last executing test programs: 1m45.172757381s ago: executing program 3 (id=954): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r10, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) r11 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x280, 0x0) dup3(r11, r10, 0x0) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0) 1m42.157578974s ago: executing program 3 (id=958): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) openat(r2, &(0x7f000000c380)='./file0\x00', 0x20942, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_DETACH(0x22, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) write(r1, &(0x7f00000000c0)="842a0a65bd8c002b030400", 0xb) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f00000011c0)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) 1m39.357152228s ago: executing program 3 (id=963): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2}) r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r9, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x280, 0x0) dup3(r10, r9, 0x0) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0) 1m38.076719166s ago: executing program 3 (id=964): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r10, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) r11 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x280, 0x0) dup3(r11, r10, 0x0) ioctl$PIO_UNIMAPCLR(r9, 0x4b68, 0x0) 1m36.944763912s ago: executing program 3 (id=965): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x9, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x400) r3 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) fanotify_init(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7, 0x7f, 0x0, 0x274e, 0xffffffffffffffff, 0xde, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4, 0xf, @void, @value, @void, @value}, 0x48) sendto$inet6(r0, 0x0, 0x0, 0x20000014, &(0x7f0000b63fe4)={0xa, 0xfffe}, 0x1c) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 1m32.598431984s ago: executing program 2 (id=973): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x9, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x400) r3 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) fanotify_init(0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7, 0x7f, 0x0, 0x274e, 0xffffffffffffffff, 0xde, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4, 0xf, @void, @value, @void, @value}, 0x48) sendto$inet6(r0, 0x0, 0x0, 0x20000014, &(0x7f0000b63fe4)={0xa, 0xfffe}, 0x1c) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 1m29.7148544s ago: executing program 2 (id=978): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20020084, 0x0, 0x0) pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) writev(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000010) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e2910000ef0f29902cbb0000c4e2b1ba8c88d90000000f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x41}], 0x1, 0x4a, 0x0, 0x0) clock_adjtime(0x0, &(0x7f00000004c0)={0xc5, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x7}) bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0xce942, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m29.486009851s ago: executing program 3 (id=979): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x9, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x400) r3 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) fanotify_init(0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7, 0x7f, 0x0, 0x274e, 0xffffffffffffffff, 0xde, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4, 0xf, @void, @value, @void, @value}, 0x48) sendto$inet6(r0, 0x0, 0x0, 0x20000014, &(0x7f0000b63fe4)={0xa, 0xfffe}, 0x1c) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 1m28.614467821s ago: executing program 2 (id=981): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2}) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r10, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) r11 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x280, 0x0) dup3(r11, r10, 0x0) ioctl$PIO_UNIMAPCLR(r9, 0x4b68, 0x0) 1m27.128019517s ago: executing program 2 (id=983): syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2800003, 0x28011, 0xffffffffffffffff, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m23.50143375s ago: executing program 2 (id=988): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) openat(r2, &(0x7f000000c380)='./file0\x00', 0x20942, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_DETACH(0x22, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) write(r1, &(0x7f00000000c0)="842a0a65bd8c002b0304000e", 0xc) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f00000011c0)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) 1m21.90984398s ago: executing program 2 (id=990): r0 = socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mremap(&(0x7f0000a4c000/0xf000)=nil, 0xf000, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x62841, 0x0) write$P9_RSTATu(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="1e628f"], 0x58) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) syz_clone(0x4010e000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001800128009000100697069700000713ca80e02800400130008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB], 0x48}}, 0x0) 51.408866484s ago: executing program 0 (id=1033): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) 49.829870897s ago: executing program 0 (id=1035): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = syz_usb_connect(0x2, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000002a80), 0x0, 0x2) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 49.159593644s ago: executing program 0 (id=1037): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0xfffffffe, 0x10100, 0x3, 0xb5}, &(0x7f0000000080), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x184c, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2}) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r8, &(0x7f0000000100)=ANY=[@ANYBLOB='VOLUME\nSYNTH \'Synth Capture\' 004'], 0x32) r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x280, 0x0) dup3(r9, r8, 0x0) ioctl$PIO_UNIMAPCLR(r7, 0x4b68, 0x0) 47.806222469s ago: executing program 0 (id=1039): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x9, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x400) r3 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7, 0x7f, 0x0, 0x274e, 0xffffffffffffffff, 0xde, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4, 0xf, @void, @value, @void, @value}, 0x48) sendto$inet6(r0, 0x0, 0x0, 0x20000014, &(0x7f0000b63fe4)={0xa, 0xfffe}, 0x1c) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 46.573030136s ago: executing program 0 (id=1041): socket$netlink(0x10, 0x3, 0xf) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)) 46.323599924s ago: executing program 