[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[   50.947562][ T6770] scp (6770) used greatest stack depth: 21248 bytes left
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts.
2020/06/26 20:43:37 fuzzer started
2020/06/26 20:43:38 dialing manager at 10.128.0.26:45395
2020/06/26 20:43:38 syscalls: 3118
2020/06/26 20:43:38 code coverage: enabled
2020/06/26 20:43:38 comparison tracing: enabled
2020/06/26 20:43:38 extra coverage: enabled
2020/06/26 20:43:38 setuid sandbox: enabled
2020/06/26 20:43:38 namespace sandbox: enabled
2020/06/26 20:43:38 Android sandbox: /sys/fs/selinux/policy does not exist
2020/06/26 20:43:38 fault injection: enabled
2020/06/26 20:43:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/06/26 20:43:38 net packet injection: enabled
2020/06/26 20:43:38 net device setup: enabled
2020/06/26 20:43:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/06/26 20:43:38 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/06/26 20:43:38 USB emulation: enabled
20:45:31 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/192, 0xc0}], 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r2, &(0x7f0000001640)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1)
r3 = dup(r2)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e005ce)
shutdown(r3, 0x0)
r5 = socket$inet6_tcp(0x1c, 0x1, 0x0)
listen(r5, 0x0)
accept$inet6(r5, 0x0, 0x0)
shutdown(r4, 0x0)

syzkaller login: [  170.786959][ T6874] IPVS: ftp: loaded support on port[0] = 21
20:45:31 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff})
r1 = open(&(0x7f0000000040)='./file0\x00', 0x300, 0x0)
r2 = getpgid(0x0)
fcntl$lock(r1, 0xe, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x100000001, r2})
recvfrom$unix(r0, &(0x7f0000001700)=""/102400, 0x19000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000780)={<r3=>0xffffffffffffffff})
recvfrom$unix(r3, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r4, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/237, 0xed}], 0x1)
r5 = dup(r4)
r6 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
flock(r6, 0x3)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r7, 0x0, 0x73a1215, 0x0, 0x0, 0x800e0061d)
shutdown(r5, 0x0)
r8 = open(&(0x7f0000000300)='./file0\x00', 0x712, 0x0)
flock(r8, 0x40000003)
shutdown(r7, 0x0)

[  170.937676][ T6874] chnl_net:caif_netlink_parms(): no params data found
[  171.056372][ T6874] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.066646][ T6874] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.075467][ T6874] device bridge_slave_0 entered promiscuous mode
[  171.087440][ T6874] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.104029][ T6874] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.124253][ T6874] device bridge_slave_1 entered promiscuous mode
[  171.170246][ T6874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.174460][ T7004] IPVS: ftp: loaded support on port[0] = 21
[  171.200788][ T6874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.262134][ T6874] team0: Port device team_slave_0 added
[  171.286189][ T6874] team0: Port device team_slave_1 added
[  171.331699][ T6874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.353170][ T6874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
20:45:32 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/243, 0xf3}], 0x1}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r2, 0x0, 0xbf9d, 0x0, 0x0, 0x800e0053e)
dup(0xffffffffffffffff)
shutdown(0xffffffffffffffff, 0x0)
recvmsg(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/53, 0x35}, {0x0}, {0x0}], 0x3}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r3, 0x0, 0xccf3, 0x0, 0x0, 0x800e005a6)
shutdown(r0, 0x0)
r4 = socket(0x2, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000340)={0x10, 0x2}, 0x10)
shutdown(r3, 0x0)

[  171.380116][ T6874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.394084][ T6874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.401065][ T6874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.453569][ T6874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.615720][ T6874] device hsr_slave_0 entered promiscuous mode
20:45:32 executing program 3:
open(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x8)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r1, &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f0000000680), 0x24, 0x0)

[  171.713133][ T6874] device hsr_slave_1 entered promiscuous mode
[  171.817949][ T7098] IPVS: ftp: loaded support on port[0] = 21
[  171.829405][ T7004] chnl_net:caif_netlink_parms(): no params data found
[  172.044600][ T7193] IPVS: ftp: loaded support on port[0] = 21
[  172.124050][ T7004] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.131277][ T7004] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.146405][ T7004] device bridge_slave_0 entered promiscuous mode
[  172.165775][ T7004] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.173349][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.181588][ T7004] device bridge_slave_1 entered promiscuous mode
20:45:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00')
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0xffffffffffffffff}}]}, 0x20}}, 0x0)
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0)

