Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ 46.753435][ T6492] sshd (6492) used greatest stack depth: 23656 bytes left [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Found device /dev/ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. Debian GNU/Linux 9 syzkaller ttyS0 2020/08/04 18:50:54 fuzzer started 2020/08/04 18:50:54 dialing manager at 10.128.0.26:37687 2020/08/04 18:50:55 syscalls: 3270 2020/08/04 18:50:55 code coverage: enabled 2020/08/04 18:50:55 comparison tracing: enabled 2020/08/04 18:50:55 extra coverage: enabled 2020/08/04 18:50:55 setuid sandbox: enabled 2020/08/04 18:50:55 namespace sandbox: enabled 2020/08/04 18:50:55 Android sandbox: enabled 2020/08/04 18:50:55 fault injection: enabled 2020/08/04 18:50:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/04 18:50:55 net packet injection: enabled 2020/08/04 18:50:55 net device setup: enabled 2020/08/04 18:50:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/04 18:50:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/04 18:50:55 USB emulation: enabled 2020/08/04 18:50:55 hci packet injection: enabled 18:53:25 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000140)={0x0, 0x0}) syzkaller login: [ 215.182397][ T27] audit: type=1400 audit(1596567205.536:8): avc: denied { execmem } for pid=6827 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 215.312645][ T6828] IPVS: ftp: loaded support on port[0] = 21 18:53:25 executing program 1: syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902640002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a00008006241c00000020"], 0x0) [ 215.505100][ T6828] chnl_net:caif_netlink_parms(): no params data found [ 215.624288][ T6828] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.628680][ T6942] IPVS: ftp: loaded support on port[0] = 21 [ 215.632735][ T6828] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.647791][ T6828] device bridge_slave_0 entered promiscuous mode [ 215.657596][ T6828] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.665880][ T6828] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.678728][ T6828] device bridge_slave_1 entered promiscuous mode [ 215.741762][ T6828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.775267][ T6828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 18:53:26 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 215.849785][ T6828] team0: Port device team_slave_0 added [ 215.859999][ T6828] team0: Port device team_slave_1 added [ 215.913339][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.920648][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.947852][ T6828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.004281][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.014014][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.045244][ T6828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.064978][ T6942] chnl_net:caif_netlink_parms(): no params data found 18:53:26 executing program 3: pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f00000002c0)="e6", 0x1}, {&(0x7f0000000100)="f9", 0x1}, {&(0x7f0000000440)="776d9d388685e51b4fd049bd41f4a9d2718bb1194c9571ac13be7a8ec706716cff46510d72da87019cc45e023273f29a0733ecb521acce2db5de1f196d24fb142c36e1858d9e2e5be0c96d63ce5320426e6727db51bec85eab8117933ce5dea0d34c7200767ede0fbf7e4a2891d3e87ffde528185fbfab8ed38e15c224a0f96b9e3c309181c317ddb729845f095a50540bc54cb008fc2da2e990602c09dee2954944abbee35a80b9b72e7263b517eb99488b02eb7247a902cd40f904f2e596bafb7418a99c6ed3e070af0e4b0c3e00513dd69c895d93de1e3a4a78322c56ffc48e53555e9555e9524c4579ae4ce848db03f0f27d595fb120330573db75dce74450ddab651a75420f68bdb24e5cf071de2d5c9c5f764b88d1eaf520f72f1a3b9dc8375be7cd00886ab5218b226ef2a60f009c28282bb2a7b19d9e6164e87c963c1eedf8224fd4bcaaea0f2af2e657164e7c41cc4c2cac2fdd2796e522", 0x15c}, {&(0x7f0000000180)="11ac325e27208134172147b9f04e79c2319f4958549530d153f8578649c513b1c60a4bc687ae751b862b215361289bce42395c79829be73981710f22770100213516ecdaece733d76269c43a7ea568ffe36c460363a8e7b0364610a4fe8d5115d6b733f9ee0d7df117be76ff887b6982fc4771178c26ea581945015faa6a346b4b940e8c145462d4b52cd5ac527b29af0e8ac46392a472a60facef06", 0x9c}, {&(0x7f0000000700)="d8785b64cdd9952b514c9c7c6a304b0a30e0d5cfe5a35fc47fb4a3dc479dad8435837f33e686cb1c82764ef6100142286008daa59bfea2699f8b84ac745bc294ca4868c40bafe11e26d28a2089bb730832d088efa20b691ac330f378170c39e1930241de3da72a9360a4320e1ee0a718618464842b9b78bfe295edc1d478ca80a6f2c2f7f2cbfb28d3b71d9266db1195bf904408bff76bd5286e116e13539ed344e74f6a0fe633b14d585ca0b2c6bed8e566dc9ed928bbfddc84f8ada9fb8c0cabddf1eb4d45d0e10ff84a7c58a1d2bcf68899e1a39b5c2e669adcd0eec08bf31e70995a69fd58d97c7bcfb07774659fa9023c29e56b181eacdb6f7a62bd7ae253c0da2083c5e151df49aa4a78388994be6bba2b667679fbe2c4e9f58d3ee4c245b0430a9d849265b9ea53d7414540db83627fb6f395243b3c12ce3b3f0339e59e43d6213e89de224be82d222d16aa7713d63ad9c9bcf79f5dbd412fbc5f3cb2805ad25c7db0e87004bccb69558f2f5c032a610ae53d64db5a83bdbabde51de20393d9b95b3143f87515d1a15a2aabbf6c2fff18fa9f675ab29846db55dd6d79b180e60f6a8867a654c5f35f498ae97fa2650ff3fc675ec0cec3e42e5e375a5eb147f1b8e57f8834119e8733dfd6518cd039314749e39bba335b3ec32ba5891b98fa798c5efcfb0d4f9a9f50ab639d73386f4e45bf83739be8e53882ffd465d67ed65fd9885cb7a1ef96d08f7291d8b57f1cf8360851c66abc956b366de72a30a4be07e353922921ad7f634a5976bb7bff649d3c2dec594e10a4f97eca279d562900a34c021f41541964a9b45eea8900e34efe5a24c5b71ac42111c637cde482ef6f3a08b35ee849ecf939ab5f086a6c935629b7ffdc746724a8981206021364df835d4791b059e751a87acebbff0d7deadd3875b7fe9ae384fac146fd1cbf7508d5f30bc8dbbe8e2c3db8cf97c8e6a049396f881bd4a22ad6483e0b6c836b7c81e4444c9b27fbbe6501d2030f0650bce315cc1d535d3f6bcafe5f5babaa57f87e93302312450c6f7150eea59f3d3a48abdc023983c9d2237c6008b2a34937e15a88da5e2bf334c0f34586eb49beac4b3c5b753902435a9325e8447a8bff9e83937007467cd832d6620611c4d73fa420b93e9fab7fb0c08fbb8a50510be46adaec99be063a86c6d6c9df5570f32fc74659662989b81b3dee2f88de0b72d8cdddc1be6f8220051797646f6c8afec162a2edaa9aa07e2d5aca0ed5eec7ea43cbb01dd660c63c92412e527880da5846de97c75f3950ddb5eb96f91fe4bad1f5e4abc1c1ff76fe9620e6cbb11cef5da794d24b42afbdc7bf7b1c4b6e6c752fd37b67fa1c95ec380444", 0x3c7}], 0x5, 0x0) close(r1) socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r1, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10000, 0x0) [ 216.181988][ T6828] device hsr_slave_0 entered promiscuous mode [ 216.238101][ T6828] device hsr_slave_1 entered promiscuous mode 18:53:26 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) [ 216.374352][ T7101] IPVS: ftp: loaded support on port[0] = 21 [ 216.404276][ T7107] IPVS: ftp: loaded support on port[0] = 21 [ 216.493479][ T6942] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.507766][ T6942] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.516651][ T6942] device bridge_slave_0 entered promiscuous mode [ 216.581774][ T6942] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.590680][ T6942] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.609149][ T6942] device bridge_slave_1 entered promiscuous mode [ 216.739527][ T6942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.755898][ T7166] IPVS: ftp: loaded support on port[0] = 21 [ 216.805114][ T6942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 18:53:27 executing program 5: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) socket(0x1e, 0x2, 0x0) getrusage(0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) r0 = open(0x0, 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$HIDIOCINITREPORT(r0, 0x4805, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) read(r1, &(0x7f0000000140)=""/73, 0x49) [ 216.864588][ T6828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 216.951887][ T6828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 216.991111][ T6828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 217.043233][ T6828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 217.129589][ T6942] team0: Port device team_slave_0 added [ 217.171598][ T7101] chnl_net:caif_netlink_parms(): no params data found [ 217.192783][ T6942] team0: Port device team_slave_1 added [ 217.233675][ T7278] IPVS: ftp: loaded support on port[0] = 21 [ 217.255960][ T6942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 217.265445][ T6942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.291964][ T6942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 217.325511][ T7107] chnl_net:caif_netlink_parms(): no params data found [ 217.336515][ T6942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 217.344364][ T6942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.372069][ T6942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.513822][ T6942] device hsr_slave_0 entered promiscuous mode [ 217.570305][ T6942] device hsr_slave_1 entered promiscuous mode [ 217.647716][ T6942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 217.655500][ T6942] Cannot create hsr debugfs directory [ 217.790604][ T7107] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.798218][ T7107] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.805902][ T7107] device bridge_slave_0 entered promiscuous mode [ 217.816790][ T7101] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.825426][ T7101] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.836030][ T7101] device bridge_slave_0 entered promiscuous mode [ 217.844572][ T7101] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.851852][ T7101] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.859946][ T7101] device bridge_slave_1 entered promiscuous mode [ 217.915641][ T7107] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.926154][ T7107] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.936030][ T7107] device bridge_slave_1 entered promiscuous mode [ 217.965770][ T7101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.979076][ T7278] chnl_net:caif_netlink_parms(): no params data found [ 217.994695][ T7101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.058514][ T7101] team0: Port device team_slave_0 added [ 218.067503][ T7101] team0: Port device team_slave_1 added [ 218.095031][ T7107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.114349][ T7107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.147009][ T7101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.154864][ T7101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.183104][ T7101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.229291][ T7107] team0: Port device team_slave_0 added [ 218.235624][ T7101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.242677][ T7101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.270536][ T7101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.301077][ T7107] team0: Port device team_slave_1 added [ 218.320626][ T7166] chnl_net:caif_netlink_parms(): no params data found [ 218.384340][ T7107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.391709][ T7107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.419228][ T7107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.432848][ T7107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.441212][ T7107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.467980][ T7107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.522300][ T7278] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.530440][ T7278] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.542010][ T7278] device bridge_slave_0 entered promiscuous mode [ 218.590504][ T7101] device hsr_slave_0 entered promiscuous mode [ 218.628049][ T7101] device hsr_slave_1 entered promiscuous mode [ 218.677701][ T7101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 218.685284][ T7101] Cannot create hsr debugfs directory [ 218.710660][ T7278] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.718622][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.726462][ T7278] device bridge_slave_1 entered promiscuous mode [ 218.786212][ T6942] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 218.823986][ T7278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.836678][ T7278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.852540][ T7166] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.859919][ T7166] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.867854][ T7166] device bridge_slave_0 entered promiscuous mode [ 218.877962][ T6942] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 218.950135][ T7107] device hsr_slave_0 entered promiscuous mode [ 218.987988][ T7107] device hsr_slave_1 entered promiscuous mode [ 219.038134][ T7107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.045706][ T7107] Cannot create hsr debugfs directory [ 219.062798][ T7166] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.076031][ T7166] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.084235][ T7166] device bridge_slave_1 entered promiscuous mode [ 219.099209][ T6942] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 219.154634][ T6942] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 219.248365][ T6828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.274942][ T7278] team0: Port device team_slave_0 added [ 219.284266][ T7166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.313531][ T7278] team0: Port device team_slave_1 added [ 219.326742][ T7166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.402865][ T7278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.410733][ T7278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.436752][ T7278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.453369][ T7278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.461139][ T7278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.487419][ T7278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.506141][ T6828] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.519430][ T7166] team0: Port device team_slave_0 added [ 219.565552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.579549][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.651662][ T7278] device hsr_slave_0 entered promiscuous mode [ 219.718018][ T7278] device hsr_slave_1 entered promiscuous mode [ 219.778101][ T7278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.785676][ T7278] Cannot create hsr debugfs directory [ 219.792945][ T7166] team0: Port device team_slave_1 added [ 219.844131][ T7166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.852271][ T7166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.881379][ T7166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.902287][ T7166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.909335][ T7166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.937169][ T7166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.966060][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.976248][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.985224][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.992497][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.000735][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.009805][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.018502][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.025535][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.034209][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.112987][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.124690][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.134999][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.143955][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.152915][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.163039][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.191266][ T7107] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 220.246521][ T7107] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 220.295816][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 220.304189][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.313707][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 220.331166][ T6828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.345946][ T6828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 220.401171][ T7166] device hsr_slave_0 entered promiscuous mode [ 220.458720][ T7166] device hsr_slave_1 entered promiscuous mode [ 220.497679][ T7166] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.505249][ T7166] Cannot