[   38.248128][   T27] audit: type=1800 audit(1556686556.435:27): pid=7612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   38.270882][   T27] audit: type=1800 audit(1556686556.435:28): pid=7612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.882791][   T27] audit: type=1800 audit(1556686557.135:29): pid=7612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   38.903321][   T27] audit: type=1800 audit(1556686557.145:30): pid=7612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts.
2019/05/01 04:56:08 fuzzer started
2019/05/01 04:56:11 dialing manager at 10.128.0.26:34869
2019/05/01 04:56:11 syscalls: 2440
2019/05/01 04:56:11 code coverage: enabled
2019/05/01 04:56:11 comparison tracing: enabled
2019/05/01 04:56:11 extra coverage: extra coverage is not supported by the kernel
2019/05/01 04:56:11 setuid sandbox: enabled
2019/05/01 04:56:11 namespace sandbox: enabled
2019/05/01 04:56:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/01 04:56:11 fault injection: enabled
2019/05/01 04:56:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/01 04:56:11 net packet injection: enabled
2019/05/01 04:56:11 net device setup: enabled
04:57:45 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r2 = memfd_create(&(0x7f0000000180)='./*mime_type/\xc6{^^!\x00', 0x0)
pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2)
sendfile(r0, r2, 0x0, 0x800000000000de)

syzkaller login: [  147.496312][ T7776] IPVS: ftp: loaded support on port[0] = 21
04:57:45 executing program 1:
syz_execute_func(&(0x7f0000000600)="4a2be966420f72f0f5980f0578f3aec4a37bf0c50341e2e926b5c9f34a0f38f60128218d00a30000262ff342906646da4e3292221322131dd91906c4c6c100dc55b1e617c980008080e2859ed23c788fe97c810f69e08f4cbec5c4c2858c3f8fc4a1c573d1f6c4613fc21d9053c7ab86c4213e537700c4e13ddadf497dbf8259438f34b20f68803000000056f20fbd63c366410ffe3a168728ea0ff341ab00fe8f08e4a25600b1355809580900000081660fdf53098f49609a56c402795837c4027d78d3dee450c1f041fe02d134e146dec43b7d0fe4e4f4c462fd982c7bca30cac4017a7fc3bb3cbb3c0209912af3430f47bb00000000000045dc0f845000f04781ae00100000f10000002e470fae8012000000c8003a3a10dd4805dfdf63a5b76e0b0ba17ae64295589cffffc3c4c27197a8820000004577cb0c0ce42ec4400d000800007c1002020606b274c4410ff9720d838f09e89a5b00ddfafa485c835e2ec4c44281a806c44115638b0c0000002cb18374fb0a07c40155f64e0666460fddc7eced36660f38058b97619236c421c96b82e26263209797c7910002c1045c0b47cc47cc66420f1a436e2ef246e16d44800170bb00004242fbc9880c00c461b016a7df6900003422")
syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0)
syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f")
syz_execute_func(&(0x7f0000000380)="c4e379614832074a2be91cb9980f053ef3aec4a37bf0c50141e2e922ebc4a2fd1ceb266fed80660f38463da16379637906000000f2d2dec461dc57b1e67d0b2500610051fa0040dbe14965f3400faec40f41fe0f3801bd050000004cbec5c54d0f2c718f56676beeee8f2870b63b30319ebb70fe6581f0430f40b267f34cb4baf281f999899999a8271e664105ba16f2ae66410f3a16288842f72bfd660fdf536bd1049999e1430fae27c4a27921f97cd8d8a1a12ad764c4313a5f4066bd0ffe383bd4d467460f330002f44064d26641c4a2f9305431330f0f30460b76d14152ef00ddeac4c2801d9c96c9e8e936b92e36f2a79ad0818194d800092ddd8f0b00c4a17ae64295007b1cffd2c422b59aa9a7a400002e36646466264683b9080000000d5df698b90000002e440fdd0636b2aad9c741afa20f6baf00c4e39978c104c0414c598374fb0a070f001e000057000026dbe3edc4037d092101f20f1dbe0010000000e5c565970d22045c0b47cc474cf92f65c4002d08000000009b42a7a728f356564401a9bb000042c441574974ecd53131fbc4a2750831c44109f89700008020")