[  172.349659][ T7004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.438991][ T7004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.463773][ T7098] chnl_net:caif_netlink_parms(): no params data found
[  172.486900][ T6874] netdevsim netdevsim0 netdevsim0: renamed from eth0
20:45:33 executing program 5:
r0 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
r1 = socket(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=ANY=[@ANYBLOB='&']})

[  172.571593][ T6874] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  172.633987][ T6874] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  172.677443][ T7193] chnl_net:caif_netlink_parms(): no params data found
[  172.708328][ T7004] team0: Port device team_slave_0 added
[  172.724133][ T6874] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  172.742515][ T7436] IPVS: ftp: loaded support on port[0] = 21
[  172.774984][ T7004] team0: Port device team_slave_1 added
[  172.861868][ T7004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  172.870155][ T7004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.876339][ T7448] IPVS: ftp: loaded support on port[0] = 21
[  172.898749][ T7004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.928017][ T7098] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.935550][ T7098] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.945007][ T7098] device bridge_slave_0 entered promiscuous mode
[  172.957584][ T7004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.964980][ T7004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.992988][ T7004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.028512][ T7193] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.036122][ T7193] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.047310][ T7193] device bridge_slave_0 entered promiscuous mode
[  173.055786][ T7098] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.069333][ T7098] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.077565][ T7098] device bridge_slave_1 entered promiscuous mode
[  173.120835][ T7193] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.132091][ T7193] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.141394][ T7193] device bridge_slave_1 entered promiscuous mode
[  173.210796][ T7098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.276534][ T7004] device hsr_slave_0 entered promiscuous mode
[  173.333080][ T7004] device hsr_slave_1 entered promiscuous mode
[  173.402781][ T7004] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  173.410639][ T7004] Cannot create hsr debugfs directory
[  173.419915][ T7193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.448340][ T7098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.474950][ T7193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.562287][ T7098] team0: Port device team_slave_0 added
[  173.571130][ T7193] team0: Port device team_slave_0 added
[  173.630658][ T7098] team0: Port device team_slave_1 added
[  173.638062][ T7193] team0: Port device team_slave_1 added
[  173.669111][ T7193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.676371][ T7193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.705759][ T7193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.738170][ T7193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.746104][ T7193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.773125][ T7193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.798848][ T7098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.807131][ T7098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.837117][ T7098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.851804][ T7098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.860316][ T7098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.887869][ T7098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.912910][ T7448] chnl_net:caif_netlink_parms(): no params data found
[  173.941852][ T6874] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.016524][ T7098] device hsr_slave_0 entered promiscuous mode
[  174.073263][ T7098] device hsr_slave_1 entered promiscuous mode
[  174.132784][ T7098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.140377][ T7098] Cannot create hsr debugfs directory
[  174.185251][ T7193] device hsr_slave_0 entered promiscuous mode
[  174.233060][ T7193] device hsr_slave_1 entered promiscuous mode
[  174.282694][ T7193] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.290356][ T7193] Cannot create hsr debugfs directory
[  174.436419][ T7436] chnl_net:caif_netlink_parms(): no params data found
[  174.454259][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  174.467943][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.478736][ T6874] 8021q: adding VLAN 0 to HW filter on device team0
[  174.545634][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  174.555874][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  174.567938][ T2629] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.575289][ T2629] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.585088][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  174.611322][ T7448] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.626622][ T7448] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.636500][ T7448] device bridge_slave_0 entered promiscuous mode
[  174.648675][ T7448] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.656949][ T7448] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.666260][ T7448] device bridge_slave_1 entered promiscuous mode
[  174.720243][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  174.731588][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  174.743125][ T2598] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.750206][ T2598] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.807583][ T7448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.841253][ T7448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.851401][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  174.894827][ T7004] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  174.941768][ T7004] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  174.996221][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  175.005702][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  175.015371][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.024881][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  175.034224][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.046545][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  175.078829][ T7436] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.089231][ T7436] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.098207][ T7436] device bridge_slave_0 entered promiscuous mode
[  175.115127][ T7004] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  175.203421][ T7436] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.210506][ T7436] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.219042][ T7436] device bridge_slave_1 entered promiscuous mode
[  175.238150][ T7448] team0: Port device team_slave_0 added
[  175.246799][ T7448] team0: Port device team_slave_1 added
[  175.255103][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  175.267740][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  175.278213][ T7004] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  175.360305][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  175.369429][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  175.381020][ T7448] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.388842][ T7448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.415122][ T7448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.439481][ T7436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  175.469130][ T6874] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  175.492100][ T7098] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  175.527529][ T7448] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.534704][ T7448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.561916][ T7448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.575068][ T7436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.613592][ T7098] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  175.664806][ T7098] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  175.709359][ T7098] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  175.766578][ T7436] team0: Port device team_slave_0 added
[  175.775281][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  175.785888][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  175.828149][ T7436] team0: Port device team_slave_1 added
[  175.849213][ T6874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.896751][ T7448] device hsr_slave_0 entered promiscuous mode
[  175.932916][ T7448] device hsr_slave_1 entered promiscuous mode
[  175.972641][ T7448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.980323][ T7448] Cannot create hsr debugfs directory
[  175.994616][ T7193] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  176.059917][ T7193] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  176.095329][ T7436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.102320][ T7436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.130637][ T7436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.150547][ T7436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.157641][ T7436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.192966][ T7436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.214793][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  176.223694][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  176.237419][ T7193] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  176.280078][ T7193] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  176.375756][ T6874] device veth0_vlan entered promiscuous mode
[  176.400142][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  176.408823][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  176.418918][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  176.427155][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  176.516484][ T7436] device hsr_slave_0 entered promiscuous mode
[  176.572912][ T7436] device hsr_slave_1 entered promiscuous mode
[  176.622532][ T7436] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.630309][ T7436] Cannot create hsr debugfs directory
[  176.706814][ T6874] device veth1_vlan entered promiscuous mode