create hsr debugfs directory [ 220.511976][ T7107] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 220.570585][ T7107] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 220.656880][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 220.670741][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 220.756450][ T6942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.836331][ T7101] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 220.884287][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.895156][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.905765][ T6942] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.926539][ T7101] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 220.947115][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 220.959887][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 220.980453][ T7101] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 221.024050][ T7101] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 221.098544][ T7278] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 221.151450][ T7278] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 221.221755][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.231352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.240120][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.247172][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.254872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.263519][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.272122][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.279251][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.312039][ T6828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.320392][ T7278] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 221.352115][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.360260][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.369192][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.402237][ T7278] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 221.464106][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.472879][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.481932][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.491200][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.501164][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.535721][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.544538][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.553269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.562293][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.573693][ T6942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.611641][ T7166] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 221.650524][ T7166] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 221.709830][ T7166] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 221.791901][ T7107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.801429][ T7166] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 221.852856][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 221.863053][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 221.873469][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 221.881653][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 221.904718][ T6942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.924754][ T7107] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.955035][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.964575][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.984271][ T6828] device veth0_vlan entered promiscuous mode [ 222.011334][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.021608][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.032363][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.039459][ T7561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.048694][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 222.056752][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 222.066988][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.077981][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.090810][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.098023][ T7561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.135643][ T6828] device veth1_vlan entered promiscuous mode [ 222.143861][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.154216][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 222.162604][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 222.171419][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 222.180275][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.189714][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.199062][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.208094][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.231816][ T7101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.259312][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 222.270365][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.279541][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.290652][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.309449][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 222.323047][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 222.347882][ T7101] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.365070][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.375881][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.386169][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.395491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.414563][ T6942] device veth0_vlan entered promiscuous mode [ 222.430406][ T7107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.446558][ T7107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 222.457863][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.466128][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.475327][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 222.485134][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 222.493969][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.502740][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.511913][ T3075] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.519033][ T3075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.536282][ T7278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.564120][ T6942] device veth1_vlan entered promiscuous mode [ 222.583924][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 222.591964][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 222.600387][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 222.608891][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.616852][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 222.626048][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 222.635004][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.644966][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.653788][ T3075] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.660879][ T3075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.669673][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.678894][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.708286][ T7278] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.726023][ T6828] device veth0_macvtap entered promiscuous mode [ 222.738874][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 222.746819][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 222.756948][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.765150][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.773384][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.782473][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.791261][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.800739][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.809684][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.816711][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.824702][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.833789][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.875848][ T7107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.885451][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.901747][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.910954][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.923232][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.932570][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 222.943086][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 222.951711][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.963047][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.981404][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.988490][ T7561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.996144][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.014561][ T7166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.035645][ T6828] device veth1_macvtap entered promiscuous mode [ 223.044727][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 223.055498][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.064751][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.073575][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.093537][ T7101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.115354][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.133028][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.143675][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.152794][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 223.161450][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 223.170960][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.199987][ T7166] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.206797][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.217839][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.226116][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.234651][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.254721][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.270475][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 223.279766][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 223.289384][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 223.298810][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.308444][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 223.316901][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 223.326044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 223.334715][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.347908][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 223.356813][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 223.381240][ T6942] device veth0_macvtap entered promiscuous mode [ 223.406936][ T7101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.414140][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 223.423711][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.433000][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.442965][ T2528] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.450078][ T2528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.461291][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.470155][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.478757][ T2528] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.485793][ T2528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.494271][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.585760][ T7278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 223.598686][ T7278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 223.608225][ T6942] device veth1_macvtap entered promiscuous mode [ 223.618537][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 223.626512][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.639422][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.648381][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.656480][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 223.665788][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.768770][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.776474][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.785599][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.795146][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.804344][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.814056][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.822949][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.833982][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.848680][ T7107] device veth0_vlan entered promiscuous mode [ 223.861827][ T6942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 223.875923][ T6942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.891385][ T6942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.975111][ T7107] device veth1_vlan entered promiscuous mode [ 223.988125][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 223.996163][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 224.005327][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 224.014219][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.023651][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.032530][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 224.041498][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 224.050100][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 224.058776][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 224.066877][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.074383][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.097502][ T6942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 224.108962][ T6942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.120223][ T6942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.133768][ T7278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.159261][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 224.170707][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 224.183935][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 224.192658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 224.220143][ T7101] device veth0_vlan entered promiscuous mode [ 224.235475][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 224.246203][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 224.254793][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 224.262658][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 224.384155][ T7107] device veth0_macvtap entered promiscuous mode [ 224.395001][ T7101] device veth1_vlan entered promiscuous mode [ 224.443903][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 224.452110][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.461043][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.470005][ T2956] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 224.482011][ T7166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.492400][ T7107] device veth1_macvtap entered promiscuous mode [ 224.572803][ T7107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 224.584122][ T7107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.594978][ T7107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 224.605934][ T7107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.619000][ T7107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.648923][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 224.665852][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 224.674004][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 224.683263][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 224.692412][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 224.702099][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 224.713270][ T7107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 224.724839][ T7107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.734971][ T7107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 224.745453][ T7107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.757503][ T7107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.777966][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 224.786590][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 