[   29.091031] audit: type=1800 audit(1544355615.514:27): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   29.113535] audit: type=1800 audit(1544355615.514:28): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.758093] audit: type=1800 audit(1544355616.254:29): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.778677] audit: type=1800 audit(1544355616.254:30): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
2018/12/09 11:40:24 fuzzer started
2018/12/09 11:40:26 dialing manager at 10.128.0.26:38367
2018/12/09 11:40:31 syscalls: 1
2018/12/09 11:40:31 code coverage: enabled
2018/12/09 11:40:31 comparison tracing: enabled
2018/12/09 11:40:31 setuid sandbox: enabled
2018/12/09 11:40:31 namespace sandbox: enabled
2018/12/09 11:40:31 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/09 11:40:31 fault injection: enabled
2018/12/09 11:40:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/09 11:40:31 net packet injection: enabled
2018/12/09 11:40:31 net device setup: enabled
11:41:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x400)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x4fffffe, 0x400000000000002, 0x3, 0x0, 0x0, 0x4}, 0x20)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
r2 = semget(0xffffffffffffffff, 0x7, 0x200)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
semtimedop(r2, &(0x7f00000001c0)=[{}], 0x1, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000001700))
dup(0xffffffffffffffff)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0)
getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000100), &(0x7f0000000140)=0x8)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000469ffc), 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x0, 0x0)
ioctl(r3, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240")
recvmsg(0xffffffffffffffff, 0x0, 0x40002102)
ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x2005ee)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0x7)
add_key$keyring(0x0, &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0x0)
lstat(0x0, 0x0)

syzkaller login: [  129.923569] IPVS: ftp: loaded support on port[0] = 21
11:41:56 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000), 0xc, &(0x7f00006bcff0)={&(0x7f000075b000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x3}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x1}}]}, 0x2c}}, 0x0)

[  130.200050] IPVS: ftp: loaded support on port[0] = 21
11:41:56 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="960f33"])
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000a00)=""/71, 0x47}, {&(0x7f0000000b80)=""/77, 0x4d}, {0x0}, {&(0x7f0000000c80)=""/163, 0xa3}, {0x0}], 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  130.502300] IPVS: ftp: loaded support on port[0] = 21
11:41:57 executing program 3:
socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$unix(0x1, 0x805, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x2)
getsockname(r1, &(0x7f0000000000)=@nfc_llcp, &(0x7f0000000080)=0x80)

[  131.072188] IPVS: ftp: loaded support on port[0] = 21
11:41:57 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf617732743e397b89f26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="700000000000000005000000000000000200000000000000000003"], 0x1b)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800002, 0x12, r1, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000000))

[  131.373525] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.388696] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.396684] device bridge_slave_0 entered promiscuous mode
[  131.559930] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.572508] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.589801] device bridge_slave_1 entered promiscuous mode
[  131.698124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  131.714719] IPVS: ftp: loaded support on port[0] = 21
[  131.842838] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
11:41:58 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