[  176.829597][ T7098] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.839936][ T7004] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.888956][ T6874] device veth0_macvtap entered promiscuous mode
[  176.922456][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  176.930997][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  176.940180][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  176.948409][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  176.968643][ T7004] 8021q: adding VLAN 0 to HW filter on device team0
[  176.979075][ T6874] device veth1_macvtap entered promiscuous mode
[  177.001020][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  177.013672][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  177.021662][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  177.033940][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  177.083079][ T7098] 8021q: adding VLAN 0 to HW filter on device team0
[  177.089973][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.101577][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.110701][ T3692] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.117994][ T3692] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.127357][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.136188][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.145251][ T3692] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.152521][ T3692] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.163958][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.185103][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.198627][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.208051][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.217487][ T3687] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.224648][ T3687] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.233365][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.252446][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.261192][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  177.270914][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  177.290676][ T7193] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.330410][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  177.345391][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  177.359919][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  177.369227][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  177.378474][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  177.387479][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  177.396859][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  177.408765][ T6874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  177.438315][ T7448] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  177.482693][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  177.492032][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  177.504628][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.516820][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.526434][ T2629] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.533729][ T2629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.545947][ T6874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.565672][ T7436] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  177.634249][ T7448] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  177.690629][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  177.700589][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  177.731582][ T7193] 8021q: adding VLAN 0 to HW filter on device team0
[  177.743777][ T7436] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  177.777442][ T7448] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  177.838196][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.847075][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  177.856572][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  177.867883][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.958179][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.968394][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.977742][ T3687] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.984892][ T3687] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.992822][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  178.000397][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  178.008684][ T7436] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  178.075940][ T7448] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  178.146787][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.155155][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.167146][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.177140][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.186873][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.196376][ T7436] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  178.346736][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.356683][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  178.365972][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  178.374932][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.382065][ T3688] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.391062][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  178.399898][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  178.415016][ T7004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.488383][ T7098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.507716][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.567497][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.577915][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  178.588254][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  178.598788][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  178.651834][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.671783][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.690798][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  178.707875][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  178.717216][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.732133][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.778338][ T7193] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.789764][ T7193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.814868][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.824330][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  178.835055][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  178.844704][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  178.854421][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  178.885585][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.937335][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  178.945651][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  178.955711][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  178.964972][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  178.974075][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  178.981576][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  178.993669][ T7004] device veth0_vlan entered promiscuous mode
[  179.012577][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  179.020384][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  179.041369][ T7004] device veth1_vlan entered promiscuous mode
[  179.059389][ T7193] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.081648][ T7098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.139247][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  179.150215][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  179.159279][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  179.169396][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  179.181515][ T7436] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.230922][ T7436] 8021q: adding VLAN 0 to HW filter on device team0
[  179.241736][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  179.253082][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  179.261855][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  179.270719][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.318886][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  179.329923][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  179.341633][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.355912][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  179.375070][ T7098] device veth0_vlan entered promiscuous mode
[  179.388286][ T7448] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.396982][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  179.411735][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
20:45:40 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setpgid(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  179.420689][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.440242][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  179.456543][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  179.467949][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  179.477458][ T3690] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.484664][ T3690] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.505012][ T8140] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  179.523019][ T7004] device veth0_macvtap entered promiscuous mode
[  179.541247][ T7098] device veth1_vlan entered promiscuous mode
[  179.566565][ T7193] device veth0_vlan entered promiscuous mode
[  179.575258][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  179.595664][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  179.610320][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  179.619325][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  179.629163][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  179.638221][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  179.663204][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  179.671811][ T3690] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.679673][ T3690] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.688100][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  179.706838][ T7004] device veth1_macvtap entered promiscuous mode
[  179.731987][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.745902][ T7193] device veth1_vlan entered promiscuous mode
20:45:40 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @ipv4={[], [], @broadcast}}, 0x1c)
listen(r0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)

