[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. 2020/09/15 21:56:36 fuzzer started 2020/09/15 21:56:36 dialing manager at 10.128.0.26:35991 2020/09/15 21:56:37 syscalls: 3335 2020/09/15 21:56:37 code coverage: enabled 2020/09/15 21:56:37 comparison tracing: enabled 2020/09/15 21:56:37 extra coverage: enabled 2020/09/15 21:56:37 setuid sandbox: enabled 2020/09/15 21:56:37 namespace sandbox: enabled 2020/09/15 21:56:37 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/15 21:56:37 fault injection: enabled 2020/09/15 21:56:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/15 21:56:37 net packet injection: enabled 2020/09/15 21:56:37 net device setup: enabled 2020/09/15 21:56:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/15 21:56:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/15 21:56:37 USB emulation: enabled 2020/09/15 21:56:37 hci packet injection: enabled 21:58:23 executing program 0: request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000200), 0xfffffffffffffffd) 21:58:23 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() read$alg(0xffffffffffffffff, 0x0, 0x0) 21:58:23 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r1) close(0x3) close(0x4) 21:58:23 executing program 3: syz_emit_ethernet(0xb6, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@rr={0x6, 0x5}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x400000000000033e, 0x0, 0x0, 0x0, 0x0, {[@generic={0x0, 0x4, "b7"}, @mss={0x5, 0x4}, @fastopen={0x4, 0x8, "2c326560060e"}, @fastopen={0x8, 0xa, "cc75182e5bb785"}, @mptcp=@capable={0x5, 0xc}, @fastopen={0x22, 0x7, "985f1dc2bf"}, @mptcp=@mp_join={0x1e, 0x3}, @mptcp=@syn={0x1e, 0xc}]}}}}}}}, 0x0) 21:58:24 executing program 4: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000000)={[{@fat=@time_offset={'time_offset'}}]}) 21:58:24 executing program 5: sched_getparam(0x0, &(0x7f00000000c0)) syzkaller login: [ 172.798601][ T6863] IPVS: ftp: loaded support on port[0] = 21 [ 172.969175][ T6865] IPVS: ftp: loaded support on port[0] = 21 [ 173.107982][ T6863] chnl_net:caif_netlink_parms(): no params data found [ 173.272756][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 173.330905][ T6863] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.339809][ T6863] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.349622][ T6863] device bridge_slave_0 entered promiscuous mode [ 173.392177][ T6863] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.399263][ T6863] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.433238][ T6863] device bridge_slave_1 entered promiscuous mode [ 173.491579][ T6865] chnl_net:caif_netlink_parms(): no params data found [ 173.536967][ T6863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.560161][ T6869] IPVS: ftp: loaded support on port[0] = 21 [ 173.597262][ T6863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.759650][ T6863] team0: Port device team_slave_0 added [ 173.769240][ T6871] IPVS: ftp: loaded support on port[0] = 21 [ 173.787085][ T6863] team0: Port device team_slave_1 added [ 173.847198][ T6863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.874753][ T6863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.911982][ T6863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.992701][ T6863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.999678][ T6863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.026883][ T6863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.040017][ T6865] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.053909][ T6865] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.062840][ T6865] device bridge_slave_0 entered promiscuous mode [ 174.084117][ T6884] IPVS: ftp: loaded support on port[0] = 21 [ 174.135211][ T6865] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.147352][ T6865] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.155891][ T6865] device bridge_slave_1 entered promiscuous mode [ 174.215241][ T6863] device hsr_slave_0 entered promiscuous mode [ 174.222074][ T6863] device hsr_slave_1 entered promiscuous mode [ 174.244815][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 174.269507][ T6865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.315867][ T6865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.371164][ T6869] chnl_net:caif_netlink_parms(): no params data found [ 174.475086][ T6865] team0: Port device team_slave_0 added [ 174.515606][ T6865] team0: Port device team_slave_1 added [ 174.673317][ T6865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.680293][ T6865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.709999][ T6865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.737215][ T17] Bluetooth: hci0: command 0x0409 tx timeout [ 174.738528][ T6865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.750734][ T6865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.776707][ T6865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.826692][ T6869] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.834588][ T6869] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.844183][ T6869] device bridge_slave_0 entered promiscuous mode [ 174.869547][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.876688][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.887017][ T6867] device bridge_slave_0 entered promiscuous mode [ 174.956280][ T6869] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.966576][ T6869] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.975118][ T17] Bluetooth: hci1: command 0x0409 tx timeout [ 174.983734][ T6869] device bridge_slave_1 entered promiscuous mode [ 174.990953][ T6884] chnl_net:caif_netlink_parms(): no params data found [ 175.005955][ T6865] device hsr_slave_0 entered promiscuous mode [ 175.012890][ T6865] device hsr_slave_1 entered promiscuous mode [ 175.019806][ T6865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 175.027921][ T6865] Cannot create hsr debugfs directory [ 175.033693][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.040765][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.048937][ T6867] device bridge_slave_1 entered promiscuous mode [ 175.089473][ T6871] chnl_net:caif_netlink_parms(): no params data found [ 175.161016][ T6869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.221516][ T7318] Bluetooth: hci2: command 0x0409 tx timeout [ 175.229273][ T6869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.247140][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.263646][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.380610][ T6869] team0: Port device team_slave_0 added [ 175.393480][ T6867] team0: Port device team_slave_0 added [ 175.405181][ T6869] team0: Port device team_slave_1 added [ 175.443388][ T6867] team0: Port device team_slave_1 added [ 175.451792][ T7318] Bluetooth: hci3: command 0x0409 tx timeout [ 175.467799][ T6884] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.480625][ T6884] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.490029][ T6884] device bridge_slave_0 entered promiscuous mode [ 175.499064][ T6863] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 175.541153][ T6884] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.551277][ T6884] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.562707][ T6884] device bridge_slave_1 entered promiscuous mode [ 175.577876][ T6863] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 