[  147.657541][ T7776] chnl_net:caif_netlink_parms(): no params data found
[  147.710984][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.719555][ T7776] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.735012][ T7776] device bridge_slave_0 entered promiscuous mode
[  147.745213][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.752354][ T7776] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.761037][ T7776] device bridge_slave_1 entered promiscuous mode
[  147.791129][ T7776] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  147.802134][ T7776] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  147.805272][ T7779] IPVS: ftp: loaded support on port[0] = 21
[  147.836550][ T7776] team0: Port device team_slave_0 added
[  147.846383][ T7776] team0: Port device team_slave_1 added
04:57:46 executing program 2:
syz_execute_func(&(0x7f0000000300)="f3e100def9575c8ac2c2c9734e424a2664f0ff06c4a279184fe2f04311b5147c00002e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf450732ef0c0cc4817c77c802d48b")
syz_execute_func(&(0x7f0000000bc0)="c4e379614832074a2be92c3e980f053ef3aec4a37bf0c50141e2e922eb66d995f2144006c402e93cba0400008026660ffc496b0f0fdc9638463da16379637902000000f3460f1ab278d10000c482edba522f8251e2859e440ff5448094eff67b00c2e54cc4e1c173f03beec442319ebb70fe6581f0430fccb267f34cb40f2fb1b20000004105ba16f2ae66410f3a162888c423c96cb83d000000fe8f8860ee689afd26660fdf5309939369609bfb87a8e1430fbac4a17b2cb6dd3802007cd836eec4c2792f736262dec8d9fec44245aeeb42999b6d6600008004f44064d96666413a0f0f9aca8fc978d798e0a44082400f28ec3d030000002666430f3800250000000072c280009c42ec0dc4427d19ed0de9369ad0818194d8000f092ddd8f0b00660f3a0bb49045330000f9007b1cffd2c481155f82f3ffffff2e36646466264683b9080000000d5df8c4c39d787f920026b40371c4c4423108350b05000041afa20f6baf00c4e39978c104c0414c598374fb0a07450f633c0ccd58ed43eef20f1dbe0010000000e5c5c4c2792dae0f1ae800808047910002c1460fd9634a47cc3f8d65002d08000000439ba75ea9bb000042c4414974ecc4a3a97cfe5aa7a76878c2c131c44178ae13c4a27508313bec")

[  147.926275][ T7776] device hsr_slave_0 entered promiscuous mode
[  147.963609][ T7776] device hsr_slave_1 entered promiscuous mode
04:57:46 executing program 3:
syz_execute_func(&(0x7f0000000300)="f3e100def9575c8ac2c2c9734e424a2664f0ff06c4a279184fe2f04311b5147c00002e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf450732ef0c0cc4817c77c802d48b")
syz_open_procfs(0x0, 0x0)
syz_execute_func(&(0x7f0000000d80)="c4e379614832074a2be92c3e980f053ef3aec4a37bf0c501681541e2e9e2e966d995f214400ec402e93cba0400008026660ffc496b0f0fdc9666420f38f63d64000000c481ad72f45ef3460f1ab278d10000c482edba522f8251e2855c440ff5448094eff67b00c2e54c4cbec5c54d0f2c718f56eec442319ebb70fe6581f0430fc0b267f34cb44105ba16f2ae66410f3a162888c423c96cb83d000000fe8f8860ee689afd26660fdf5309939369609bfb87a8e1430fbac4a17b2cb6dd0000007cd836eec4c2792f736262c4217d6fe3895fc0c44245aeeb42999b6d2ef243a58004f440c4a1fa12e2413a0f309add30ca400f28ec3d030000002666430f3800250000000072c280009c42ec0dc4427d19ed0de9369ad0818194d8000f092ddd8f0b003e0f1a09007b1cffd2c481155f82f3ffffff2e36646466264683b9080000000d5df8c4c39d787f920062228fb403b403c4423108350b05000041afa20f6baf00c4e39978c104c0414c598374fb0a07450f633c0ccd58ed2e660ffb09f20f1dbe0010000000e5c5c4c2792dae0f1ae802c1460fd9634a47cc3f8d65002d08000000439bf25ea9bb000042c4414974ecc4a3a97cfea78f6878c2c1310f462ac4a27508313be880")