[  179.779062][ T7448] 8021q: adding VLAN 0 to HW filter on device team0
[  179.795833][ T7004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  179.806655][ T7004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.821301][ T7004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.846294][ T7004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  179.856949][ T7004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.873954][ T7004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.881866][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  179.899485][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  179.911482][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  179.920192][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.928813][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  179.939118][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
20:45:40 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x63, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_pid(r0, &(0x7f0000000000), 0xfffffea6)

[  179.949472][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  179.958744][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  180.018734][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  180.028468][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.047118][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.067504][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  180.080355][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  180.103320][ T3688] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.110423][ T3688] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.130522][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  180.142764][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  180.151645][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  180.178303][ T7098] device veth0_macvtap entered promiscuous mode
[  180.200017][ T7436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  180.218917][ T7436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  180.231077][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  180.243636][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  180.253881][ T2629] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.261066][ T2629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.270492][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  180.279654][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  180.289053][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  180.298632][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  180.308249][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  180.320841][ T7098] device veth1_macvtap entered promiscuous mode
20:45:41 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
dup3(r0, r1, 0x0)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = dup2(r2, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

[  180.385741][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  180.403107][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  180.425006][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  180.443151][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  180.451945][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.591646][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  180.599773][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.616882][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.639791][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  180.649182][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  180.667395][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  180.678965][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
20:45:41 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

[  180.702405][ T7098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  180.755710][ T7098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.779466][ T7098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  180.811274][ T7098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.829778][ T7098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.851727][ T7193] device veth0_macvtap entered promiscuous mode
[  180.891998][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  180.905235][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  180.924581][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  180.941278][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  180.951443][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  180.966391][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  180.974948][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  180.986887][ T7448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  181.005989][ T7193] device veth1_macvtap entered promiscuous mode
[  181.023590][ T7436] 8021q: adding VLAN 0 to HW filter on device batadv0
20:45:41 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

[  181.044070][ T7098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  181.059593][ T7098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.082093][ T7098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  181.095212][ T7098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.108143][ T7098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  181.133995][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  181.144726][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  181.189658][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  181.209350][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.221306][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  181.247063][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.273214][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  181.296500][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.350420][ T7193] batman_adv: batadv0: Interface activated: batadv_slave_0
20:45:42 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

[  181.414081][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  181.448939][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  181.495333][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  181.507296][ T2598] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  181.544569][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  181.569254][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
20:45:42 executing program 1:
r0 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
socket(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc, 0x1, 'ingress\x00'}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x21b5}]}, 0x38}}, 0x0)
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x30}}, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

[  181.603800][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  181.638843][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.664876][ T7193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  181.681594][ T7193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  181.695661][ T7193] batman_adv: batadv0: Interface activated: batadv_slave_1
[  181.772479][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  181.784403][    C0] hrtimer: interrupt took 65346 ns
[  181.794123][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  181.817020][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  181.826265][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  181.837251][ T7448] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.966134][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  181.993303][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  182.006832][ T7436] device veth0_vlan entered promiscuous mode
[  182.102753][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  182.110708][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  182.148300][ T7436] device veth1_vlan entered promiscuous mode
[  182.294013][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  182.309771][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  182.326858][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  182.338730][ T2629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  182.368454][ T7436] device veth0_macvtap entered promiscuous mode
[  182.387151][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  182.403731][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  182.412886][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  182.428238][ T7436] device veth1_macvtap entered promiscuous mode
[  182.487466][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  182.497805][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  182.508334][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  182.519004][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  182.531508][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.544330][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  182.555755][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.567622][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  182.582524][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.603296][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  182.615075][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.627836][ T7436] batman_adv: batadv0: Interface activated: batadv_slave_0
[  182.640556][ T7448] device veth0_vlan entered promiscuous mode
[  182.649160][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  182.657328][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  182.665974][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  182.675242][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  182.686914][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  182.700207][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.710626][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  182.721837][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.731742][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  182.746168][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.756448][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  182.767177][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.778830][ T7436] batman_adv: batadv0: Interface activated: batadv_slave_1
20:45:43 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, r1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20:45:43 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