0 (id=1043): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0x9, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x400) r3 = userfaultfd(0x801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) fanotify_init(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000014, &(0x7f0000b63fe4)={0xa, 0xfffe}, 0x1c) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) 13.329202296s ago: executing program 1 (id=1093): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) socket$inet6(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) epoll_create(0x5) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socket$rds(0x15, 0x5, 0x0) syz_io_uring_setup(0xaa, &(0x7f0000000200)={0x0, 0x3a7d, 0x80}, 0x0, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000340), 0x0, 0x0) socket(0x10, 0x3, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SPLICE) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 12.013906507s ago: executing program 1 (id=1096): r0 = socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mremap(&(0x7f0000a4c000/0xf000)=nil, 0xf000, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x62841, 0x0) write$P9_RSTATu(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="1e628f"], 0x58) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) syz_clone(0x4010e000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001800128009000100697069700000713ca80e02800400130008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB], 0x48}}, 0x0) 6.451278578s ago: executing program 4 (id=1103): r0 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="272eee862efeda61316ceff1a08b1730", 0x10) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @dev={0xac, 0x14, 0x14, 0x15}, 0x15, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78209788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000e00)={@cgroup=r5, r6, 0x2f, 0x80ffff, 0x4, @void, @void, @value}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'wg2\x00', 0x0}) r9 = socket$kcm(0x2, 0x5, 0x0) sendmsg$inet(r9, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000000040)='#', 0x1}], 0x1}, 0x0) recvmsg$kcm(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r9, 0x1, 0x7, &(0x7f0000000180), 0x43) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}]}}]}, 0x40}}, 0x0) socket(0x200000000000011, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r10, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000000000001001000002000000010000000000000014000000000000001001000002"], 0x30}, 0xc0) 5.881638887s ago: executing program 1 (id=1104): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) openat(r2, &(0x7f000000c380)='./file0\x00', 0x20942, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_DETACH(0x22, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) write(r1, &(0x7f00000000c0)="842a0a65bd8c002b0304000e", 0xc) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f00000011c0)) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) 5.259226115s ago: executing program 4 (id=1105): pipe2(0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="9200000000000000000028000000d4d2c175b034bdd2bbac1414aa", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="54100000907800"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010100000000000000001b00"], 0x24}}, 0x0) 4.281062219s ago: executing program 4 (id=1106): syz_open_procfs$namespace(0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x51) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r4, 0x4b52, &(0x7f0000000040)) gettid() socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000000000)={0x1, 'vlan0\x00', {}, 0x9}) 3.756234909s ago: executing program 4 (id=1107): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) openat(r2, &(0x7f000000c380)='./file0\x00', 0x20942, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_DETACH(0x22, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) write(r1, &(0x7f00000000c0)="842a0a65bd8c002b0304000e", 0xc) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) 3.673775274s ago: executing program 1 (id=1108): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20020084, 0x0, 0x0) pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) writev(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000010) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e2910000ef0f29902cbb0000c4e2b1ba8c88d90000000f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x41}], 0x1, 0x4a, 0x0, 0x0) clock_adjtime(0x0, &(0x7f00000004c0)={0xc5, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x7}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000680)="66420f3841c5b9f60200000f3266baf80cb870047a85ef66bafc0c66ed66b80c008ee80fe9b300000100b9220000400f322e0f211c26460fc7b0003000000f78e2b8010000000f01c1", 0x49}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0xce942, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.459732293s ago: executing program 4 (id=1109): syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2800003, 0x28011, 0xffffffffffffffff, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 2.300750862s ago: executing program 1 (id=1110): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, 0x1, 0x7}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x34, r7, 0x701, 0x0, 0x0, {0xb}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) r8 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000000040)={0x1, 0x0, 0x7, &(0x7f0000000140)={0xc, "b7fc741714bd8325de9540e3cfc840d0b9358338de5fdb7ad189aa80277f6cd2e2"}}) r9 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) 1.246457509s ago: executing program 1 (id=1111): syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2800003, 0x28011, 0xffffffffffffffff, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0) bind$qrtr(0xffffffffffffffff, &(0x7f0000000780)={0x2a, 0x1, 0xfffffffe}, 0xc) 0s ago: executing program 4 (id=1112): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d00030068"], 0x5c}}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x20) socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000002d00), 0x0, 0x103802) kernel console output (not intermixed with test programs): .346786][ T8971] syz.4.703: attempt to access beyond end of device [ 469.346786][ T8971] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 469.399097][ T8971] Mount JFS Failure: -5 [ 469.424894][ T8971] jfs_mount failed w/return code = -5 [ 469.685759][ T8713] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 469.696392][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.720235][ T8848] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.735195][ T8848] bridge_slave_1: entered allmulticast mode [ 469.800964][ T8972] syz.1.705: attempt to access beyond end of device [ 469.800964][ T8972] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 469.813939][ T8972] XFS (nbd1): SB validate failed