last executing test programs: 19.612824839s ago: executing program 0 (id=85): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) close(r1) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000200)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000280)={@local}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000001200), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 18.594761712s ago: executing program 0 (id=92): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x180000e, &(0x7f0000000080)={[{@usrjquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@acl}, {@auto_da_alloc}, {@block_validity}, {@quota}]}, 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 18.01112155s ago: executing program 0 (id=96): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x3c}}, 0x0) 16.085150659s ago: executing program 0 (id=105): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x70, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, 0x1c) socket$inet6_sctp(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xa8, r1, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7ff}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6100000}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x101}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40801}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94) 11.855581426s ago: executing program 2 (id=127): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYRESOCT, @ANYRES8, @ANYRES64=0x0, @ANYRES16, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd53b9ad91191f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399c0000010000000000177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8960900a04195ad43adb611", @ANYRES16=r0, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809", 0x32}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11.371368766s ago: executing program 2 (id=130): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$l2tp(0x2, 0x2, 0x73) recvfrom$l2tp(r1, &(0x7f0000000000)=""/27, 0x1b, 0x4000, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x42000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8010, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r4, 0x731, 0x0, 0x0, {0x38}}, 0x14}, 0x1, 0x2}, 0x0) splice(r0, 0x0, r2, 0x0, 0xf3a, 0x0) writev(r2, &(0x7f00000006c0)=[{&(0x7f0000000280)='v', 0x1}], 0x1) unshare(0x2000400) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, 0x3a, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x1c}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0xf000000, &(0x7f00000003c0)={&(0x7f0000000400)={0x2c, 0xb, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0) 5.628001318s ago: executing program 4 (id=150): syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x0, @local}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x0, @private=0xa010100}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000200)}, 0x0) 4.742613281s ago: executing program 3 (id=154): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000005000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.668797237s ago: executing program 4 (id=155): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0xd0, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000008e25900ee8d386dd601646b085a2009a2f00ff020000000000000000000000000001fc010000000000000000000000000000000000000000000005020000000000000420880b00460000670c12d787bc48454ad5ab0dbcd795bf5fb1f628b38949083230f6690fa256ac9e09b06b58"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 4.395603339s ago: executing program 3 (id=156): socket$inet_sctp(0x2, 0x5, 0x84) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'vlan1\x00'}) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r3, &(0x7f0000000300)='1\x00', 0xffffff4a) write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r4 = syz_open_dev$media(&(0x7f0000000400), 0x0, 0x0) ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.153603499s ago: executing program 2 (id=159): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc3}) chdir(&(0x7f0000000000)='./file0\x00') add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6695d4982a83b71b906769e737201ac6b7a7804454156569cb03a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xfffffffffffffffd) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x591002, 0x0) write$FUSE_WRITE(r1, &(0x7f0000000080)={0x18}, 0x18) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 3.66210664s ago: executing program 4 (id=161): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYRESOCT, @ANYRES8, @ANYRES64=0x0, @ANYRES16, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd53b9ad91191f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399c0000010000000000177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8960900a04195ad43adb611", @ANYRES16=r0, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809", 0x32}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.04946712s ago: executing program 4 (id=162): r0 = socket(0x840000000002, 0x3, 0xff) socket$inet6_sctp(0xa, 0x801, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_SET_DEST(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94) 2.960460108s ago: executing program 3 (id=164): syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x0, @local}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x0, @private=0xa010100}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000200)=[@sndinfo={0x20}], 0x20}, 0x0) 2.715663117s ago: executing program 1 (id=165): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000005000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.469879457s ago: executing program 1 (id=166): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x10}, 0x48) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0) 2.303600691s ago: executing program 1 (id=167): clock_gettime(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000040), 0x401, 0x45833af96e4b39fe, 0x0) 1.734287468s ago: executing program 0 (id=106): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x180000e, &(0x7f0000000080)={[{@usrjquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@acl}, {@auto_da_alloc}, {@block_validity}, {@quota}]}, 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") fcntl$setpipe(0xffffffffffffffff, 0x407, 0x80000000) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 1.647809275s ago: executing program 3 (id=168): socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000001180), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) r3 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00') read$FUSE(r3, &(0x7f0000000000)={0x2020}, 0x96) 1.09949873s ago: executing program 0 (id=169): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000040)=ANY=[@ANYRES16]) 815.211793ms ago: executing program 1 (id=170): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x7) 723.642281ms ago: executing program 2 (id=171): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x281200c, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYRESOCT, @ANYRES8, @ANYRES64=0x0, @ANYRES16, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd53b9ad91191f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399c0000010000000000177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8960900a04195ad43adb611", @ANYRES16=r0, @ANYRES16=0x0], 0x4, 0x715, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF3sdL1rLQVKKbEqj9HHvIaee0oNuoYeS3g3tuSFQ0qOOgUIuOemmMrMz+9C+pMiyZOf3EzPzzXyP+eY/OzP7QHwBfGOtzkf5cSSxOv/mdrq+t7vUnNhdmo6YSVebETEVEaWIckSSbkrWYzpd3sqn+HbkOV3LPh82Vt7+/Ku9L1pr5XzKypdG1Rtgqn/TTj5FNSIm8mW/ySEtfnJ49z3t3R7a3lEl7SNMA3atCFz85UStwokd9Nlp5338n2zeLjOg+nGuW+CcSlrPzdxBVPLUXMRstN4MZE/9/O5QOos+Pkk7Z90BAAAAOK7K8au8sB/7sR0XTqM7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LzKx/9P8qlUpKuRFOP/T+XbIk+fQ+MHQvxsurV8fPqdAQAAAAAAAIBT9+p+7Md2XCjWD5LsN//Xun7j/1a8F5tRj424HttRi63Yio1YjIi5roamtmtbWxuLWc2ISyNq3oxPB9S8ObyPt3pXkydx3AAAAAAAAABwjs2MyV+b7N/2+1jt/P4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx0Vpk06UiPRelckTMFOV2Ij6NiKmz7e2xJIM2Pn76/QAAAIATmeldTWaOUOeF92M/tuNCsX6QZJ/5r2Sfl2fivViPrWjEVjSjHnfyz9Dpp/7S3u5Sc2936X469bf70y+P1fWsxWh99zB4zy9nJSpxNxrZlutxO5I4yJTyVl7e211Kl/cH9+uDtE/JT3IjejPRlb6Tzq5+kqX/3PstQvlYh3hEhxstDS05l+VOtiOykPctrXGxiMDgSIw9O+WRe1qMUvubn0uj9zQ45h+M3vvsoVIDv7k5E4cjcTNK7TN0ZXQkIr77j49/fa+5vnbv7ub8+Tmkgd4fW+JwJJa6InH1OYrEeAtZJC6311fjF/GrmI8vp9+KjWjEb6IWW1GvFvm1/PWczudGR+qz2e61t8b1JL0mq+3716A+VaOnT1GNn2epWryWndML0YgkHkREPd7I/m7GYvtu0DnDl49w1ZeOcKftcu172aIdpqgML/u3ozX5pKRxvdgV1+577lyW172lE6UXB0apeNYd/XnUpfydPJG28IeRz4en7XAkFrsi8dKw10srpH89SOebzfW1jXu1d4+4v9fzZXod/WnEU+JUHtMjpWf4xZjJD+5iNk+ya2ohy3up3asiXv9tRCxmeZfarfQ+cdO8y+16rSv1l/Eg7vRcqT+M5ViOlaz0laz0ZN8TK8272m6p9x6e5qXvtMrtH3a63289iGbr/VDEzjN/2wZ4ziTdj7vZ789OVf5X+Xflo8ofK/cqb878bPpH069MxeS/Jn9cXph4vfRK8vf4KH7X+fwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fZsPH63Vms36xuBEaXBWMrpWrXlQDCTWrG9M5smhhdNEkg+VM6Y/aSLZfPjoYEyZcYnpvE9fs/qTTBSjNY4vXD3FbiQ77fOVb5kZfy6KUZ56s/q3PHy0luTDVHa9tMa9JEYlij13tkyeg1N5OFE9dq1q33Hlien+i+j4r97KoPM1ERGDCo+5cUyc7L4DnL0bW/ffvbH58NEPGvdr79Tfqa9PLi+vLKwsv7F0426jWV9ozbsqPP1R9YBT0vu2LTcVEa+OrztioFYAAAAAAAAAAADgFD2N/4U462MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnm2r81F+HEksLlxfSNf3dpea6VSkOyXLEVGKiOS3Eck/I25Fa4q5ruaSYfv5sLHy9udf7X3RaatclC9F7AytN6rNjp18impETOTLE+hp7/b49qY6yekB2Un7KNKAXSsCB2ft/wEAAP//ikHuLA==") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809", 0x32}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 723.487031ms ago: executing program 1 (id=172): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 332.552193ms ago: executing program 3 (id=173): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0xb0ffffff}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xffffff1f}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x7, 0x0, 0xa, 0x2, 0x0, 0x0, 0x1400}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 279.891778ms