224.949911][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.959498][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.973059][ T7101] device veth0_macvtap entered promiscuous mode [ 224.990049][ T7101] device veth1_macvtap entered promiscuous mode [ 225.012428][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 225.021286][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 225.030014][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 225.038555][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.075936][ T7278] device veth0_vlan entered promiscuous mode [ 225.115460][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 225.156528][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 225.229087][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 225.262914][ T2528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 225.298383][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 225.348275][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.368307][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 225.391578][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.418638][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 225.436133][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.460422][ T7101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 225.473825][ T7278] device veth1_vlan entered promiscuous mode [ 225.494831][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 225.503566][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 225.515949][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 225.565563][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.618098][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 225.673994][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:53:36 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000240), 0x10) bind(r0, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @host}, 0x80) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) write$binfmt_aout(r1, &(0x7f0000000280)=ANY=[], 0x20) dup2(r2, r1) dup2(r2, r0) [ 225.719027][ T7101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 225.754626][ T7101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.794300][ T7101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.850658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 225.861413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 225.887675][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 18:53:36 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @random="2accc19dbb19", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '~\x00 ', 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 225.896088][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 225.920354][ T7166] device veth0_vlan entered promiscuous mode [ 225.970554][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 225.982175][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready 18:53:36 executing program 0: syz_mount_image$xfs(&(0x7f0000000200)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@attr2='attr2'}, {@dax='dax'}, {@inode32='inode32'}]}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) finit_module(r1, &(0x7f0000000040)='inode32', 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 226.040538][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 226.070839][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready 18:53:36 executing program 3: pipe(&(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f00000002c0)="e6", 0x1}, {&(0x7f0000000100)="f9", 0x1}, {&(0x7f0000000440)="776d9d388685e51b4fd049bd41f4a9d2718bb1194c9571ac13be7a8ec706716cff46510d72da87019cc45e023273f29a0733ecb521acce2db5de1f196d24fb142c36e1858d9e2e5be0c96d63ce5320426e6727db51bec85eab8117933ce5dea0d34c7200767ede0fbf7e4a2891d3e87ffde528185fbfab8ed38e15c224a0f96b9e3c309181c317ddb729845f095a50540bc54cb008fc2da2e990602c09dee2954944abbee35a80b9b72e7263b517eb99488b02eb7247a902cd40f904f2e596bafb7418a99c6ed3e070af0e4b0c3e00513dd69c895d93de1e3a4a78322c56ffc48e53555e9555e9524c4579ae4ce848db03f0f27d595fb120330573db75dce74450ddab651a75420f68bdb24e5cf071de2d5c9c5f764b88d1eaf520f72f1a3b9dc8375be7cd00886ab5218b226ef2a60f009c28282bb2a7b19d9e6164e87c963c1eedf8224fd4bcaaea0f2af2e657164e7c41cc4c2cac2fdd2796e522", 0x15c}, {&(0x7f0000000180)="11ac325e27208134172147b9f04e79c2319f4958549530d153f8578649c513b1c60a4bc687ae751b862b215361289bce42395c79829be73981710f22770100213516ecdaece733d76269c43a7ea568ffe36c460363a8e7b0364610a4fe8d5115d6b733f9ee0d7df117be76ff887b6982fc4771178c26ea581945015faa6a346b4b940e8c145462d4b52cd5ac527b29af0e8ac46392a472a60facef06", 0x9c}, {&(0x7f0000000700)="d8785b64cdd9952b514c9c7c6a304b0a30e0d5cfe5a35fc47fb4a3dc479dad8435837f33e686cb1c82764ef6100142286008daa59bfea2699f8b84ac745bc294ca4868c40bafe11e26d28a2089bb730832d088efa20b691ac330f378170c39e1930241de3da72a9360a4320e1ee0a718618464842b9b78bfe295edc1d478ca80a6f2c2f7f2cbfb28d3b71d9266db1195bf904408bff76bd5286e116e13539ed344e74f6a0fe633b14d585ca0b2c6bed8e566dc9ed928bbfddc84f8ada9fb8c0cabddf1eb4d45d0e10ff84a7c58a1d2bcf68899e1a39b5c2e669adcd0eec08bf31e70995a69fd58d97c7bcfb07774659fa9023c29e56b181eacdb6f7a62bd7ae253c0da2083c5e151df49aa4a78388994be6bba2b667679fbe2c4e9f58d3ee4c245b0430a9d849265b9ea53d7414540db83627fb6f395243b3c12ce3b3f0339e59e43d6213e89de224be82d222d16aa7713d63ad9c9bcf79f5dbd412fbc5f3cb2805ad25c7db0e87004bccb69558f2f5c032a610ae53d64db5a83bdbabde51de20393d9b95b3143f87515d1a15a2aabbf6c2fff18fa9f675ab29846db55dd6d79b180e60f6a8867a654c5f35f498ae97fa2650ff3fc675ec0cec3e42e5e375a5eb147f1b8e57f8834119e8733dfd6518cd039314749e39bba335b3ec32ba5891b98fa798c5efcfb0d4f9a9f50ab639d73386f4e45bf83739be8e53882ffd465d67ed65fd9885cb7a1ef96d08f7291d8b57f1cf8360851c66abc956b366de72a30a4be07e353922921ad7f634a5976bb7bff649d3c2dec594e10a4f97eca279d562900a34c021f41541964a9b45eea8900e34efe5a24c5b71ac42111c637cde482ef6f3a08b35ee849ecf939ab5f086a6c935629b7ffdc746724a8981206021364df835d4791b059e751a87acebbff0d7deadd3875b7fe9ae384fac146fd1cbf7508d5f30bc8dbbe8e2c3db8cf97c8e6a049396f881bd4a22ad6483e0b6c836b7c81e4444c9b27fbbe6501d2030f0650bce315cc1d535d3f6bcafe5f5babaa57f87e93302312450c6f7150eea59f3d3a48abdc023983c9d2237c6008b2a34937e15a88da5e2bf334c0f34586eb49beac4b3c5b753902435a9325e8447a8bff9e83937007467cd832d6620611c4d73fa420b93e9fab7fb0c08fbb8a50510be46adaec99be063a86c6d6c9df5570f32fc74659662989b81b3dee2f88de0b72d8cdddc1be6f8220051797646f6c8afec162a2edaa9aa07e2d5aca0ed5eec7ea43cbb01dd660c63c92412e527880da5846de97c75f3950ddb5eb96f91fe4bad1f5e4abc1c1ff76fe9620e6cbb11cef5da794d24b42afbdc7bf7b1c4b6e6c752fd37b67fa1c95ec380444", 0x3c7}], 0x5, 0x0) close(r1) socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r1, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10000, 0x0) [ 226.132671][ T12] usb 2-1: new high-speed USB device number 2 using dummy_hcd 18:53:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\trust\xe3cusgrVex:De', 0x0) r0 = gettid() tkill(r0, 0x31) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa\x00', 0x20000, 0x0) r2 = socket(0x10, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3cffffff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b000100677265746170000004c458440a4dbaa9d913de9ae1df6900000000000a00", @ANYRES32=0x0, @ANYBLOB="7195db55bca85db868bf59eefdba2c95aad57648cd36b903857925b830e2cb7c09313dfda38964341e70"], 0x3c}}, 0x0) setuid(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) fstat(r5, &(0x7f00000001c0)) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0x0, 0x6, {{0x2, 0x2, 0x80, 0x2, 0x40, 0x1f, {0x1, 0xe00000000000, 0x3, 0x4, 0x80000001, 0x2, 0x2, 0x3f, 0x6, 0x1, 0x3, 0x0, 0x0, 0x401, 0x7fff}}, {0x0, 0x4}}}, 0xa0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) [ 226.223099][ T7166] device veth1_vlan entered promiscuous mode [ 226.243340][ T7278] device veth0_macvtap entered promiscuous mode [ 226.247853][ T8143] XFS (loop0): Invalid superblock magic number [ 226.293672][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 226.308456][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 226.370387][ C0] hrtimer: interrupt took 48708 ns [ 226.381040][ T7278] device veth1_macvtap entered promiscuous mode [ 226.388242][ T12] usb 2-1: Using ep0 maxpacket: 8 [ 226.507187][ T12] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 226.535458][ T12] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 226.556883][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 226.571420][ T12] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 226.579167][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.601164][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 226.612410][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.622863][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 226.634071][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.644724][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 226.655733][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.695701][ T7278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.757110][ T12] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 226.764973][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 226.766780][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.796262][ T12] usb 2-1: Product: syz [ 226.797753][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.813668][ T12] usb 2-1: Manufacturer: syz [ 226.821699][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 226.824113][ T12] usb 2-1: SerialNumber: syz [ 226.837175][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.852477][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 226.863549][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.873899][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 226.884998][ T8143] XFS (loop0): Invalid superblock magic number [ 226.902899][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.922066][ T7278] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 226.928691][ T12] cdc_ncm 2-1:1.0: skipping garbage [ 226.939484][ T12] cdc_ncm 2-1:1.0: bind() failure [ 226.950643][ T7166] device veth0_macvtap entered promiscuous mode [ 226.966797][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 226.967530][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 226.991881][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 227.003736][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 227.015317][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 227.030601][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 227.040740][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 18:53:37 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir']) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f00000001c0)={0x0, 0x7}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e2f66696c65302c00701ae236ebd77a1644fb061b279351be00c032ee19be117ed03c40641e19b9c7d8281a45e4"]) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000100)='\x00', 0x1, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, 0x0, r2}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'poly1305-generic\x00'}}) keyctl$read(0xb, r1, &(0x7f0000000080)=""/8, 0x8) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000280)='./file0/file0\x00', 0xfff, 0x8, &(0x7f0000000bc0)=[{&(0x7f0000000340)="af5ddb3a2dcda2117a9c2e02d15e220cbb2d5fa62a728346b0810e6dcff1e0450a832906dd5b7fa1a598cb9c3ac583d63b2628f95a8179bc0892bdaae936c6c8b2e13ce4ab5c7298e2f309b4eab8a2e44504b802d58c0ea1fe509db2f629feb4b4d221533a32aad5639d140d2aa4e7773ac7dcb3dbbbaa07fd35d14c2249163a51b8d9bae617c75245162f50ca974693094abc9ee40d90e9ae", 0x99, 0x8000}, {&(0x7f0000000400)="e1e75f333a1e1088a73cdd4a9baaae05b3aecd0e1481bedbe6e924ddb5ff0bca7b16262b1acfe1e3c5ef081ed01747332c213c5bd13fdc6dfcf45e1cfff62e517e824f2e0a05fe1e8094568c47f66814ac3b2681fdf11c877f812411aa99013c577324eaab42c27f4c291905399ed9b39f367c37946bced24ce09c6ac776483539f60c6e90d31044ffbf262ee66adc2c4deecc99230cd6ba166eb8e8ddc957d25c133880bd28b6", 0xa7, 0x40}, {&(0x7f0000000500)="1fe58e4ac7e163b07663f68c87ed78c5515349ce118be1fcb7631e8979c5d2ee045feccf4a61e4515a681f152a665af26cf20234ebbe6bbafed808b6d596f088bd4cec875d084948604c7438259902a40e", 0x51, 0x7}, {&(0x7f0000000740)="d24921e2a4d6f079ef3f65d5980210a8e85f01beb92b3f2f805666d3e32f71c3eda5949d393d9dc1dcb9d32647cdf9dcb0d438cd97c15307fcd6ae6275873ff7e0e3b3cdbd0f5df2ab2a732eb5e1a1705fbed7567dd38bb1543e4bfc813ecbfdd776f0aed648799cdaf1b75938353d2daab0bc2ffa64e1f11ceb7dc17cf931474c1c3d4f4ca4c4a5e927de25a9087a1c6179c377d9528ccfdda01f2c10a622acd4f14a9fa36b301586e6030450d4ddea1d97c4aab64819db629982bd4c994085bc31905533b260fc0b01d5573be07cc142c1e747", 0xd4, 0x3}, {&(0x7f0000000840)="b76c85266728968f470f84e8d3af7485c0ded4f53182b1b9459b80f262219f40f53b47c1ec2da5502c3bfa2611450de70270c7e1f188861c4335de099a4e52dd79e2c3a6f8202227de7194e6ea377e8b381f067988fe3f5d6e572055641422cf03761265406fb91ff46b7bcfe3f1aaf2bde5479bf8d81e829fed38b63ed90b5eae4cc66949ad3c0972002cd83f5f214d5f7d401ab2e6fb54a6ade113f4b3011cd2281918021cb2cf8c4742980e1259464f0159662d3cab383d467bf643273856e92ba726fbb1b7050b6d4166390b04211c1e2d2ea22df903f538a4a88788abd1ae4712542913379cfe488ffbb912ded116281a6b8c66589c", 0xf8, 0x7}, {&(0x7f0000000640)="6f662b4c257b8168efcdb16b836e405c431bc4433f3dd6e0", 0x18, 0x100}, {&(0x7f0000000940), 0x0, 0x78e}, {0x0, 0x0, 0x3f}], 0x4c080, &(0x7f0000000680)='devpts\x00') perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000580)='./bus/file0\x00') [ 227.071613][ T7166] device veth1_macvtap entered promiscuous mode [ 227.117983][ T3075] Bluetooth: hci0: command 0x0409 tx timeout [ 227.135460][ T8084] usb 2-1: USB disconnect, device number 2 18:53:37 executing program 0: syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={[{@shortname_win95='shortname=win95'}, {@shortname_lower='shortname=lower'}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r1}, 0x10) [ 227.301226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 227.342437][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.378575][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.411007][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.426061][ T8202] FAT-fs (loop0): bogus number of reserved sectors [ 227.434189][ T8204] overlayfs: filesystem on './bus' not supported as upperdir [ 227.487256][ T8202] FAT-fs (loop0): Can't find a valid FAT filesystem [ 227.502309][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.524529][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.535104][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.545093][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.555553][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.565747][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 227.576281][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.597315][ T12] Bluetooth: hci1: command 0x0409 tx timeout [ 227.609685][ T7166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.705123][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 227.721945][ T8202] FAT-fs (loop0): bogus number of reserved sectors [ 227.721973][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 227.736915][ T8202] FAT-fs (loop0): Can't find a valid FAT filesystem [ 227.751025][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 227.776340][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.786179][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 227.816704][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.831196][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 227.843833][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.856679][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 227.868095][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.878528][ T7166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 227.890535][ T7166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.902713][ T7166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.913865][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 227.923720][ T3075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 227.936586][ T8084] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 228.077076][ T8070] Bluetooth: hci2: command 0x0409 tx timeout [ 228.216413][ T8084] usb 2-1: Using ep0 maxpacket: 8 [ 228.346637][ T8084] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.426647][ T8084] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 