[  132.258411] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.283772] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.291167] device bridge_slave_0 entered promiscuous mode
[  132.333840] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  132.348367] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.383933] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.391231] device bridge_slave_0 entered promiscuous mode
[  132.391348] IPVS: ftp: loaded support on port[0] = 21
[  132.460727] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  132.488568] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.497710] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.516699] device bridge_slave_1 entered promiscuous mode
[  132.564918] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.571293] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.593807] device bridge_slave_1 entered promiscuous mode
[  132.625812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  132.699649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  132.772711] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  132.825954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  133.102152] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  133.125013] team0: Port device team_slave_0 added
[  133.193125] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  133.209183] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.234992] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.253932] device bridge_slave_0 entered promiscuous mode
[  133.270162] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  133.336738] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  133.344646] team0: Port device team_slave_1 added
[  133.353267] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  133.376495] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.389092] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.410618] device bridge_slave_1 entered promiscuous mode
[  133.428028] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  133.481016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  133.494935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  133.507782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  133.535669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  133.567356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  133.578848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  133.627664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.708292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  133.719633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  133.728262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  133.747837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  133.800749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  133.824311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  133.832304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  134.033874] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.040231] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.065026] device bridge_slave_0 entered promiscuous mode
[  134.104320] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  134.127109] team0: Port device team_slave_0 added
[  134.136376] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  134.145717] team0: Port device team_slave_0 added
[  134.153625] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.162857] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.170927] device bridge_slave_1 entered promiscuous mode
[  134.181889] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  134.256912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  134.301479] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  134.309989] team0: Port device team_slave_1 added
[  134.318495] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  134.338868] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  134.354858] team0: Port device team_slave_1 added
[  134.394229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  134.434045] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  134.442973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  134.454356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  134.463969] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  134.473709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  134.485923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  134.492777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  134.514480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  134.610775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  134.646293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  134.665033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  134.673428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  134.702544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  134.722998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.731589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  134.773174] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.784521] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.803773] device bridge_slave_0 entered promiscuous mode
[  134.816987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  134.842012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.859312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  134.880074] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  134.899349] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  134.918903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  134.938573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  134.975535] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.981887] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.991310] device bridge_slave_1 entered promiscuous mode
[  135.000411] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  135.018316] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  135.035101] team0: Port device team_slave_0 added
[  135.040189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  135.049034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  135.082897] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  135.162990] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  135.191658] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  135.215520] team0: Port device team_slave_1 added
[  135.223059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  135.247094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  135.271420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  135.293138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  135.336597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  135.354218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  135.384507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  135.399111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  135.414247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  135.422022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  135.449622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  135.515828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  135.523188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  135.531656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  135.577348] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.583883] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.590880] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.597319] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.605423] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  135.664491] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  135.671609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  135.681392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  135.771242] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  135.792393] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  135.813410] team0: Port device team_slave_0 added
[  135.914381] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  135.947294] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  135.968512] team0: Port device team_slave_1 added
[  135.975249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  136.045361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  136.054530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  136.077801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  136.094265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  136.110146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  136.174139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  136.181936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  136.216631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  136.223469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  136.250344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  136.364896] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  136.372063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  136.389357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  136.471256] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.477682] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.484435] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.490803] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.534763] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  136.548050] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  136.556584] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.562950] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.569707] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.576114] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.585552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  136.600806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  136.624757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  136.636977] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  136.664448] team0: Port device team_slave_0 added
[  136.819424] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  136.835613] team0: Port device team_slave_1 added
[  136.974939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  136.984564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  137.007760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  137.025147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  137.035659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  137.134553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  137.141471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  137.164318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  137.285591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  137.292786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  137.301898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  137.363534] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.369931] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.376672] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.383041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.409148] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  137.419328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  137.439773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  137.454363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  137.992593] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.999111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.005816] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.012189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.029650] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  138.036885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  138.047817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  138.779969] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.786506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.793175] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.799595] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.815021] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  139.054764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  140.867231] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.365305] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  141.714248] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.841108] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  141.864230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.879529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.006376] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.184590] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.334823] 8021q: adding VLAN 0 to HW filter on device team0
[  142.485284] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.524079] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.640364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  142.673789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.683855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.939964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.956727] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  142.962860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.974568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  143.084219] 8021q: adding VLAN 0 to HW filter on device team0
[  143.124049] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.362844] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  143.383085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  143.401344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  143.531431] 8021q: adding VLAN 0 to HW filter on device team0
[  143.676900] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  143.805817] 8021q: adding VLAN 0 to HW filter on device team0
[  143.834706] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.154985] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  144.161142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.169508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.270897] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  144.634232] 8021q: adding VLAN 0 to HW filter on device team0
[  144.735360] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  144.741511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.754663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.150010] 8021q: adding VLAN 0 to HW filter on device team0
[  145.415334] hrtimer: interrupt took 43457 ns
11:42:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

[  145.657016] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  145.919103] netlink: 'syz-executor1': attribute type 21 has an invalid length.
[  145.940986] netlink: 'syz-executor1': attribute type 1 has an invalid length.
11:42:12 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000), 0xc, &(0x7f00006bcff0)={&(0x7f000075b000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x3}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x1}}]}, 0x2c}}, 0x0)

11:42:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

[  146.094759] netlink: 'syz-executor1': attribute type 21 has an invalid length.
[  146.123782] netlink: 'syz-executor1': attribute type 1 has an invalid length.
11:42:12 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000), 0xc, &(0x7f00006bcff0)={&(0x7f000075b000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x3}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x1}}]}, 0x2c}}, 0x0)

[  146.311232] netlink: 'syz-executor1': attribute type 21 has an invalid length.
[  146.344087] netlink: 'syz-executor1': attribute type 1 has an invalid length.
11:42:12 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000), 0xc, &(0x7f00006bcff0)={&(0x7f000075b000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x3}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x1}}]}, 0x2c}}, 0x0)