[  148.065965][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.073259][ T7776] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.081083][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.088255][ T7776] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.098959][ T7781] IPVS: ftp: loaded support on port[0] = 21
[  148.339824][ T7784] IPVS: ftp: loaded support on port[0] = 21
[  148.383257][ T7779] chnl_net:caif_netlink_parms(): no params data found
04:57:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x15555555555555b5, 0x0, 0x0, 0x8a)
write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x71, 0x1, {{0x80}}}, 0x18)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x8}, 0x20)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  148.425484][ T7776] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.481324][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.515198][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.544146][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.564523][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  148.594785][ T7776] 8021q: adding VLAN 0 to HW filter on device team0
[  148.601817][ T7779] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.609727][ T7779] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.633182][ T7779] device bridge_slave_0 entered promiscuous mode
[  148.642925][ T7779] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.651296][ T7779] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.659783][ T7779] device bridge_slave_1 entered promiscuous mode
[  148.667909][ T7781] chnl_net:caif_netlink_parms(): no params data found
[  148.696910][ T2399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  148.707124][ T2399] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.714248][ T2399] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.722517][ T2399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  148.734010][ T2399] bridge0: port 2(bridge_slave_1) entered blocking state
04:57:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000000))
clone(0x403502001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
fdatasync(r1)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000080)=@generic={0x0, 0x9c3, 0x7fffffff})
syz_execute_func(&(0x7f0000001200)="c4e379614832074a2be993980f0536410f57f0c4a37bf0c541e2e9420f4dfec4c18815e2ed0f57d2c442c9a913f0410fbaaf7f000000bbc482514654fa00c4e2859ecf0e491e2d16c2e54cc5eec442239ebb70fe5981c462059e17c462199c28bac91c5852c406fde626518c0916c482e59b750966410f3a162888490fc722c4a17a5bb700000000273e660f6eb45b000880417cd8d8a1a12ad764c4e1e5fce36642910f383bd4d4c27d1a1e000046d014960a0a30dac402d93f966a44f588c4818856d81ceac4c2801d9c96c9e8e936c4c389789f46ec0000bb460fd2880f000000818194d8000f092ddd8f0b00c4a17ae642950f38cdd1c48178ae9bd425f82ef22e36646466264683b9080000000d2e660f3a087d0673c442953d31c4e2cdb8ae0f000000c42bb2c7c7afa20f6baf00c4e39974ff04c0414c598374fb0a07acbcbcf20f1dbe00100000c4810174650042d025cc96fbce65976541a95ffd8ba90286ab0b67cc47ccf9f3450f525c390e42a7c4a2a9b73a66460f38023a0f4401a9bb00009974c441884974ec6debecec450fae3ca70000003131c4440f90e496b2b243d8c23bec")
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x6, 0x7, 0x4000000, 0xff}, 0x14)

[  148.741092][ T2399] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.808786][ T7789] IPVS: ftp: loaded support on port[0] = 21
[  148.817686][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  148.830758][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  148.845579][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  148.855832][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  148.884395][ T7779] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  148.895145][ T7779] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  148.920551][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  148.950109][ T7779] team0: Port device team_slave_0 added
[  148.954271][ T7791] IPVS: ftp: loaded support on port[0] = 21
[  148.957522][ T7779] team0: Port device team_slave_1 added
[  148.969725][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  148.978313][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.991680][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.000203][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.008167][ T7781] device bridge_slave_0 entered promiscuous mode
[  149.016855][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.024039][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.031677][ T7781] device bridge_slave_1 entered promiscuous mode
[  149.060611][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  149.069427][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  149.156200][ T7779] device hsr_slave_0 entered promiscuous mode
[  149.193559][ T7779] device hsr_slave_1 entered promiscuous mode
[  149.240022][ T7781] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  149.249490][ T7776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  149.277516][ T7781] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  149.310981][ T7781] team0: Port device team_slave_0 added
[  149.370816][ T7781] team0: Port device team_slave_1 added
[  149.396525][ T7784] chnl_net:caif_netlink_parms(): no params data found
[  149.486985][ T7781] device hsr_slave_0 entered promiscuous mode
[  149.553376][ T7781] device hsr_slave_1 entered promiscuous mode
[  149.641468][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.648797][ T7784] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.658123][ T7784] device bridge_slave_0 entered promiscuous mode
[  149.695069][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.702168][ T7784] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.710411][ T7784] device bridge_slave_1 entered promiscuous mode
[  149.750102][ T7789] chnl_net:caif_netlink_parms(): no params data found
[  149.780225][ T7784] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  149.839456][ T7789] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.846716][ T7789] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.854838][ T7789] device bridge_slave_0 entered promiscuous mode
[  149.863841][ T7784] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  149.872207][ T7789] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.879316][ T7789] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.887175][ T7789] device bridge_slave_1 entered promiscuous mode
[  149.907190][ T7791] chnl_net:caif_netlink_parms(): no params data found
[  149.942396][ T7784] team0: Port device team_slave_0 added
[  149.968607][ T7776] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.979324][ T7784] team0: Port device team_slave_1 added
[  150.017835][ T7789] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  150.035350][ T7789] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  150.056708][ T7791] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.064053][ T7791] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.071778][ T7791] device bridge_slave_0 entered promiscuous mode
[  150.080062][ T7791] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.087464][ T7791] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.096339][ T7791] device bridge_slave_1 entered promiscuous mode
[  150.127463][ T7789] team0: Port device team_slave_0 added
[  150.135437][ T7789] team0: Port device team_slave_1 added
[  150.216374][ T7784] device hsr_slave_0 entered promiscuous mode
[  150.273518][ T7784] device hsr_slave_1 entered promiscuous mode
[  150.335541][ T7781] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.351756][ T7791] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  150.415748][ T7789] device hsr_slave_0 entered promiscuous mode
[  150.453508][ T7789] device hsr_slave_1 entered promiscuous mode
[  150.499244][ T7791] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  150.511211][ T7779] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.528361][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  150.548216][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.563874][ T7781] 8021q: adding VLAN 0 to HW filter on device team0
[  150.600946][ T7791] team0: Port device team_slave_0 added
[  150.636663][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  150.647904][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  150.663797][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.670915][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.679957][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  150.688512][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  150.697404][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.704518][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.712055][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  150.720715][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  150.730671][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  150.745888][ T7791] team0: Port device team_slave_1 added
[  150.774080][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  150.788030][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.803753][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  150.812496][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
04:57:49 executing program 0:

[  150.822644][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  150.832181][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  150.864035][ T7779] 8021q: adding VLAN 0 to HW filter on device team0
[  150.901405][ T7781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  150.914021][ T7781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  150.926007][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  150.934802][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  150.943675][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  150.951962][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  150.961054][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  150.970590][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
04:57:49 executing program 0:

04:57:49 executing program 0:

04:57:49 executing program 0:

[  151.046478][ T7791] device hsr_slave_0 entered promiscuous mode
[  151.083730][ T7791] device hsr_slave_1 entered promiscuous mode
04:57:49 executing program 0:

[  151.146930][ T7789] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.170759][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  151.180438][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
04:57:49 executing program 0:

[  151.191926][ T2910] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.199058][ T2910] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.213429][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.224303][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.233738][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state
04:57:49 executing program 0:

[  151.240805][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.248778][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.276747][ T7781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.310476][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  151.320318][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.330529][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  151.340587][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  151.350804][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  151.364870][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  151.372999][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  151.382517][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  151.413796][ T7789] 8021q: adding VLAN 0 to HW filter on device team0
[  151.427383][ T7779] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  151.438511][ T7779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  151.450625][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  151.464335][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.472731][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.484331][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.492535][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.505824][ T7784] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.519525][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.527546][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  151.539669][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.548184][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.555346][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.582982][ T7784] 8021q: adding VLAN 0 to HW filter on device team0
[  151.616423][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  151.627461][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  151.657710][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  151.672302][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.686161][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.694804][ T7792] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.701872][ T7792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.709756][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.718792][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.732450][ T7779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.759900][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  151.773442][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.781891][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.789009][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.823402][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  151.832209][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  151.862821][ T7791] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.882069][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  151.890544][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  151.906543][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.926543][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.935357][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.942421][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.950396][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.959542][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.968318][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  151.977192][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.020947][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  152.032863][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  152.071434][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  152.090209][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  152.099852][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  152.114978][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.128752][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  152.138693][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.152638][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  152.161790][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  152.182079][ T7784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  152.194076][ T7784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  152.208522][ T7789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  152.223359][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  152.231321][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  152.240739][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  152.255335][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  152.264307][ T2910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.275444][ T7791] 8021q: adding VLAN 0 to HW filter on device team0
[  152.309498][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  152.318804][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  152.328861][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  152.338228][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.345374][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.388159][ T7789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.398619][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  152.413714][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  152.422400][ T7792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  152.441105][ T7792] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.448251][ T7792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.467507][ T7784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.487449][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  152.519481][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  152.538592][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  152.552488][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  152.561959][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  152.571118][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.579803][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  152.594381][ T7791] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  152.606042][ T7791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  152.624564][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  152.634439][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  152.644556][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  152.652989][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.680177][ T7850] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  152.690675][ T7791] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.721023][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
04:57:51 executing program 1:

04:57:51 executing program 0:

04:57:51 executing program 3:

04:57:51 executing program 2:

[  152.988526][ T7866] syz-executor.5 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
04:57:52 executing program 5:

04:57:52 executing program 4:

04:57:52 executing program 0:

04:57:52 executing program 3:

04:57:52 executing program 2:

04:57:52 executing program 1:

04:57:52 executing program 1:

04:57:52 executing program 4:

04:57:52 executing program 2:

04:57:52 executing program 3:

04:57:52 executing program 0:

04:57:52 executing program 5:

04:57:52 executing program 2:

04:57:52 executing program 4:

04:57:52 executing program 3:

04:57:52 executing program 1:

04:57:52 executing program 5:

04:57:52 executing program 2:

04:57:52 executing program 3:

04:57:52 executing program 0:

04:57:52 executing program 4:

04:57:52 executing program 1:

04:57:52 executing program 2:

04:57:52 executing program 5:

04:57:52 executing program 3:

04:57:52 executing program 4:

04:57:52 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0)
setresuid(0x0, 0xee01, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000280)={[{0x2b, 'pids'}]}, 0x6)

04:57:52 executing program 1:
writev(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:57:52 executing program 5:

04:57:52 executing program 2:

04:57:52 executing program 4:

[  154.498792][    C0] hrtimer: interrupt took 29226 ns
04:57:52 executing program 3:

04:57:52 executing program 0:
syz_execute_func(&(0x7f00000005c0)="994a2ae92cc0964c0f05bf00000000c4a37bf0c5bf41e2e9c422e9aabb3c000000c4a17c5349f200000f383a9e02000000110f66660f0d3191b7fd6f734b2636a00f38091e2fa2631bc4c148126888c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ffcf020000f20f7cd88f2800ee4b0000c4c3194198ac77000007459d6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d8fc0400008c5e005e00c4634148f70000c2a0c10b00cca27a0e0fc402712f358f0000000f9f3c6436b24266660fc4650000c4e39978c104d9a1e8719e70b6b6cdcdc402a52ba74fe2618cc4c1fa7ff7f26f045cc481c8596001c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffffc4c15d56dfc401792f3826420f894ec93c89b03a00a2f1fbfb7662666726426d")
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))

04:57:52 executing program 5:
unshare(0x8020000)
clone(0x30062109, 0x0, 0x0, 0x0, 0x0)

04:57:52 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
sendto$inet6(r0, &(0x7f0000000380)="b4", 0x1, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x0)

04:57:53 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000030c0), 0xffffffb5)
write$FUSE_DIRENT(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="90000000000000000200000000000000010000000045000000000000000000000b08956d069e000000002066ce654d316e6f646576656d3100f9ff0000000000009189ec7b0000000000000000010000a5ea8a093f5a4c730000000008000000000000000000000400000000001c00000000000051a717000418b9b3cc002b732673740400000065746367726f757024"], 0x90)

04:57:53 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0x0)

04:57:53 executing program 1:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @bcast, @rose, @rose, @null]}, 0x48)
listen(r0, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)

[  154.879362][ T7970] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
04:57:53 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000240)="0adc1f123c123f319bd070")
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0)
poll(&(0x7f0000000080)=[{r1}], 0x1, 0x10000)

04:57:53 executing program 4:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000100), 0x4)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x101000)
syz_open_pts(0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f00000002c0)={0x18, 0x0, 0x0, {0x7e14, 0x6, 0x0, 0xb, 0x6, 0x7fff, 0xb, 0x8}})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x51, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:57:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
semop(0x0, &(0x7f0000000080)=[{}], 0x1ba)

04:57:53 executing program 1:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:57:53 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
sendto$inet6(r0, &(0x7f0000000380)="b4", 0x1, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x0)

04:57:53 executing program 3:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0)
mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x2)
mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0)
mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000440)=0x8, 0x4)
mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0)
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000140)='system_u:object_r:ssh_keysign_exec_t:s0\x00', 0x28)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
umount2(&(0x7f0000000800)='./file0\x00', 0x0)