175.620255][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.628345][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.655942][ T6869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.674682][ T6863] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 175.691522][ T17] Bluetooth: hci4: command 0x0409 tx timeout [ 175.705372][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.712643][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.740013][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.752958][ T6869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.759903][ T6869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.788308][ T6869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.803329][ T6884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.813437][ T6863] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 175.836517][ T6871] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.848195][ T6871] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.856614][ T6871] device bridge_slave_0 entered promiscuous mode [ 175.865352][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.873782][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.900654][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.915912][ T6884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.932298][ T2636] Bluetooth: hci5: command 0x0409 tx timeout [ 175.952395][ T6871] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.959449][ T6871] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.967962][ T6871] device bridge_slave_1 entered promiscuous mode [ 175.989221][ T6884] team0: Port device team_slave_0 added [ 176.000181][ T6884] team0: Port device team_slave_1 added [ 176.100892][ T6869] device hsr_slave_0 entered promiscuous mode [ 176.110940][ T6869] device hsr_slave_1 entered promiscuous mode [ 176.119464][ T6869] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.127402][ T6869] Cannot create hsr debugfs directory [ 176.141067][ T6871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.164976][ T6867] device hsr_slave_0 entered promiscuous mode [ 176.172862][ T6867] device hsr_slave_1 entered promiscuous mode [ 176.181145][ T6867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.190100][ T6867] Cannot create hsr debugfs directory [ 176.200727][ T6884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.209193][ T6884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.240369][ T6884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.254545][ T6871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.296328][ T6884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.303354][ T6884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.330567][ T6884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.361097][ T6865] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 176.411370][ T6865] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 176.465115][ T6871] team0: Port device team_slave_0 added [ 176.486693][ T6865] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 176.509878][ T6871] team0: Port device team_slave_1 added [ 176.525306][ T6865] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 176.544662][ T6884] device hsr_slave_0 entered promiscuous mode [ 176.552733][ T6884] device hsr_slave_1 entered promiscuous mode [ 176.559203][ T6884] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.567619][ T6884] Cannot create hsr debugfs directory [ 176.668931][ T6871] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.676858][ T6871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.706254][ T6871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.762819][ T6871] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.769833][ T6871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.796824][ T6871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.811586][ T17] Bluetooth: hci0: command 0x041b tx timeout [ 176.943199][ T6871] device hsr_slave_0 entered promiscuous mode [ 176.953102][ T6871] device hsr_slave_1 entered promiscuous mode [ 176.959908][ T6871] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.969167][ T6871] Cannot create hsr debugfs directory [ 176.979283][ T6863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.052434][ T7318] Bluetooth: hci1: command 0x041b tx timeout [ 177.092094][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.100868][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.140901][ T6863] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.167333][ T6869] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 177.210778][ T6865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.219196][ T2468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.229574][ T2468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.238703][ T2468] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.246007][ T2468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.278596][ T6869] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 177.308706][ T7318] Bluetooth: hci2: command 0x041b tx timeout [ 177.315460][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.324522][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.334385][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.343205][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.350267][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.368355][ T6869] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 177.410678][ T6869] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 177.421186][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.431638][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.439555][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.448932][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.466053][ T6867] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 177.492096][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.501057][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.511922][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.520706][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.529479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.538714][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.553653][ T6865] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.564212][ T2636] Bluetooth: hci3: command 0x041b tx timeout [ 177.596492][ T6867] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 177.608443][ T6867] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 177.620458][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.655766][ T6867] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 177.686191][ T6863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.699584][ T6863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.712678][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.723319][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.732138][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.739207][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.747870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.757190][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.766141][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.773273][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.781011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.790452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.799024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.808075][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.817561][ T5] Bluetooth: hci4: command 0x041b tx timeout [ 177.830024][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.844962][ T6884] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 177.892906][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.902476][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.910886][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.924686][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.934423][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.951978][ T6884] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 177.992433][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.000979][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.010416][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.025990][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.035127][ T2636] Bluetooth: hci5: command 0x041b tx timeout [ 178.041173][ T6884] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 178.064763][ T6865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.082810][ T6871] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 178.108724][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 178.116530][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 178.128418][ T6863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.136344][ T6884] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 178.163676][ T6871] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 178.217962][ T6865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.225440][ T6871] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 178.253427][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 178.260818][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 178.286586][ T6871] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 178.319318][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 178.329704][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 178.366626][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 178.379808][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 178.461358][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 178.470464][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 178.480176][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 178.489196][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 178.498447][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 178.507291][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 178.516090][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 178.524511][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 178.546020][ T6863] device veth0_vlan entered promiscuous mode [ 178.566504][ T6865] device veth0_vlan entered promiscuous mode [ 178.577290][ T6869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.613818][ T6869] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.629103][ T6865] device veth1_vlan entered promiscuous mode [ 178.638532][ T6863] device veth1_vlan entered promiscuous mode [ 178.646499][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 178.656037][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 178.664593][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.673340][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.747230][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 178.755733][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 178.765089][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.775116][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.783988][ T7318] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.791030][ T7318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.799121][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.808359][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.817375][ T7318] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.824514][ T7318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.835318][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.846743][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.884684][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.897892][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 178.907156][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 178.919997][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.930124][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.952670][ T2636] Bluetooth: hci0: command 0x040f tx timeout [ 179.010719][ T6865] device veth0_macvtap entered promiscuous mode [ 179.030800][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.041201][ T6863] device veth0_macvtap entered promiscuous mode [ 179.050140][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 179.060547][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.068967][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 179.080765][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 179.090444][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 179.108060][ T6865] device veth1_macvtap entered promiscuous mode [ 179.128247][ T6871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.135295][ T7318] Bluetooth: hci1: command 0x040f tx timeout [ 179.144121][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 179.156203][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.165578][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.185030][ T6863] device veth1_macvtap entered promiscuous mode [ 179.215424][ T6871] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.237850][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 179.249647][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.258887][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.266826][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.275562][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.284161][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.292791][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.308923][ T6865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.327209][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.340675][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 179.350304][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.359564][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.370043][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.386030][ T6865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.395117][ T2636] Bluetooth: hci2: command 0x040f tx timeout [ 179.408746][ T6863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 179.420130][ T6863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.431848][ T6863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.447860][ T6869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.473562][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 179.485091][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 179.494723][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 179.507026][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.516695][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.525792][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.536062][ T2636] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.543223][ T2636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.551143][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.560630][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.569661][ T2636] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.576788][ T2636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.588841][ T6863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 179.600884][ T6863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.612507][ T6863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.622166][ T7338] Bluetooth: hci3: command 0x040f tx timeout [ 179.634982][ T6865] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.644027][ T6865] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.653404][ T6865] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.662596][ T6865] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.676940][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.688988][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.697523][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 179.708233][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 179.717919][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.727418][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.736353][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.743514][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.751263][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.778362][ T6863] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.787568][ T6863] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.804890][ T6863] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.815846][ T6863] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.837709][ T6884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.861852][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.870504][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.884054][ T7318] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.891104][ T7318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.899129][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.908114][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.917428][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.926314][ T7318] Bluetooth: hci4: command 0x040f tx timeout [ 179.947970][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 179.957296][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.966062][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.977670][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.988823][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.007817][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.020287][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.066067][ T6869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.076136][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.085389][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.095164][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.102082][ T2636] Bluetooth: hci5: command 0x040f tx timeout [ 180.104508][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.117668][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.126603][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.135669][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.144399][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.153324][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.169642][ T6867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.183918][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.252798][ T6884] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.272071][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.280848][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.303989][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.319875][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.327933][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.347048][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.379850][ T6871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.418787][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 21:58:32 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e000d000000e8bd6efb250309000e000100240248ff050005001201", 0x2e}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x368, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb92e0a480e000d00000009000e00390340d5ae7d0200ff050005", 0x2e}], 0x1}, 0x80) [ 180.442825][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.451324][ T2636] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.458590][ T2636] bridge0: port 1(bridge_slave_0) entered forwarding state 21:58:32 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCADDRT(r0, 0x8981, &(0x7f0000000040)={0x0, @ax25={0x3, @bcast}, @rc={0x1f, @fixed}, @ipx={0x4, 0x0, 0x0, "00006a8f0100"}, 0x0, 0x80fe, 0x0, 0x600}) [ 180.572508][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.585164][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 180.619514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 180.638500][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.655225][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.664301][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.671415][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.679817][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.690662][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.707565][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.728043][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.748239][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.764576][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.795228][ T8181] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.803275][ T8181] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.816180][ T8181] device bridge0 entered promiscuous mode 21:58:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140)='gtp\x00') sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}]}, 0x1c}}, 0x0) [ 180.963657][ T8185] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. [ 180.981977][ T8185] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.989082][ T8185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.996621][ T8185] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.003773][ T8185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.042072][ T8185] device bridge0 left promiscuous mode [ 181.049894][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.069671][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 21:58:32 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) getsockopt$inet_int(r1, 0x0, 0x31, 0x0, &(0x7f0000000300)) [ 181.095662][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 181.126366][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.143809][ T2636] Bluetooth: hci0: command 0x0419 tx timeout 21:58:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000100), &(0x7f0000000180)=0x8) [ 181.220646][ T5] Bluetooth: hci1: command 0x0419 tx timeout 21:58:32 executing program 0: perf_event_open(&(0x7f0000000840)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000005600)=""/102380, 0x18fec}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa378b25db4cb904e473730e55cff26d1b0e001d00090000005e510befccd7", 0x2e}], 0x1, 0x0, 0x0, 0x88a8ffff00000000}, 0x0) [ 181.392372][ T8201] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 181.410445][ T8181] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.417721][ T8181] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.425787][ T8181] device bridge0 entered promiscuous mode [ 181.453041][ T8119] Bluetooth: hci2: command 0x0419 tx timeout [ 181.522379][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.531362][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.562465][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 21:58:33 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @empty}, 0x10) shutdown(r0, 0x0) [ 181.570907][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.628206][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 21:58:33 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x8004510a, 0x0) [ 181.669834][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 181.691048][ T6884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.705888][ T6869] device veth0_vlan entered promiscuous mode [ 181.729941][ T6871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.745356][ T8201] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 181.778609][ T6869] device veth1_vlan entered promiscuous mode [ 181.803118][ C0] hrtimer: interrupt took 43538 ns [ 181.808670][ T8199] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 181.868334][ T5] Bluetooth: hci3: command 0x0419 tx timeout [ 181.878218][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 181.902618][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 181.915953][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 181.925158][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 181.934615][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 181.993129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 182.001231][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 182.038336][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 182.071982][ T5] Bluetooth: hci4: command 0x0419 tx timeout [ 182.084925][ T6869] device veth0_macvtap entered promiscuous mode [ 182.102981][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 182.114239][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 182.123167][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 182.130614][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 182.140807][ T7318] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 182.154006][ T6869] device veth1_macvtap entered promiscuous mode [ 182.170648][ T6884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.180738][ T8171] Bluetooth: hci5: command 0x0419 tx timeout [ 182.219583][ T6867] device veth0_vlan entered promiscuous mode [ 182.242466][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 182.251563][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 182.262510][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 182.278589][ T6869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.290964][ T6869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.301625][ T6869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.313671][ T6869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.326753][ T6869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.339580][ T6869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 182.350600][ T6869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.362670][ T6869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 182.374553][ T6869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.385974][ T6869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.402138][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 182.423301][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 182.431376][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 182.441178][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 182.450612][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 182.459564][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 182.474654][ T6867] device veth1_vlan entered promiscuous mode [ 182.493910][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 182.512293][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 182.521065][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 182.548780][ T6869] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.557892][ T6869] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.567509][ T6869] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.578407][ T6869] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.594007][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 182.620825][ T6867] device veth0_macvtap entered promiscuous mode [ 182.643394][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 182.653756][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 182.663329][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 182.675906][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 182.700247][ T6871] device veth0_vlan entered promiscuous mode [ 182.724370][ T6867] device veth1_macvtap entered promiscuous mode [ 182.737776][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 182.746378][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 182.760675][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 182.768853][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 182.799074][ T6871] device veth1_vlan entered promiscuous mode [ 182.829572][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 182.838026][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 182.849045][ T2636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 182.916518][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.942166][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.972357][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 182.991787][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.001628][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.033480][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.045782][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.072813][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 183.081060][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 183.100141][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 183.108958][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 183.122781][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 183.130973][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 183.140533][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 183.153047][ T6871] device veth0_macvtap entered promiscuous mode [ 183.160570][ T6884] device veth0_vlan entered promiscuous mode [ 183.174080][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.185099][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.198041][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.209064][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.220624][ T6867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.231856][ T6867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.244412][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.252160][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 183.260057][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 183.273464][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 183.281386][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 183.297175][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 183.312582][ T6871] device veth1_macvtap entered promiscuous mode [ 183.327766][ T6884] device veth1_vlan entered promiscuous mode [ 183.344003][ T6867] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.360180][ T6867] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.371124][ T6867] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.387011][ T6867] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.435613][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.448236][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.460107][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.470572][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.480479][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.490942][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.500887][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 183.511415][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.527272][ T6871] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.553424][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 183.561571][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 183.569794][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 183.578216][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 183.587305][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 183.601019][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.618714][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.636114][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.651557][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.662702][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.677002][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.688011][ T6871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 183.700598][ T6871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.712735][ T6871] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.740340][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 183.750354][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 183.766309][ T6884] device veth0_macvtap entered promiscuous mode [ 183.802272][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 183.811571][ T8119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 183.825986][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 183.843052][ T6871] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.857309][ T6871] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.866455][ T6871] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.892219][ T6871] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.911067][ T6884] device veth1_macvtap entered promiscuous mode 21:58:35 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)) 21:58:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 184.027579][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.046027][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.056864][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.073976][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.087645][ T8235] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 184.105863][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.117767][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.152442][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.191814][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.201699][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 184.218830][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.231603][ T6884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.266578][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 184.281495][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 184.291144][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 184.319420][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.337908][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.348738][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.359915][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.371159][ T8245] FAT-fs (loop4): bogus number of reserved sectors [ 184.371390][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.388658][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.394919][ T8245] FAT-fs (loop4): Can't find a valid FAT filesystem [ 184.398542][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.416791][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.427106][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 184.437988][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.452656][ T6884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.467297][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 184.477399][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 184.490812][ T6884] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.501435][ T6884] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.510324][ T6884] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.519647][ T6884] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.554962][ T8245] FAT-fs (loop4): bogus number of reserved sectors [ 184.561493][ T8245] FAT-fs (loop4): Can't find a valid FAT filesystem 21:58:36 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x80247009) 21:58:36 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x3, 0x4, &(0x7f0000000240)=@framed={{}, [@alu={0x8000000201a7fe3, 0x0, 0x7}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) 21:58:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_procfs(0xffffffffffffffff, 0x0) 21:58:36 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000000200fd00ef05000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 21:58:36 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40045108, 0x0) 21:58:36 executing program 0: perf_event_open(&(0x7f0000000840)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000005600)=""/102380, 0x18fec}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa378b25db4cb904e473730e55cff26d1b0e001d00090000005e510befccd7", 0x2e}], 0x1, 0x0, 0x0, 0x88a8ffff00000000}, 0x0) 21:58:36 executing program 3: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00002f5ff8)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_THP_DISABLE(0x29, 0x0) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 21:58:36 executing program 5: r0 = getpid() prlimit64(r0, 0x0, &(0x7f00000001c0), &(0x7f00000000c0)) 21:58:36 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000000200fd00ef05000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 21:58:36 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000500)) openat$vcs(0xffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000180), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 184.925491][ T8271] netlink: 'syz-executor.0': attribute type 29 has an invalid length. 21:58:36 executing program 4: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 185.000596][ T8271] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 185.020630][ T8269] netlink: 'syz-executor.0': attribute type 29 has an invalid length. 