11:42:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

[  146.504903] netlink: 'syz-executor1': attribute type 21 has an invalid length.
[  146.547156] netlink: 'syz-executor1': attribute type 1 has an invalid length.
11:42:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

11:42:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

11:42:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="960f33"])
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000a00)=""/71, 0x47}, {&(0x7f0000000b80)=""/77, 0x4d}, {0x0}, {&(0x7f0000000c80)=""/163, 0xa3}, {0x0}], 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

11:42:13 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r2 = openat$cgroup_int(r0, &(0x7f0000000380)="696f2e6d617800f0eacd25d4282f3b6be68b884775cd28280d7651a23adc46b2de6ed9bcf821eb2f84f5604462627d04bae5ed763eab6e02353248942ebe645d4fd335d78f0dd9ad6ef8eb0a2c342c8846e3b05a30f78a5c7da5", 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='7:2\t'], 0x4)

11:42:14 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

11:42:17 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:17 executing program 3:
socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$unix(0x1, 0x805, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x2)
getsockname(r1, &(0x7f0000000000)=@nfc_llcp, &(0x7f0000000080)=0x80)

11:42:17 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = dup(r0)
connect$can_bcm(r1, &(0x7f0000000400), 0x10)

11:42:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000100)={0x7}, 0x7)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pipe(0x0)
ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000680)=@sack_info={0x0, 0x0, 0x3}, 0x0)

11:42:17 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf617732743e397b89f26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="700000000000000005000000000000000200000000000000000003"], 0x1b)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800002, 0x12, r1, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000000))

11:42:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="960f33"])
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000a00)=""/71, 0x47}, {&(0x7f0000000b80)=""/77, 0x4d}, {0x0}, {&(0x7f0000000c80)=""/163, 0xa3}, {0x0}], 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

11:42:17 executing program 3:
socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$unix(0x1, 0x805, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x2)
getsockname(r1, &(0x7f0000000000)=@nfc_llcp, &(0x7f0000000080)=0x80)

11:42:17 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:17 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf617732743e397b89f26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="700000000000000005000000000000000200000000000000000003"], 0x1b)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800002, 0x12, r1, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000000))

11:42:17 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = dup(r0)
connect$can_bcm(r1, &(0x7f0000000400), 0x10)

11:42:17 executing program 3:
socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$unix(0x1, 0x805, 0x0)
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1}, 0x2)
getsockname(r1, &(0x7f0000000000)=@nfc_llcp, &(0x7f0000000080)=0x80)

11:42:17 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:17 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = dup(r0)
connect$can_bcm(r1, &(0x7f0000000400), 0x10)

11:42:17 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf617732743e397b89f26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="700000000000000005000000000000000200000000000000000003"], 0x1b)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800002, 0x12, r1, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000000))

11:42:17 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:17 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = dup(r0)
connect$can_bcm(r1, &(0x7f0000000400), 0x10)

11:42:17 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="960f33"])
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000a00)=""/71, 0x47}, {&(0x7f0000000b80)=""/77, 0x4d}, {0x0}, {&(0x7f0000000c80)=""/163, 0xa3}, {0x0}], 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

11:42:17 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

11:42:18 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x7c}, [@ldst={0x7, 0x80ffff}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)

11:42:18 executing program 4:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
clone(0x150f00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$sock_inet_SIOCRTMSG(r0, 0x40096102, 0x0)

11:42:18 executing program 0:
perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0xe, 0x0, 0x0, 0x700, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffff06}]}, 0x70}}, 0x0)

11:42:18 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = gettid()
clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r2 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e590704894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa2aa505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd68c5bd0c9dce09627928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c000000", 0x0)
write$binfmt_elf32(r2, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3e, 0x0, 0x0, 0x38}, [{}]}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ptrace(0x10, r1)

