Warning: Permanently added '[localhost]:42938' (ECDSA) to the list of known hosts. 2020/08/19 15:38:38 fuzzer started 2020/08/19 15:38:39 dialing manager at 10.0.2.10:45915 2020/08/19 15:38:39 syscalls: 3265 2020/08/19 15:38:39 code coverage: enabled 2020/08/19 15:38:39 comparison tracing: enabled 2020/08/19 15:38:39 extra coverage: enabled 2020/08/19 15:38:39 setuid sandbox: enabled 2020/08/19 15:38:39 namespace sandbox: enabled 2020/08/19 15:38:39 Android sandbox: /sys/fs/selinux/policy does not exist 2020/08/19 15:38:39 fault injection: enabled 2020/08/19 15:38:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/19 15:38:39 net packet injection: enabled 2020/08/19 15:38:39 net device setup: enabled 2020/08/19 15:38:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/19 15:38:39 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/19 15:38:39 USB emulation: enabled 2020/08/19 15:38:39 hci packet injection: enabled 15:39:25 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f00000000c0)) 15:39:26 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000540)=0x2) 15:39:26 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getrandom(&(0x7f0000001440)=""/4108, 0x100c, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f0000000340)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000380)=0xfffffffffffffc46) close(0xffffffffffffffff) 15:39:27 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_FONTX(r0, 0x4b67, &(0x7f0000000680)={0x200, 0x0, &(0x7f00000006c0)="14c94c50f5a7a19197ff13b9124068a73f8ff4d8cf16c13e16da1ab2286a3273262523b9820ca537ec6892d69b3ff2243b0c31aa891ee84eac37c53b3b6d18452b03644a6c6923343563616f5446a22a0653ace81a5397570cf87fd9dbc9e823efa06a3bfcf5f458a89f558f60ad5ea029174f6d14f970470eb2ca7abda89f05e63279074a2cbff9a3d34b4aa9df5449a7236de09ae6fa86dbefd73d6a8b4d0d4eb19ef5e974c5797d734ea17ebd299f0f20673bf211c39f4c9056daeab8877adc26f43ea11218eaa6123fc9f306cddc2e66d4c70cc72aaf42f039b52ab1af9aff2a1030f00eef697e3f10bca3586320a93f90e131ac5bcc4b3b56a044cd433ea6edbfeda8392f906e4c519e51f581cbc83d1816c2d93c11ab08d0af12965239be54dd2f69a486b775705ddfb96d827489f00f59d2d56f1d3d9ec3e447bd7054495e184829c02835440044845f61757b42a942e9ab0e7f624b71795fc29ed85eba7dbb79d54a7906c7377eac4f041b3ae17f1d37456f49faf0e56aac8b0ac0ce288c1cc0706c96fa78dee0b43874d93b3941fd7ab7f07f2ed124b5fc8fc5a2a7707cbd857f04a607c6ad2409e653bdbd78d9079e99e222605b480b00fd43384f3f6b01dfceb27332422c12dc29eacda41797459a5e0f663e474c155b831c792ab72bd06029fdf77b35ab52eeb5c99381300b891de03aecbdcfcfad8227cb206ed91896a1416d8c627b6092a3453907ea9c28ccc91044c1c73fc7a49bef0f76c5503151d84ec4720e07075744dbe61e86a8b81326a4a9fdc7924f24c88af3f29000c3dbaa7a2d1df46066d09ac8c1d1e933f4862950c79f58c889fe224309678a4478f938914da017615e2b8ba02b4617eeaf568a8f968890e0e2e9a6178278416005389f44eaa6366282bb05eb7d2ffbda5936a5df58bb42323d191b2250b9053e9d8b6ae4db24b49133930a4332f0a9fa1c64d8d8165cb3004587ffd3cf77ac5de31504938e3acb00b0d76cae5be362668ed915d83efa81e40da7cf84c9f0b4d6919e8fc61d0909129397be3bd766205e240c6a462484d36a0ce8bd7a03d6e132cf007391a6b46a301e712b40506a308f415489b3050cd9f3d13b7d5ccdb3e41190666ddc292e68d97e9198a1bceca42b24f95ea07873b4ff40bc82f68a811eb0b8e9033593137c06a30cc721ed149ccf91a50d57d6f96830b60715670bff78d7f3e12f6380580ea419274f17c5d430c75da5bc11cd5e4b1f320e3e22f364056cccdfc02f154dfe003dc1a31499f70232705e0b74b308e4d4266703c35bd2795af3a25f66088eff4276c2797d97ccfcae81863778633e70260a9256a91c91ab26b5963a22521c23ea7ff2d604ee09582b7a1a5a73dd882ab06a5c62776e290bee834f49826f397360c4c2df445e0429f5d40b5680454cda2ec88f2784dd7ed6"}) syzkaller login: [ 245.520122][ T8296] IPVS: ftp: loaded support on port[0] = 21 [ 245.520422][ T8298] IPVS: ftp: loaded support on port[0] = 21 [ 245.559583][ T8300] IPVS: ftp: loaded support on port[0] = 21 [ 246.101315][ T8300] chnl_net:caif_netlink_parms(): no params data found [ 246.167205][ T8298] chnl_net:caif_netlink_parms(): no params data found [ 246.190527][ T8296] chnl_net:caif_netlink_parms(): no params data found [ 246.347910][ T8307] IPVS: ftp: loaded support on port[0] = 21 [ 246.479708][ T8298] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.497051][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.517334][ T8298] device bridge_slave_0 entered promiscuous mode [ 246.541246][ T8300] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.558775][ T8300] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.576767][ T8300] device bridge_slave_0 entered promiscuous mode [ 246.592900][ T8296] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.609133][ T8296] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.626986][ T8296] device bridge_slave_0 entered promiscuous mode [ 246.646740][ T8296] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.663069][ T8296] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.681832][ T8296] device bridge_slave_1 entered promiscuous mode [ 246.706611][ T8298] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.723512][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.741083][ T8298] device bridge_slave_1 entered promiscuous mode [ 246.757286][ T8300] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.773090][ T8300] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.792886][ T8300] device bridge_slave_1 entered promiscuous mode [ 246.853803][ T8296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.892235][ T8296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.945249][ T8298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.989707][ T8298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.015838][ T1238] Bluetooth: hci1: command 0x0409 tx timeout [ 247.029928][ T1238] Bluetooth: hci0: command 0x0409 tx timeout [ 247.069157][ T8300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.103689][ T8300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.132188][ T8296] team0: Port device team_slave_0 added [ 247.167364][ T8298] team0: Port device team_slave_0 added [ 247.189090][ T8296] team0: Port device team_slave_1 added [ 247.217355][ T8300] team0: Port device team_slave_0 added [ 247.233735][ T8298] team0: Port device team_slave_1 added [ 247.270149][ T8300] team0: Port device team_slave_1 added [ 247.317855][ T8296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.348807][ T8296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.443570][ T8296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.480519][ T39] Bluetooth: hci2: command 0x0409 tx timeout [ 247.491682][ T8296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.509016][ T8296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.573380][ T8296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.600652][ T8300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.616116][ T8300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.667157][ T8300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.697048][ T8300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.713117][ T8300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.811969][ T8300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.859850][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.893922][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.006670][ T8298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.050659][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.082021][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.196126][ T8298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.273992][ T39] Bluetooth: hci3: command 0x0409 tx timeout [ 248.392179][ T8298] device hsr_slave_0 entered promiscuous mode [ 248.424305][ T8298] device hsr_slave_1 entered promiscuous mode [ 248.476293][ T8307] chnl_net:caif_netlink_parms(): no params data found [ 248.515187][ T8296] device hsr_slave_0 entered promiscuous mode [ 248.542066][ T8296] device hsr_slave_1 entered promiscuous mode [ 248.567884][ T8296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 248.599645][ T8296] Cannot create hsr debugfs directory [ 248.668526][ T8300] device hsr_slave_0 entered promiscuous mode [ 248.691415][ T8300] device hsr_slave_1 entered promiscuous mode [ 248.708813][ T8300] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 248.730662][ T8300] Cannot create hsr debugfs directory [ 248.901647][ T8307] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.917357][ T8307] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.931285][ T8307] device bridge_slave_0 entered promiscuous mode [ 248.973102][ T8307] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.985951][ T8307] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.004235][ T8307] device bridge_slave_1 entered promiscuous mode [ 249.077374][ T1235] Bluetooth: hci0: command 0x041b tx timeout [ 249.109954][ T1235] Bluetooth: hci1: command 0x041b tx timeout [ 249.123765][ T8307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.186168][ T8307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.320168][ T8307] team0: Port device team_slave_0 added [ 249.351681][ T8307] team0: Port device team_slave_1 added [ 249.426386][ T8298] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 249.506546][ T8298] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 249.541705][ T8307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.563634][ T8332] Bluetooth: hci2: command 0x041b tx timeout [ 249.569289][ T8307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.691004][ T8307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.726518][ T8307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.739787][ T8307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.785443][ T8307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.812851][ T8298] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 249.856073][ T8298] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 249.896425][ T8296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 249.963332][ T8296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 250.003767][ T8307] device hsr_slave_0 entered promiscuous mode [ 250.026052][ T8307] device hsr_slave_1 entered promiscuous mode [ 250.047730][ T8307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.067611][ T8307] Cannot create hsr debugfs directory [ 250.091241][ T8296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 250.111334][ T8296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 250.156086][ T8300] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 250.195082][ T8300] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 250.220875][ T8300] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 250.240182][ T8300] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 250.349576][ T8307] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 250.355783][ T39] Bluetooth: hci3: command 0x041b tx timeout [ 250.370795][ T8307] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 250.387959][ T8307] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 250.398732][ T8307] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 250.427403][ T8298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.456146][ T8296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.490462][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.500643][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.518535][ T8298] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.529975][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.545251][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.566723][ T8296] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.588236][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.608093][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.625952][ T8332] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.636917][ T8332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.671339][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.707256][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.731611][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.743888][ T8332] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.753944][ T8332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.765423][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.778925][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.791380][ T8332] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.801682][ T8332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.817597][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.839762][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.860388][ T8332] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.877194][ T8332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.896727][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.919978][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.939330][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.967217][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.980371][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.993835][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.007620][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.023619][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 251.048521][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.063031][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.076141][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.089442][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.102168][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 251.115567][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 251.127719][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 251.143335][ T8300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.153765][ T1235] Bluetooth: hci1: command 0x040f tx timeout [ 251.169597][ T1235] Bluetooth: hci0: command 0x040f tx timeout [ 251.173505][ T8296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 251.197234][ T8296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 251.211680][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.231061][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.251389][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 251.270645][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 251.304222][ T8307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.339607][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 251.354814][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 251.371513][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.386812][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.421048][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 251.440604][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 251.456036][ T8300] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.475332][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.506823][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.530550][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 251.543133][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 251.559565][ T8307] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.582956][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.597274][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.613971][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.636868][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.643846][ T8332] Bluetooth: hci2: command 0x040f tx timeout [ 251.675515][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.719349][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.748622][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.765401][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.782624][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.799150][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.821885][ T8296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.840876][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.853682][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.866889][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.881002][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.894187][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 251.908940][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 251.920791][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.934565][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.946942][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.959385][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.978055][ T8298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.010023][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.024594][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 252.056548][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.074563][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.092372][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.109541][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 252.125324][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 252.144078][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 252.165345][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.183056][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.209256][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.244388][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.259280][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.270063][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.281276][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.292372][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.302951][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.315299][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 