228.478160][ T8084] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 18:53:39 executing program 1: syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902640002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a00008006241c00000020"], 0x0) 18:53:39 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir']) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f00000001c0)={0x0, 0x7}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e2f66696c65302c00701ae236ebd77a1644fb061b279351be00c032ee19be117ed03c40641e19b9c7d8281a45e4"]) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000100)='\x00', 0x1, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, 0x0, r2}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'poly1305-generic\x00'}}) keyctl$read(0xb, r1, &(0x7f0000000080)=""/8, 0x8) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000280)='./file0/file0\x00', 0xfff, 0x8, &(0x7f0000000bc0)=[{&(0x7f0000000340)="af5ddb3a2dcda2117a9c2e02d15e220cbb2d5fa62a728346b0810e6dcff1e0450a832906dd5b7fa1a598cb9c3ac583d63b2628f95a8179bc0892bdaae936c6c8b2e13ce4ab5c7298e2f309b4eab8a2e44504b802d58c0ea1fe509db2f629feb4b4d221533a32aad5639d140d2aa4e7773ac7dcb3dbbbaa07fd35d14c2249163a51b8d9bae617c75245162f50ca974693094abc9ee40d90e9ae", 0x99, 0x8000}, {&(0x7f0000000400)="e1e75f333a1e1088a73cdd4a9baaae05b3aecd0e1481bedbe6e924ddb5ff0bca7b16262b1acfe1e3c5ef081ed01747332c213c5bd13fdc6dfcf45e1cfff62e517e824f2e0a05fe1e8094568c47f66814ac3b2681fdf11c877f812411aa99013c577324eaab42c27f4c291905399ed9b39f367c37946bced24ce09c6ac776483539f60c6e90d31044ffbf262ee66adc2c4deecc99230cd6ba166eb8e8ddc957d25c133880bd28b6", 0xa7, 0x40}, {&(0x7f0000000500)="1fe58e4ac7e163b07663f68c87ed78c5515349ce118be1fcb7631e8979c5d2ee045feccf4a61e4515a681f152a665af26cf20234ebbe6bbafed808b6d596f088bd4cec875d084948604c7438259902a40e", 0x51, 0x7}, {&(0x7f0000000740)="d24921e2a4d6f079ef3f65d5980210a8e85f01beb92b3f2f805666d3e32f71c3eda5949d393d9dc1dcb9d32647cdf9dcb0d438cd97c15307fcd6ae6275873ff7e0e3b3cdbd0f5df2ab2a732eb5e1a1705fbed7567dd38bb1543e4bfc813ecbfdd776f0aed648799cdaf1b75938353d2daab0bc2ffa64e1f11ceb7dc17cf931474c1c3d4f4ca4c4a5e927de25a9087a1c6179c377d9528ccfdda01f2c10a622acd4f14a9fa36b301586e6030450d4ddea1d97c4aab64819db629982bd4c994085bc31905533b260fc0b01d5573be07cc142c1e747", 0xd4, 0x3}, {&(0x7f0000000840)="b76c85266728968f470f84e8d3af7485c0ded4f53182b1b9459b80f262219f40f53b47c1ec2da5502c3bfa2611450de70270c7e1f188861c4335de099a4e52dd79e2c3a6f8202227de7194e6ea377e8b381f067988fe3f5d6e572055641422cf03761265406fb91ff46b7bcfe3f1aaf2bde5479bf8d81e829fed38b63ed90b5eae4cc66949ad3c0972002cd83f5f214d5f7d401ab2e6fb54a6ade113f4b3011cd2281918021cb2cf8c4742980e1259464f0159662d3cab383d467bf643273856e92ba726fbb1b7050b6d4166390b04211c1e2d2ea22df903f538a4a88788abd1ae4712542913379cfe488ffbb912ded116281a6b8c66589c", 0xf8, 0x7}, {&(0x7f0000000640)="6f662b4c257b8168efcdb16b836e405c431bc4433f3dd6e0", 0x18, 0x100}, {&(0x7f0000000940), 0x0, 0x78e}, {0x0, 0x0, 0x3f}], 0x4c080, &(0x7f0000000680)='devpts\x00') perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000580)='./bus/file0\x00') 18:53:39 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir']) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f00000001c0)={0x0, 0x7}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e2f66696c65302c00701ae236ebd77a1644fb061b279351be00c032ee19be117ed03c40641e19b9c7d8281a45e4"]) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000100)='\x00', 0x1, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, 0x0, r2}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'poly1305-generic\x00'}}) keyctl$read(0xb, r1, &(0x7f0000000080)=""/8, 0x8) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000280)='./file0/file0\x00', 0xfff, 0x8, &(0x7f0000000bc0)=[{&(0x7f0000000340)="af5ddb3a2dcda2117a9c2e02d15e220cbb2d5fa62a728346b0810e6dcff1e0450a832906dd5b7fa1a598cb9c3ac583d63b2628f95a8179bc0892bdaae936c6c8b2e13ce4ab5c7298e2f309b4eab8a2e44504b802d58c0ea1fe509db2f629feb4b4d221533a32aad5639d140d2aa4e7773ac7dcb3dbbbaa07fd35d14c2249163a51b8d9bae617c75245162f50ca974693094abc9ee40d90e9ae", 0x99, 0x8000}, {&(0x7f0000000400)="e1e75f333a1e1088a73cdd4a9baaae05b3aecd0e1481bedbe6e924ddb5ff0bca7b16262b1acfe1e3c5ef081ed01747332c213c5bd13fdc6dfcf45e1cfff62e517e824f2e0a05fe1e8094568c47f66814ac3b2681fdf11c877f812411aa99013c577324eaab42c27f4c291905399ed9b39f367c37946bced24ce09c6ac776483539f60c6e90d31044ffbf262ee66adc2c4deecc99230cd6ba166eb8e8ddc957d25c133880bd28b6", 0xa7, 0x40}, {&(0x7f0000000500)="1fe58e4ac7e163b07663f68c87ed78c5515349ce118be1fcb7631e8979c5d2ee045feccf4a61e4515a681f152a665af26cf20234ebbe6bbafed808b6d596f088bd4cec875d084948604c7438259902a40e", 0x51, 0x7}, {&(0x7f0000000740)="d24921e2a4d6f079ef3f65d5980210a8e85f01beb92b3f2f805666d3e32f71c3eda5949d393d9dc1dcb9d32647cdf9dcb0d438cd97c15307fcd6ae6275873ff7e0e3b3cdbd0f5df2ab2a732eb5e1a1705fbed7567dd38bb1543e4bfc813ecbfdd776f0aed648799cdaf1b75938353d2daab0bc2ffa64e1f11ceb7dc17cf931474c1c3d4f4ca4c4a5e927de25a9087a1c6179c377d9528ccfdda01f2c10a622acd4f14a9fa36b301586e6030450d4ddea1d97c4aab64819db629982bd4c994085bc31905533b260fc0b01d5573be07cc142c1e747", 0xd4, 0x3}, {&(0x7f0000000840)="b76c85266728968f470f84e8d3af7485c0ded4f53182b1b9459b80f262219f40f53b47c1ec2da5502c3bfa2611450de70270c7e1f188861c4335de099a4e52dd79e2c3a6f8202227de7194e6ea377e8b381f067988fe3f5d6e572055641422cf03761265406fb91ff46b7bcfe3f1aaf2bde5479bf8d81e829fed38b63ed90b5eae4cc66949ad3c0972002cd83f5f214d5f7d401ab2e6fb54a6ade113f4b3011cd2281918021cb2cf8c4742980e1259464f0159662d3cab383d467bf643273856e92ba726fbb1b7050b6d4166390b04211c1e2d2ea22df903f538a4a88788abd1ae4712542913379cfe488ffbb912ded116281a6b8c66589c", 0xf8, 0x7}, {&(0x7f0000000640)="6f662b4c257b8168efcdb16b836e405c431bc4433f3dd6e0", 0x18, 0x100}, {&(0x7f0000000940), 0x0, 0x78e}, {0x0, 0x0, 0x3f}], 0x4c080, &(0x7f0000000680)='devpts\x00') perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000580)='./bus/file0\x00') [ 228.706496][ T8084] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 228.715563][ T8084] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.750991][ T8084] usb 2-1: Product: syz [ 228.759053][ T8084] usb 2-1: Manufacturer: syz [ 228.807201][ T8084] usb 2-1: can't set config #1, error -71 [ 228.823987][ T8084] usb 2-1: USB disconnect, device number 3 [ 229.199021][ T12] Bluetooth: hci0: command 0x041b tx timeout [ 229.227038][ T8084] usb 2-1: new high-speed USB device number 4 using dummy_hcd 18:53:39 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:39 executing program 5: r0 = socket$kcm(0x2, 0x7, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'geneve1\x00', @remote}) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3a}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000040)={0xfb, 0x2}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000007c0)={'geneve1\x00', @link_local={0x1, 0x80, 0xc2, 0x6}}) 18:53:39 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:39 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir']) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f00000001c0)={0x0, 0x7}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="75707065726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c6c6f7765726469723d2e2f66696c65302c00701ae236ebd77a1644fb061b279351be00c032ee19be117ed03c40641e19b9c7d8281a45e4"]) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000100)='\x00', 0x1, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, 0x0, r2}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'poly1305-generic\x00'}}) keyctl$read(0xb, r1, &(0x7f0000000080)=""/8, 0x8) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000280)='./file0/file0\x00', 0xfff, 0x8, &(0x7f0000000bc0)=[{&(0x7f0000000340)="af5ddb3a2dcda2117a9c2e02d15e220cbb2d5fa62a728346b0810e6dcff1e0450a832906dd5b7fa1a598cb9c3ac583d63b2628f95a8179bc0892bdaae936c6c8b2e13ce4ab5c7298e2f309b4eab8a2e44504b802d58c0ea1fe509db2f629feb4b4d221533a32aad5639d140d2aa4e7773ac7dcb3dbbbaa07fd35d14c2249163a51b8d9bae617c75245162f50ca974693094abc9ee40d90e9ae", 0x99, 0x8000}, {&(0x7f0000000400)="e1e75f333a1e1088a73cdd4a9baaae05b3aecd0e1481bedbe6e924ddb5ff0bca7b16262b1acfe1e3c5ef081ed01747332c213c5bd13fdc6dfcf45e1cfff62e517e824f2e0a05fe1e8094568c47f66814ac3b2681fdf11c877f812411aa99013c577324eaab42c27f4c291905399ed9b39f367c37946bced24ce09c6ac776483539f60c6e90d31044ffbf262ee66adc2c4deecc99230cd6ba166eb8e8ddc957d25c133880bd28b6", 0xa7, 0x40}, {&(0x7f0000000500)="1fe58e4ac7e163b07663f68c87ed78c5515349ce118be1fcb7631e8979c5d2ee045feccf4a61e4515a681f152a665af26cf20234ebbe6bbafed808b6d596f088bd4cec875d084948604c7438259902a40e", 0x51, 0x7}, {&(0x7f0000000740)="d24921e2a4d6f079ef3f65d5980210a8e85f01beb92b3f2f805666d3e32f71c3eda5949d393d9dc1dcb9d32647cdf9dcb0d438cd97c15307fcd6ae6275873ff7e0e3b3cdbd0f5df2ab2a732eb5e1a1705fbed7567dd38bb1543e4bfc813ecbfdd776f0aed648799cdaf1b75938353d2daab0bc2ffa64e1f11ceb7dc17cf931474c1c3d4f4ca4c4a5e927de25a9087a1c6179c377d9528ccfdda01f2c10a622acd4f14a9fa36b301586e6030450d4ddea1d97c4aab64819db629982bd4c994085bc31905533b260fc0b01d5573be07cc142c1e747", 0xd4, 0x3}, {&(0x7f0000000840)="b76c85266728968f470f84e8d3af7485c0ded4f53182b1b9459b80f262219f40f53b47c1ec2da5502c3bfa2611450de70270c7e1f188861c4335de099a4e52dd79e2c3a6f8202227de7194e6ea377e8b381f067988fe3f5d6e572055641422cf03761265406fb91ff46b7bcfe3f1aaf2bde5479bf8d81e829fed38b63ed90b5eae4cc66949ad3c0972002cd83f5f214d5f7d401ab2e6fb54a6ade113f4b3011cd2281918021cb2cf8c4742980e1259464f0159662d3cab383d467bf643273856e92ba726fbb1b7050b6d4166390b04211c1e2d2ea22df903f538a4a88788abd1ae4712542913379cfe488ffbb912ded116281a6b8c66589c", 0xf8, 0x7}, {&(0x7f0000000640)="6f662b4c257b8168efcdb16b836e405c431bc4433f3dd6e0", 0x18, 0x100}, {&(0x7f0000000940), 0x0, 0x78e}, {0x0, 0x0, 0x3f}], 0x4c080, &(0x7f0000000680)='devpts\x00') perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000580)='./bus/file0\x00') 18:53:39 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS32(r1, 0x806c4120, &(0x7f0000000080)) close(r2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) [ 229.476180][ T8084] usb 2-1: Using ep0 maxpacket: 8 [ 229.516726][ T12] Bluetooth: hci3: command 0x0409 tx timeout 18:53:39 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:40 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 229.603235][ T8084] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 229.661504][ T8084] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 229.677134][ T12] Bluetooth: hci1: command 0x041b tx timeout [ 229.712452][ T8275] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 229.749365][ T8084] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 229.765174][ T8275] ref_ctr decrement failed for inode: 0x3da2 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000898fca46 18:53:40 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) [ 229.813862][ T8275] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 18:53:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0xa924, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x400}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x19) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000000)={0x1}) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r3) r4 = pidfd_getfd(r2, r3, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r4, 0xc2604111, &(0x7f0000000340)={0x0, [[0x9, 0xfffff000, 0x0, 0x29a7, 0x9, 0x1, 0x8, 0x800], [0xffff, 0xfff, 0xfffffffa, 0x7, 0x1, 0x525b, 0x8, 0x7ff], [0x8, 0x2b, 0xdf, 0xa8, 0x4, 0x1000, 0x1000, 0x4]], [], [{0x7, 0x1, 0x0, 0x1}, {0xfffffe68, 0x8, 0x1, 0x1, 0x1}, {0x8, 0x81, 0x1}, {0x0, 0x8, 0x1, 0x1}, {0xfffffff8, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x1, 0x1, 0x1}, {0x63f, 0x400, 0x0, 0x1}, {0x8, 0x3, 0x1}, {0x4, 0x200, 0x1, 0x0, 0x0, 0x1}, {0x6, 0x6, 0x1, 0x1, 0x1}, {0x5, 0xffffffe1, 0x1, 0x1}, {0xffff, 0x3ff, 0x1, 0x1, 0x1, 0x1}], [], 0x400}) write(r0, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00) r5 = openat$ion(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r5, 0xc0184900, &(0x7f00000001c0)={0x208927, 0x2f, 0x0, 0xffffffffffffff9c}) r7 = dup(r6) mmap(&(0x7f000000a000/0x200000)=nil, 0x201300, 0x0, 0x30051, r7, 0x0) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000020601080000000000000000070000000900020073797a31000000000900020073797a320000000009000a0073797a31000000000500050007000000"], 0x40}, 0x1, 0x0, 0x0, 0x8800}, 0x4800) fallocate(r0, 0x0, 0x0, 0x10000) ioctl$MEDIA_REQUEST_IOC_QUEUE(0xffffffffffffffff, 0x7c80, 0x0) sendfile(r0, r1, 0x0, 0x11f08) [ 229.878781][ T8275] ref_ctr decrement failed for inode: 0x3da2 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000898fca46 [ 230.026340][ T8084] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 230.049238][ T8084] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.110100][ T8084] usb 2-1: Product: syz [ 230.120392][ T8084] usb 2-1: Manufacturer: syz [ 230.120593][ T27] audit: type=1800 audit(1596567220.478:9): pid=8304 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15740 res=0 [ 230.131984][ T8084] usb 2-1: SerialNumber: syz [ 230.156420][ T3075] Bluetooth: hci2: command 0x041b tx timeout [ 230.197682][ T27] audit: type=1804 audit(1596567220.538:10): pid=8307 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir987518547/syzkaller.4go7kL/6/file0" dev="sda1" ino=15740 res=1 [ 230.247408][ T8084] cdc_ncm 2-1:1.0: skipping garbage [ 230.252672][ T8084] cdc_ncm 2-1:1.0: bind() failure [ 230.264544][ T8306] x86/PAT: syz-executor.3:8306 map pfn RAM range req write-combining for [mem 0x45800000-0x45a01fff], got write-back [ 230.407231][ T8084] Bluetooth: hci4: command 0x0409 tx timeout [ 230.513136][ T3075] usb 2-1: USB disconnect, device number 4 18:53:41 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS32(r1, 0x806c4120, &(0x7f0000000080)) close(r2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) 18:53:41 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:41 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:41 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS32(r1, 0x806c4120, &(0x7f0000000080)) close(r2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) 18:53:41 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:41 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 231.260000][ T8333] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 231.276143][ T3075] Bluetooth: hci0: command 0x040f tx timeout [ 231.285834][ T33] Bluetooth: hci5: command 0x0409 tx timeout [ 231.302680][ T8333] ref_ctr decrement failed for inode: 0x3db5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000b56723a7 [ 231.322826][ T8333] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 18:53:41 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:41 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0xb4, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xffff) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) [ 231.353796][ T8333] ref_ctr decrement failed for inode: 0x3db5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000b56723a7 18:53:41 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setuid(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'ip6erspan0\x00', 0x0}) [ 231.490812][ T8332] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 231.509482][ T8332] ref_ctr decrement failed for inode: 0x3db1 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000a84df749 18:53:41 executing program 4: timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) [ 231.597845][ T33] Bluetooth: hci3: command 0x041b tx timeout [ 231.616703][ T8332] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 231.624838][ T8332] ref_ctr decrement failed for inode: 0x3db1 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000a84df749 18:53:42 executing program 4: timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) 18:53:42 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 231.755944][ T12] Bluetooth: hci1: command 0x040f tx timeout 18:53:42 executing program 0: creat(&(0x7f0000000200)='./bus\x00', 0x0) open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x801, 0x1) r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 18:53:42 executing program 1: r0 = getpid() sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'sit0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="4c0000001800010900000100000000000a0040000000210000000000140005000000000000000000000000000000000108000400", @ANYRES32=r3], 