21:58:36 executing program 0: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6, 0x10b, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) close(0xffffffffffffffff) recvmsg$kcm(r0, &(0x7f0000000900)={&(0x7f0000000640)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000c40), 0x0, &(0x7f0000000440)=""/208, 0xd0}, 0x400020c2) socketpair(0x1f, 0x6, 0x0, &(0x7f0000000cc0)={0x0, 0x0}) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={0xffffffffffffffff, 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x1, 0x2, 0x8, 0x1001fd, 0x50, 0xffffffffffffffff, 0x1, [], 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000)=r2, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)) 21:58:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(&(0x7f00000002c0)='tmpfs\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) chdir(&(0x7f0000000380)='./bus\x00') creat(&(0x7f0000000400)='./bus\x00', 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x10103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0) 21:58:37 executing program 2: socketpair(0x1e, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8931, &(0x7f0000000040)={'veth0_virt_wifi\x00', @ifru_settings={0x0, 0x0, @fr_pvc=0x0}}) 21:58:37 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000000200fd00ef05000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) [ 185.480628][ T8293] ================================================================== [ 185.489063][ T8293] BUG: KASAN: null-ptr-deref in PageHuge+0x19/0x170 [ 185.495676][ T8293] Read of size 8 at addr 0000000000000000 by task syz-executor.5/8293 [ 185.503826][ T8293] [ 185.506202][ T8293] CPU: 1 PID: 8293 Comm: syz-executor.5 Not tainted 5.9.0-rc5-next-20200915-syzkaller #0 [ 185.516005][ T8293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.526069][ T8293] Call Trace: [ 185.529383][ T8293] dump_stack+0x198/0x1fb [ 185.533732][ T8293] ? PageHuge+0x19/0x170 [ 185.537992][ T8293] ? PageHuge+0x19/0x170 [ 185.542261][ T8293] kasan_report.cold+0x5/0x37 [ 185.546952][ T8293] ? PageHuge+0x19/0x170 [ 185.551246][ T8293] check_memory_region+0x13d/0x180 [ 185.556379][ T8293] PageHuge+0x19/0x170 [ 185.560463][ T8293] find_get_incore_page+0x165/0x2e0 [ 185.565674][ T8293] ? __lock_acquire+0x1672/0x55d0 [ 185.570715][ T8293] mincore_page+0x1e/0x310 [ 185.575151][ T8293] __mincore_unmapped_range+0x171/0x2c0 [ 185.580721][ T8293] mincore_unmapped_range+0x61/0xc0 [ 185.585936][ T8293] ? __mincore_unmapped_range+0x2c0/0x2c0 [ 185.591671][ T8293] __walk_page_range+0x178e/0x22c0 [ 185.596843][ T8293] ? walk_page_test+0x78/0x180 [ 185.601639][ T8293] walk_page_range+0x20d/0x400 [ 185.606418][ T8293] ? __walk_page_range+0x22c0/0x22c0 [ 185.612694][ T8293] __do_sys_mincore+0x279/0x7a0 [ 185.617565][ T8293] do_syscall_64+0x2d/0x70 [ 185.622007][ T8293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 185.627907][ T8293] RIP: 0033:0x45d5f9 [ 185.631838][ T8293] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.651655][ T8293] RSP: 002b:00007fb2ec2fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 185.660084][ T8293] RAX: ffffffffffffffda RBX: 0000000000020ac0 RCX: 000000000045d5f9 [ 185.668062][ T8293] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020000000 [ 185.676046][ T8293] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 185.684023][ T8293] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 185.692007][ T8293] R13: 00007fff1d48e24f R14: 00007fb2ec2fc9c0 R15: 000000000118cf4c [ 185.700007][ T8293] ================================================================== [ 185.708072][ T8293] Disabling lock debugging due to kernel taint 21:58:37 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000000200fd00ef05000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) [ 185.756583][ T8293] Kernel panic - not syncing: panic_on_warn set ... [ 185.763214][ T8293] CPU: 1 PID: 8293 Comm: syz-executor.5 Tainted: G B 5.9.0-rc5-next-20200915-syzkaller #0 [ 185.774407][ T8293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.784457][ T8293] Call Trace: [ 185.787752][ T8293] dump_stack+0x198/0x1fb [ 185.792090][ T8293] ? hugetlb_register_node+0x1c0/0x270 [ 185.797552][ T8293] panic+0x347/0x7c0 [ 185.801450][ T8293] ? __warn_printk+0xf3/0xf3 21:58:37 executing program 4: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 21:58:37 executing program 2: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 21:58:37 executing program 3: perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00002f5ff8)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_THP_DISABLE(0x29, 0x0) process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 21:58:37 executing program 0: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6, 0x10b, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) close(0xffffffffffffffff) recvmsg$kcm(r0, &(0x7f0000000900)={&(0x7f0000000640)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000c40), 0x0, &(0x7f0000000440)=""/208, 0xd0}, 0x400020c2) socketpair(0x1f, 0x6, 0x0, &(0x7f0000000cc0)={0x0, 0x0}) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={0xffffffffffffffff, 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x1, 0x2, 0x8, 0x1001fd, 0x50, 0xffffffffffffffff, 0x1, [], 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000)=r2, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)) [ 185.806065][ T8293] ? preempt_schedule_common+0x59/0xc0 [ 185.811528][ T8293] ? PageHuge+0x19/0x170 [ 185.815778][ T8293] ? preempt_schedule_thunk+0x16/0x18 [ 185.821156][ T8293] ? trace_hardirqs_on+0x51/0x1c0 [ 185.826186][ T8293] ? PageHuge+0x19/0x170 [ 185.830434][ T8293] ? PageHuge+0x19/0x170 [ 185.834707][ T8293] end_report+0x58/0x5e [ 185.838881][ T8293] kasan_report.cold+0xd/0x37 [ 185.843585][ T8293] ? PageHuge+0x19/0x170 [ 185.847860][ T8293] check_memory_region+0x13d/0x180 [ 185.852973][ T8293] PageHuge+0x19/0x170 [ 185.857044][ T8293] find_get_incore_page+0x165/0x2e0 [ 185.862246][ T8293] ? __lock_acquire+0x1672/0x55d0 [ 185.867294][ T8293] mincore_page+0x1e/0x310 [ 185.871740][ T8293] __mincore_unmapped_range+0x171/0x2c0 [ 185.877314][ T8293] mincore_unmapped_range+0x61/0xc0 [ 185.882513][ T8293] ? __mincore_unmapped_range+0x2c0/0x2c0 [ 185.888233][ T8293] __walk_page_range+0x178e/0x22c0 [ 185.893359][ T8293] ? walk_page_test+0x78/0x180 [ 185.898126][ T8293] walk_page_range+0x20d/0x400 21:58:37 executing program 2: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6, 0x10b, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) close(0xffffffffffffffff) recvmsg$kcm(r0, &(0x7f0000000900)={&(0x7f0000000640)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000c40), 0x0, &(0x7f0000000440)=""/208, 0xd0}, 0x400020c2) socketpair(0x1f, 0x6, 0x0, &(0x7f0000000cc0)={0x0, 0x0}) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={0xffffffffffffffff, 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x1, 0x2, 0x8, 0x1001fd, 0x50, 0xffffffffffffffff, 0x1, [], 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40) setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000)=r2, 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)) [ 185.902893][ T8293] ? __walk_page_range+0x22c0/0x22c0 [ 185.908192][ T8293] __do_sys_mincore+0x279/0x7a0 [ 185.913051][ T8293] do_syscall_64+0x2d/0x70 [ 185.917472][ T8293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 185.923390][ T8293] RIP: 0033:0x45d5f9 [ 185.927285][ T8293] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.946884][ T8293] RSP: 002b:00007fb2ec2fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 185.955297][ T8293] RAX: ffffffffffffffda RBX: 0000000000020ac0 RCX: 000000000045d5f9 [ 185.963286][ T8293] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020000000 [ 185.971261][ T8293] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 185.979234][ T8293] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 185.987210][ T8293] R13: 00007fff1d48e24f R14: 00007fb2ec2fc9c0 R15: 000000000118cf4c [ 185.996258][ T8293] Kernel Offset: disabled [ 186.000584][ T8293] Rebooting in 86400 seconds..