252.327330][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 252.345951][ T8296] device veth0_vlan entered promiscuous mode [ 252.364309][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.374969][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 252.388674][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 252.401841][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 252.414592][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 252.433925][ T8333] Bluetooth: hci3: command 0x040f tx timeout [ 252.438229][ T8307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 252.469490][ T8307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 252.496734][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.509591][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.524453][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.537924][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.551480][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.568121][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.586057][ T8300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.606692][ T8296] device veth1_vlan entered promiscuous mode [ 252.621016][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.648446][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 252.660669][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 252.677756][ T8298] device veth0_vlan entered promiscuous mode [ 252.692453][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 252.704673][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 252.735018][ T8300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.760118][ T8298] device veth1_vlan entered promiscuous mode [ 252.775599][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 252.793643][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 252.812128][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 252.832625][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 252.856580][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 252.877928][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 252.897299][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 252.927362][ T8307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.950245][ T8296] device veth0_macvtap entered promiscuous mode [ 252.986528][ T8296] device veth1_macvtap entered promiscuous mode [ 253.010627][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 253.030634][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 253.050802][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 253.068872][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 253.089149][ T8333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 253.129983][ T8298] device veth0_macvtap entered promiscuous mode [ 253.148025][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 253.168109][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 253.189270][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 253.226578][ T8298] device veth1_macvtap entered promiscuous mode [ 253.243564][ T8333] Bluetooth: hci0: command 0x0419 tx timeout [ 253.257657][ T8333] Bluetooth: hci1: command 0x0419 tx timeout [ 253.262442][ T8296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 253.288067][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 253.306274][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 253.326204][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 253.361667][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 253.412453][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 253.440878][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 253.463484][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 253.487767][ T8300] device veth0_vlan entered promiscuous mode [ 253.508434][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 253.526530][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 253.546756][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 253.566619][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 253.589795][ T8296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.608480][ T8307] device veth0_vlan entered promiscuous mode [ 253.628586][ T8300] device veth1_vlan entered promiscuous mode [ 253.647503][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 253.665013][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 253.683967][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 253.704166][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 253.713918][ T8332] Bluetooth: hci2: command 0x0419 tx timeout [ 253.744451][ T8298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 253.772779][ T8298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.802162][ T8298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 253.823896][ T8298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 253.851999][ T8298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.875717][ T8298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 253.899083][ T8296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.923554][ T8296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.942697][ T8296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.963446][ T8296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.989159][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 254.007425][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 254.035807][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 254.057345][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 254.089416][ T8307] device veth1_vlan entered promiscuous mode [ 254.107324][ T8298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.124762][ T8298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.141763][ T8298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.161853][ T8298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.307737][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 254.342201][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 254.389668][ T8300] device veth0_macvtap entered promiscuous mode [ 254.419848][ T8300] device veth1_macvtap entered promiscuous mode [ 254.437250][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 254.439479][ T8298] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 254.452576][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 254.486438][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 254.506616][ T8332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 254.545129][ T8332] Bluetooth: hci3: command 0x0419 tx timeout [ 254.546631][ T8307] device veth0_macvtap entered promiscuous mode [ 254.622671][ T8307] device veth1_macvtap entered promiscuous mode [ 254.656345][ T8307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 254.705052][ T8307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.744344][ T8307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 254.744376][ T8307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 15:39:38 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000540)=0x2) [ 254.746779][ T8307] batman_adv: batadv0: Interface activated: batadv_slave_0 15:39:38 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unshare(0x24000000) r3 = gettid() clone(0x7898c900, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) wait4(0x0, 0x0, 0x0, 0x0) [ 254.873134][ T8335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 254.910457][ T8335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 15:39:38 executing program 0: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0xd, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f000054b000/0x3000)=nil, 0x3000, 0x65) [ 254.960815][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 15:39:38 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000540)=0x2) [ 255.002579][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.032567][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 255.069180][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 15:39:38 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000540)=0x2) [ 255.095234][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 255.129429][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 15:39:38 executing program 1: ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) [ 255.160276][ T8300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.186119][ T8307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 255.223937][ T8307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.256725][ T8307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 255.282887][ T8307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.309511][ T8307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.334081][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 255.354864][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 255.377529][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 255.406909][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 255.431923][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 255.460438][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.486414][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 255.525369][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.550772][ T8300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 255.579306][ T8300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.604440][ T8300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.625894][ T8307] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.647301][ T8307] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.665299][ T8307] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.683642][ T8307] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.712476][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 255.730936][ T1238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 255.757129][ T8300] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.785177][ T8300] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.804705][ T8300] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.818762][ T8300] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 15:39:39 executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000140)=""/103, 0x67) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) openat$full(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/full\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000200)=""/151, 0x6c) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 15:39:39 executing program 1: ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) 15:39:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000001980)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) 15:39:39 executing program 0: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0xd, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f000054b000/0x3000)=nil, 0x3000, 0x65) 15:39:39 executing program 1: ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) [ 256.531064][ T8386] ptrace attach of "/syz-executor.2"[8385] was attempted by "/syz-executor.2"[8386] 15:39:39 executing program 2: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) r1 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00\x00', 0x0) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) 15:39:39 