0x4c}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40801}, 0x1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8094252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) r7 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000fe9000/0x1000)=nil, 0x1000, 0x0, 0x8011, r7, 0x3000) ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 18:53:42 executing program 4: timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) [ 231.944050][ T27] audit: type=1804 audit(1596567222.298:11): pid=8367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir568659275/syzkaller.y0UF3C/8/bus" dev="sda1" ino=15803 res=1 18:53:42 executing program 2: io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) [ 232.030781][ T27] audit: type=1804 audit(1596567222.328:12): pid=8367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir568659275/syzkaller.y0UF3C/8/bus" dev="sda1" ino=15803 res=1 18:53:42 executing program 3: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = getpid() ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) fstat(r1, &(0x7f0000001dc0)={0x0, 0x0, 0x0, 0x0, 0x0}) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) setfsgid(r3) setgroups(0x1, &(0x7f0000000000)=[r3]) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)=[{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{&(0x7f00000000c0)="ff524ef6f446ef56e60e67e8eb6811252d133844c1c6", 0x16}, {&(0x7f0000000500)="47bd54031461c4d2441bd819fcd8633528322dbe14cfe101b79e174b7f390f533eaeeece47cc8088edc0c70febc1329c5fdd02e8d9fba69783a2c945ede6228c17df36a83a9d3060ed3279532a76729f1df5f407cd1979f33785064a4e7385df7422410de911b8bec178c9b2e9376027870a92a6b2230117d15639f875d0695a973f76387e4f648aaed804aa82840be2f283b79e0088e9a295eab869f2bb428f84bb34f66433c05f31781cceb5287d5cf21cefc1be2b5f745b662d03a35f741428d3dc4ccd267b2d6e83b92fbf6aa3c8d815a325f2f5d43b08df9c8574e0eaa64c56f28d91fd11e6fe1cd22a7161543a743da98086ae99ff73217ba6fc542abbfa125663e84e756862a23c965566238b8c093cd23684d68f24c9f45608a7e576014bb880d5349957553d9df441bc660449eef4955a8b46b5ec8ae3849d63444a2bf8b5242a975b083abbd4b840d078b39d7a3d42f64eb61ce33cf738b07013c2293a3f814cffdf4f8b95e407b761a4cc07118d682221580626e456475e4d91147db8bbe2f807088823e112869e0066335348cd7eff4be37c4dbdfa168915b9033864cb8632f556d13fe2ec77bc6741a7932a29563652e0ba85c9ed03e0f46ed1b92892539ed4174680f4d82609846641d8a222bf67f557bd4477beb0293d4aab71c43fbf3fd66d3282e06c895230d2099c0c6824efd772e1139816046385ce6860e21f19fd971b4e6d4f7be54be2fa738e068741a23e0da7eed5b3f4a74940e1f1889fcf40c063c7686d6fedd733734ef85e1844f3ee467863d501b4bb9067bfae4a2c8dc2718a9803e37e2973f34a53b213e31d364fc56e407e7c9b9d77ecbf70f17e52a3bb21fb37bb55f41113a63bf557f953512e0097eea3e06341c6b5e37af5dfd535a2aa45c7edf4410890e9f1f17fa195de9e9f8c2aec27ff6cc18c7d1289f1081c30acd1aec610248dfbb4d6f92d6c999face98d56452c3beb4146b5cad4381268ef11a1334f7cd63b401bf6db4bce4576a0ebe89cb9ed4ef672dffe804edba10ecb80069649224035341f3d2e286240472978021c3a495f4494c057c5d103cc58b036a3593067cc2de0e1c08450a3de445c0b77b49a521f45c0f722466b5254671d6b7b2aa805725e4a1118f795ad92c415fb6ba605f2e4cec1d9c0a4ebecaa4104d545943500731610cbdbfc57cbb33b5b70feba7e897b7e9eaf44650876cc6cabb728117d15d201c10278c9adc3b4d77a4b46c42c115d9bf78aa886aed7cf88ea8555d48b972120a7cbfed26e8b3a607b5797cfaa7291a54ddb14e9a7a4cb2d39a6d947ffa568d0e4742af750cce857d34c8f0da6ffc095a0bede1138afb8987ffc74223b4de49d900d4ec6573c5a34c0f537868996da24cc5599af972dc64c7f280ecaae3f8b4f5ca632464dcddaecf248cdc3915fab56ee3858a1f9af95359efab8e509b205c6853c5381ee283a1f386abc6d473347c09cb19ae817a342b25ba38c6c8dc05ca4ab01cfc5692aba4abfdbb0f3e9582eb0a9f583dd3654ed6831477e4c138f4515a0ca76cc0c10dc81b4e5e9deab3a63f9e5782bbe1c70c84a57a9de4e3563d55d78113e4bed49180a7952a5fdc471bc1b41a2f401697c04753a41b3b3341ae9900f4582079ef2cabdcf63e92bd64052b187667a49fffc4dabeb135b7a4ed4e585f0a08d27cdc4da1af2a8e757c49a43e0bca4e51c76a36fa378ce834a639a10d43bdcb3350a8c00e69816eb17029f8eaa53748744a62d71fdde06bd257acb9e6b0dbd4718502c0b65eb0b52fbf2aeac4ddbd9b9bc3855e90b98c3f793d3b5eda70ac531850e924e421f2c51fd12449d470d3b0627ba01912930da9d0cea1e6f87dc928de6b75c1ae39e44404559dcb7cf83a9811da00a3886cac572fa15298e63cfe624ac3f769c16e13464b99672d4d9d5f88f48cfd8688cb8583f1945786743dba5fd7b62fab52556ce5e79a055a995549b58a99d41b13676f57d4d0237d0062d5a9a89aefb401a71a6e8b9a618e8ab6acfe96ef34834cf9314f71f2b4a57627c6363d114b237a81ce9cdd903c95284343406959d993185d21ab9646c969c05e2356d93e02a7ae9eebe93b05cc136075ee362610cd915eb6ceeeb76af24bf36765246f6cfe18dec5475d668980c71ec4622a7eebd1c5a450cc45351a15a7e91c206d1098820adbc5727d19d93944b8d65e9d66a35c72bcd3f934e8d4bf6e22d545c025e641435521f686027a2c4423bdd764224147da99a0bad0eee85e52b1375b6f0cfeb7bf62bce97890459c1807d9b27881e5bd5ac3a11991a6d6b9c395a1529797e7009f8a1f774c6874d8c3804f5768e141fa5ad11c8e23aec3afdf955972460c1d3588c711227e866a631e779fcb037d0de9b647262eff2fb48eb2e8975e09bf57ecfcae9b47df2a35a8e433cdba8217f42dcfd8f52fa37033dd927cb957280f3dfb6a4aad878187dd629b2dea8d736d70fe4a0b42aa272c7ca4552464de1eb0154d797e44e5619c2b701d6479df09b46f21c8c7800b0f0243d7d92618cd34a74b397374cedf31c18ece53a3b35a82247acf8c3258bdb723538a468866a191ee1f736adc4e42aab512cdaa135a2dba0a88bd5111458dc8edbf2412f50f9248f935020e394a65da9009d323207ed2e722825d4868fefc62b5cba47698a42cdad96b1a917cb6662972cb208e347951c51337f0233287b9481b0a5bc141597825d46713a884b55082894c8f1cd7dff194201cb0cde56368421fe903594b660205d77477ab145a6c6a9896d1cc5048105296bcee65c8241f496371bc2d21fe2d824837af801545db174d858e76e7b66ed1c1e3590ed1a9f56c61bb4a72fe0394260e4d24fff115b135b18e0b2f0bc15364fde4a89a62bf84675450c0e6453aa00c2aff82ac5a962ce89f4ee8f01c6969368e80ee41c0967a75889af88ea1d70a33b027227e2b2e41e8ccff66facc76acc7b2bbb0d211ab2cfa05a76ec101787e8d1708a18c2668a2f4426e7632e7572a0124cafab66ef59f9af4b5b1cc3f40dbf38fb49d291deb6c063bef005d5cf731938e25ddc77565fb5efe223953637a3977ab548b5545291dcbc2475e7f7f18cd9a671c31ad493f963f7ae79f4054233efe92d7cc237acedbf897bc010b22fdde83fb84cf4b4c2dfc1341425a676da2dfa849975c68753f7077be3c354c6c89570ec44282709c937989daed5523c069fc6aeef76c101ff4288bc6d4c9b202c9170123f8037c162014d0ea3040e3c669db12bcdae14725ba8eaeacfd3504a3ffbcb80048bf6b918a399d1c7cd155b97391686489eb28ef58280242fb2616792f4a77a4ae712db0c5556e5561448b5f9a855ced00252f17070cc91585c4c33ad07222ec48c1690c3167a5381a479c5ba49bc15c6e3e6f753e376119b309657f99d3006e5f30cf81cba29f59c63598c3fe892fa2f180ba05b800b071cbcc4cad8134440058b5acaad2e1fb7ae66a437f1151b6cf792a6ae7af1a26394e0acfbf371a5180e0102512672181c43c2299bf5fd8a7ef06264c01b2576ede61d09ed0bf77e2e049ca8ef03e878b821a0d76a5d4af2b65e7eb0725ed15f2c669fa3cf3b1fe2c77afb5418388463874da2e151814deee85ab9327d6828aad77bc0c912bd6cc61dfab40a97b44f3e220591a66f2c171f4ffafd8c4a17c918722aae3c91c1845634bcd98bcd2e4b489cd9d6e242a0d4558b4d9ae724361fb06fc5090504ca2ff7341959a97eeab7e5129e66c0a0ddadc9d227ef52c0f391a06f4111a6405b4db2a424aa00f05ffa3bffc1241ab3c89cd833790cd5bfdc3a46f8ec0b0f20f70c64bdb63d3a25532b21657e08cddc52c1e5b4ca1d4ec054dc73469f12941aaa9228671ca2f8950874a0edbfb1a3a009b2a9a061e192e108e7d6d70d4897f80f0f356ddcccd9bb1fd11559117b544191a3713477b9f0fa80dfa49c2d0898c8f636f1647a7853446cc2c90ea65ba5e5022b080f443c330105f80dde475d55112f698ca6354e6ef55c295dbffd2237a43fb8f06092c03b5d8ebbcb22e559586e049d04647821065681b067c6487cea4231883345ab7eda8b0fb708b6e975f70ed311e7940c855c4925842e5473d3456ca27c5bc5e22ecc0426d5a1b5e5eeb1009ba92ece5d1da96a648d62673c576c3d7a72d4fa43d639f572e01f6bb1228caca86f17221b8be7e214331f9c0d34c108c84cda34c0082eab9620bc7ac2cb3b7ae475f0a941e1ae11d7cf2ff5ea19d74e6466a8ee4a029a4c797e863c1d55099c3e3ab98f946ed9af9b31dd733a67d4d6e1a10a6586e86c353c2ad93216d5462c54d5e376bfd1839d29a0975302d24089de11a3e9f62127ce350e255eee52569857a8431710478d5a731d1550a070f94a0ebae87c089a0e8a1bd31743dc060f439bbee7f4fc3bb03e450674ecc3bdc3b5b9f75463e329946528e1ddce66eb4c25621350ad41ff96130f723e5559cac7785bc1f9414e3e02c472d05ba9153ce602d968995579ecc5805365f7a7478c5ddd18bbf828ccea68c0347cff8d1578e82ec1d0a791d3cfa46841bb7cf94193642c80fefb65bc02b01e02c5a3e5a613398c37c081f48e698619627c325ae0826b1828ae47179893a1a1a2783e7106905a339c160bcc994bf3fa47b47d47613809d139166d329b692eb6e9e12ac97f4987cbe3455ec0a2c00dc0615e90573ae3b299ee3989ad930d92d8799de7366596edea1c0778c08cefb72f42d6fce50f92f3604a0149a5f8a32896414af522983869085a4328c448e2552e5b302c28bf3047a0e60cf25eaeed36311ee9a3a1f55b86baecab5bcfdb366d0027f1ef83290bd14f506b2294e975019b0c1c5185b3aedbf6e2e8682f90bc345feecf8f59cc4ce025bac9c82c15b44a533c1f88dd019ffb627b1d207049d241ea719b42480a00bb19b6f4165210ae5ab41f4971666e38a2383d679308ea194bd5a3301916b9eb7fdb08938564225a6dadee04311849918307c1567da53542fe052e05df7ac873cdd4a571114ea3d24165db661f2f6aede4b241513888be834b42ea097e37fe40515018be7a1fc8d06ca4e01ed85222755e960edee3ca8f421f69a7a992d1503de55151c4f6c3c3263b30aec9121a3a182f319a0490dd14d252c3c81ebd2f896c0f4aa964a8aeacb5189259346242fe055d9c76c982b22f328a5fd2b53da67335e564cb8f9452f00205a30f4d4fddd680a428f7948233dc77cf74b9216df1f6acf9e9b1ca6471c99f464f3306136c5fdc8f7ce4a2bec567c6f38f5ab00b4b9ac554b45acf80039add3869cb4f69a83356261e2c07a25852a6c26a275d9eca3035b1fdfa37a9e247edddbda6ffda2f539fee5944a1e8fe50e7dbc112e6ab78a4a76f9bc2ba7e498f9e0332812e92f5f3b1a18fa54c03e41e473b8221586061c2ce1a65b13cb6f58a6ea14d088def244a38cc891099b208884feacf201278b9d58d8e864456f67c5e30e4c1e1e51b9862aa7182675d908f0eb62182e52c10745244e9684708362b4642883ca5f2e73d781138f29008244a6fba7679f0ea8c9d26b19e4cd5ff7716c0c20a04fdb9eca33d6020016c44502041a73247790b325f70c9e0ef2a413a7bd7040e10bfae4405295fb4532dd98fad541fcea2805f2ed29ca77c7688d7006cb29ef71279fe5100a7207f405fb69e5b3907dd5f5bbbd393b404a577894f9b8bcd5342ce8678e351790c2c93e662663a9e7b4dcc8d3558a67b34c5a9230ccefeb39b3b17e09bc3ad189f09ebb8e22bc8", 0x1000}], 0x2, &(0x7f0000002300)=ANY=[@ANYBLOB="3000000000000000000000005b6aa35a30056e8b770c7f17fd32a1ff03237066418f7a86959a35c0150ad76d3663aabc5848fec5a82c11000070c97b279055da6c6d43824185fa59ea8e0052a590d7ecf078ff989c7fd47a63d132ee7140402035b090e100000000000000000000594721f2afb1ba4b2fcade2b80e2c277c8f53da8716c34220cf2b5fe2f5c048f295dfaf9b1eeb68a2e2ebc6d50a11a338d6ff87348617e9f1dc9c98d4168aa4856eb2c06e0a2f9cce5d00aefd3b48aa596a7499b8a0e9cb0ddbe4c1b3a0ba21de3ac4324f1576a928598de2bd1dc75febe3b6d09f4fdef8b7d67242fbccdb784d83ad25487213c1d76a51c5cc7cbdd93c93aa7d4548e5de19402f6ea5ce870b9bdba287c3efc87353f4198d67ff21757aebb42", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x30, 0x40}, {&(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001800)=[{&(0x7f0000001500)="7ea6e02428e7bea3e867c661ca8f5a4e9e0b1b8dc5f7c91ba388eaa964f9da5407dce0e7535d09db426fb69f4b5a417c518f2c9d1160870cee36cc7fd80617126c9b789640274af1134a3949a12203b88e4759a577038078cef0ba5df08127ff3e1c1658027e2bb1c85a693013ae4ec30cca9ee61363f5cd2d91537ea74744a15d4c2f09501fab5ec42f9d39d6ec815e53cfccdf509fa4fac24a5e9b78773dd5c8397b52945dd538cc69a9ff07a366f5c78f91c7fe3985b3ebfb02bd1a2c80b72ceb0a", 0xc3}, {&(0x7f0000001600)="9ad51c84698923ce5240f25687eaf7b3b29ca047af98ae60a15e8e5475b2104291c63ce844613d42694a200c4461005db6735a7bbda1d05f7e355e47c3e5f6a90004dc6eac1834eb61b4d84c0f138f9e95623c81526963b0f2e1c2ba61bf8388a8db7bb7262dc99951ba6b620e174ffe431030805a5f13bd35e975b9a37efc10a74d57c99e752076c83a40c7b775e052180100674c75642f4e63e6fe3ddf0b8e289391c119d0d838ee3a94f0311afa3933aa", 0xb2}, {&(0x7f0000000440)="35604c1bce094a06ec65f2b948dc90c709d8f735d2efe66446c19bb7eb58ff47be2bcf54c13ea11691464947fbac2c70189168dced4a3fe03539e1c5", 0x3c}, {&(0x7f00000016c0)="87fb289824d64666099eb5ecf49d72b436da33f2d16293356430fc4cf959bd90dda1e2e4abb11d3148593d9645c08c3d00b887e4d244782049dffd172b379b51e8ea52c23bb1c04a784464cd4883da6370c2e07a7203def6ca8a7007e46247efe0bc30ab9a813644ef5c0342457db1f2a866938298b4f7e6e7d6e219a406ce92612e0106b2a7ccac53daaeb62938871db5a820ad9ab8e19d5b07ad8c8b2a4cd190236f793947e021ecdf5d9ef60068c7c91705be7ded6f018c03d6d4aacc1b7b6b7dcab38df51675d78578031475194ae88890a1c96c5e35e7174cecfea87fa90fa010f009a16e677ca56d0b8ccb369248", 0xf1}, {&(0x7f00000017c0)="88e30997468e95c6c115eb66896099b8671b0a6197e2b464928db0c4219aaa775c31a0e44d1d02aab9212ec632de", 0x2e}], 0x5, 0x0, 0x0, 0x20004004}, {&(0x7f0000001880)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001d40)=[{&(0x7f0000001900)="91070aebd9792fc5b99b7df472dd3dd250f8a04450f08eb8b803405212777de981337edd208aee60319feee971633d0bdd01e6b178048b83eb8cd8be2fe60fb5dfe5c5608b56c634e126096d99f81974dfe0ee12f39f716a50d3b4100e5437652a83b345be86089fe3f900a58352b0ae906899f8e9c40ed02d1294f0347b7df3013382bb302cc7f8a040a7d0c10f8b7fb0268441a934171c6ef958258c2683bb1444f574a9fc45c68b3e2601b3e427f43956711e1f3017d92a4a6925dd5cf8850d8d328207ad182e926ee14677521cbd5952d70537629988f2fc0b3b7b911ce70f26", 0xe2}, {&(0x7f0000001a00)="82e6c646657ba7d1b20fbcf396b2f6d00ad5574a831512090150079404bdd01af582e22680a0977c56e241de3d347b036ae10bb304da5e29abbe0228abea27407988b28ffe694af1c7637286f4e7b5b7547cbfc3c5d4531a6eb037649b92c4525be8363509be20176d7d55766b23c618133b99795946524c961045ab7a31d7fd4661ad1b111d2c54722280e804e724089e007aa2c2efca2ff4599510d85779b51a70a9526357834d37bec270b2252a21c4af60ad97268fa7a3292f857eb8e670aa3bcac33aa5ab003bddadf39c62ab1ccaa9e07e6ddc81096171b31e852702418ea950200b6c55043afbee867554fb990d6b961c01706e494d27", 0xfa}, {&(0x7f0000001b00)="ce42830216277d0971e2c0f394305d2871bf758a24af32a49b63be1e9e0e647240c196e0fbdff9b8eb91b8770ddcd2cb9606bafa240ac62f18e625111ca357caa4bedc9d224926bd657241de105190d9700bc1ebf0e5e330e3b767f4721d93b5ba1a93dacd10ee718814096b175bf5edf65c77e0c0", 0x75}, {&(0x7f0000001b80)="f4ceb9114f0e5c8056fc3f47d8f535f64eb92f8969603e4cbf82c78bff1ab05c642fa3d25ba3b367e207aef6ff311991ab612d6dff3696f789cf7d409d5b362a21866a5ded9da83613b081e8f89086b605c087c11708107391ac85e2158c9d784bb40038a00731a7e1203124698cd97e1260d3ba0f021bb77e11c74f5fd763b5fba0d1822efc210830852861050bd6c3d2317dd5cdd7ed0eb778779b1e8520d52efe0844afa875539c1bbcbb50afee58a64f48e612", 0xb5}, {&(0x7f0000000140)="905ff2adb9252a62ddc9eeb0fc1a6a054d9eb3d329b779a8768f3942cf75f62ed0db217625144531f9e0035dc5207867c66a8da8b1374a5fd7b56977b065b345ab8a2569311894038491155973ac5fb2bd1052fac3e6abd54d70259b522d4b91fc5a6721538cf910557865ee8c920c287300fc503e8f191aa755f70744e2979b1c995c2bb5c2f7eee5c6d0dea464d128bbdb2b6676d365f54a39f3e7b26308cbfc2bc4bc8272eacd0951569706c383424b8ff2e78f309dbaa5a02622b8880c18cbe9be319f0c4ec94942542d4f20da7230332b37f9b1", 0xd6}], 0x5, &(0x7f0000001e40)=[@cred={{0x1c, 0x1, 0x2, {r0, r2, r3}}}], 0x20, 0x91}], 0x3, 0x20048040) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r7 = accept4(r4, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ipv6_route\x00') sendfile(r7, r8, 0x0, 0x7ffff00e) accept4$alg(r7, 0x4, 0x0, 0x0) 18:53:42 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:42 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="480000001000054700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300fdff00080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000081e40000004eff70cf00"/24], 0x2c}}, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x443e}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x800) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x20, r6, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}]}, 0x3c}}, 0x0) [ 232.177610][ T27] audit: type=1804 audit(1596567222.328:13): pid=8367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir568659275/syzkaller.y0UF3C/8/bus" dev="sda1" ino=15803 res=1 18:53:42 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:42 executing program 2: io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) 18:53:42 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r2, 0x9, 0xd55}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f00000001c0)={@local}) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f00000000c0)=0x2f01) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000100)) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000040)=0x10) [ 232.236419][ T27] audit: type=1804 audit(1596567222.348:14): pid=8367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir568659275/syzkaller.y0UF3C/8/bus" dev="sda1" ino=15803 res=1 [ 232.237310][ T3075] Bluetooth: hci2: command 0x040f tx timeout 18:53:42 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10) exit_group(0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01030000200000000000cdba11f1", @ANYRESHEX], 