[  155.286907][ T7992] kasan: CONFIG_KASAN_INLINE enabled
[  155.292376][ T7992] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  155.300459][ T7992] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  155.307405][ T7992] CPU: 1 PID: 7992 Comm: syz-executor.1 Not tainted 5.1.0-rc7-next-20190430 #33
[  155.316446][ T7992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  155.327119][ T7992] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0
[  155.332849][ T7992] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89
[  155.352491][ T7992] RSP: 0018:ffff888062f5fa00 EFLAGS: 00010006
[  155.358560][ T7992] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900081e3000
[  155.366546][ T7992] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078
[  155.374523][ T7992] RBP: ffff888062f5fb10 R08: ffff888062f50500 R09: ffffed1015d26be0
[  155.382493][ T7992] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff88806395806c
[  155.390465][ T7992] R13: 0000000000000001 R14: ffff888063958070 R15: ffff888063958040
[  155.398446][ T7992] FS:  00007f163b761700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  155.407399][ T7992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.413979][ T7992] CR2: 000000000073c000 CR3: 0000000085957000 CR4: 00000000001426e0
[  155.421955][ T7992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  155.429925][ T7992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  155.437892][ T7992] Call Trace:
[  155.441197][ T7992]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  155.446836][ T7992]  ? emulator_read_emulated+0x50/0x50
[  155.452219][ T7992]  ? kvm_check_async_pf_completion+0x2d8/0x440
[  155.458383][ T7992]  kvm_arch_vcpu_ioctl_run+0x425/0x1750
[  155.463935][ T7992]  ? kvm_arch_vcpu_ioctl_run+0x425/0x1750
[  155.469663][ T7992]  kvm_vcpu_ioctl+0x4dc/0xf90
[  155.474357][ T7992]  ? kvm_set_memory_region+0x50/0x50
[  155.482158][ T7992]  ? tomoyo_path_number_perm+0x263/0x520
[  155.487814][ T7992]  ? trace_hardirqs_on_caller+0x6a/0x220
[  155.493455][ T7992]  ? tomoyo_execute_permission+0x4a0/0x4a0
[  155.499265][ T7992]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  155.504736][ T7992]  ? __fget+0x35a/0x550
[  155.508896][ T7992]  ? kvm_set_memory_region+0x50/0x50
[  155.514181][ T7992]  do_vfs_ioctl+0xd6e/0x1390
[  155.518804][ T7992]  ? ioctl_preallocate+0x210/0x210
[  155.523919][ T7992]  ? __fget+0x381/0x550
[  155.528082][ T7992]  ? ksys_dup3+0x3e0/0x3e0
[  155.532499][ T7992]  ? nsecs_to_jiffies+0x30/0x30
[  155.537352][ T7992]  ? tomoyo_file_ioctl+0x23/0x30
[  155.542287][ T7992]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  155.548531][ T7992]  ? security_file_ioctl+0x93/0xc0
[  155.553652][ T7992]  ksys_ioctl+0xab/0xd0
[  155.557815][ T7992]  __x64_sys_ioctl+0x73/0xb0
[  155.562411][ T7992]  do_syscall_64+0x103/0x670
[  155.567009][ T7992]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  155.572899][ T7992] RIP: 0033:0x458da9
[  155.576799][ T7992] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  155.596405][ T7992] RSP: 002b:00007f163b760c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.604824][ T7992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
[  155.612797][ T7992] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  155.620764][ T7992] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  155.628735][ T7992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f163b7616d4
[  155.636708][ T7992] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff
[  155.644683][ T7992] Modules linked in:
[  155.648589][ T7992] ---[ end trace c30cafd02c0f58ac ]---
[  155.654064][ T7992] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0
[  155.659784][ T7992] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89
[  155.679391][ T7992] RSP: 0018:ffff888062f5fa00 EFLAGS: 00010006
[  155.685453][ T7992] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900081e3000
[  155.693421][ T7992] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078
[  155.701389][ T7992] RBP: ffff888062f5fb10 R08: ffff888062f50500 R09: ffffed1015d26be0
[  155.709390][ T7992] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff88806395806c
[  155.717380][ T7992] R13: 0000000000000001 R14: ffff888063958070 R15: ffff888063958040
[  155.725356][ T7992] FS:  00007f163b761700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  155.734282][ T7992] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.740858][ T7992] CR2: 000000000073c000 CR3: 0000000085957000 CR4: 00000000001426e0
[  155.748831][ T7992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  155.756801][ T7992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  155.764769][ T7992] Kernel panic - not syncing: Fatal exception
[  155.771857][ T7992] Kernel Offset: disabled
[  155.776175][ T7992] Rebooting in 86400 seconds..