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000200)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dccdae2cb837764b75b80a8703cd65eedf55d03ba846f225df3d99c0baefe17179f10e4ea1d07f75930779df3c6f3dca23ea124c84d7644bfe8a8ba62abd84864b4e55963d8248a039be1dc47493f6ab04250781fc139580261e6a48779b5af9701d3c58e3b8e8d9de44", 0xb0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 15:39:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000540)=0x2) 15:39:39 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 15:39:39 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) [ 256.790536][ T8409] ptrace attach of "/syz-executor.3"[8408] was attempted by "/syz-executor.3"[8409] 15:39:40 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) 15:39:40 executing program 0: mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fanotify_mark(r1, 0x2000000000000011, 0x2, r0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000340)=ANY=[], 0x44) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 15:39:40 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 256.962751][ T8425] ptrace attach of "/syz-executor.3"[8423] was attempted by "/syz-executor.3"[8425] [ 256.965613][ T8420] ERROR: Domain ' /sbin/init /etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon /usr/sbin/sshd /usr/sbin/sshd /bin/bash /syz-fuzzer /syz-executor.2 proc:/self/fd/4' not defined. 15:39:40 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)=0x2) 15:39:40 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 15:39:40 executing program 2: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) r1 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00\x00', 0x0) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) [ 257.858906][ T8442] ptrace attach of "/syz-executor.3"[8437] was attempted by "/syz-executor.3"[8442] 15:39:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, 0x0) [ 257.910540][ T40] kauditd_printk_skb: 3 callbacks suppressed 15:39:41 executing program 0: mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fanotify_mark(r1, 0x2000000000000011, 0x2, r0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000340)=ANY=[], 0x44) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 15:39:41 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 257.911074][ T40] audit: type=1804 audit(1597851581.117:31): pid=8439 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/syzkaller-testdir769295686/syzkaller.4Y643s/4/file0" dev="sda1" ino=16573 res=1 errno=0 15:39:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, 0x0) [ 258.044773][ T8463] ptrace attach of "/syz-executor.3"[8462] was attempted by "/syz-executor.3"[8463] 15:39:41 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) 15:39:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, 0x0) [ 258.142513][ T8474] ptrace attach of "/syz-executor.3"[8473] was attempted by "/syz-executor.3"[8474] 15:39:41 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x24) [ 258.240184][ T8479] ptrace attach of "/syz-executor.3"[8478] was attempted by "/syz-executor.3"[8479] 15:39:41 executing program 2: syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0xffc00007, 0x1, &(0x7f0000000240)=[{&(0x7f0000000040)="040801010000ff01e661f4fce0933f288405a47400f8", 0x16}], 0x0, &(0x7f0000000080)) fsync(0xffffffffffffffff) open$dir(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 15:39:41 executing program 1: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) r1 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00\x00', 0x0) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) [ 258.582288][ T8487] FAT-fs (loop2): bogus logical sector size 57596 [ 258.603853][ T8487] FAT-fs (loop2): Can't find a valid FAT filesystem [ 258.615047][ T8482] ERROR: Domain ' /sbin/init /etc/init.d/rc /sbin/startpar /etc/init.d/ssh /sbin/start-stop-daemon /usr/sbin/sshd /usr/sbin/sshd /bin/bash /syz-fuzzer /syz-executor.1 proc:/self/fd/4' not defined. [ 258.729675][ T8487] FAT-fs (loop2): bogus logical sector size 57596 [ 258.749064][ T8487] FAT-fs (loop2): Can't find a valid FAT filesystem 15:39:42 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x2c}], 0x3, 0x0, 0x0, 0x0) 15:39:42 executing program 2: syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0xffc00007, 0x1, &(0x7f0000000240)=[{&(0x7f0000000040)="040801010000ff01e661f4fce0933f288405a47400f8", 0x16}], 0x0, &(0x7f0000000080)) fsync(0xffffffffffffffff) open$dir(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 15:39:42 executing program 0: mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fanotify_mark(r1, 0x2000000000000011, 0x2, r0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000340)=ANY=[], 0x44) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) 15:39:42 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 259.088336][ T0] NOHZ: local_softirq_pending 08 15:39:42 executing program 1: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) r1 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00\x00', 0x0) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) [ 259.167180][ T8500] FAT-fs (loop2): bogus logical sector size 57596 [ 259.192002][ T8509] ptrace attach of "/syz-executor.3"[8504] was attempted by "/syz-executor.3"[8509] [ 259.213340][ T8500] FAT-fs (loop2): Can't find a valid FAT filesystem 15:39:42 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) 15:39:42 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000680)={0x200, 