0x14}}, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYBLOB="00002bbd7000fedbdf250200000008002b000400000004f47f5d4e7c47c0ac5fbd698e18a222deb49116352eb2354772bbbe61e04b562da7e94a85df3b6b2aa05cd0f1d3f4f10931a73720dc6ec88feb3d278e4694b03ef3265c2b67e13dd4e8bb88f16fe5dc45db45ce0cda463cc07d7cd71ce93ef4bf76505e081cf3b32ed28bccc36ddf47092fa83ec0d9c3b4e3cc9b1de48737ded5a9d992"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x800) syz_emit_ethernet(0x76, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0x0], @random="f674049167a6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x40, 0x3a, 0x0, @empty={[0x3, 0x3c]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0004e6", 0x0, 0x0, 0x0, @remote, @remote, [@routing={0x2f}], "000022ebffff0400"}}}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x2b, 0x4, 0x200000fe) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x40, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @mcast1, @remote, [@dstopts={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3a], [@enc_lim]}]}}}}}}}, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETXF(r4, 0x4b3a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40086602, 0x400007) 18:53:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x12}]}}}]}, 0x3c}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RREADLINK(r2, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) [ 232.351508][ T27] audit: type=1804 audit(1596567222.348:15): pid=8367 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir568659275/syzkaller.y0UF3C/8/bus" dev="sda1" ino=15803 res=1 18:53:42 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) [ 232.475909][ T3075] Bluetooth: hci4: command 0x041b tx timeout [ 232.677089][ T8369] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 233.355691][ T3075] Bluetooth: hci0: command 0x0419 tx timeout [ 233.365577][ T33] Bluetooth: hci5: command 0x041b tx timeout [ 233.677506][ T8084] Bluetooth: hci3: command 0x040f tx timeout [ 233.680468][ T8448] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 233.693731][ T8448] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 233.835450][ T3075] Bluetooth: hci1: command 0x0419 tx timeout [ 234.395603][ T12] Bluetooth: hci2: command 0x0419 tx timeout [ 234.716185][ T3075] Bluetooth: hci4: command 0x040f tx timeout 18:53:45 executing program 1: r0 = getpid() sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'sit0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="4c0000001800010900000100000000000a0040000000210000000000140005000000000000000000000000000000000108000400", @ANYRES32=r3], 0x4c}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40801}, 0x1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8094252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) r7 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000fe9000/0x1000)=nil, 0x1000, 0x0, 0x8011, r7, 0x3000) ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 18:53:45 executing program 2: io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) 18:53:45 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400201) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x8}, 0x4) syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x16, &(0x7f0000000000)) ptrace(0x10, r5) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000400)="806e554068d95910af4ef90091fe8dd82d0a1fe4033209ace443876e259f24811b3163a0c1f77d52e2885f93b344c9c28a1e4cd6b88b75dc7edf52bd7cd93636dddbe00d15bcc7d0b4b9e099a61b4503b4eea989d18c069f4e841998babb452084534c806ce3328694b7b591472d972f3fcc4bbff67d9fe447ccc86f34d3b0a8be9a4a2a8c51d2199b") ptrace$getregset(0x4205, r5, 0x2, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) perf_event_open(&(0x7f0000000580)={0x5, 0x70, 0xfa, 0x7, 0x4, 0xdb, 0x0, 0x1, 0x2004, 0xa, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000540)}, 0x400, 0x8, 0x1, 0x4, 0x7, 0x42a, 0xc16}, r5, 0x5, r4, 0x0) writev(r4, &(0x7f00000004c0)=[{&(0x7f00000001c0)="95ac176e571a54abe80bfd517a2c4b143e0d36844944e6d2a1e2552552d346950fdffe20f77735653de3462075ff3e5d0dbf5348e1a19c94f412fca2562f8545a326a157993a168034755b0abd004a1f9aacc983bbcb00d558b306b8ecc8a38cc106bffbbb37e1e81d49de07fb509e8fcea8c5085453e1a15663e44348772b041ab172a8c3c43fba06d7d67f96f7ba0fb50f1e8d8dc6228086b517d79d322315cdd394eba35bc53baba11cb10334ab0fbcbfb0677a25c4e9ee69abcad7e62184711936998507a7b7783487e955bd86e40aeeb41cc7558aa44752deb456aba63a365bab61907cc429e0e9488019e95a17299399c7f01179de98b5411c8ac8", 0xfe}, {&(0x7f00000000c0)="75ce63cc8afe2740e723349f761ae9ed6b1356dc8ac5a46bffc97418ec011df9dd0d5af187aa64ddfe5ba3ef31f2a05dba85c510be3a83665898a552128677a5ebf2e8c2e6b0bcf956f4979918f458ddfde3cd47f6c1ae836b1655dc8d5b9c98e8640bcb06438b14f600a43dad2da84457246be9068fb7896fa808fa8a60c4f6", 0x80}, {&(0x7f0000000000)="cd9174", 0x3}, {&(0x7f0000000140)="9634db1b55", 0x5}, {&(0x7f00000002c0)="920ff3b1c9ec7a627102bc5a2644b60622c6889ffcb78be9f1e1c5fe040e225fb5d23aed90f43301f1899d1ddc53f86fcc34d4072ca37e792489529aab859479bbb651a6257052bb3dd4ce3ec4ff85", 0x4f}, {&(0x7f0000000340)="736c73f8ae9ee41b503f5bbea4746cee67967256552473872912716a2c54523f2967b33e373850d5aa7a3b5a2ce8e3e67251191fb544a0e9e7d0a9b84980d497c415b94b60384eb501f08e51707a3ab4b6b99924341f1fab3e89d1fc51be8f3c906ba1543703684eeaa9b6ba067b74e7f0875566", 0x74}, {&(0x7f00000003c0)="58789f178905f46c3ae89ca2a9ba81bd908227a29aa9cf6dad4fb2d8e46e691b527883433d8843771ce21e6bcc9ad08f1d0839e76e834a1966a56a26685c28a7ec646160f909e4a72c490932fe61d66c2e03077ac0f0808add928974546b91a1dea9698bc614e25a71091bd6ad3d1208ecda3bacaafbbd782088b6a8820762bd6d017e9fc63607217f7b90612c48283ad3cc884e7a0fa399d93b95ecfaadc676814d74552891385f104a2cd11df871d677bbd4222d2adcbbcc64ed51a1a8e30227bbcbfead74628269ed1a0991533d2ef5a76d", 0xd3}], 0x7) 18:53:45 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:45 executing program 5: pipe(&(0x7f0000000040)) socket$can_raw(0x1d, 0x3, 0x1) sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x8800) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100)='veth0\x00', 0x10) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x10b600, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) mq_notify(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x8}) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6, 0x0, 0x3, 0x4000000a5cd, 0xfffffffd}, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x3}, 0x0, 0x80000, 0x0, 0x1}, 0x0, 0xfffffffbffffffff, 0xffffffffffffffff, 0x1) syz_open_procfs(0x0, 0x0) fchdir(0xffffffffffffffff) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="1063eac2902100b9402672f46f5fa76c2e4651c951dcb3e29e011bc5c7cfbeda532372b6a9d6f3e823aa633381c5287f24f4be12a409b441537723ec10209322cd438bbd7e5f29480c2988296b7330fa4752d06a10c26fd5730563553bd6a2abfb545b3935d76ed02293a07b457802d3d3f63c3600ca26005a1059e94a84bb0d0c6fbc7988bc8b5824a6bc07552f"], 0x10) unshare(0x40000000) shmget(0x3, 0x4000, 0x800, &(0x7f0000ffa000/0x4000)=nil) syz_genetlink_get_family_id$batadv(&(0x7f00000001c0)='batadv\x00') openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x440, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) 18:53:45 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:45 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:45 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:45 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, 0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) [ 235.584340][ T8070] Bluetooth: hci5: command 0x040f tx timeout [ 235.610448][ T8471] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 235.619860][ T8471] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 235.755296][ T8070] Bluetooth: hci3: command 0x0419 tx timeout [ 236.797655][ T12] Bluetooth: hci4: command 0x0419 tx timeout [ 237.109057][ T8395] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.117502][ T8395] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.594925][ T12] Bluetooth: hci5: command 0x0419 tx timeout [ 240.651633][ T8395] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.005242][ T8395] batman_adv: batadv0: Interface deactivated: batadv_slave_1 18:53:55 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10) exit_group(0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01030000200000000000cdba11f1", @ANYRESHEX], 0x14}}, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYBLOB="00002bbd7000fedbdf250200000008002b000400000004f47f5d4e7c47c0ac5fbd698e18a222deb49116352eb2354772bbbe61e04b562da7e94a85df3b6b2aa05cd0f1d3f4f10931a73720dc6ec88feb3d278e4694b03ef3265c2b67e13dd4e8bb88f16fe5dc45db45ce0cda463cc07d7cd71ce93ef4bf76505e081cf3b32ed28bccc36ddf47092fa83ec0d9c3b4e3cc9b1de48737ded5a9d992"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x800) syz_emit_ethernet(0x76, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0x0], @random="f674049167a6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x40, 0x3a, 0x0, @empty={[0x3, 0x3c]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0004e6", 0x0, 0x0, 0x0, @remote, @remote, [@routing={0x2f}], "000022ebffff0400"}}}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x2b, 0x4, 0x200000fe) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x40, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @mcast1, @remote, [@dstopts={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3a], [@enc_lim]}]}}}}}}}, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETXF(r4, 0x4b3a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40086602, 0x400007) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, 0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:55 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:55 executing program 1: r0 = getpid() sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'sit0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="4c0000001800010900000100000000000a0040000000210000000000140005000000000000000000000000000000000108000400", @ANYRES32=r3], 0x4c}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40801}, 0x1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8094252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) r7 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000fe9000/0x1000)=nil, 0x1000, 0x0, 0x8011, r7, 0x3000) ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) [ 244.786464][ T8395] syz-executor.3 (8395) used greatest stack depth: 23328 bytes left 18:53:55 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10) exit_group(0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01030000200000000000cdba11f1", @ANYRESHEX], 0x14}}, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYBLOB="00002bbd7000fedbdf250200000008002b000400000004f47f5d4e7c47c0ac5fbd698e18a222deb49116352eb2354772bbbe61e04b562da7e94a85df3b6b2aa05cd0f1d3f4f10931a73720dc6ec88feb3d278e4694b03ef3265c2b67e13dd4e8bb88f16fe5dc45db45ce0cda463cc07d7cd71ce93ef4bf76505e081cf3b32ed28bccc36ddf47092fa83ec0d9c3b4e3cc9b1de48737ded5a9d992"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x800) syz_emit_ethernet(0x76, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0x0], @random="f674049167a6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x40, 0x3a, 0x0, @empty={[0x3, 0x3c]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0004e6", 0x0, 0x0, 0x0, @remote, @remote, [@routing={0x2f}], "000022ebffff0400"}}}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x2b, 0x4, 0x200000fe) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x40, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @mcast1, @remote, [@dstopts={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3a], [@enc_lim]}]}}}}}}}, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETXF(r4, 0x4b3a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40086602, 0x400007) 18:53:55 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10) exit_group(0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01030000200000000000cdba11f1", @ANYRESHEX], 0x14}}, 0x0) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB, @ANYRESDEC=r0, @ANYBLOB="00002bbd7000fedbdf250200000008002b000400000004f47f5d4e7c47c0ac5fbd698e18a222deb49116352eb2354772bbbe61e04b562da7e94a85df3b6b2aa05cd0f1d3f4f10931a73720dc6ec88feb3d278e4694b03ef3265c2b67e13dd4e8bb88f16fe5dc45db45ce0cda463cc07d7cd71ce93ef4bf76505e081cf3b32ed28bccc36ddf47092fa83ec0d9c3b4e3cc9b1de48737ded5a9d992"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x800) syz_emit_ethernet(0x76, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0x0], @random="f674049167a6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "a4f008", 0x40, 0x3a, 0x0, @empty={[0x3, 0x3c]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0004e6", 0x0, 0x0, 0x0, @remote, @remote, [@routing={0x2f}], "000022ebffff0400"}}}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) r3 = socket(0x2b, 0x4, 0x200000fe) syz_emit_ethernet(0x76, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "42bf00", 0x40, 0x3a, 0x0, @local={0xfe, 0x80, [0x3, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7c, {0x0, 0x6, "7f112d", 0x8001, 0x29, 0x0, @mcast1, @remote, [@dstopts={0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3a], [@enc_lim]}]}}}}}}}, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETXF(r4, 0x4b3a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40086602, 0x400007) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, 0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:53:55 executing program 2: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) io_setup(0x3, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:55 executing program 3: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xc}, {0x0, 0x0, 0x2, 0x0, 0x100000001, 0x5}, {}, 0x0, 0x6e6bb2, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x4d5, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, [], 0x22}, 0x0, 0x0, 0x3, 0x4}}, 0xe8) sendto$inet6(r0, &(0x7f00000006c0)="7999a5497cccd33ba9e09cbb488f7bad5fdb830bbecd14d8eff721ed6d8de2bca4020d85058b86a9b8dc19ecbcb4bdc4132a24bce25c0eb6fac86ee6c235e33846b4bd17ba50c6ecc413fc172209d74e1a871845fe052d9f46f3de0c79947eb027608c0607c86aaa872a25177e9b422096c1c91304762b46629e8b40df8ddfcf8eec86c15d25a37a02be77a0fa2fb57edebb8bdf12719e29bc455e79f8feaf4bb49745", 0xa3, 0x8001, &(0x7f0000000780)={0xa, 0x4e23, 0x9, @mcast2, 0x22}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x1f4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000000)="cb0db2a843531bfaaeae5c9e4eccb063822d9921ca07520fca1a2d4bd2c1fa739f9fe3e5d731b23cdbf83910046c436b550881484b6d46b61aff6d9efdd806148d073dda75482b41d8c1d67e1f2fe0b6ea572cf54f67628e30f5bd1d3cc1ed1c228c804561ba5da4bc1598a1e2efa1bb1d17e4203566d4f674c1f7c44685ce49b5", 0x81}, {&(0x7f0000000440)="2ab9c89781a10451c1093aab635f5b304b798ef71c9cdbf808458c797b36da6ea994d8fce11c7e136fdabb389bd0bca9817611fbd44e17fc1f51d39ef86ffbeaee6fa55b194d158eade6c6f8ba03b969dfb22b86bfe5426f9467cb5a21849c98dc5a01852580901eb20afcd1e6953fd30eb2b6d236450c114d7b558100cf3765eae9e5c4bd2ba40a", 0x88}, {&(0x7f0000000500)="9a96fd00d32373a81840f071cabc09069f65a93a26688880c03b4c3da0ed39b0bd1f46bf5fe8edeb3e60a19abc48fd254ab91cef85169a1ef5ea2a2eee90793b56e96736e31feef1f94dcba229d3012ac5276ea90c624b0dc15d6369846f7c26779348dda24e6e191f9ffc3db7bf7d78a8a5ed7f596a454a6da865173ffc51204856232dc83b3d493806744a4845b9b45ba68c24f2e52a60507917cc9ce83242b9b9cda088e283c3959f21fd0038c55eaec98ba6f06933229162ae6c722c70e0c9ed32270b2fdcf9f0fa2cb9b7099b2eb20d38d1b205ba48bdc2ded460289144559dfab0606caac38ccbaa841f8aa3aad274de9c0f7dd98c09befb65f4", 