with error -5. [ 469.839698][ T8848] bridge_slave_1: entered promiscuous mode [ 469.957890][ T8848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 470.143055][ T8848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 470.448425][ T8993] program syz.4.707 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 470.457919][ T8993] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 471.394576][ T5218] Bluetooth: hci5: link tx timeout [ 471.400201][ T5218] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 471.557892][ T6906] IPVS: stop unused estimator thread 0... [ 471.567075][ T8848] team0: Port device team_slave_0 added [ 471.578422][ T8848] team0: Port device team_slave_1 added [ 471.623011][ T8848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.633172][ T8848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.671791][ T8848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.698559][ T9006] program syz.1.711 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 471.708603][ T9006] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 471.903533][ T9008] program syz.4.709 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 471.913458][ T9008] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 472.443969][ T8848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 472.450952][ T8848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.479356][ T8848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.590410][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.050868][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.713'. [ 474.152355][ T4611] Bluetooth: hci5: command 0x0406 tx timeout [ 474.186312][ T8713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.255706][ T8848] hsr_slave_0: entered promiscuous mode [ 474.392951][ T8848] hsr_slave_1: entered promiscuous mode [ 474.406524][ T8848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 474.425072][ T8848] Cannot create hsr debugfs directory [ 475.271187][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.308720][ T9028] overlayfs: failed to resolve './file0': -2 [ 475.623046][ T8713] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.733863][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.909635][ T9031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.716'. [ 475.946643][ T6906] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.953852][ T6906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.545065][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.937457][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.944658][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.505385][ T52] bridge_slave_1: left allmulticast mode [ 478.511075][ T52] bridge_slave_1: left promiscuous mode [ 478.529839][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.539863][ T52] bridge_slave_0: left allmulticast mode [ 478.552780][ T52] bridge_slave_0: left promiscuous mode [ 478.588312][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.848052][ T9072] syz.1.721: attempt to access beyond end of device [ 479.848052][ T9072] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 479.864202][ T9072] syz.1.721: attempt to access beyond end of device [ 479.864202][ T9072] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 479.877574][ T9072] Mount JFS Failure: -5 [ 479.881803][ T9072] jfs_mount failed w/return code = -5 [ 481.561833][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 481.590042][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 481.598716][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 481.682922][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 481.692027][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 481.699979][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 481.954202][ T9088] netlink: 16 bytes leftover after parsing attributes in process `syz.1.725'. [ 482.521491][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 482.548852][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 482.570877][ T52] bond0 (unregistering): Released all slaves [ 483.071570][ T8713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.307806][ T9083] chnl_net:caif_netlink_parms(): no params data found [ 483.358110][ T8713] veth0_vlan: entered promiscuous mode [ 483.564140][ T9112] xt_policy: too many policy elements [ 483.670607][ T8713] veth1_vlan: entered promiscuous mode [ 483.750716][ T5218] Bluetooth: hci3: command tx timeout [ 484.498010][ T9117] syz.4.728: attempt to access beyond end of device [ 484.498010][ T9117] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 484.511993][ T9117] syz.4.728: attempt to access beyond end of device [ 484.511993][ T9117] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 484.528957][ T9117] Mount JFS Failure: -5 [ 484.533548][ T9117] jfs_mount failed w/return code = -5 [ 484.904085][ T52] hsr_slave_0: left promiscuous mode [ 484.970217][ T52] hsr_slave_1: left promiscuous mode [ 485.057205][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 485.091857][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 485.151795][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 485.186157][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.253486][ T52] veth1_macvtap: left promiscuous mode [ 485.265643][ T52] veth0_macvtap: left promiscuous mode [ 485.279760][ T52] veth1_vlan: left promiscuous mode [ 485.292634][ T52] veth0_vlan: left promiscuous mode [ 485.803215][ T5218] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 485.822278][ T5218] Bluetooth: hci3: command tx timeout [ 486.354108][ T52] team0 (unregistering): Port device team_slave_1 removed [ 486.399147][ T52] team0 (unregistering): Port device team_slave_0 removed [ 487.902718][ T5218] Bluetooth: hci3: command tx timeout [ 488.088512][ T8713] veth0_macvtap: entered promiscuous mode [ 488.165460][ T9139] syz.1.731: attempt to access beyond end of device [ 488.165460][ T9139] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 488.179284][ T9139] syz.1.731: attempt to access beyond end of device [ 488.179284][ T9139] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 488.192592][ T9139] Mount JFS Failure: -5 [ 488.196838][ T9139] jfs_mount failed w/return code = -5 [ 488.693706][ T9083] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.700909][ T9083] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.721721][ T9083] bridge_slave_0: entered allmulticast mode [ 488.733884][ T9083] bridge_slave_0: entered promiscuous mode [ 488.773634][ T8713] veth1_macvtap: entered promiscuous mode [ 488.855257][ T8848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 488.987403][ T9083] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.995096][ T9083] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.006185][ T9083] bridge_slave_1: entered allmulticast mode [ 