0x0, &(0x7f00000006c0)="14c94c50f5a7a19197ff13b9124068a73f8ff4d8cf16c13e16da1ab2286a3273262523b9820ca537ec6892d69b3ff2243b0c31aa891ee84eac37c53b3b6d18452b03644a6c6923343563616f5446a22a0653ace81a5397570cf87fd9dbc9e823efa06a3bfcf5f458a89f558f60ad5ea029174f6d14f970470eb2ca7abda89f05e63279074a2cbff9a3d34b4aa9df5449a7236de09ae6fa86dbefd73d6a8b4d0d4eb19ef5e974c5797d734ea17ebd299f0f20673bf211c39f4c9056daeab8877adc26f43ea11218eaa6123fc9f306cddc2e66d4c70cc72aaf42f039b52ab1af9aff2a1030f00eef697e3f10bca3586320a93f90e131ac5bcc4b3b56a044cd433ea6edbfeda8392f906e4c519e51f581cbc83d1816c2d93c11ab08d0af12965239be54dd2f69a486b775705ddfb96d827489f00f59d2d56f1d3d9ec3e447bd7054495e184829c02835440044845f61757b42a942e9ab0e7f624b71795fc29ed85eba7dbb79d54a7906c7377eac4f041b3ae17f1d37456f49faf0e56aac8b0ac0ce288c1cc0706c96fa78dee0b43874d93b3941fd7ab7f07f2ed124b5fc8fc5a2a7707cbd857f04a607c6ad2409e653bdbd78d9079e99e222605b480b00fd43384f3f6b01dfceb27332422c12dc29eacda41797459a5e0f663e474c155b831c792ab72bd06029fdf77b35ab52eeb5c99381300b891de03aecbdcfcfad8227cb206ed91896a1416d8c627b6092a3453907ea9c28ccc91044c1c73fc7a49bef0f76c5503151d84ec4720e07075744dbe61e86a8b81326a4a9fdc7924f24c88af3f29000c3dbaa7a2d1df46066d09ac8c1d1e933f4862950c79f58c889fe224309678a4478f938914da017615e2b8ba02b4617eeaf568a8f968890e0e2e9a6178278416005389f44eaa6366282bb05eb7d2ffbda5936a5df58bb42323d191b2250b9053e9d8b6ae4db24b49133930a4332f0a9fa1c64d8d8165cb3004587ffd3cf77ac5de31504938e3acb00b0d76cae5be362668ed915d83efa81e40da7cf84c9f0b4d6919e8fc61d0909129397be3bd766205e240c6a462484d36a0ce8bd7a03d6e132cf007391a6b46a301e712b40506a308f415489b3050cd9f3d13b7d5ccdb3e41190666ddc292e68d97e9198a1bceca42b24f95ea07873b4ff40bc82f68a811eb0b8e9033593137c06a30cc721ed149ccf91a50d57d6f96830b60715670bff78d7f3e12f6380580ea419274f17c5d430c75da5bc11cd5e4b1f320e3e22f364056cccdfc02f154dfe003dc1a31499f70232705e0b74b308e4d4266703c35bd2795af3a25f66088eff4276c2797d97ccfcae81863778633e70260a9256a91c91ab26b5963a22521c23ea7ff2d604ee09582b7a1a5a73dd882ab06a5c62776e290bee834f49826f397360c4c2df445e0429f5d40b5680454cda2ec88f2784dd7ed6"}) open(0x0, 0x0, 0x0) 15:39:42 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() wait4(0x0, 0x0, 0x40000000, 0x0) [ 259.528642][ T1238] BUG: unable to handle page fault for address: ffffc9000ade0fe0 [ 259.528821][ T1238] #PF: supervisor write access in kernel mode [ 259.528825][ T1238] #PF: error_code(0x0002) - not-present page [ 259.528844][ T1238] PGD 2c800067 P4D 2c800067 PUD 2c975067 PMD 23143067 PTE 0 [ 259.528924][ T1238] Oops: 0002 [#1] PREEMPT SMP KASAN [ 259.529142][ T1238] CPU: 3 PID: 1238 Comm: kworker/3:2 Not tainted 5.8.0-syzkaller #0 [ 259.529219][ T1238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 259.530694][ T1238] Workqueue: events drm_fb_helper_dirty_work [ 259.531087][ T1238] RIP: 0010:memcpy_toio+0x83/0xe0 [ 259.531366][ T1238] Code: c3 fd 49 89 dd 31 ff 41 83 e5 02 4c 89 ee e8 14 ef c3 fd 4d 85 ed 75 2e e8 6a f2 c3 fd 48 89 e9 48 89 df 4c 89 e6 48 c1 e9 02 a5 40 f6 c5 02 74 02 66 a5 40 f6 c5 01 74 01 a4 5b 5d 41 5c 41 [ 259.531404][ T1238] RSP: 0018:ffffc90004257c10 EFLAGS: 00010202 [ 259.531452][ T1238] RAX: 0000000000000000 RBX: ffffc9000ade0fe0 RCX: 0000000000000008 [ 259.531457][ T1238] RDX: ffff8880275d0340 RSI: ffffc90009101fe0 RDI: ffffc9000ade0fe0 [ 259.531462][ T1238] RBP: 0000000000000020 R08: 1ffff1100514f773 R09: ffff888078d78147 [ 259.531466][ T1238] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90009101fe0 [ 259.531490][ T1238] R13: 0000000000000000 R14: ffffc90009101fe0 R15: 0000000000000020 [ 259.531517][ T1238] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 259.531522][ T1238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.531527][ T1238] CR2: ffffc9000ade0fe0 CR3: 000000005ffbd000 CR4: 0000000000350ee0 [ 259.531620][ T1238] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 259.531625][ T1238] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 259.531627][ T1238] Call Trace: [ 259.531810][ T1238] drm_fb_helper_dirty_work+0x4e4/0x810 [ 259.531819][ T1238] ? pan_set+0x1d0/0x1d0 [ 259.532612][ T1238] ? _raw_spin_unlock_irq+0x1f/0x80 [ 259.532700][ T1238] ? lock_is_held_type+0xbb/0xf0 [ 259.533205][ T1238] process_one_work+0x94c/0x1670 [ 259.533205][ T1238] ? lock_release+0x8e0/0x8e0 [ 259.533205][ T1238] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 259.533205][ T1238] ? rwlock_bug.part.0+0x90/0x90 [ 259.533205][ T1238] worker_thread+0x64c/0x1120 [ 259.533205][ T1238] ? __kthread_parkme+0x13f/0x1e0 [ 259.533205][ T1238] ? process_one_work+0x1670/0x1670 [ 259.533205][ T1238] kthread+0x3b5/0x4a0 [ 259.533205][ T1238] ? __kthread_bind_mask+0xc0/0xc0 [ 259.533205][ T1238] ? __kthread_bind_mask+0xc0/0xc0 [ 259.533205][ T1238] ret_from_fork+0x1f/0x30 [ 259.533205][ T1238] Modules linked in: [ 259.533205][ T1238] CR2: ffffc9000ade0fe0 [ 259.533205][ T1238] ---[ end trace 3a73b80de92fc3a6 ]--- [ 259.533205][ T1238] RIP: 0010:memcpy_toio+0x83/0xe0 [ 259.533205][ T1238] Code: c3 fd 49 89 dd 31 ff 41 83 e5 02 4c 89 ee e8 14 ef c3 fd 4d 85 ed 75 2e e8 6a f2 c3 fd 48 89 e9 48 89 df 4c 89 e6 48 c1 e9 02 a5 40 f6 c5 02 74 02 66 a5 40 f6 c5 01 74 01 a4 5b 5d 41 5c 41 [ 259.533205][ T1238] RSP: 0018:ffffc90004257c10 EFLAGS: 00010202 [ 259.533205][ T1238] RAX: 0000000000000000 RBX: ffffc9000ade0fe0 RCX: 0000000000000008 [ 259.533205][ T1238] RDX: ffff8880275d0340 RSI: ffffc90009101fe0 RDI: ffffc9000ade0fe0 [ 259.533205][ T1238] RBP: 0000000000000020 R08: 1ffff1100514f773 R09: ffff888078d78147 [ 259.533205][ T1238] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90009101fe0 [ 259.533205][ T1238] R13: 0000000000000000 R14: ffffc90009101fe0 R15: 0000000000000020 [ 259.533205][ T1238] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 259.533205][ T1238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.533205][ T1238] CR2: ffffc9000ade0fe0 CR3: 000000005ffbd000 CR4: 0000000000350ee0 [ 259.533205][ T1238] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 259.533205][ T1238] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 259.533205][ T1238] Kernel panic - not syncing: Fatal exception [ 259.533205][ T1238] Kernel Offset: disabled [ 259.533205][ T1238] Rebooting in 86400 seconds..