ago: executing program 1 (id=174): pipe(&(0x7f00000001c0)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) r1 = dup(r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 266.553178ms ago: executing program 2 (id=175): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000005000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 200.665394ms ago: executing program 4 (id=176): ioperm(0x0, 0x40, 0x80) utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 107.643752ms ago: executing program 2 (id=177): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) chdir(0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000023896) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3a9bd5a8a"}) 79.841924ms ago: executing program 4 (id=178): syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x0, @local}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x0, @private=0xa010100}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000200)=[@sndinfo={0x20}], 0x20}, 0x0) 0s ago: executing program 3 (id=179): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYRES32], 0xc) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000040), 0x8) connect$bt_sco(r0, 0x0, 0x0) shutdown(r0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts. [ 51.836961][ T3626] cgroup: Unknown subsys name 'net' [ 51.947881][ T3626] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 53.270717][ T3626] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 54.488997][ T3652] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.488997][ T3651] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.489921][ T3651] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.497263][ T3652] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.505222][ T3651] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.519532][ T3652] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.526123][ T3651] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.533131][ T3652] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.546908][ T3651] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.548487][ T3652] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.554546][ T3651] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.561921][ T3652] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.568587][ T3651] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.576009][ T3652] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.582891][ T3651] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.591955][ T3652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.597028][ T3651] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.604764][ T3652] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.618237][ T3654] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.618900][ T3652] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.633795][ T3652] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.641126][ T3652] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.648868][ T3652] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.656116][ T3655] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.657311][ T3641] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.670932][ T3641] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.678701][ T3641] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.686125][ T3641] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 54.712050][ T3652] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.717937][ T3655] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 55.048179][ T3640] chnl_net:caif_netlink_parms(): no params data found [ 55.162881][ T3639] chnl_net:caif_netlink_parms(): no params data found [ 55.201294][ T3636] chnl_net:caif_netlink_parms(): no params data found [ 55.226970][ T3640] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.234300][ T3640] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.243768][ T3640] device bridge_slave_0 entered promiscuous mode [ 55.255191][ T3640] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.262474][ T3640] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.270642][ T3640] device bridge_slave_1 entered promiscuous mode [ 55.296748][ T3638] chnl_net:caif_netlink_parms(): no params data found [ 55.353765][ T3637] chnl_net:caif_netlink_parms(): no params data found [ 55.374595][ T3640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.407786][ T3640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.439119][ T3639] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.446378][ T3639] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.454685][ T3639] device bridge_slave_0 entered promiscuous mode [ 55.488268][ T3639] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.495473][ T3639] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.504188][ T3639] device bridge_slave_1 entered promiscuous mode [ 55.528109][ T3636] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.535652][ T3636] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.544618][ T3636] device bridge_slave_0 entered promiscuous mode [ 55.560604][ T3640] team0: Port device team_slave_0 added [ 55.577376][ T3636] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.584871][ T3636] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.592963][ T3636] device bridge_slave_1 entered promiscuous mode [ 55.609333][ T3640] team0: Port device team_slave_1 added [ 55.615648][ T3638] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.623169][ T3638] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.632033][ T3638] device bridge_slave_0 entered promiscuous mode [ 55.657878][ T3639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.675460][ T3638] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.683020][ T3638] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.691149][ T3638] device bridge_slave_1 entered promiscuous mode [ 55.714262][ T3639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.754986][ T3637] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.762638][ T3637] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.770650][ T3637] device bridge_slave_0 entered promiscuous mode [ 55.779296][ T3637] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.786488][ T3637] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.794785][ T3637] device bridge_slave_1 entered promiscuous mode [ 55.803673][ T3636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.815187][ T3639] team0: Port device team_slave_0 added [ 55.822306][ T3640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.830464][ T3640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.856685][ T3640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.887047][ T3636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.897364][ T3639] team0: Port device team_slave_1 added [ 55.903885][ T3640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.910944][ T3640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.937443][ T3640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.950330][ T3638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.989188][ T3638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.000245][ T3637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.029140][ T3639] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.036515][ T3639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.063019][ T3639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.076236][ T3637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.103426][ T3636] team0: Port device team_slave_0 added [ 56.110309][ T3639] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.117956][ T3639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.144401][ T3639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.180342][ T3636] team0: Port device team_slave_1 added [ 56.208308][ T3638] team0: Port device team_slave_0 added [ 56.223915][ T3640] device hsr_slave_0 entered promiscuous mode [ 56.230652][ T3640] device hsr_slave_1 entered promiscuous mode [ 56.250535][ T3637] team0: Port device team_slave_0 added [ 56.257754][ T3638] team0: Port device team_slave_1 added [ 56.271496][ T3636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.278506][ T3636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.304450][ T3636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.331209][ T3637] team0: Port device team_slave_1 added [ 56.345314][ T3636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.352626][ T3636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.378859][ T3636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.397718][ T3639] device hsr_slave_0 entered promiscuous mode [ 56.404511][ T3639] device hsr_slave_1 entered promiscuous mode [ 56.411175][ T3639] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.419499][ T3639] Cannot create hsr debugfs directory [ 56.464731][ T3638] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.471895][ T3638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.498449][ T3638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.524684][ T3637] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.531746][ T3637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.558645][ T3637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.570751][ T3638] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.577846][ T3638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.605256][ T3638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.637652][ T3637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.644906][ T3637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.671185][ T3637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.706105][ T3636] device hsr_slave_0 entered promiscuous mode [ 56.714860][ T3636] device hsr_slave_1 entered promiscuous mode [ 56.723005][ T3636] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.731187][ T3636] Cannot create hsr debugfs directory [ 56.733063][ T3655] Bluetooth: hci4: command tx timeout [ 56.736805][ T3649] Bluetooth: hci0: command tx timeout [ 56.742237][ T3648] Bluetooth: hci3: command tx timeout [ 56.799615][ T3638] device hsr_slave_0 entered promiscuous mode [ 56.806751][ T3638] device hsr_slave_1 entered promiscuous mode [ 56.813441][ T3648] Bluetooth: hci1: command tx timeout [ 56.818577][ T3655] Bluetooth: hci2: command tx timeout [ 56.825070][ T3638] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.833629][ T3638] Cannot create hsr debugfs directory [ 56.889933][ T3637] device hsr_slave_0 entered promiscuous mode [ 56.897828][ T3637] device hsr_slave_1 entered promiscuous mode [ 56.904639][ T3637] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.912372][ T3637] Cannot create hsr debugfs directory [ 57.138503][ T3640] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 57.159452][ T3640] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 57.168216][ T3640] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 57.195182][ T3640] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 57.253387][ T3639] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 57.268426][ T3639] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 57.293282][ T3639] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 57.304625][ T3639] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 57.351856][ T3638] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 57.375972][ T3638] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 57.386054][ T3638] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 57.396489][ T3638] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 57.445190][ T3640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.496725][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.506658][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.540581][ T3640] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.556155][ T3636] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.566584][ T3636] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.590346][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.601831][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.610741][ T3684] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.618194][ T3684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.628228][ T3684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.641683][ T3637] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 57.654222][ T3637] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 57.665298][ T3636] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.675370][ T3636] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.689029][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.698514][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.707058][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.714187][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.729983][ T3639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.739552][ T3637] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 57.750009][ T3637] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 57.765335][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.788451][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.797473][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.807081][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.827208][ T3639] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.850311][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.859143][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.868576][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.877659][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.886605][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.896145][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.906374][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.914721][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.922683][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.934269][ T3640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.973191][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.981994][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.993337][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.000475][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.008575][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.018419][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.027854][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.035216][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.076253][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.087294][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.096717][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.108311][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.117744][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.126707][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.136044][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.149144][ T3638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.172961][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.190856][ T3639] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 58.207373][ T3639] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.221624][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.236987][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.247681][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.261287][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.296663][ T3638] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.307085][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.320065][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.328585][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.369443][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.378919][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.388539][ T3681] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.395746][ T3681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.411615][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.427242][ T3636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.442560][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.451791][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.462376][ T3683] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.469663][ T3683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.488547][ T3636] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.497380][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.505856][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.513799][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.535457][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.574064][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.581655][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.596298][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.607582][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.616603][ T3685] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.623764][ T3685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.631558][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.640555][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.649418][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.657994][ T3685] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.665152][ T3685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.673333][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.681957][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.690667][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.701730][ T3640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.719704][ T3637] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.736394][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.746573][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.755074][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.763620][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.771371][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.780028][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.788518][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.797229][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.805460][ T3655] Bluetooth: hci0: command tx timeout [ 58.811537][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.813154][ T3649] Bluetooth: hci3: command tx timeout [ 58.826488][ T3655] Bluetooth: hci4: command tx timeout [ 58.858390][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.867710][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.877110][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.885843][ T3649] Bluetooth: hci2: command tx timeout [ 58.891996][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.893122][ T3655] Bluetooth: hci1: command tx timeout [ 58.901726][ T3686] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.912907][ T3686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.920907][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.929742][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.938239][ T3686] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.945368][ T3686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.953662][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.962615][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.971472][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.980003][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.988783][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.997330][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.006480][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.014816][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.022943][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.031623][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.043214][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.059107][ T3638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.075554][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.085187][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.094663][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.104798][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.127496][ T3639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.149141][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.163303][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.171981][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.193152][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.203276][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.212024][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.221597][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.231981][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.243713][ T3637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.266470][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.283985][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.306152][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.323384][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.331883][ T3640] device veth0_vlan entered promiscuous mode [ 59.358059][ T3636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.391434][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.401713][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.416255][ T3640] device veth1_vlan entered promiscuous mode [ 59.516099][ T3640] device veth0_macvtap entered promiscuous mode [ 59.535969][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.552549][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.560289][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.584115][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.597528][ T3638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.609994][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.644225][ T3640] device veth1_macvtap entered promiscuous mode [ 59.681882][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.708073][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.719686][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.735382][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.757272][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.784899][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.795019][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.804483][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.815242][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.828617][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.838537][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.849714][ T3640] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.860514][ T3640] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.876581][ T3640] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.888929][ T3640] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.910140][ T3638] device veth0_vlan entered promiscuous mode [ 59.923069][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.933059][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.964753][ T3638] device veth1_vlan entered promiscuous mode [ 59.992749][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.001215][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.018409][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.027507][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.035272][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.054651][ T3636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.078797][ T3637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.093752][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.101990][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.110548][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.167840][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.177422][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.196301][ T3638] device veth0_macvtap entered promiscuous mode [ 60.220132][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.229283][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.238199][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.248094][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.257521][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.265990][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.277231][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.286532][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.294837][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.302918][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.310789][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.323530][ T3638] device veth1_macvtap entered promiscuous mode [ 60.336009][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.336792][ T3636] device veth0_vlan entered promiscuous mode [ 60.346682][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.379416][ T3639] device veth0_vlan entered promiscuous mode [ 60.387523][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.396268][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.406487][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.443128][ T3636] device veth1_vlan entered promiscuous mode [ 60.451856][ T3639] device veth1_vlan entered promiscuous mode [ 60.488141][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.493416][ T3638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.498185][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.512311][ T3638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.527275][ T3638] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.538244][ T3638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.549753][ T3638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.561023][ T3638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.570738][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.579209][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.587888][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.596130][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.607948][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.616798][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.625529][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.636242][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.644432][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.669517][ T3638] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.678410][ T3638] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.687802][ T3638] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.696738][ T3638] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.708237][ T3637] device veth0_vlan entered promiscuous mode [ 60.733934][ T3636] device veth0_macvtap entered promiscuous mode [ 60.757278][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.767606][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.783333][ T3637] device veth1_vlan entered promiscuous mode [ 60.801018][ T3636] device veth1_macvtap entered promiscuous mode [ 60.810413][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.818647][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.827682][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.835902][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.844786][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.861327][ T3639] device veth0_macvtap entered promiscuous mode [ 60.882380][ T3655] Bluetooth: hci3: command tx timeout [ 60.887937][ T3655] Bluetooth: hci4: command tx timeout [ 60.893693][ T3649] Bluetooth: hci0: command tx timeout [ 60.955286][ T3639] device veth1_macvtap entered promiscuous mode [ 60.963527][ T3636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.974320][ T3655] Bluetooth: hci1: command tx timeout [ 60.974697][ T3655] Bluetooth: hci2: command tx timeout [ 60.987389][ T3636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.997548][ T3636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.008733][ T3636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.020434][ T3636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.039426][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 61.048303][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.056706][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.065051][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.074465][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.083789][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.092854][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.118657][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.131878][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.145085][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.155823][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.166775][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.178279][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.191570][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.201130][ T3637] device veth0_macvtap entered promiscuous mode [ 61.223683][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.232741][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.241597][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.251266][ T3636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.266642][ T3636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.277080][ T3636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.289107][ T3636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.301429][ T3636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.312555][ T3637] device veth1_macvtap entered promiscuous mode [ 61.320602][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.331360][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.341490][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.352869][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.363663][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.374492][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.386687][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.397857][ T3639] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.407124][ T3639] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.416293][ T3639] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.425394][ T3639] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.439313][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.448728][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.457489][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.473987][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.483047][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.501513][ T1173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.510022][ T1173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.518686][ T3636] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.536181][ T3636] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.545082][ T3636] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.554152][ T3636] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.584695][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.624897][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.635727][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.646571][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.657384][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.667546][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.678583][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.690058][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.701669][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.716047][ T3637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.726213][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.737287][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.748137][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.758746][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.770099][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.780816][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.790949][ T3637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.801713][ T3637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.821337][ T3637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.852986][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.861055][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.878111][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.891541][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.917955][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.927511][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.938527][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.968146][ T3637] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.977027][ T3637] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.986702][ T3637] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.996710][ T3637] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.084192][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.120066][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.139938][ T3683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.179544][ T1173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.188303][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.202704][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.207141][ T1173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.214061][ T3681] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.275761][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.321033][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.343351][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.365605][ T3706] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.404243][ T3706] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.425653][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.439354][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.468219][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.478033][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.524241][ T3686] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.964133][ T3648] Bluetooth: hci4: command tx timeout [ 62.969603][ T3648] Bluetooth: hci0: command tx timeout [ 62.976050][ T3655] Bluetooth: hci3: command tx timeout [ 62.976634][ T3750] syz.1.15 uses obsolete (PF_INET,SOCK_PACKET) [ 63.042372][ T3648] Bluetooth: hci2: command tx timeout [ 63.047929][ T3648] Bluetooth: hci1: command tx timeout [ 63.344404][ T3764] loop0: detected capacity change from 0 to 7 [ 63.408144][ T3764] Dev loop0: unable to read RDB block 7 [ 63.412333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.457135][ T3764] loop0: unable to read partition table [ 63.489968][ T3764] loop0: partition table beyond EOD, truncated [ 63.511253][ T26] audit: type=1326 audit(1722501830.270:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3758 comm="syz.2.17" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d3f1773b9 code=0x0 [ 63.529533][ T3764] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 63.529533][ T3764] ) failed (rc=-5) [ 63.682538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 63.778763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 64.332975][ T3681] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 64.482555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 64.602799][ T3681] usb 1-1: Using ep0 maxpacket: 8 [ 64.732254][ T3681] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 64.752179][ T3681] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 64.762577][ T3681] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.776082][ T3681] usb 1-1: config 0 descriptor?? [ 64.885376][ T3789] netlink: 40 bytes leftover after parsing attributes in process `syz.1.25'. [ 65.006796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 65.082658][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.091511][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.100889][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.109542][ T0] NOHZ tick-stop error: local softirq work is pending, handler #302!!! [ 65.118287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 65.462169][ T3644] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 66.070541][ T3644] usb 2-1: unable to get BOS descriptor set [ 66.157480][ T3681] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 66.532743][ T3644] usb 2-1: not running at top speed; connect to a high speed hub [ 67.180720][ T3644] usb 2-1: config 1 has an invalid interface number: 101 but max is 0 [ 67.445060][ T3644] usb 2-1: config 1 has no interface number 0 [ 67.752700][ T3644] usb 2-1: config 1 interface 101 altsetting 14 has an invalid endpoint with address 0x0, skipping [ 67.918701][ T3681] usb 1-1: USB disconnect, device number 2 [ 67.940017][ T3681] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 67.953605][ T3644] usb 2-1: config 1 interface 101 altsetting 14 has a duplicate endpoint with address 0x5, skipping [ 67.995375][ T3644] usb 2-1: config 1 interface 101 has no altsetting 0 [ 68.070231][ T3799] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 68.105692][ T3644] usb 2-1: string descriptor 0 read error: -71 [ 68.118931][ T3644] usb 2-1: New USB device found, idVendor=148f, idProduct=761a, bcdDevice=c4.db [ 68.178307][ T3644] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.259547][ T3644] usb 2-1: can't set config #1, error -71 [ 68.295066][ T3644] usb 2-1: USB disconnect, device number 2 [ 68.308265][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 68.949268][ T26] audit: type=1326 audit(1722501835.710:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3819 comm="syz.1.34" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4199f773b9 code=0x0 [ 69.698148][ T3838] netlink: 40 bytes leftover after parsing attributes in process `syz.4.39'. [ 70.412398][ T3683] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 71.266011][ T3683] usb 5-1: unable to get BOS descriptor set [ 71.365718][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.402914][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.828358][ T3683] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 72.875502][ T3683] usb 5-1: can't read configurations, error -71 [ 73.991724][ T3855] netlink: 'syz.4.42': attribute type 1 has an invalid length. [ 74.291553][ T3863] netlink: 60 bytes leftover after parsing attributes in process `syz.3.45'. [ 75.282281][ T3648] Bluetooth: hci0: command tx timeout [ 76.297728][ T26] audit: type=1326 audit(1722501843.030:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3877 comm="syz.2.50" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d3f1773b9 code=0x0 [ 76.358768][ T3895] loop1: detected capacity change from 0 to 128 [ 76.498205][ T947] cfg80211: failed to load regulatory.db [ 76.979853][ T3908] netlink: 'syz.0.58': attribute type 10 has an invalid length. [ 77.148372][ T3908] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.230318][ T3908] bond0: (slave team0): Enslaving as an active interface with an up link [ 77.625298][ T3908] syz.0.58 (3908) used greatest stack depth: 20120 bytes left [ 77.804894][ T3923] loop0: detected capacity change from 0 to 256 [ 77.883112][ T947] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 78.172974][ T947] usb 2-1: Using ep0 maxpacket: 8 [ 78.342664][ T947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 78.498132][ T947] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 78.802185][ T947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.819838][ T947] usb 2-1: config 0 descriptor?? [ 79.090044][ T947] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 79.365683][ T1180] usb 2-1: USB disconnect, device number 3 [ 79.381462][ T1180] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 81.460304][ T3985] loop3: detected capacity change from 0 to 64 [ 82.760649][ T4002] netlink: 'syz.3.84': attribute type 1 has an invalid length. [ 83.762470][ T4010] device team_slave_0 entered promiscuous mode [ 83.768990][ T4010] device team_slave_1 entered promiscuous mode [ 83.953525][ T4015] netlink: 'syz.3.87': attribute type 10 has an invalid length. [ 83.996653][ T4015] device team_slave_0 left promiscuous mode [ 84.007679][ T4015] device team_slave_1 left promiscuous mode [ 84.031753][ T4022] loop0: detected capacity change from 0 to 512 [ 84.098124][ T4022] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 84.112945][ T4015] device team_slave_0 entered promiscuous mode [ 84.119234][ T4015] device team_slave_1 entered promiscuous mode [ 84.154209][ T4022] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 84.191125][ T4015] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.296381][ T4015] bond0: (slave team0): Enslaving as an active interface with an up link [ 84.311041][ T4022] EXT4-fs (loop0): 1 truncate cleaned up [ 84.317305][ T4022] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 84.441277][ T4009] device team_slave_0 left promiscuous mode [ 84.447542][ T4009] device team_slave_1 left promiscuous mode [ 84.506620][ T3636] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /21/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 84.534714][ T4030] netlink: 'syz.2.94': attribute type 10 has an invalid length. [ 84.701620][ T4030] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.711796][ T4030] bond0: (slave team0): Enslaving as an active interface with an up link [ 84.737350][ T3636] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 84.788320][ T3636] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /21/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 84.846320][ T3636] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 84.921372][ T3636] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /21/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 84.946280][ T3636] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 85.045556][ T3636] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /21/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 85.116558][ T3636] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 85.233216][ T3636] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /21/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 85.345877][ T3636] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 85.673209][ T4048] 9pnet_fd: Insufficient options for proto=fd [ 85.685233][ T4050] capability: warning: `syz.1.101' uses deprecated v2 capabilities in a way that may be insecure [ 85.830989][ T4052] loop1: detected capacity change from 0 to 512 [ 85.917066][ T4052] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.101: invalid indirect mapped block 256 (level 2) [ 85.953465][ T4052] EXT4-fs (loop1): 2 truncates cleaned up [ 85.959258][ T4052] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 86.129049][ T4059] netlink: 'syz.4.103': attribute type 7 has an invalid length. [ 86.147257][ T4059] netlink: 'syz.4.103': attribute type 6 has an invalid length. [ 86.242565][ T3640] EXT4-fs (loop1): unmounting filesystem. [ 86.291172][ T3636] EXT4-fs (loop0): unmounting filesystem. [ 86.355862][ T3792] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.379778][ T4061] loop1: detected capacity change from 0 to 16 [ 86.415843][ T4061] erofs: (device loop1): erofs_read_superblock: blkszbits 9 isn't supported on this platform [ 86.568405][ T3792] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.739799][ T3792] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.859261][ T3792] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.964926][ T4066] device team_slave_0 entered promiscuous mode [ 86.971338][ T4066] device team_slave_1 entered promiscuous mode [ 87.184944][ T4069] netlink: 'syz.4.109': attribute type 10 has an invalid length. [ 87.267809][ T4069] device team_slave_0 left promiscuous mode [ 87.292527][ T4069] device team_slave_1 left promiscuous mode [ 87.300756][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 87.326715][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 87.353899][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.379135][ T4069] device team_slave_0 entered promiscuous mode [ 87.385472][ T4069] device team_slave_1 entered promiscuous mode [ 87.398989][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.419412][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.429181][ T4069] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.461510][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.469855][ T3649] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.481594][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.489911][ T4069] bond0: (slave team0): Enslaving as an active interface with an up link [ 87.491052][ T3655] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.498772][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.518556][ T3655] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.522966][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.537295][ T3655] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.544575][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.560640][ T3655] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.568005][ T3655] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.624015][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.674143][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.697568][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.715851][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.734598][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.758621][ T3682] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 87.785198][ T3682] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 87.807048][ T4079] chnl_net:caif_netlink_parms(): no params data found [ 87.976475][ T4065] device team_slave_0 left promiscuous mode [ 87.982668][ T4065] device team_slave_1 left promiscuous mode [ 88.179579][ T4092] loop1: detected capacity change from 0 to 1024 [ 88.269839][ T3628] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 88.813993][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.833161][ T4079] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.855707][ T4079] device bridge_slave_0 entered promiscuous mode [ 88.963680][ T3655] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 88.972821][ T3655] Bluetooth: hci3: Injecting HCI hardware error event [ 88.981411][ T3655] Bluetooth: hci3: hardware error 0x00 [ 89.071440][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.093859][ T4079] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.220724][ T4079] device bridge_slave_1 entered promiscuous mode [ 89.241717][ T4129] netlink: 'syz.2.120': attribute type 7 has an invalid length. [ 89.252259][ T4129] netlink: 'syz.2.120': attribute type 6 has an invalid length. [ 89.501801][ T4079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.602239][ T3648] Bluetooth: hci0: command tx timeout [ 89.624243][ T4079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.796761][ T4079] team0: Port device team_slave_0 added [ 89.813347][ T4137] netlink: 'syz.3.122': attribute type 10 has an invalid length. [ 89.888159][ T4079] team0: Port device team_slave_1 added [ 90.039962][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.057523][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.118117][ T4079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.332045][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.343890][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.429950][ T4079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.439680][ T4147] loop3: detected capacity change from 0 to 32768 [ 90.453224][ T4147] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.126 (4147) [ 90.486985][ T4147] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 90.497628][ T4147] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 90.507089][ T4147] BTRFS info (device loop3): allowing degraded mounts [ 90.515059][ T4147] BTRFS info (device loop3): enabling auto defrag [ 90.521579][ T4147] BTRFS info (device loop3): doing ref verification [ 90.528349][ T4147] BTRFS info (device loop3): max_inline at 6 [ 90.534431][ T4147] BTRFS info (device loop3): max_inline at 0 [ 90.540453][ T4147] BTRFS info (device loop3): turning on sync discard [ 90.547226][ T4147] BTRFS info (device loop3): turning off barriers [ 90.553720][ T4147] BTRFS info (device loop3): using free space tree [ 90.760418][ T4079] device hsr_slave_0 entered promiscuous mode [ 90.784048][ T4079] device hsr_slave_1 entered promiscuous mode [ 90.815938][ T4162] loop2: detected capacity change from 0 to 1024 [ 90.823675][ T4079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.831271][ T4079] Cannot create hsr debugfs directory [ 90.915285][ T3792] device hsr_slave_0 left promiscuous mode [ 90.948355][ T3792] device hsr_slave_1 left promiscuous mode [ 91.029337][ T3792] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.053937][ T3792] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 91.100515][ T3792] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 91.122164][ T3655] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 91.178337][ T3638] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 