489.098376][ T9083] bridge_slave_1: entered promiscuous mode [ 489.866903][ T8848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 489.933176][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 489.972121][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 489.982006][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 489.989408][ T5218] Bluetooth: hci3: command tx timeout [ 490.002562][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.012594][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.023164][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.034250][ T8713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 490.043925][ T9083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.052142][ T29] audit: type=1400 audit(1728378796.307:278): avc: denied { write } for pid=9159 comm="syz.1.734" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 490.074566][ T29] audit: type=1400 audit(1728378796.307:279): avc: denied { add_name } for pid=9159 comm="syz.1.734" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 490.075234][ T9083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 490.095734][ T29] audit: type=1400 audit(1728378796.307:280): avc: denied { create } for pid=9159 comm="syz.1.734" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 490.095776][ T29] audit: type=1400 audit(1728378796.307:281): avc: denied { associate } for pid=9159 comm="syz.1.734" name="pids.current" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 490.171549][ T29] audit: type=1400 audit(1728378796.447:282): avc: denied { unmount } for pid=5225 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 490.191945][ T8848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 490.223692][ T8848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 490.251822][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.262836][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.273098][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.283561][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.302256][ T8713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.313054][ T8713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.324970][ T8713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 490.396292][ T5218] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 490.421169][ T9083] team0: Port device team_slave_0 added [ 490.437800][ T8713] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.460458][ T8713] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.471437][ T8713] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.483878][ T8713] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.500603][ T9083] team0: Port device team_slave_1 added [ 490.554487][ T52] IPVS: stop unused estimator thread 0... [ 490.592367][ T9083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.622526][ T9083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.653087][ T9083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 490.720825][ T9083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 490.731107][ T9083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.759033][ T9083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.063047][ T9169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.736'. [ 491.824327][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.866180][ T9083] hsr_slave_0: entered promiscuous mode [ 491.911115][ T9083] hsr_slave_1: entered promiscuous mode [ 491.933575][ T9083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 492.026485][ T9173] syz.4.737: attempt to access beyond end of device [ 492.026485][ T9173] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 492.041777][ T9173] syz.4.737: attempt to access beyond end of device [ 492.041777][ T9173] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 492.055833][ T9173] Mount JFS Failure: -5 [ 492.060147][ T9173] jfs_mount failed w/return code = -5 [ 492.413838][ T9083] Cannot create hsr debugfs directory [ 492.463632][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.731865][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.828212][ T7658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.876145][ T7658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.488816][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.624373][ T7658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 493.670952][ T7658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.796156][ T8848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.813624][ T8848] 8021q: adding VLAN 0 to HW filter on device team0 [ 493.847614][ T8848] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 493.858172][ T8848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 493.956223][ T7658] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.963411][ T7658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.984688][ T7658] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.991825][ T7658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.905714][ T52] bridge_slave_1: left allmulticast mode [ 494.921852][ T52] bridge_slave_1: left promiscuous mode [ 494.930233][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.020995][ T52] bridge_slave_0: left allmulticast mode [ 495.059223][ T52] bridge_slave_0: left promiscuous mode [ 495.076036][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.278835][ T9213] syz.4.740: attempt to access beyond end of device [ 495.278835][ T9213] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 495.292741][ T9213] syz.4.740: attempt to access beyond end of device [ 495.292741][ T9213] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 495.306006][ T9213] Mount JFS Failure: -5 [ 495.310235][ T9213] jfs_mount failed w/return code = -5 [ 497.289267][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 497.318433][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 497.376236][ T52] bond0 (unregistering): Released all slaves [ 497.887764][ T9247] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 497.905477][ T9247] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 498.320099][ T8848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 498.475511][ T9253] program syz.1.744 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 498.496029][ T9253] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 498.602392][ T46] IPVS: starting estimator thread 0... [ 498.712697][ T9256] IPVS: using max 15 ests per chain, 36000 per kthread [ 500.291144][ T9266] Can't find ip_set type hash:n [ 500.442828][ T52] hsr_slave_0: left promiscuous mode [ 500.466845][ T52] hsr_slave_1: left promiscuous mode [ 500.984327][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 501.531112][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.678805][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.685225][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.539777][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 