[  151.907316] ==================================================================
[  151.914990] BUG: KASAN: use-after-free in task_is_descendant.part.3+0x610/0x670
[  151.922466] Read of size 8 at addr ffff8881d852e920 by task syz-executor3/7774
[  151.929820] 
[  151.931465] CPU: 1 PID: 7774 Comm: syz-executor3 Not tainted 4.20.0-rc5+ #147
[  151.938752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  151.948106] Call Trace:
[  151.950705]  dump_stack+0x244/0x39d
[  151.954362]  ? dump_stack_print_info.cold.1+0x20/0x20
[  151.959558]  ? printk+0xa7/0xcf
[  151.962845]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  151.967624]  print_address_description.cold.7+0x9/0x1ff
[  151.973021]  kasan_report.cold.8+0x242/0x309
[  151.977442]  ? task_is_descendant.part.3+0x610/0x670
[  151.982567]  __asan_report_load8_noabort+0x14/0x20
[  151.987509]  task_is_descendant.part.3+0x610/0x670
[  151.992463]  ? yama_relation_cleanup+0x500/0x500
[  151.997244]  ? check_preemption_disabled+0x48/0x280
[  152.002278]  ? kasan_check_read+0x11/0x20
[  152.006471]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  152.011758]  ? rcu_softirq_qs+0x20/0x20
[  152.015742]  ? find_held_lock+0x36/0x1c0
[  152.019823]  yama_ptrace_access_check+0x215/0x10fc
[  152.024768]  ? check_preemption_disabled+0x48/0x280
[  152.029792]  ? task_is_descendant.part.3+0x670/0x670
[  152.034915]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  152.039855]  ? kasan_check_read+0x11/0x20
[  152.044022]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  152.049310]  ? rcu_softirq_qs+0x20/0x20
[  152.053327]  ? cap_ptrace_access_check+0x2cc/0x6b0
[  152.058268]  ? __ptrace_may_access+0x46b/0x950
[  152.062868]  ? cap_ptrace_traceme+0x6b0/0x6b0
[  152.067375]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  152.072312]  ? kasan_check_read+0x11/0x20
[  152.076480]  ? rcu_softirq_qs+0x20/0x20
[  152.080478]  security_ptrace_access_check+0x54/0xb0
[  152.085508]  __ptrace_may_access+0x564/0x950
[  152.089924]  ? ptrace_setsiginfo+0x1a0/0x1a0
[  152.094349]  ? rcu_softirq_qs+0x20/0x20
[  152.098340]  ptrace_attach+0x1fa/0x640
[  152.102241]  __x64_sys_ptrace+0x229/0x260
[  152.106436]  do_syscall_64+0x1b9/0x820
[  152.110364]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  152.115750]  ? syscall_return_slowpath+0x5e0/0x5e0
[  152.120691]  ? trace_hardirqs_on_caller+0x310/0x310
[  152.125715]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  152.130773]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[  152.137449]  ? __switch_to_asm+0x40/0x70
[  152.141523]  ? __switch_to_asm+0x34/0x70
[  152.145602]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  152.150467]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  152.155658] RIP: 0033:0x457659
[  152.158857] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  152.177766] RSP: 002b:00007fe21cf74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  152.185493] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457659
[  152.192770] RDX: 0000000000000000 RSI: 0000000000000110 RDI: 0000000000000010
[  152.200040] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  152.207338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe21cf756d4
[  152.214641] R13: 00000000004c3917 R14: 00000000004d5b90 R15: 00000000ffffffff
[  152.221945] 
[  152.223603] Allocated by task 6130:
[  152.227233]  save_stack+0x43/0xd0
[  152.230686]  kasan_kmalloc+0xc7/0xe0
[  152.234403]  kasan_slab_alloc+0x12/0x20
[  152.238382]  kmem_cache_alloc_node+0x144/0x730
[  152.243000]  copy_process+0x2026/0x87a0
[  152.246995]  _do_fork+0x1cb/0x11d0
[  152.250551]  __x64_sys_clone+0xbf/0x150
[  152.254543]  do_syscall_64+0x1b9/0x820
[  152.258433]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  152.263619] 
[  152.265250] Freed by task 7776:
[  152.268538]  save_stack+0x43/0xd0
[  152.272004]  __kasan_slab_free+0x102/0x150
[  152.276248]  kasan_slab_free+0xe/0x10
[  152.280057]  kmem_cache_free+0x83/0x290
[  152.284039]  free_task+0x16e/0x1f0
[  152.287583]  __put_task_struct+0x2e6/0x620
[  152.291823]  delayed_put_task_struct+0x2ff/0x4c0
[  152.296601]  rcu_process_callbacks+0x100a/0x1ac0
[  152.301362]  __do_softirq+0x308/0xb7e
[  152.305157] 
[  152.306801] The buggy address belongs to the object at ffff8881d852e440
[  152.306801]  which belongs to the cache task_struct(65:syz3) of size 6080
[  152.320332] The buggy address is located 1248 bytes inside of