91.192284][ T3792] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.239960][ T3792] device bridge_slave_1 left promiscuous mode [ 91.272382][ T3792] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.302912][ T3792] device bridge_slave_0 left promiscuous mode [ 91.309229][ T3792] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.390536][ T4183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.130'. [ 91.507759][ T3792] device veth1_macvtap left promiscuous mode [ 91.523571][ T3792] device veth0_macvtap left promiscuous mode [ 91.566254][ T3792] device veth1_vlan left promiscuous mode [ 91.613002][ T3792] device veth0_vlan left promiscuous mode [ 91.682318][ T3655] Bluetooth: hci0: command tx timeout [ 91.932621][ T3644] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 92.272339][ T3644] usb 2-1: Using ep0 maxpacket: 8 [ 92.613056][ T3644] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 92.658223][ T3644] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.728132][ T3644] usb 2-1: Product: syz [ 92.736029][ T3644] usb 2-1: Manufacturer: syz [ 92.751919][ T3644] usb 2-1: SerialNumber: syz [ 92.799361][ T3644] usb 2-1: config 0 descriptor?? [ 92.879324][ T3644] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 93.175688][ T3792] team0 (unregistering): Port device team_slave_1 removed [ 93.216251][ T3792] team0 (unregistering): Port device team_slave_0 removed [ 93.247956][ T3792] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 93.300162][ T3792] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 93.551677][ T3792] bond0 (unregistering): (slave team0): Releasing backup interface [ 93.646934][ T3644] radio-usb-si4713: probe of 2-1:0.0 failed with error -71 [ 93.658670][ T3792] bond0 (unregistering): Released all slaves [ 93.662393][ T3644] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 93.688013][ T3644] usb 2-1: USB disconnect, device number 4 [ 93.762237][ T3655] Bluetooth: hci0: command tx timeout [ 93.783507][ T4208] netlink: 'syz.3.136': attribute type 10 has an invalid length. [ 93.851979][ T4208] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 94.042693][ T4221] loop3: detected capacity change from 0 to 1024 [ 94.095109][ T3757] bond0: (slave team0): link status definitely down, disabling slave [ 94.097400][ T3628] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 95.120843][ T4079] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.247430][ T4079] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.304991][ T4079] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.361871][ T4079] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.611137][ T4251] loop4: detected capacity change from 0 to 1764 [ 95.842624][ T3655] Bluetooth: hci0: command tx timeout [ 95.849333][ T4079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.867438][ T4079] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.886855][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.910180][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.968190][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.982894][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.013209][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.020341][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.079490][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.132992][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.174560][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.181692][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.253425][ T4260] netlink: 'syz.4.146': attribute type 7 has an invalid length. [ 96.273108][ T4260] netlink: 'syz.4.146': attribute type 6 has an invalid length. [ 96.285062][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 96.302987][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.355201][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.375372][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.399051][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.440167][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.478875][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.517043][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 96.552936][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 96.580298][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 96.631075][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 96.662879][ T4079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 96.696891][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 96.797281][ T4274] loop1: detected capacity change from 0 to 1024 [ 96.905839][ T3628] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 97.333660][ T4289] device team_slave_0 entered promiscuous mode [ 97.339899][ T4289] device team_slave_1 entered promiscuous mode [ 97.443165][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.458530][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.491223][ T4079] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.569215][ T4293] netlink: 'syz.1.151': attribute type 10 has an invalid length. [ 97.617170][ T4293] device team_slave_0 left promiscuous mode [ 97.628419][ T4293] device team_slave_1 left promiscuous mode [ 97.660114][ T4293] device team_slave_0 entered promiscuous mode [ 97.666480][ T4293] device team_slave_1 entered promiscuous mode [ 97.680792][ T4293] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.712541][ T4293] bond0: (slave team0): Enslaving as an active interface with an up link [ 97.733737][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.747164][ T3682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.885053][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.903917][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.944827][ T4079] device veth0_vlan entered promiscuous mode [ 97.965522][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.984235][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.013264][ T4288] device team_slave_0 left promiscuous mode [ 98.019327][ T4288] device team_slave_1 left promiscuous mode [ 98.058200][ T4079] device veth1_vlan entered promiscuous mode [ 98.175097][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 98.186112][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.229055][ T4079] device veth0_macvtap entered promiscuous mode [ 98.245473][ T4079] device veth1_macvtap entered promiscuous mode [ 98.331265][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.370419][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.422123][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.438203][ T4316] Bluetooth: MGMT ver 1.22 [ 98.458168][ T4316] Bluetooth: hci3: invalid length 0, exp 2 for type 29 [ 98.463924][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.488395][ T4319] loop2: detected capacity change from 0 to 128 [ 98.495775][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.526976][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.618884][ T4319] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 98.637574][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.664268][ T4319] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 98.681361][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.708506][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.720544][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 98.745854][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.763143][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.783122][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.815032][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.868111][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.892389][ T4319] syz.2.159 (pid 4319) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 98.951207][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.999940][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.047851][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.052087][ T4334] loop4: detected capacity change from 0 to 1024 [ 99.099940][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.187933][ T4079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.247820][ T4079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.329615][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.362523][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.371474][ T3685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.415557][ T4079] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.470739][ T4079] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.512285][ T4079] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.540264][ T4079] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.569925][ T4319] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 100.181569][ T4319] fscrypt (loop2): Missing crypto API support for AES-128-CBC-ESSIV (API name: "essiv(cbc(aes),sha256)") [ 100.309845][ T3793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.359831][ T3793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.459081][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 100.558641][ T3757] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.581648][ T3757] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.663225][ T1180] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 100.900649][ T4377] loop0: detected capacity change from 0 to 512 [ 100.970594][ T4377] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 101.127320][ T4377] EXT4-fs (loop0): 1 truncate cleaned up [ 101.137680][ T4377] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 101.439200][ T4079] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /0/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 101.623716][ T4079] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 101.721866][ T4079] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /0/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 