[  182.801468][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  182.810431][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  182.828011][ T7448] device veth1_vlan entered promiscuous mode
[  183.057221][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  183.155114][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  183.215938][ T7448] device veth0_macvtap entered promiscuous mode
20:45:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000640)={0x2, 0x0, 0x1d, 0x0, 0x0, 0x0})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000100)={0x0, 0x20})
setpgid(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  183.296551][ T7448] device veth1_macvtap entered promiscuous mode
[  183.422564][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  183.512036][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.545690][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  183.581036][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.614104][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  183.641555][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.668038][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  183.688528][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.707320][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  183.721220][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.748523][ T7448] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.831727][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  183.848794][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  183.878460][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  183.906426][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  183.947318][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  183.974109][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.990782][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  184.002423][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.028248][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  184.039905][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.050655][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  184.071996][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.082656][ T7448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  184.093774][ T7448] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.106286][ T7448] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.122982][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  184.133790][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
20:45:45 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008060001080006040001aaaaaaaaaac946000000bbbbbbbbbbbbac1414aa"], 0x0)

20:45:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000180)="7a867d1907a680a2b2f984866b67619f26ae5521dbcaca0fb6b3acf575d3ef43734f3f6c6307533e60d312c949fd4a645909", 0x32}], 0x1}, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x4)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mremap(&(0x7f0000ff2000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)

20:45:45 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x121402)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
writev(r0, &(0x7f0000000840)=[{&(0x7f0000000380)="2074a151edc95dcf38f48cc099e23dcb34e0d46aba62c2ae465baaa08e8eba4b4c96c474ad71f395754ce71338e0d1fe05ec17bd9941525f685184c8c6d70a7480af84924ffe4a32fe1b16307545ba437a95988833414e70", 0x58}], 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f0000000a00)={0x0, 0x989680}, 0x0, 0x0)

20:45:45 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

20:45:45 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, r1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20:45:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000640)={0x2, 0x0, 0x1d, 0x0, 0x0, 0x0})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000100)={0x0, 0x20})
setpgid(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20:45:45 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7], 0x0, 0x0}, 0x0, 0x1, 0x0, 0x0, 0x7, 0x24c20082, r3})

[  184.556981][ T8292] ------------[ cut here ]------------
[  184.562716][ T8292] kernel BUG at arch/x86/kvm/mmu/mmu.c:3719!
[  184.570897][ T8292] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  184.577032][ T8292] CPU: 0 PID: 8292 Comm: syz-executor.1 Not tainted 5.7.0-rc7-next-20200529-syzkaller #0
[  184.586830][ T8292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  184.596899][ T8292] RIP: 0010:kvm_mmu_load+0xbfa/0xe00
[  184.602186][ T8292] Code: ac 23 99 00 48 8b 44 24 08 e9 cf f5 ff ff e8 6d 23 99 00 e9 b7 f4 ff ff 4c 89 f7 e8 90 23 99 00 e9 78 f4 ff ff e8 56 1a 5a 00 <0f> 0b 48 89 df e8 7c 23 99 00 e9 7e f8 ff ff e8 72 23 99 00 e9 c4
[  184.623531][ T8292] RSP: 0018:ffffc90017617b30 EFLAGS: 00010212
[  184.629606][ T8292] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90005c19000
[  184.637580][ T8292] RDX: 0000000000009e9c RSI: ffffffff8118e14a RDI: 0000000000000001
[  184.645987][ T8292] RBP: ffff888052b68140 R08: ffff888058ec82c0 R09: ffffed1015cc719c
20:45:45 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7], 0x0, 0x0}, 0x0, 0x1, 0x0, 0x0, 0x7, 0x24c20082, r3})