502.557025][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 502.638366][ T52] veth1_macvtap: left promiscuous mode [ 502.657284][ T52] veth0_macvtap: left promiscuous mode [ 502.663103][ T52] veth1_vlan: left promiscuous mode [ 502.668495][ T52] veth0_vlan: left promiscuous mode [ 502.928716][ T9284] syz.2.748: attempt to access beyond end of device [ 502.928716][ T9284] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 502.954986][ T9284] syz.2.748: attempt to access beyond end of device [ 502.954986][ T9284] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 502.968335][ T9284] Mount JFS Failure: -5 [ 502.972764][ T9284] jfs_mount failed w/return code = -5 [ 504.195077][ T9287] syz.1.749: attempt to access beyond end of device [ 504.195077][ T9287] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 504.207922][ T9287] syz.1.749: attempt to access beyond end of device [ 504.207922][ T9287] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 504.220774][ T9287] Mount JFS Failure: -5 [ 504.225344][ T9287] jfs_mount failed w/return code = -5 [ 504.670306][ T52] team0 (unregistering): Port device team_slave_1 removed [ 505.030666][ T52] team0 (unregistering): Port device team_slave_0 removed [ 505.997393][ T9083] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 506.313309][ T9083] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 506.475426][ T9311] syz.2.754: attempt to access beyond end of device [ 506.475426][ T9311] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 506.477233][ T9312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.753'. [ 506.504713][ T9311] syz.2.754: attempt to access beyond end of device [ 506.504713][ T9311] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 506.522973][ T9311] Mount JFS Failure: -5 [ 506.528211][ T9311] jfs_mount failed w/return code = -5 [ 506.656286][ T9083] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 507.927075][ T9083] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 508.445911][ T8848] veth0_vlan: entered promiscuous mode [ 509.245288][ T9320] syz.4.755: attempt to access beyond end of device [ 509.245288][ T9320] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 509.261216][ T9320] syz.4.755: attempt to access beyond end of device [ 509.261216][ T9320] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 509.276930][ T9320] Mount JFS Failure: -5 [ 509.282368][ T9320] jfs_mount failed w/return code = -5 [ 509.706652][ T9083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.749554][ T9083] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.766967][ T8848] veth1_vlan: entered promiscuous mode [ 509.783703][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.790793][ T5631] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.805549][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.812760][ T5631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.879430][ T8848] veth0_macvtap: entered promiscuous mode [ 509.911556][ T8848] veth1_macvtap: entered promiscuous mode [ 509.944419][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.975563][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.017274][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.127095][ T9331] xt_policy: too many policy elements [ 510.400568][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.586047][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.770233][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.874157][ T8848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 510.960000][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.993465][ T9336] xt_policy: too many policy elements [ 510.999253][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.018066][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.036236][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.057912][ T8848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.070980][ T8848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.109234][ T8848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 511.150234][ T8848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.161725][ T8848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.171105][ T8848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.184386][ T8848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.222844][ T52] IPVS: stop unused estimator thread 0... [ 511.235260][ T9083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.466655][ T7898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.483839][ T7898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.555712][ T1073] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.569999][ T9083] veth0_vlan: entered promiscuous mode [ 511.580917][ T1073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.628374][ T9083] veth1_vlan: entered promiscuous mode [ 511.863593][ T9083] veth0_macvtap: entered promiscuous mode [ 511.888405][ T9083] veth1_macvtap: entered promiscuous mode [ 511.924575][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.623996][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.817846][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.829270][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.846776][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.876890][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.907250][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.939985][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.036133][ T9083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 513.098927][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 513.140320][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.196648][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 513.866600][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.899560][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 513.920088][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.932736][ T9083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 513.950407][ T9083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.976243][ T9083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 514.116798][ T9083] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.127025][ T9083] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.136923][ T9083] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 514.146405][ T9083] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.362255][ T9365] syz.4.764: attempt to access beyond end of device [ 515.362255][ T9365] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 515.376164][ T9365] syz.4.764: attempt to access beyond end of device [ 515.376164][ T9365] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 515.389500][ T9365] Mount JFS