0xfd}, {&(0x7f00000013c0)="1ac14073ccc5db195f5c5444b99542e8c62ce8da5d624efe9336184671b307d8ae6b1a6b2638564731d3c3dafcd46cfb6deb6418b74e8530a0b92361e0aa9bd908d64a6a6fa1b257f038efedc86deefb06649b107a363ae89fa8aa6af0f68364acf3c1907314b55ad7db8aae3c4569efc516772eb5d400abf418d80d422303e8cdb12636cac6b1fb646c150414180366ad5094fea311667f21fadcf26a7726709fb3d282745948b890453735095dd64e65453a120142402880aa37c2dfefda807bc6aeabdb573d2a96525972b2f7fbb9954d40bb51c4f7737a91fe7e7bc04447921169691d2c94b2645a9dd6dda5b50bc08b786959f545a6a5a94abef3fa45db46a331881e858fd46158d5f78446758c1a89bd2b613b6a3733ac72e2f29f5c3ba3cae552ba0f8ed5bd797887dbd97e61fa3208b2488039db6db263e28d06d13de1032a38266a045867e5c634ae5cff1ddad70db054598777151bddfa89836b889104646f33eddf532990197426fafc22ca562de7f8fb94759524192b9c75f5270f0cd6d616a2bf3f0b96b3955640494ea2eaa0ab4c64e5a6e68f9b04948e53594f1586771d910260cced9d06c56ba1eb980e5cdfe4bf660915f4afbba585844de2ae23dd61705b60c77de8ef825c6883256945071521a1abd2fc69996e04184310b97a08f68f0d3079eedc46c434759fed1e365b4f478ce42c7c2639be0fe86ec58d2b004cdcb8db45c6a64af6b858f4a4d14922f151a720360fc44824f4263f794cb1c85b3d345a315f6629ec8ece0f48dc9b975874584b979b4dd9b06d1ed4fff5e3691ff344c6a71736836c30b1a3b2c0a039b5fff60e16624bbad69c7e1ade1b4ad9763073e7d469609690cc6c31b47adfc2d182ec728942d78b282ed3aa8ee5c2541f4e43c64859fe15ff0870631273258e249cd260f82ff7943ff11a5124ec54104dffbcd6dfd67c6371828959bdeb2500ae587aa20877578dfc48d04edf599ed0f399193ee4a0a3ec000e744a6359dcd8b1621b50789f8a2b13864436344c9f10cec71d0617e8017eb1716ac593a4b71d195d0e2f2b56e146beeaa51452bfa1aab497001d2a63b22f97955e4db400a02d428c0539867d89853ad138d4ba537d25792f7c3e738f8277401faebc8dba07028d53b1afec30dee1ea30d56020b145b8c3ec27bca635722a7e6678de5f775e3d5e6499e96ff2d5297db10bf746e349bebf45d45766ec5ad0014c2899a39c47ac15e067a693464c5336ec070ffb9acc99d26057a9eb01cab264a790cddd96980ad4592ab179ab3b8b1cd04652663dac4cf829f43945bf63a6f03e0ef529329da96ad576d1f2bcd005e7dd0b1b5e225a59ed8eaba43322ec7e88f86b9aa40c4097cc880eaf62fdcb3f61f53683563a2ff37b70a127e72c34e06c5cd4e720d5f8ec74b46e0395b3ec950d04cbb9db191cd5af1cbddb1cc85ca6b160d63d23af9f85691ba01612da1f57b51be240fcd8dd029d9eecccb66f6c0ce2a3545e3e005a93471bda4e3bdd29f07b5863be7507c2fe929b832a9ec877a2165fd0c27f570d940050d15339cc6e313a67d43e6c8b78ab1a1740dfaf163dcce2d6a5b0c990053b1066660a672b357ec5278ca2e65465a2ea4a3b9906fa6f38e105fb50ec9632240e2aabee4539da7a1f827b8fc2c1ffb7fd1820d2c8af2fa7bbcd73f8130677624bee370b9c917a3a426f59ed10730c13daddbc4a3b535361d2530ec0953de42cdbda0034e60aad14ac5ba3fa80666060e5104e57086112ca48d25948f77bc854904dd09a56dfc073d286aef9d375e646ec318a4dda12175e18975e89a40119ca2d29bec652735658ef82aeb596c17f921f835984b6b5c61f6629654699d9b08e64b9ef656b409a7f9227d989aade10295a6422f2363c5cda62e51ef6622d24dc5ba0cbae817f0e358dbb7423822001c12c016efcb7ebfc06c698b5893e0db9bb371f50c65d399c789e1aab600346b67f6b8da5d99ae9a3759e73e3195ced57f3f59bf928c9e4dc5969b7661c02324ff61035e75123b86459e09861db0721ff5d1c97018fc59ed9ac59c7c5badc5cc536a720469ef8f6617b876b08fc8a582022f44283509088a6894dd9630a5a61d6b68c3284ec36b0bc11bb3d288190187135b910c1c80243ed2e9b8e25bf86a3c7c07e8487165aba85b1b2e17cd72b711e501b62037d0aaa18fe3b24b2bcabff5a0758d8cdf1e83ef2de515b1d53c2d6584c1b2e32bc8282f428159cadbc80c9cc2cfe05e0d791a02107dc660efa5ea3cb85ddc868b7a623d169df2e9ff9107e02d4f9197ce777dd26c09563f997d222a66bddcc1780d7d643b122a8d8b1611c0f575a24eb0635ca457e1bf278ea605ed9fd9a46dbe0b7c4da1ece013159201fece98f79c698f04087f2b83979e6730fc75046e289201e92e99ec0b5d7cd6680cc19755c77b1a6026bbb83ff788e4be198d69d0d2badc92e7526a2130eee51effa0b6c2fdb894b00c1888f492a4fa18d85e4e03820ca26102bdc9436cdeb4390cf6f4ed9e38a7832eba9fc0f8638c6fe0513aeb59024a8d4f4c8200bcf8c4b3884f82dd7ad3fd05d0cea524ae448f9902b35e1590cb4fc95539f3af5559dba23373e5c6a853a1d954d3dfb6ee5a537481d5d79cfa037b65214f38d8a5fe26f45e9b7b6681642cabd82ea013db743fa2a4930fdb7dfce5bcd36164344198f5852b4c6ef3751ce359df6a9db87ef718a12aa73104a895747d049d8a5f57b23c870873362bc38121c139e3d04ecf7948745fc478a5a274717ff7614ae2c5cfc0675d1f351b4de400c1b98af36753e16da203b0339c523d4eb427b09d62f607bd50160036342e7c5976ca41399862d6adca9e3efa66657a56d27592a3ff5662c81f083961ac78a44828a6a0c75f512d40c42eeeb074f69a82851de4570c2c963958c34ad33f553891b094f7b34290859e46b5a783ab0283dc776e759c4b5543fa9cf46b86766464264b9a70fdc6277e6b52b59f04f1d32887d0ac4e8cb202e6b49ff089be101e6faf13c03c6d40a618b538e950419b9e520ede2bcbd0eb3f963435531a208cba9c70d4dab88716097dc66b19ed0f421f3d4502ac60c4588446f3b573ea979f1211bf768d7263eb3f0dac693f565fccb74df36ee7c7d6ba4e607128a1af56006429f253ec00b78a7c42e1eade1aebf6834b5174fccbb580e279f32e977962725cb589e31c097fc4e19c0daaefffb493f239f89718b7214cbdf4e8ac89272696dfe48e6f41a1263b9dbda3b4840ca78a3e8a8d76b282bc14cc27855d95c63487e010fab940d6244e85114442e62d2bb5ea31db79030f28f42175a49df76c7a81639733e88ff76a3ee05f5cc2fb427f088306c538f953b45a94eba76849ba7ca32a7aaba69b3c0f75259f46a4f12b75172258ecfe50524d2a396acc4d786c2dcc7f9b57ef9cc0e08f3fcf2f36e8a13fc157fa65d61ede57dc7fd51009df0fa3a7a5b11699d67c17b2b2e7bb859b4b8781928d86d0c5c65b09e95601fb04baccd120e3e9cb8d97eba22e8e1325cba17ad40d59d6c5c54034f92371c81d373d0e611366a530ef8a7434780b1b1dc5c88e0b17c1328e809668c7872e23162e262b782523fb228ae905f0c5f679487101dcd91b516475c09c83fc0b6e24f0d3b927f57e3f4c3701a5fa100629d9991dc95286b53ec52269ee391a4642616a531c514a3243a8a5ba4ca78bdadf4032ccf1d2d00bba79a98b33e6c091b86e650c5ceef7bccb2f7be9b0b31577e5bfd6570a2f733dad0fc99ae2482c0b5ee809ffc46aca5fb40981e61394ddbfd7b181e50c1730404c02c665390c35c33a5c23a27f17a4258e45f0470c948f5adb37d598e3f186c02d91c2d8532e1aa97777ac1f496b95f14191471d2306f122ae9eeb5b46566b232fc205875e731b4862b3664ffc3e35707e2eb18e4c664e76f9dce20a368f1dae58794191b3e3087b7bb09f085d67901cc747bff0f481a7d53397627c7de2d2b61882e2fa61934461472f1ae7c71230f30da550868817003efd59030bbfbfab30dfb43902b736ec89f9486102704bbf4c4f21d12bd9a32ab653fd516a17b053842aeac15cdb895580b38bc969f388a2c48a19cb4aa16f848e357cf271a3e71d723a41d20e95d57f3d0d4345ac8b921f94386650afbf20dd3d5fa1de371b8a450c3b2d1c911f17c6535465b8fe6f8d7ad7743492bddf77fc85200d577621779aaafac73f540b67397b0243718015872bf16bc43d0ed7c853b9e01c68d784608dfeee3ff1a96a5d406bfeec07477912c5f67b1f6ec677ddb2ea77999c178fbd863fd6544d8fd628d61386f3bbf1adde24deb4e24fbda96695e027014bda8fef0a2d93a80d765bfe6b0dd72e9c1d395f03b6afe4007ad613c1c2846ceacc62ab1f8ac9c36a90cb814a72070a80301a10d311e60093c386ebaef795171e39908b53807ecdb27794a12a58d96a2b77858fd5778f4d65aa62dc5f5c09fbfcdb36cc93f4290fda57dead7ae2a33640bb9999655cbe714387f8a5dba916a6511f0f12475e595ac03ee8d9771faeca04ea9865bc98a4d0e75938aaf295939732aac13f8925512dbfc6a49019a4f38509b455192465ca76a0f00710ef2f2ad89a8bbf88b4d901356f1f5703d3a2a1fa0c3d325ec042086026154e380d281d70d1035eb9531209417497d2bda0ed369b4c0b2f23e31475d69b4a246573a14b6c8c9ff334ae427087caa2ebc4000d67d310953615e04bceeac5308d4d21199cb279e263a4723378a57b6efdf15c2475eaacd6fa982b9db97b41b6f709f8345ef904c6cf27bf3b8b27a257a68f572ab8241f7b9120a82ad83ecea6f93c765de03bd6a96a5845fdfa6237d74db73d967b24e3c3ed77bf91a98986627edeec683ba642007b44da3510f783fabee52fd4f177a8d16abe6e96803a86a9d2138fcb1cf0241caaebe9d773663db2e29e3ba6216cf1362373f4033f1c686136291e5f11f606bd9b729b6ea7ac7536d5865dec626075262ddf1ced3f51d52e4024413354703117b7875afb7f14f1353d048b519dd66f3090c980d7469bff441fdf42c0fa9e116d82c9cedddbb52aa6a15dd085f4ccfca2171f361a16ad96a27b4f7df019d0aaa505c404ce8bb0942f8ddda91005a3f9f2f5299afd42e77be34cb0dbc3ce12022c9480c7f1e1f70b27dfdd2d8f281aeab2a4e406742ddae55bbe3c7f8e2c040e9f5aab4e4bc2e5b52aa5643a4d8c7c491ff87e1ee5d20aed1deb1f79b20365e1466f0cf28965141a41e3b950f362cbe65c114e66b035b4bb0ad66ddcc4fc0fb1395cbe3eed5432a21b5afc6c59353867b99c70536914e910909f31ea35a21e383802c7682d031974470ea11bc18562a1904700df59effb247deca12f6482b38f8438752d76380f80cdf7c743e00d595ac97d74100fcc566e29e02faa2ef8d071307019eed1f4f65293d429743655f4427676b73f89448cb531c7808d0b5e8f58bc2acbe8374f75ccedb65ee21ffa261decf3c6160d2ea1d5d2678af5c690e6a758ac483b943ec78f5e90fdae126f0a2d314077954dd88d312f8d537e78ebb4aadde74336870be88dd11fce49e7613c9944b53ae71d2688164267c67dc6f0066eacb47aa1979b5d69db0f3743ffaca04cdbde9aaabc04a6cb115bdbfdbfec7792a583d079f1e7e80c518a3d8884f91b7b5269f4e9071c22e99b47c15a5c950bd1d201e27e5ddb5cb06e57dcc8555a85d225afb26911a6997bf325fb095767d7632ce52135e04163e5e3530c8610ec3", 0x1000}, {&(0x7f0000000600)="2a70bada0cea962d1878250e03165f5a5674b93660a1940c81bd5cb8bfa06a4a4742d2dfe6d5788ccf278963c5ca1ede90225e735c9c38ab8157cef7bd3a5768b47b9279924940d11f79236902b3dd5645eb185222fe712e6f2ec839cf02748223d2f72303e0b9f2dd3be98a07067b00b1f4570f30323e28d6dd97345e856b1fd1d5d5d24928af9109dbe63b80bd1af18c9f972ddcab7a41010d6836afa0953d65f77f", 0xa3}], 0x5) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000100)={0x4, {{0xa, 0x4e24, 0xffffffff, @loopback, 0xcc9}}, 0x1, 0x2, [{{0xa, 0x4e22, 0x400000, @ipv4={[], [], @empty}, 0x598c}}, {{0xa, 0x4e24, 0x80000000, @private0, 0x4}}]}, 0x190) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) 18:53:55 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x0, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) 18:53:55 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x0, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000080)) 18:53:55 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, 0x0) [ 245.895740][ T8550] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 245.904484][ T8550] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. 18:53:57 executing program 1: r0 = dup(0xffffffffffffffff) r1 = gettid() r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1f1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$alg(r4, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(pcrypt(pcrypt(morus640)))\x00'}, 0x58) sched_getaffinity(r1, 0x8, &(0x7f0000000000)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r6, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r7, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c080}, 0x4004000) pipe(0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000840)=[0x0], &(0x7f0000000140)=[&(0x7f0000000480)='\xa11\xc2\x1fQ\x88\xebH\xe7\xcf/\x83\xb3+\xc5\xa0\xa6\xbf\x85\xf0;\xea\x8a\xd5b\xb0\xe7=\xf41\xf5\xb4\xb9\aPk\x94csn\x8bu\bHD\x06\f\xccU\x19\xaa\xe0\xed\x85\xb1%\xd8\x82\xaeW\x8764\x93\xb6`\x90\xb1\x1d\xd6\x91\x9a\xf5I:=\xd9\x98\t\x03\x13\xa4f\x13\xeb\x11\xd5\x17J]\x8b\xc18v\xfc\xa9\xcb|\xd4\x1a\x91\x81c\xeb\r|\xdbo\xa8?\xa8\x192\t\x10\x1bhGZ\xc0\xe7\xc3{b\xc0Z\xe5&\r\n\x858\x94V\x9f\xbah\x8f\x91\xa4\x8a\x90\xa7\x10\x85kYh\xb6\x0f\t0-\x9f@\xc2\xbbR.>\xc5;\xceJ\x14QJ0CrCP\x1e\xea\x8b\xc3z\xb8\x7f+\x94LV&\x8e\xce\xecA\xd6\x12#\xdb\x90\xf9\x9d\x03T\x89[G\xa8\xa4\xa9\xa7r\xd8x(\x9dv9\x16\x1dH=\x82?>-\x84R\x11\x94\x17\x01\x03\xc4\xa3\xb3?\xecyq\x86Y']) ptrace$setopts(0x4206, r1, 0x0, 0x2) [ 247.398989][ T8580] ptrace attach of "/root/syz-executor.1"[8575] was attempted by "/root/syz-executor.1"[8580] [ 248.842394][ T8513] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.849705][ T8513] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.323653][ T8513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.683370][ T8513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 18:54:06 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000040), 0x8) r2 = socket$unix(0x1, 0x5, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x2, @sdr={0x39565559, 0x2}}) sendfile(r0, r1, 0x0, 0xa808) [ 258.641800][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.649109][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.092510][ T8517] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 262.432283][ T8517] batman_adv: batadv0: Interface deactivated: batadv_slave_1 18:54:16 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0xc, 0x121041) syz_emit_ethernet(0xc7, &(0x7f0000000100)={@empty, @remote, @val={@void, {0x8100, 0x1, 0x1, 0x1}}, {@llc_tr={0x11, {@snap={0xab, 0xab, "e7", "681876", 0x88fb, "4c9d9b77b68b138a5d12e8899bdb25c45728ab4ee1ff6689bf92263a1249d9ec151adbda5717a4872134b5e542d6e1f3efbb011c4e9fec15261876b56f223a1976921d61709c7478b141febd7ae417ef1e6bb1028cab9ccd54f5288d584756e7e5442d5e7a4789ef8c05c298022af284bc17e8ee5807937f9a32da625d143fd94d4dc7f559434e4c2a2b47f5ea29993928eaf11d636f94d81b104a49aff7350a6c68331d118a2e2dfda927eb6a"}}}}}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x4d, 0x2}}) write$evdev(r0, &(0x7f0000000040), 0x2b8) 18:54:16 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x0, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:54:16 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, 0x0) 18:54:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x44}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x200]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4504}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x3d, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000080000001000000000005000000000000000033c4587476c1f09600000000001512702000000000000000000a000000000000000000b1179246"]) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r7, @ANYBLOB="d10000008258d7d4ad1abe54eb706a1287f597bcfd6fb7775d0316c59f04f4eb0efd60138535b98c2ab29d4f048dbce52c0c7f2d0acf66fd6b5e0b19b12ac8858bdf37511770bab377d3e167c4675667a8718117a78b365d06081f65612b839f9bcfc8c31de8d07a4a9760b11a18fcad0a9ad35f61c5fe089c78119a25c2246141e56274b79ed5eec7b40bba88861df385b549dceffc718963f08b17f130d2d0b87884f9faeb965b1c7012bf2411e42658bd96fcaa785de676e3587095c85310226cd184ef8da4ecd063b0e287acb62f9835dde3f0"], &(0x7f0000000140)=0xd9) 18:54:16 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10008, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f00000000c0)="0f20e035010000000f22e0b9e30b0000b8ab75cc71ba000000000f30b8010000000f01d90f20c035000000400f22c0b9800000c00f3235008000000f302e0f6b8eec8cfce40f22c0ea3b0f00009600660f65470867260f790a", 0x59}], 0x1, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x6a, "4d832c913fb3087e9bd68c4212b0d396c3b94bc63f76a6178c92e8d33eada1e3f0145697c014de918320255562e6ac9b353e01ae1d352ad028759c351010fb2baf5409b9125b9d740e5a47b36adcbe8a30185eb17cbc9249b163c180f2a048618f37a4b0bde8413ab9a0"}, &(0x7f00000003c0)=0x72) syz_open_dev$mouse(&(0x7f0000000540)='/dev/input/mouse#\x00', 0x548, 0x10140) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000400)={r4, @in={{0x2, 0x4e24, @remote}}, [0x0, 0xfffffffffffffffa, 0x0, 0x4, 0x4, 0x0, 0x20, 0x80, 0x1, 0x3ff, 0x2, 0x8001, 0x6, 0xfffffffffffffffa, 0xff]}, &(0x7f0000000500)=0x100) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 18:54:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000002c0)=""/5, 0x5}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x77, &(0x7f0000000840)="f7f249b9740c867c445ae826b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ac0000000000000000000000000000000066224897ba4ecb40aa070032a3b88aaf3c06f4970e85a63c9a4b0d8b9aad5ad22ec9c65a310160ee048d7b27fc9c9b84c998bd2f7155d302a7be122b"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 266.206545][ T8517] syz-executor.5 (8517) used greatest stack depth: 22264 bytes left 18:54:16 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, 0x0) 18:54:16 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:54:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x44}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x200]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4504}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x3d, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000080000001000000000005000000000000000033c4587476c1f09600000000001512702000000000000000000a000000000000000000b1179246"]) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r7, @ANYBLOB="d10000008258d7d4ad1abe54eb706a1287f597bcfd6fb7775d0316c59f04f4eb0efd60138535b98c2ab29d4f048dbce52c0c7f2d0acf66fd6b5e0b19b12ac8858bdf37511770bab377d3e167c4675667a8718117a78b365d06081f65612b839f9bcfc8c31de8d07a4a9760b11a18fcad0a9ad35f61c5fe089c78119a25c2246141e56274b79ed5eec7b40bba88861df385b549dceffc718963f08b17f130d2d0b87884f9faeb965b1c7012bf2411e42658bd96fcaa785de676e3587095c85310226cd184ef8da4ecd063b0e287acb62f9835dde3f0"], &(0x7f0000000140)=0xd9) 18:54:16 executing program 4 (fault-call:2 fault-nth:0): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:54:16 executing program 5: perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000880)='/dev/loop#\x00', 0x0, 0x103382) r1 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) pwritev(r1, &(0x7f0000000380)=[{&(0x7f0000000000)="4227f9955517c96052ec15a97523ec", 0xf}, {&(0x7f0000000440)="f128b1fe96a12ffc63668ede2cbe8526eb1165fefc3ee83901f839be24849de874ae220b525f1b523b01fda2c2597afb6454ac4da736778a3a5c9c76e07a7083d0df809411821203ab5a014337369ea0007c3b13c4dff23c566c9e80912ed58fc504057fceb3531eb74920c2d8bc0277c0a298cbda1fb17f2eace03c81cb67f5d4d2012cd280a29c4f4eb48903856c5b35b3e00dca6de15c4ac84ea432179ee861f9214d9bcf9598253e3f3d9f3d0a81c97b96b9d1322047989f57bfba3eab81253eb846d621b48760e86e184147cecf250306e0", 0xd4}], 0x2, 0x81805, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, 0x0, 0x24002d00) ioctl$LOOP_CLR_FD(r0, 0x4c01) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) creat(&(0x7f00000002c0)='./bus\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) 