[  184.653967][ T8292] R10: ffff8880ae638cdb R11: ffffed1015cc719b R12: 0000000000000000
[  184.661940][ T8292] R13: 0000000000000001 R14: ffff888052b68558 R15: 0000000000000000
[  184.669921][ T8292] FS:  00007fed3347f700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  184.678976][ T8292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.685566][ T8292] CR2: 00007f64330fe000 CR3: 00000000884f2000 CR4: 00000000001426f0
[  184.693551][ T8292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  184.701529][ T8292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  184.709512][ T8292] Call Trace:
[  184.712816][ T8292]  ? update_cr8_intercept+0x1c1/0x2a0
[  184.718206][ T8292]  kvm_arch_vcpu_ioctl_run+0x4016/0x68d0
[  184.723865][ T8292]  ? kvm_arch_vcpu_runnable+0x6c0/0x6c0
[  184.729419][ T8292]  ? lock_downgrade+0x840/0x840
[  184.734284][ T8292]  ? rcu_read_lock_held_common+0xa0/0xa0
[  184.739927][ T8292]  ? check_preemption_disabled+0x38/0x220
[  184.745659][ T8292]  ? kvm_vcpu_ioctl+0x467/0xe10
[  184.750525][ T8292]  kvm_vcpu_ioctl+0x467/0xe10
[  184.755214][ T8292]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[  184.761636][ T8292]  ? ioctl_file_clone+0x180/0x180
[  184.766674][ T8292]  ? check_preemption_disabled+0x38/0x220
[  184.772761][ T8292]  ? __fget_files+0x299/0x400
[  184.777453][ T8292]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[  184.783882][ T8292]  ksys_ioctl+0x11a/0x180
[  184.788223][ T8292]  __x64_sys_ioctl+0x6f/0xb0
[  184.792818][ T8292]  do_syscall_64+0x60/0xe0
[  184.797271][ T8292]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  184.803268][ T8292] RIP: 0033:0x45cb19
[  184.807165][ T8292] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  184.826769][ T8292] RSP: 002b:00007fed3347ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  184.835194][ T8292] RAX: ffffffffffffffda RBX: 00000000004e8a00 RCX: 000000000045cb19
[  184.843165][ T8292] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  184.851140][ T8292] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
20:45:45 executing program 0:
syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffc00003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000140)={[{@fat=@debug='debug'}]})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xd1ef17782b5438d1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r0)

20:45:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setpgid(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  184.859114][ T8292] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  184.867090][ T8292] R13: 00000000000003d0 R14: 00000000004c68ae R15: 00007fed3347f6d4
[  184.875070][ T8292] Modules linked in:
20:45:45 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, r1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20:45:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000640)={0x2, 0x0, 0x1d, 0x0, 0x0, 0x0})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x80005})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="ea0010e800440f20c066350e000000440f22c00f21720f21c1c3f40f3803760f650f01c26a06ea00005600", 0x2b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000100)={0x0, 0x20})
setpgid(0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20:45:45 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7], 0x0, 0x0}, 0x0, 0x1, 0x0, 0x0, 0x7, 0x24c20082, r3})

[  185.212417][ T8279] debugfs: Directory '8279-4' with parent 'kvm' already present!
[  185.348384][ T8292] ---[ end trace 29bbc4235dfbfec9 ]---
[  185.362982][ T8292] RIP: 0010:kvm_mmu_load+0xbfa/0xe00
[  185.368657][ T8292] Code: ac 23 99 00 48 8b 44 24 08 e9 cf f5 ff ff e8 6d 23 99 00 e9 b7 f4 ff ff 4c 89 f7 e8 90 23 99 00 e9 78 f4 ff ff e8 56 1a 5a 00 <0f> 0b 48 89 df e8 7c 23 99 00 e9 7e f8 ff ff e8 72 23 99 00 e9 c4
[  185.394120][ T8292] RSP: 0018:ffffc90017617b30 EFLAGS: 00010212
[  185.400733][ T8292] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90005c19000
[  185.409954][ T8292] RDX: 0000000000009e9c RSI: ffffffff8118e14a RDI: 0000000000000001
[  185.420972][ T8292] RBP: ffff888052b68140 R08: ffff888058ec82c0 R09: ffffed1015cc719c
[  185.430150][ T8292] R10: ffff8880ae638cdb R11: ffffed1015cc719b R12: 0000000000000000
[  185.462217][ T8292] R13: 0000000000000001 R14: ffff888052b68558 R15: 0000000000000000
[  185.470233][ T8292] FS:  00007fed3347f700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  185.480028][ T8292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  185.486698][ T8292] CR2: 00007fffc51f9587 CR3: 00000000884f2000 CR4: 00000000001426f0
[  185.495375][ T8292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  185.503570][ T8292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  185.511710][ T8292] Kernel panic - not syncing: Fatal exception
[  185.519327][ T8292] Kernel Offset: disabled
[  185.523655][ T8292] Rebooting in 86400 seconds..