90 [ 170.352265][ C1] vprintk_emit+0x2a7/0x720 [ 170.352268][ C1] vprintk_func+0x8f/0x1a6 [ 170.352272][ C1] printk+0xba/0xed [ 170.352276][ C1] lockdep_rcu_suspicious+0x1c/0x155 [ 170.352280][ C1] __update_load_avg_se+0x75a/0xc90 [ 170.352284][ C1] update_load_avg+0x178/0x1c60 [ 170.352288][ C1] set_next_entity+0x295/0x880 [ 170.352292][ C1] pick_next_task_fair+0x66f/0xc70 [ 170.352296][ C1] __schedule+0x375/0x1fa0 [ 170.352300][ C1] preempt_schedule_irq+0xb0/0x150 [ 170.352303][ C1] idtentry_exit+0xb9/0xc0 [ 170.352307][ C1] exc_general_protection+0x23d/0x520 [ 170.352312][ C1] asm_exc_general_protection+0x1e/0x30 [ 170.352316][ C1] kvm_fastop_exception+0xb68/0xfe8 [ 170.352320][ C1] vmx_create_vcpu+0x184/0x2b40 [ 170.352324][ C1] kvm_arch_vcpu_create+0x6a8/0xb30 [ 170.352328][ C1] kvm_vm_ioctl+0x15b7/0x2460 [ 170.352331][ C1] ksys_ioctl+0x11a/0x180 [ 170.352335][ C1] __x64_sys_ioctl+0x6f/0xb0 [ 170.352339][ C1] do_syscall_64+0x60/0xe0 [ 170.352343][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.352345][ C1] [ 170.352350][ C1] other info that might help us debug this: [ 170.352352][ C1] [ 170.352355][ C1] Chain exists of: [ 170.352357][ C1] (console_sem).lock --> &p->pi_lock --> &rq->lock [ 170.352373][ C1] [ 170.352377][ C1] Possible unsafe locking scenario: [ 170.352379][ C1] [ 170.352383][ C1] CPU0 CPU1 [ 170.352387][ C1] ---- ---- [ 170.352389][ C1] lock(&rq->lock); [ 170.352397][ C1] lock(&p->pi_lock); [ 170.352406][ C1] lock(&rq->lock); [ 170.352413][ C1] lock((console_sem).lock); [ 170.352420][ C1] [ 170.352423][ C1] *** DEADLOCK *** [ 170.352426][ C1] [ 170.352429][ C1] 1 lock held by syz-executor.0/8488: [ 170.352432][ C1] #0: ffff8880ae737d58 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x233/0x1fa0 [ 170.352447][ C1] [ 170.352450][ C1] stack backtrace: [ 170.352457][ C1] CPU: 1 PID: 8488 Comm: syz-executor.0 Not tainted 5.7.0-rc7-next-20200526-syzkaller #0 [ 170.352462][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.352465][ C1] Call Trace: [ 170.352468][ C1] dump_stack+0x18f/0x20d [ 170.352472][ C1] check_noncircular+0x32e/0x3e0 [ 170.352476][ C1] ? print_circular_bug.isra.0+0x3a0/0x3a0 [ 170.352484][ C1] ? print_usage_bug+0x240/0x240 [ 170.352489][ C1] ? print_circular_bug.isra.0+0x3a0/0x3a0 [ 170.352492][ C1] ? mark_lock+0x11f/0xdd0 [ 170.352496][ C1] __lock_acquire+0x2a9a/0x48b0 [ 170.352501][ C1] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 170.352505][ C1] ? enable_ptr_key_workfn+0x30/0x30 [ 170.352508][ C1] lock_acquire+0x1f2/0x8f0 [ 170.352511][ C1] ? down_trylock+0xe/0x60 [ 170.352515][ C1] ? lock_release+0x800/0x800 [ 170.352518][ C1] ? find_held_lock+0x2d/0x110 [ 170.352522][ C1] ? vprintk_emit+0x152/0x720 [ 170.352525][ C1] ? log_store+0x3d2/0x570 [ 170.352529][ C1] _raw_spin_lock_irqsave+0x8c/0xbf [ 170.352533][ C1] ? down_trylock+0xe/0x60 [ 170.352536][ C1] down_trylock+0xe/0x60 [ 170.352540][ C1] ? vprintk_emit+0x2a7/0x720 [ 170.352544][ C1] __down_trylock_console_sem+0xa3/0x210 [ 170.352547][ C1] console_trylock+0x12/0x90 [ 170.352550][ C1] vprintk_emit+0x2a7/0x720 [ 170.352553][ C1] vprintk_func+0x8f/0x1a6 [ 170.352557][ C1] ? is_bpf_text_address+0xa9/0x160 [ 170.352560][ C1] printk+0xba/0xed [ 170.352564][ C1] ? log_store.cold+0x16/0x16 [ 170.352567][ C1] ? rcu_is_watching+0x56/0xc0 [ 170.352571][ C1] ? rcu_read_lock_held_common+0x3f/0xa0 [ 170.352575][ C1] ? rcu_read_lock_sched_held+0x5a/0xd0 [ 170.352579][ C1] lockdep_rcu_suspicious+0x1c/0x155 [ 170.352583][ C1] __update_load_avg_se+0x75a/0xc90 [ 170.352586][ C1] ? __kernel_text_address+0x9/0x30 [ 170.352590][ C1] ? show_trace_log_lvl+0x1a9/0x2b5 [ 170.352594][ C1] update_load_avg+0x178/0x1c60 [ 170.352597][ C1] ? update_load_avg+0x1bb/0x1c60 [ 170.352601][ C1] set_next_entity+0x295/0x880 [ 170.352605][ C1] pick_next_task_fair+0x66f/0xc70 [ 170.352608][ C1] __schedule+0x375/0x1fa0 [ 170.352612][ C1] ? firmware_map_remove+0x19e/0x19e [ 170.352616][ C1] preempt_schedule_irq+0xb0/0x150 [ 170.352619][ C1] idtentry_exit+0xb9/0xc0 [ 170.352623][ C1] exc_general_protection+0x23d/0x520 [ 170.352626][ C1] ? exc_bounds+0x1c0/0x1c0 [ 170.352630][ C1] ? __debug_object_init+0x4ae/0xdd0 [ 170.352634][ C1] ? allocate_vpid.part.0+0x53/0x90 [ 170.352638][ C1] asm_exc_general_protection+0x1e/0x30 [ 170.352642][ C1] RIP: 0010:kvm_fastop_exception+0xb68/0xfe8 [ 170.352654][ C1] Code: f2 ff ff ff 48 31 db e9 cb c9 2a f9 b8 f2 ff ff ff 48 31 f6 e9 cf c9 2a f9 31 c0 e9 bc 2c 2b f9 b8 fb ff ff ff e9 13 a9 31 f9 fb ff ff ff 31 c0 31 d2 e9 33 a9 31 f9 31 db e9 2a 0b 42 f9 31 [ 170.352659][ C1] RSP: 0018:ffffc90017737a30 EFLAGS: 00010206 [ 170.352666][ C1] RAX: 0000000000040000 RBX: ffff888053da8180 RCX: 0000000000000122 [ 170.352672][ C1] RDX: 0000000000006000 RSI: ffffc90017737a98 RDI: 0000000000000122 [ 170.352677][ C1] RBP: 0000000000000122 R08: ffff888094d764c0 R09: fffffbfff131f481 [ 170.352682][ C1] R10: ffffffff898fa403 R11: fffffbfff131f480 R12: 0000000000000122 [ 170.352688][ C1] R13: 0000000000000078 R14: 0000000000000006 R15: ffffffff88244b5c [ 170.352690][ C1] vmx_create_vcpu+0x184/0x2b40 [ 170.352693][ C1] ? vmx_exec_control+0x1f0/0x1f0 [ 170.352695][ C1] ? memset+0x20/0x40 [ 170.352698][ C1] kvm_arch_vcpu_create+0x6a8/0xb30 [ 170.352701][ C1] kvm_vm_ioctl+0x15b7/0x2460 [ 170.352705][ C1] ? lock_downgrade+0x840/0x840 [ 170.352709][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 170.352713][ C1] ? tomoyo_path_number_perm+0x238/0x4d0 [ 170.352718][ C1] ? tomoyo_execute_permission+0x470/0x470 [ 170.352722][ C1] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 170.352726][ C1] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 170.352730][ C1] ? do_vfs_ioctl+0x27d/0x1090 [ 170.352734][ C1] ? ioctl_file_clone+0x180/0x180 [ 170.352738][ C1] ? check_preemption_disabled+0x38/0x220 [ 170.352742][ C1] ? __fget_files+0x299/0x400 [ 170.352745][ C1] ? kvm_unregister_device_ops+0x60/0x60 [ 170.352749][ C1] ksys_ioctl+0x11a/0x180 [ 170.352752][ C1] __x64_sys_ioctl+0x6f/0xb0 [ 170.352756][ C1] do_syscall_64+0x60/0xe0 [ 170.352760][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.352763][ C1] RIP: 0033:0x45ca29 [ 170.352774][ C1] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.352778][ C1] RSP: 002b:00007f906058dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:51:57 executing program 2: 04:51:58 executing program 3: 04:51:58 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x14, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40) 04:51:58 executing program 2: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.upper\x00', &(0x7f0000000640)=ANY=[], 0x39, 0x0) r0 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, r0, 0x0) socket$alg(0x26, 0x5, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40005}, 0x0) unlink(&(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00') 04:51:59 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) close(r0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, 0x0) [ 170.352788][ C1] RAX: ffffffffffffffda RBX: 00000000004e73c0 RCX: 000000000045ca29 [ 170.352793][ C1] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 170.352799][ C1] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 170.352804][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 170.352809][ C1] R13: 0000000000000396 R14: 00000000004c62c6 R15: 00007f906058e6d4