Failure: -5 [ 515.393913][ T9365] jfs_mount failed w/return code = -5 [ 515.952444][ T46] IPVS: starting estimator thread 0... [ 516.046226][ T7658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 516.071922][ T7658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.117549][ T9369] IPVS: using max 20 ests per chain, 48000 per kthread [ 516.254836][ T7658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 516.264135][ T7658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.443315][ T9376] xt_policy: too many policy elements [ 519.735037][ T9404] xt_policy: too many policy elements [ 519.837266][ T9392] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 519.863403][ T9392] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 521.510683][ T9424] program syz.4.777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 521.520125][ T9424] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 522.178361][ T9425] syz.2.774: attempt to access beyond end of device [ 522.178361][ T9425] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 522.191466][ T9425] syz.2.774: attempt to access beyond end of device [ 522.191466][ T9425] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 522.204569][ T9425] Mount JFS Failure: -5 [ 522.208755][ T9425] jfs_mount failed w/return code = -5 [ 523.562260][ T9447] program syz.2.780 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 523.571959][ T9447] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 525.137458][ T9463] xt_policy: too many policy elements [ 527.847854][ T9474] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 527.859843][ T9474] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 528.467200][ T9486] xt_policy: too many policy elements [ 529.281000][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 529.291189][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 529.300259][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 529.309108][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 529.938129][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 529.945764][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 531.710274][ T9517] tipc: Started in network mode [ 531.736442][ T9517] tipc: Node identity f7, cluster identity 4711 [ 531.757032][ T9517] tipc: Node number set to 247 [ 531.899164][ T9487] chnl_net:caif_netlink_parms(): no params data found [ 532.105849][ T9529] xt_policy: too many policy elements [ 532.234828][ T54] Bluetooth: hci5: command tx timeout [ 533.287429][ T54] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 533.428124][ T5631] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.733375][ T5631] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.751803][ T9550] syz.2.799: attempt to access beyond end of device [ 533.751803][ T9550] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 533.765997][ T9550] syz.2.799: attempt to access beyond end of device [ 533.765997][ T9550] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 533.783422][ T9550] Mount JFS Failure: -5 [ 533.787663][ T9550] jfs_mount failed w/return code = -5 [ 533.852837][ T9487] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.860183][ T9487] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.867880][ T9487] bridge_slave_0: entered allmulticast mode [ 533.874734][ T9487] bridge_slave_0: entered promiscuous mode [ 533.885176][ T9487] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.892405][ T9487] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.901477][ T9487] bridge_slave_1: entered allmulticast mode [ 533.909040][ T9487] bridge_slave_1: entered promiscuous mode [ 534.159168][ T9555] xt_policy: too many policy elements [ 534.915362][ T54] Bluetooth: hci5: command tx timeout [ 534.990645][ T5631] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.132137][ T9559] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 535.141478][ T9559] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 535.204301][ T9487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 535.634639][ T5631] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.699571][ T9487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 535.825366][ T9563] syz.4.803: attempt to access beyond end of device [ 535.825366][ T9563] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 535.838322][ T9563] syz.4.803: attempt to access beyond end of device [ 535.838322][ T9563] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 535.851264][ T9563] Mount JFS Failure: -5 [ 535.855482][ T9563] jfs_mount failed w/return code = -5 [ 535.898192][ T9487] team0: Port device team_slave_0 added [ 535.945414][ T9487] team0: Port device team_slave_1 added [ 536.065886][ T9487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.081500][ T9487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.111289][ T9487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 536.172787][ T9487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 536.189248][ T9487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.226043][ T9487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.034464][ T54] Bluetooth: hci5: command tx timeout [ 538.198643][ T5631] bridge_slave_1: left allmulticast mode [ 538.204691][ T5631] bridge_slave_1: left promiscuous mode [ 538.214126][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.345026][ T5631] bridge_slave_0: left allmulticast mode [ 538.402110][ T5631] bridge_slave_0: left promiscuous mode [ 538.407967][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.196951][ T54] Bluetooth: hci5: command tx timeout [ 540.367677][ T29] audit: type=1326 audit(1728378846.647:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9592 comm="syz.1.807" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbde417dff9 code=0x0 [ 540.681734][ T5631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 540.701818][ T5631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 540.726733][ T5631] bond0 (unregistering): Released all slaves [ 540.751250][ T9487] hsr_slave_0: entered promiscuous mode [ 540.758812][ T9487] hsr_slave_1: entered promiscuous mode [ 540.769231][ T9487] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.776972][ T9487] Cannot create hsr debugfs directory [ 542.037857][ T9625] program syz.4.811 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 542.047587][ T9625] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 543.344929][ T5631] hsr_slave_0: left promiscuous mode [ 543.372836][ T5631] hsr_slave_1: left promiscuous mode [ 543.385592][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.442477][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 543.533154][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 543.573389][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 543.684063][ T5631] veth1_macvtap: left promiscuous mode [ 543.689649][ T5631] veth0_macvtap: left promiscuous mode [ 543.747242][ T5631] veth1_vlan: left promiscuous mode [ 543.912768][ T5631] veth0_vlan: left promiscuous mode [ 544.354667][ T29] audit: type=1400 audit(1728378850.377:284): avc: denied { execute } for pid=9640 comm="syz.4.815" path=2F6D656D66643A01FDAE2E2BA68CB63F32193994532C7C783F55655BBDE1210333BC2723FF179B25F35B64202097F5479741C2D8F05571E62BA56C940BB607175CFB0421E4C4B1A21CFF433B94510DB67D9CEC430BCFEBE49A52E52C8203202864656C6574656429 dev="hugetlbfs" ino=29876 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 544.948843][ T9648] xt_policy: too many policy elements [ 546.898675][ T9664] Can't find ip_set type hash:n [ 548.926413][ T9685] xt_policy: too many policy elements [ 549.049057][ T9687] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 549.057827][ T9687] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 549.890962][ T5631] team0 (unregistering): Port device team_slave_1 removed [ 550.064391][ T5631] team0 (unregistering): Port device team_slave_0 removed [ 552.112262][ T29] audit: type=1326 audit(1728378858.217:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9699 comm="syz.0.827" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fedcc77dff9 code=0x0 [ 556.862967][ T5218] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 556.883157][ T5218] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 556.897537][ T5218] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 556.921804][ T5218] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 556.942329][ T5218] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 556.950095][ T5218] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 557.504611][ T9745] xt_policy: too many policy elements [ 558.407014][ T5631] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.536733][ T9487] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 558.550073][ T9487] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 558.610739][ T9487] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 559.041474][ T54] Bluetooth: hci3: command tx timeout [ 559.406468][ T9487] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 560.313693][ T5631] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.420007][ T9768] program syz.1.838 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 560.429716][ T9768] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 560.928321][ T5631] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.182693][ T54] Bluetooth: hci3: command tx timeout [ 561.603268][ T9778] program syz.0.840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 561.613039][ T9778] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 562.332102][ T29] audit: type=1326 audit(1728378868.537:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9769 comm="syz.1.839" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbde417dff9 code=0x0 [ 562.536967][ T5631] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.893076][ T9788] program syz.0.841 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 562.902561][ T9788] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 563.208884][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.289458][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.296811][ T5218] Bluetooth: hci3: command tx timeout [ 563.768135][ T9487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 563.817871][ T9487] 8021q: adding VLAN 0 to HW filter on device team0 [ 563.861548][ T7658] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.868739][ T7658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 563.931056][ T9737] chnl_net:caif_netlink_parms(): no params data found [ 563.966608][ T7658] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.973829][ T7658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.072342][ T5631] team0: left allmulticast mode [ 565.077257][ T5631] team_slave_0: left allmulticast mode [ 565.128762][ T5631] team_slave_1: left allmulticast mode [ 565.159227][ T5631] team0: left promiscuous mode [ 565.342135][ T5218] Bluetooth: hci3: command tx timeout [ 565.348034][ T4611] Bluetooth: hci2: command 0x0406 tx timeout [ 565.355595][ T5631] team_slave_0: left promiscuous mode [ 565.361126][ T5631] team_slave_1: left promiscuous mode [ 565.424227][ T5631] bridge0: port 3(team0) entered disabled state [ 565.489390][ T5631] bridge_slave_1: left allmulticast mode [ 565.497182][ T5631] bridge_slave_1: left promiscuous mode [ 565.503115][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.522966][ T5631] bridge_slave_0: left allmulticast mode [ 565.531873][ T5631] bridge_slave_0: left promiscuous mode [ 565.540945][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.018712][ T5218] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 566.030720][ T5218] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 566.043449][ T5218] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 566.057803][ T5218] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 566.067940][ T5218] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 566.075437][ T5218] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 566.651309][ T9835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.844'. [ 568.152356][ T54] Bluetooth: hci0: command tx timeout [ 568.179265][ T5631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 568.232800][ T5631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 568.283610][ T5631] bond0 (unregistering): Released all slaves [ 568.312910][ T9737] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.332193][ T9737] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.339379][ T9737] bridge_slave_0: entered allmulticast mode [ 568.379719][ T9737] bridge_slave_0: entered promiscuous mode [ 568.420037][ T9737] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.431901][ T9737] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.441115][ T9737] bridge_slave_1: entered allmulticast mode [ 568.458812][ T9737] bridge_slave_1: entered promiscuous mode [ 568.570852][ T9737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 568.601645][ T9737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 568.865468][ T9737] team0: Port device team_slave_0 added [ 568.897029][ T9737] team0: Port device team_slave_1 added [ 569.090027][ T9487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 569.224080][ T9737] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 569.251544][ T9737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.306907][ T9737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 569.417936][ T5631] hsr_slave_0: left promiscuous mode [ 569.430382][ T5631] hsr_slave_1: left promiscuous mode [ 569.457857][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 569.484240][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 