[  152.320332]  6080-byte region [ffff8881d852e440, ffff8881d852fc00)
[  152.332407] The buggy address belongs to the page:
[  152.337342] page:ffffea0007614b80 count:1 mapcount:0 mapping:ffff8881cdd3e500 index:0x0 compound_mapcount: 0
[  152.347333] flags: 0x2fffc0000010200(slab|head)
[  152.352011] raw: 02fffc0000010200 ffffea00064f9f88 ffffea0007049288 ffff8881cdd3e500
[  152.359921] raw: 0000000000000000 ffff8881d852e440 0000000100000001 ffff8881d2f64080
[  152.367807] page dumped because: kasan: bad access detected
[  152.373517] page->mem_cgroup:ffff8881d2f64080
[  152.378008] 
[  152.379650] Memory state around the buggy address:
[  152.384581]  ffff8881d852e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.391959]  ffff8881d852e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.399325] >ffff8881d852e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.407216]                                ^
[  152.411628]  ffff8881d852e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.419014]  ffff8881d852ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.426434] ==================================================================
[  152.433791] Disabling lock debugging due to kernel taint
[  152.439685] Kernel panic - not syncing: panic_on_warn set ...
[  152.445609] CPU: 1 PID: 7774 Comm: syz-executor3 Tainted: G    B             4.20.0-rc5+ #147
[  152.454274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  152.463637] Call Trace:
[  152.466230]  dump_stack+0x244/0x39d
[  152.469884]  ? dump_stack_print_info.cold.1+0x20/0x20
[  152.475087]  panic+0x2ad/0x55c
[  152.478285]  ? add_taint.cold.5+0x16/0x16
[  152.482439]  ? trace_hardirqs_on+0xb4/0x310
[  152.486772]  kasan_end_report+0x47/0x4f
[  152.490755]  kasan_report.cold.8+0x76/0x309
[  152.495086]  ? task_is_descendant.part.3+0x610/0x670
[  152.500201]  __asan_report_load8_noabort+0x14/0x20
[  152.505137]  task_is_descendant.part.3+0x610/0x670
[  152.510076]  ? yama_relation_cleanup+0x500/0x500
[  152.514843]  ? check_preemption_disabled+0x48/0x280
[  152.519883]  ? kasan_check_read+0x11/0x20
[  152.524040]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  152.529323]  ? rcu_softirq_qs+0x20/0x20
[  152.533307]  ? find_held_lock+0x36/0x1c0
[  152.537383]  yama_ptrace_access_check+0x215/0x10fc
[  152.542327]  ? check_preemption_disabled+0x48/0x280
[  152.547355]  ? task_is_descendant.part.3+0x670/0x670
[  152.552486]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  152.557420]  ? kasan_check_read+0x11/0x20
[  152.561580]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  152.566864]  ? rcu_softirq_qs+0x20/0x20
[  152.570854]  ? cap_ptrace_access_check+0x2cc/0x6b0
[  152.575794]  ? __ptrace_may_access+0x46b/0x950
[  152.580389]  ? cap_ptrace_traceme+0x6b0/0x6b0
[  152.584908]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  152.589844]  ? kasan_check_read+0x11/0x20
[  152.593999]  ? rcu_softirq_qs+0x20/0x20
[  152.597992]  security_ptrace_access_check+0x54/0xb0
[  152.603018]  __ptrace_may_access+0x564/0x950
[  152.607441]  ? ptrace_setsiginfo+0x1a0/0x1a0
[  152.611856]  ? rcu_softirq_qs+0x20/0x20
[  152.615839]  ptrace_attach+0x1fa/0x640
[  152.619738]  __x64_sys_ptrace+0x229/0x260
[  152.623898]  do_syscall_64+0x1b9/0x820
[  152.627791]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  152.633164]  ? syscall_return_slowpath+0x5e0/0x5e0
[  152.638105]  ? trace_hardirqs_on_caller+0x310/0x310
[  152.643128]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  152.648156]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[  152.654828]  ? __switch_to_asm+0x40/0x70
[  152.658896]  ? __switch_to_asm+0x34/0x70
[  152.662973]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  152.667840]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  152.673035] RIP: 0033:0x457659
[  152.676238] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  152.695143] RSP: 002b:00007fe21cf74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  152.702856] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457659
[  152.710129] RDX: 0000000000000000 RSI: 0000000000000110 RDI: 0000000000000010
[  152.717404] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  152.724676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe21cf756d4
[  152.731956] R13: 00000000004c3917 R14: 00000000004d5b90 R15: 00000000ffffffff
[  152.740231] Kernel Offset: disabled
[  152.743852] Rebooting in 86400 seconds..