18:54:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x44}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x200]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4504}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x3d, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000080000001000000000005000000000000000033c4587476c1f09600000000001512702000000000000000000a000000000000000000b1179246"]) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r7, @ANYBLOB="d10000008258d7d4ad1abe54eb706a1287f597bcfd6fb7775d0316c59f04f4eb0efd60138535b98c2ab29d4f048dbce52c0c7f2d0acf66fd6b5e0b19b12ac8858bdf37511770bab377d3e167c4675667a8718117a78b365d06081f65612b839f9bcfc8c31de8d07a4a9760b11a18fcad0a9ad35f61c5fe089c78119a25c2246141e56274b79ed5eec7b40bba88861df385b549dceffc718963f08b17f130d2d0b87884f9faeb965b1c7012bf2411e42658bd96fcaa785de676e3587095c85310226cd184ef8da4ecd063b0e287acb62f9835dde3f0"], &(0x7f0000000140)=0xd9) 18:54:16 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:54:17 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) [ 266.686991][ T3864] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 18:54:17 executing program 5: r0 = getpid() ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r1, &(0x7f0000000a40), 0x8000000000000b0, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc}, 0x10) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f00000001c0)={'nat\x00', 0x0, 0x3, 0xb0, [], 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f0000000100)=""/176}, &(0x7f0000000240)=0x78) ptrace$peekuser(0x3, r0, 0x3) r3 = syz_open_procfs(0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x4) accept4(r2, &(0x7f0000000300)=@l2tp={0x2, 0x0, @empty}, &(0x7f0000000280)=0x80, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000051) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r5, 0x80184153, &(0x7f0000000480)={0x0, &(0x7f0000000440)=[&(0x7f0000000380)="5eb8097287707af8fdba6d7480546d40aa7c026bd753b20fc954c23e6b00257f4c2a7b59f8b7097588212d43348455d8f00d4ef22e5c958361678d04d9e17432ca24264e25b9e5697b79b26e5f2baf5a827e31ca8a59429fe25cbc80cc63320dcc287d45ec0fba2256cfaf7b709d210e52af8d2ed3e91c8041247b222f4f6cfe3578dff72786b358d4c30c04ae88e8b1bbb52431c48c51c06f07648c1229c22e7d31cc7c4bc19f92ded1b43863c97736314b5123"]}) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc}, 0x10) [ 266.790662][ T2446] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 266.804660][ T2446] Buffer I/O error on dev loop0, logical block 0, lost async page write 18:54:17 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{0x77359400}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000080)) 18:54:17 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10008, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f00000000c0)="0f20e035010000000f22e0b9e30b0000b8ab75cc71ba000000000f30b8010000000f01d90f20c035000000400f22c0b9800000c00f3235008000000f302e0f6b8eec8cfce40f22c0ea3b0f00009600660f65470867260f790a", 0x59}], 0x1, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x6a, "4d832c913fb3087e9bd68c4212b0d396c3b94bc63f76a6178c92e8d33eada1e3f0145697c014de918320255562e6ac9b353e01ae1d352ad028759c351010fb2baf5409b9125b9d740e5a47b36adcbe8a30185eb17cbc9249b163c180f2a048618f37a4b0bde8413ab9a0"}, &(0x7f00000003c0)=0x72) syz_open_dev$mouse(&(0x7f0000000540)='/dev/input/mouse#\x00', 0x548, 0x10140) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000400)={r4, @in={{0x2, 0x4e24, @remote}}, [0x0, 0xfffffffffffffffa, 0x0, 0x4, 0x4, 0x0, 0x20, 0x80, 0x1, 0x3ff, 0x2, 0x8001, 0x6, 0xfffffffffffffffa, 0xff]}, &(0x7f0000000500)=0x100) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 18:54:19 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) io_setup(0x3, 0x0) io_submit(0x0, 0x1, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) 18:54:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f322e0f0178000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d683ed", 0x44}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x200]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x2001, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4504}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x3d, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000080000001000000000005000000000000000033c4587476c1f09600000000001512702000000000000000000a000000000000000000b1179246"]) pipe(&(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r7, @ANYBLOB="d10000008258d7d4ad1abe54eb706a1287f597bcfd6fb7775d0316c59f04f4eb0efd60138535b98c2ab29d4f048dbce52c0c7f2d0acf66fd6b5e0b19b12ac8858bdf37511770bab377d3e167c4675667a8718117a78b365d06081f65612b839f9bcfc8c31de8d07a4a9760b11a18fcad0a9ad35f61c5fe089c78119a25c2246141e56274b79ed5eec7b40bba88861df385b549dceffc718963f08b17f130d2d0b87884f9faeb965b1c7012bf2411e42658bd96fcaa785de676e3587095c85310226cd184ef8da4ecd063b0e287acb62f9835dde3f0"], &(0x7f0000000140)=0xd9) 18:54:19 executing program 4: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r2) setgroups(0x1, &(0x7f0000000000)=[r2]) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f00000008c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000900)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@loopback}}, &(0x7f0000000a00)=0xe8) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r10) setgroups(0x1, &(0x7f0000000000)=[r10]) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000140)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000640)=[{&(0x7f00000001c0)="5e607ec6648616", 0x7}, {&(0x7f0000000200)="bd7dc74ce9db82208f7aeff8683dbbb50ff89d294cbc71a3cb36f2378b926c8ccfedef6a9fd5bf92787cdc7c288955ef6f902c82b893277237f0013670afd7641f2d2029458f63b7f56293fb4f95b75cd8f751dce86d2d98e1397afbdb4a95a33f82e62a8a8da4f6b2218a2d4c56ed1bb7fe973bc832693ea47adf50e3aad300d990e221e7d5e760823dd704df1312785480edbc53e4a6ec0a1fe993411ab1e896e66c665e465c34c1c6dc36b68281570abce4070165e006d101b32ccd16a99846f310a18ab3f1f7b9675f8f18", 0xcd}, {&(0x7f0000000300)="3d69eb6d4fe04311bd1088e17464ab195d1e22cb109a4c727c7120e6b8144e0e5e72b3fc4768db4ffecd0c6dbab26d058de1d968b23951b1673d56a0c76682", 0x3f}, {&(0x7f0000000340)="e51af651f18f181352a55b4f53859a28d0b2b95e802feb16af68fd93763416cd671ff7eb3fb4d1566806ea2a419984e49693eedd0b946447e8dcdf05493b55cdd6d6c4e3279c875a39d7a3a054c6593d46e9cb4ae9bdba3a0be841d1d4c58d7acf9b98831fa8eef3dde6a16af48079d560c4530a5dc8c981653620eb7995041b8bc7e5cb0c892f248cfd0372d32f19349b0cb80487e14535579178ce1498512b274848af662fb0", 0xa7}, {&(0x7f0000000400)="b041f4ec8962d98c99ed6b4408c40b1e3b807f0402845fbe48ef9c43d47ff32ccf054fccb7a3bd3471baa74b25e912cd51c692c3b94295d12b85e2cb581e9f7072f20b1165dc11624033a6e0736c98d2469d4b4264925bd390b836eadba12272ac3319d4efab504b13d589232a2f210b659670bbfa7803927422e17098def533ef64", 0x82}, {&(0x7f00000004c0)="fe63285de812436767b7481e0cf5fd54fa949b9b4d3e895ac9ceff8819d307b91c1ac0b14704b7167753a1155e5664bef66692a63ceeb5f4ad71967bad5da4b27ce46e7058169824ca70056ff6596410a65719587b7d95b9cab7d6e5f85098c22445d056498301ebc31fdb93baceab276b11847ae69c681abf3033db0d72531a3856b2d6eda518513a6b19d99e5cacea219ea1bf032c0f", 0x97}, {&(0x7f0000000580)="eec90f805894e5a547932f501f80ab83d240e27da4", 0x15}, {&(0x7f00000005c0)="101918a6b26b0e7d54e803af29aa26a8f41788baa391355555f2f44915ce4ae412c7213a78e1269966e9f03691357434e68782b0ef523a313b18c572563dda19a02c56e64733b310966f10b0ceda1c43142dc1955ee1b8c5ae483d724dbf4b", 0x5f}], 0x8, &(0x7f0000000a40)=[@rights={{0x24, 0x1, 0x1, [r0, r0, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r2}}}, @cred={{0x1c, 0x1, 0x2, {r5, r8, r10}}}], 0x110, 0x4000800}, 0x10) timerfd_gettime(r0, &(0x7f0000000080)) 18:54:19 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x8081, 0x188) write$binfmt_elf64(r0, &(0x7f0000000480)=ANY=[], 0x2e7) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_si_security={{0x2, 0x7}, {0xad67, 0x4, 0xaa99, 0x7}}}, 0xa) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) read$snapshot(r1, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000000040)=0x2f3, &(0x7f0000000080)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r3) sendfile(r3, r0, &(0x7f0000000480), 0xa198) 18:54:19 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="7fff0002810d00001c0012000b0001006d616373656300e10b00020005000700010000000a000540340000000000000008000a0009d35b587e2701000080d4a128c1aa"], 0x50}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$isdn_base(r2, &(0x7f0000000000)={0x22, 0x3, 0x7f, 0x7f, 0xec}, 0x6) ppoll(0x0, 0x0, 0x0, 0x0, 0x1c000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 18:54:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) r5 = socket$inet(0x2, 0x4000000805, 0x0) r6 = socket$inet_sctp(0x2, 0x5, 0x84) r7 = dup3(r5, r6, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, r9}, 0x10) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=r9, &(0x7f0000000080)=0x4) ioctl$KVM_RUN(r4, 0xae80, 0x0) r10 = dup3(r0, r1, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc008aec1, &(0x7f0000000000)={0x0, 0x0, [0x480]}) dup2(r10, r4) [ 269.281542][ T1536] ================================================================== [ 269.289923][ T1536] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0xb2d/0x86f5 [ 269.297748][ T1536] Read of size 3 at addr ffff8880a6b135ff by task kworker/u5:0/1536 [ 269.305820][ T1536] [ 269.308155][ T1536] CPU: 0 PID: 1536 Comm: kworker/u5:0 Not tainted 5.8.0-syzkaller #0 [ 269.316212][ T1536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.326310][ T1536] Workqueue: hci1 hci_rx_work [ 269.330975][ T1536] Call Trace: [ 269.334343][ T1536] dump_stack+0x18f/0x20d [ 269.338763][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.343872][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.348964][ T1536] print_address_description.constprop.0.cold+0xae/0x436 [ 269.355994][ T1536] ? vprintk_func+0x97/0x1a6 [ 269.360572][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.365660][ T1536] kasan_report.cold+0x1f/0x37 [ 269.370429][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.375542][ T1536] check_memory_region+0x13d/0x180 [ 269.380635][ T1536] memcpy+0x20/0x60 [ 269.384423][ T1536] hci_event_packet+0xb2d/0x86f5 [ 269.389343][ T1536] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 269.395301][ T1536] ? __lock_acquire+0x16cb/0x5640 [ 269.400305][ T1536] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 269.405830][ T1536] ? lock_acquire+0x1f1/0xad0 [ 269.410484][ T1536] ? skb_dequeue+0x1c/0x180 [ 269.414968][ T1536] ? find_held_lock+0x2d/0x110 [ 269.419715][ T1536] ? mark_lock+0xbc/0x1710 [ 269.424128][ T1536] ? mark_held_locks+0x9f/0xe0 [ 269.428879][ T1536] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 269.434664][ T1536] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 269.440620][ T1536] ? trace_hardirqs_on+0x5f/0x220 [ 269.445634][ T1536] ? lockdep_hardirqs_on+0x76/0xf0 [ 269.450812][ T1536] hci_rx_work+0x22e/0xb10 [ 269.455215][ T1536] process_one_work+0x94c/0x1670 [ 269.460150][ T1536] ? lock_release+0x8e0/0x8e0 [ 269.464807][ T1536] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 269.470155][ T1536] ? rwlock_bug.part.0+0x90/0x90 [ 269.475077][ T1536] worker_thread+0x64c/0x1120 [ 269.479743][ T1536] ? process_one_work+0x1670/0x1670 [ 269.485024][ T1536] kthread+0x3b5/0x4a0 [ 269.489067][ T1536] ? __kthread_bind_mask+0xc0/0xc0 [ 269.494239][ T1536] ? __kthread_bind_mask+0xc0/0xc0 [ 269.499325][ T1536] ret_from_fork+0x1f/0x30 [ 269.503725][ T1536] [ 269.506029][ T1536] Allocated by task 8700: [ 269.510335][ T1536] save_stack+0x1b/0x40 [ 269.514470][ T1536] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 269.520079][ T1536] __alloc_skb+0xae/0x550 [ 269.524382][ T1536] vhci_write+0xbd/0x450 [ 269.528598][ T1536] new_sync_write+0x422/0x650 [ 269.533257][ T1536] vfs_write+0x59d/0x6b0 [ 269.537478][ T1536] ksys_write+0x12d/0x250 [ 269.541801][ T1536] do_syscall_64+0x60/0xe0 [ 269.546196][ T1536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 269.552063][ T1536] [ 269.554369][ T1536] Freed by task 7166: [ 269.558326][ T1536] save_stack+0x1b/0x40 [ 269.562468][ T1536] __kasan_slab_free+0xf5/0x140 [ 269.567295][ T1536] kfree+0x103/0x2c0 [ 269.571166][ T1536] tomoyo_supervisor+0x350/0xeb0 [ 269.576077][ T1536] tomoyo_path_permission+0x25c/0x360 [ 269.581421][ T1536] tomoyo_path_perm+0x2e7/0x3f0 [ 269.586253][ T1536] tomoyo_path_unlink+0x8e/0xd0 [ 269.591079][ T1536] security_path_unlink+0xd7/0x150 [ 269.596178][ T1536] do_unlinkat+0x375/0x660 [ 269.600663][ T1536] do_syscall_64+0x60/0xe0 [ 269.605159][ T1536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 269.611030][ T1536] [ 269.613339][ T1536] The buggy address belongs to the object at ffff8880a6b13400 [ 269.613339][ T1536] which belongs to the cache kmalloc-512 of size 512 [ 269.627454][ T1536] The buggy address is located 511 bytes inside of [ 269.627454][ T1536] 512-byte region [ffff8880a6b13400, ffff8880a6b13600) [ 269.640698][ T1536] The buggy address belongs to the page: [ 269.646311][ T1536] page:ffffea00029ac4c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a6b13000 [ 269.656782][ T1536] flags: 0xfffe0000000200(slab) [ 269.661616][ T1536] raw: 00fffe0000000200 ffffea00023faec8 ffffea00023b3fc8 ffff8880aa000a80 [ 269.670179][ T1536] raw: ffff8880a6b13000 ffff8880a6b13000 0000000100000002 0000000000000000 [ 269.678738][ T1536] page dumped because: kasan: bad access detected [ 269.685123][ T1536] [ 269.687430][ T1536] Memory state around the buggy address: [ 269.693039][ T1536] ffff8880a6b13500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 269.701111][ T1536] ffff8880a6b13580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 269.709186][ T1536] >ffff8880a6b13600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 269.717220][ T1536] ^ [ 269.721266][ T1536] ffff8880a6b13680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 269.729410][ T1536] ffff8880a6b13700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 269.737451][ T1536] ================================================================== [ 269.745483][ T1536] Disabling lock debugging due to kernel taint [ 269.761631][ T1536] Kernel panic - not syncing: panic_on_warn set ... [ 269.768235][ T1536] CPU: 0 PID: 1536 Comm: kworker/u5:0 Tainted: G B 5.8.0-syzkaller #0 [ 269.777781][ T1536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.787820][ T1536] Workqueue: hci1 hci_rx_work [ 269.792494][ T1536] Call Trace: [ 269.795763][ T1536] dump_stack+0x18f/0x20d [ 269.800069][ T1536] ? hci_event_packet+0xb00/0x86f5 [ 269.805158][ T1536] panic+0x2e3/0x75c [ 269.809031][ T1536] ? __warn_printk+0xf3/0xf3 [ 269.813597][ T1536] ? preempt_schedule_common+0x59/0xc0 [ 269.819030][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.824125][ T1536] ? preempt_schedule_thunk+0x16/0x18 [ 269.829489][ T1536] ? trace_hardirqs_on+0x55/0x220 [ 269.834494][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.839679][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.844763][ T1536] end_report+0x4d/0x53 [ 269.849014][ T1536] kasan_report.cold+0xd/0x37 [ 269.853673][ T1536] ? hci_event_packet+0xb2d/0x86f5 [ 269.858758][ T1536] check_memory_region+0x13d/0x180 [ 269.863847][ T1536] memcpy+0x20/0x60 [ 269.867645][ T1536] hci_event_packet+0xb2d/0x86f5 [ 269.872567][ T1536] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 269.879572][ T1536] ? __lock_acquire+0x16cb/0x5640 [ 269.884574][ T1536] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 269.890101][ T1536] ? lock_acquire+0x1f1/0xad0 [ 269.894754][ T1536] ? skb_dequeue+0x1c/0x180 [ 269.899233][ T1536] ? find_held_lock+0x2d/0x110 [ 269.903976][ T1536] ? mark_lock+0xbc/0x1710 [ 269.908372][ T1536] ? mark_held_locks+0x9f/0xe0 [ 269.913114][ T1536] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 269.918898][ T1536] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 269.924980][ T1536] ? trace_hardirqs_on+0x5f/0x220 [ 269.929983][ T1536] ? lockdep_hardirqs_on+0x76/0xf0 [ 269.935075][ T1536] hci_rx_work+0x22e/0xb10 [ 269.939470][ T1536] process_one_work+0x94c/0x1670 [ 269.944398][ T1536] ? lock_release+0x8e0/0x8e0 [ 269.949064][ T1536] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 269.954429][ T1536] ? rwlock_bug.part.0+0x90/0x90 [ 269.959346][ T1536] worker_thread+0x64c/0x1120 [ 269.964006][ T1536] ? process_one_work+0x1670/0x1670 [ 269.969181][ T1536] kthread+0x3b5/0x4a0 [ 269.973224][ T1536] ? __kthread_bind_mask+0xc0/0xc0 [ 269.978308][ T1536] ? __kthread_bind_mask+0xc0/0xc0 [ 269.983396][ T1536] ret_from_fork+0x1f/0x30 [ 269.988912][ T1536] Kernel Offset: disabled [ 269.993224][ T1536] Rebooting in 86400 seconds..