101.764562][ T3637] EXT4-fs (loop2): unmounting filesystem. [ 101.771221][ T4079] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 101.851635][ T4079] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /0/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 101.939424][ T4391] loop2: detected capacity change from 0 to 1024 [ 101.945695][ T4079] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 102.030647][ T4079] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /0/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 102.116326][ T4079] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 102.198388][ T4079] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /0/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 102.281589][ T4079] EXT4-fs error (device loop0): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 102.674555][ T4079] [ 102.677030][ T4079] ====================================================== [ 102.684136][ T4079] WARNING: possible circular locking dependency detected [ 102.691173][ T4079] 6.1.102-syzkaller #0 Not tainted [ 102.696356][ T4079] ------------------------------------------------------ [ 102.703540][ T4079] syz-executor/4079 is trying to acquire lock: [ 102.709676][ T4079] ffff888057ea2130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x104/0x300 [ 102.720561][ T4079] [ 102.720561][ T4079] but task is already holding lock: [ 102.727928][ T4079] ffffffff8e64e7c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 [ 102.737825][ T4079] [ 102.737825][ T4079] which lock already depends on the new lock. [ 102.737825][ T4079] [ 102.748309][ T4079] [ 102.748309][ T4079] the existing dependency chain (in reverse order) is: [ 102.757315][ T4079] [ 102.757315][ T4079] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 102.765040][ T4079] lock_acquire+0x1f8/0x5a0 [ 102.770099][ T4079] __mutex_lock+0x132/0xd80 [ 102.775137][ T4079] hci_remote_features_evt+0x664/0xab0 [ 102.781208][ T4079] hci_event_packet+0xa9d/0x1510 [ 102.786789][ T4079] hci_rx_work+0x3cd/0xce0 [ 102.791808][ T4079] process_one_work+0x8a9/0x11d0 [ 102.797379][ T4079] worker_thread+0xa47/0x1200 [ 102.802671][ T4079] kthread+0x28d/0x320 [ 102.807273][ T4079] ret_from_fork+0x1f/0x30 [ 102.812312][ T4079] [ 102.812312][ T4079] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 102.819694][ T4079] lock_acquire+0x1f8/0x5a0 [ 102.824728][ T4079] __mutex_lock+0x132/0xd80 [ 102.829767][ T4079] sco_sock_connect+0x181/0x8f0 [ 102.835231][ T4079] __sys_connect+0x2c9/0x300 [ 102.840354][ T4079] __x64_sys_connect+0x76/0x80 [ 102.845640][ T4079] do_syscall_64+0x3b/0xb0 [ 102.850568][ T4079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.856978][ T4079] [ 102.856978][ T4079] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 102.866201][ T4079] validate_chain+0x1661/0x5950 [ 102.871582][ T4079] __lock_acquire+0x125b/0x1f80 [ 102.876954][ T4079] lock_acquire+0x1f8/0x5a0 [ 102.881969][ T4079] lock_sock_nested+0x44/0x100 [ 102.887251][ T4079] sco_conn_del+0x104/0x300 [ 102.892271][ T4079] hci_conn_hash_flush+0x10e/0x2a0 [ 102.897983][ T4079] hci_dev_close_sync+0x9a9/0x1020 [ 102.903695][ T4079] hci_unregister_dev+0x207/0x500 [ 102.909229][ T4079] vhci_release+0x7f/0xd0 [ 102.914067][ T4079] __fput+0x3f6/0x8d0 [ 102.918554][ T4079] task_work_run+0x246/0x300 [ 102.923658][ T4079] do_exit+0xa73/0x26a0 [ 102.928326][ T4079] do_group_exit+0x202/0x2b0 [ 102.933452][ T4079] __x64_sys_exit_group+0x3b/0x40 [ 102.939006][ T4079] do_syscall_64+0x3b/0xb0 [ 102.944045][ T4079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.950480][ T4079] [ 102.950480][ T4079] other info that might help us debug this: [ 102.950480][ T4079] [ 102.961157][ T4079] Chain exists of: [ 102.961157][ T4079] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 102.961157][ T4079] [ 102.975838][ T4079] Possible unsafe locking scenario: [ 102.975838][ T4079] [ 102.983285][ T4079] CPU0 CPU1 [ 102.988900][ T4079] ---- ---- [ 102.994272][ T4079] lock(hci_cb_list_lock); [ 102.998765][ T4079] lock(&hdev->lock); [ 103.005422][ T4079] lock(hci_cb_list_lock); [ 103.012961][ T4079] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 103.019015][ T4079] [ 103.019015][ T4079] *** DEADLOCK *** [ 103.019015][ T4079] [ 103.027505][ T4079] 3 locks held by syz-executor/4079: [ 103.032786][ T4079] #0: ffff8880775bd0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1ff/0x500 [ 103.042721][ T4079] #1: ffff8880775bc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x48d/0x1020 [ 103.052468][ T4079] #2: ffffffff8e64e7c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 [ 103.062775][ T4079] [ 103.062775][ T4079] stack backtrace: [ 103.068660][ T4079] CPU: 1 PID: 4079 Comm: syz-executor Not tainted 6.1.102-syzkaller #0 [ 103.076879][ T4079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 103.087088][ T4079] Call Trace: [ 103.091419][ T4079] [ 103.094340][ T4079] dump_stack_lvl+0x1e3/0x2cb [ 103.099207][ T4079] ? nf_tcp_handle_invalid+0x642/0x642 [ 103.104678][ T4079] ? print_circular_bug+0x12b/0x1a0 [ 103.110304][ T4079] check_noncircular+0x2fa/0x3b0 [ 103.115406][ T4079] ? stack_trace_snprint+0xe0/0xe0 [ 103.120951][ T4079] ? add_chain_block+0x850/0x850 [ 103.127503][ T4079] ? lockdep_lock+0x11f/0x2a0 [ 103.132543][ T4079] ? lockdep_unlock+0x165/0x300 [ 103.137384][ T4079] ? lockdep_lock+0x2a0/0x2a0 [ 103.142049][ T4079] ? _find_first_zero_bit+0xd0/0x100 [ 103.147330][ T4079] validate_chain+0x1661/0x5950 [ 103.152184][ T4079] ? reacquire_held_locks+0x660/0x660 [ 103.157566][ T4079] ? reacquire_held_locks+0x660/0x660 [ 103.162931][ T4079] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 103.168918][ T4079] ? mark_lock+0x9a/0x340 [ 103.173242][ T4079] ? __lock_acquire+0x125b/0x1f80 [ 103.178263][ T4079] ? mark_lock+0x9a/0x340 [ 103.182584][ T4079] __lock_acquire+0x125b/0x1f80 [ 103.187530][ T4079] lock_acquire+0x1f8/0x5a0 [ 103.192196][ T4079] ? sco_conn_del+0x104/0x300 [ 103.196933][ T4079] ? read_lock_is_recursive+0x10/0x10 [ 103.202484][ T4079] ? sco_conn_del+0xfa/0x300 [ 103.207066][ T4079] ? __lock_acquire+0x1f80/0x1f80 [ 103.212081][ T4079] ? do_raw_spin_lock+0x14a/0x370 [ 103.217112][ T4079] lock_sock_nested+0x44/0x100 [ 103.222133][ T4079] ? sco_conn_del+0x104/0x300 [ 103.226810][ T4079] sco_conn_del+0x104/0x300 [ 103.231316][ T4079] ? sco_connect_cfm+0xb10/0xb10 [ 103.236336][ T4079] hci_conn_hash_flush+0x10e/0x2a0 [ 103.241437][ T4079] hci_dev_close_sync+0x9a9/0x1020 [ 103.246626][ T4079] hci_unregister_dev+0x207/0x500 [ 103.251643][ T4079] vhci_release+0x7f/0xd0 [ 103.255963][ T4079] ? vhci_open+0x360/0x360 [ 103.260370][ T4079] __fput+0x3f6/0x8d0 [ 103.264527][ T4079] task_work_run+0x246/0x300 [ 103.270721][ T4079] ? kasan_quarantine_put+0xd4/0x220 [ 103.276019][ T4079] ? task_work_cancel+0x2b0/0x2b0 [ 103.281572][ T4079] ? kmem_cache_free+0x292/0x510 [ 103.286870][ T4079] ? do_exit+0xa6e/0x26a0 [ 103.291278][ T4079] do_exit+0xa73/0x26a0 [ 103.295427][ T4079] ? put_task_struct+0x80/0x80 [ 103.300178][ T4079] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 103.306147][ T4079] ? print_irqtrace_events+0x210/0x210 [ 103.311597][ T4079] ? _raw_spin_unlock_irq+0x1f/0x40 [ 103.316779][ T4079] ? lockdep_hardirqs_on+0x94/0x130 [ 103.321962][ T4079] do_group_exit+0x202/0x2b0 [ 103.326541][ T4079] __x64_sys_exit_group+0x3b/0x40 [ 103.331575][ T4079] do_syscall_64+0x3b/0xb0 [ 103.335979][ T4079] ? clear_bhb_loop+0x45/0xa0 [ 103.340642][ T4079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 103.346523][ T4079] RIP: 0033:0x7f4c761773b9 [ 103.350935][ T4079] Code: Unable to access opcode bytes at 0x7f4c7617738f. [ 103.358285][ T4079] RSP: 002b:00007fffd358aff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 103.366859][ T4079] RAX: ffffffffffffffda RBX: 00007f4c761e4808 RCX: 00007f4c761773b9 [ 103.374983][ T4079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 103.383057][ T4079] RBP: 0000000000000027 R08: 00007fffd3588d96 R09: 00007fffd358c2b0 [ 103.391236][ T4079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd358c2b0 [ 103.399288][ T4079] R13: 00007f4c761e4784 R14: 0000555556d684a8 R15: 00007fffd358e460 [ 103.407356][ T4079] [ 103.774240][ T4079] EXT4-fs (loop0): unmounting filesystem. [ 103.786745][ T3793] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.827269][ T3793] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.879797][ T3793] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.928542][ T3793] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.666951][ T3793] device hsr_slave_0 left promiscuous mode [ 104.673417][ T3793] device hsr_slave_1 left promiscuous mode [ 104.679843][ T3793] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.688913][ T3793] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.697046][ T3793] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.704796][ T3793] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.712715][ T3793] device bridge_slave_1 left promiscuous mode [ 104.718937][ T3793] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.727551][ T3793] device bridge_slave_0 left promiscuous mode [ 104.734112][ T3793] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.747531][ T3793] device veth1_macvtap left promiscuous mode [ 104.753705][ T3793] device veth0_macvtap left promiscuous mode [ 104.759975][ T3793] device veth1_vlan left promiscuous mode [ 104.766239][ T3793] device veth0_vlan left promiscuous mode [ 104.940608][ T3793] team0 (unregistering): Port device team_slave_1 removed [ 104.969159][ T3793] team0 (unregistering): Port device team_slave_0 removed [ 104.991293][ T3793] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.015529][ T3793] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.074779][ T3793] bond0 (unregistering): Released all slaves