569.523123][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 569.530584][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 569.582031][ T5631] veth1_macvtap: left promiscuous mode [ 569.599960][ T5631] veth0_macvtap: left promiscuous mode [ 569.609694][ T5631] veth1_vlan: left promiscuous mode [ 569.620829][ T5631] veth0_vlan: left promiscuous mode [ 570.255477][ T54] Bluetooth: hci0: command tx timeout [ 571.011473][ T5631] team0 (unregistering): Port device team_slave_1 removed [ 571.119538][ T5631] team0 (unregistering): Port device team_slave_0 removed [ 572.170110][ T29] audit: type=1400 audit(1728378878.447:287): avc: denied { write } for pid=9878 comm="syz.0.851" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 572.288995][ T9881] kvm: pic: non byte write [ 572.346031][ T9737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 572.362108][ T9737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.391857][ T9737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 572.403030][ T54] Bluetooth: hci0: command tx timeout [ 572.700745][ T9737] hsr_slave_0: entered promiscuous mode [ 572.722417][ T9737] hsr_slave_1: entered promiscuous mode [ 572.820381][ T9487] veth0_vlan: entered promiscuous mode [ 572.828612][ T9822] chnl_net:caif_netlink_parms(): no params data found [ 573.057171][ T9487] veth1_vlan: entered promiscuous mode [ 573.632775][ T9822] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.657083][ T9822] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.664690][ T9822] bridge_slave_0: entered allmulticast mode [ 573.671814][ T9822] bridge_slave_0: entered promiscuous mode [ 573.679890][ T9822] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.687091][ T9822] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.694388][ T9822] bridge_slave_1: entered allmulticast mode [ 573.702969][ T9822] bridge_slave_1: entered promiscuous mode [ 573.760248][ T5631] IPVS: stop unused estimator thread 0... [ 573.908607][ T9822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.020571][ T9822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 574.208540][ T9822] team0: Port device team_slave_0 added [ 574.236201][ T9487] veth0_macvtap: entered promiscuous mode [ 574.313627][ T5631] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.366472][ T9822] team0: Port device team_slave_1 added [ 574.462181][ T54] Bluetooth: hci0: command tx timeout [ 574.474111][ T5631] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.634181][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 574.659264][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 574.711248][ T9822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 574.732869][ T9487] veth1_macvtap: entered promiscuous mode [ 575.625175][ T5631] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.826138][ T9923] program syz.1.856 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 575.835882][ T9923] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 576.574100][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 576.589390][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.780247][ T9822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 576.810263][ T5631] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.722753][ T9822] hsr_slave_0: entered promiscuous mode [ 577.732243][ T9822] hsr_slave_1: entered promiscuous mode [ 577.739003][ T9822] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 577.751474][ T9822] Cannot create hsr debugfs directory [ 577.785342][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.799729][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.841358][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.858689][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.868680][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.885842][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.899735][ T9487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 578.135328][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.172644][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.182981][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.194441][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.204527][ T9487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.216075][ T9487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.228284][ T9487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.270056][ T9487] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.282269][ T9487] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.291346][ T9487] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.305211][ T9487] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.342725][ T5631] bridge_slave_1: left allmulticast mode [ 578.359571][ T5631] bridge_slave_1: left promiscuous mode [ 578.376551][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.406417][ T5631] bridge_slave_0: left allmulticast mode [ 578.416320][ T5631] bridge_slave_0: left promiscuous mode [ 578.452623][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.112300][ T9948] program syz.0.861 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 579.122083][ T9948] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 579.812739][ T5631] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 579.903566][ T5631] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 579.935781][ T5631] bond0 (unregistering): Released all slaves [ 579.998396][ T9737] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 580.016056][ T9737] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 580.177133][ T9737] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 580.266276][ T9737] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 580.520809][ T5631] hsr_slave_0: left promiscuous mode [ 580.526792][ T5631] hsr_slave_1: left promiscuous mode [ 580.533089][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 580.540592][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 580.548952][ T5631] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 580.556558][ T5218] Bluetooth: hci1: command 0x0406 tx timeout [ 580.566455][ T5631] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.588328][ T5631] veth1_macvtap: left promiscuous mode [ 580.594072][ T5631] veth0_macvtap: left promiscuous mode [ 580.599628][ T5631] veth1_vlan: left promiscuous mode [ 580.604997][ T5631] veth0_vlan: left promiscuous mode [ 581.175469][ T5631] team0 (unregistering): Port device team_slave_1 removed [ 581.251927][ T5631] team0 (unregistering): Port device team_slave_0 removed [ 582.013901][ T6262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 582.021746][ T6262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.224151][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 582.242733][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.330519][ T9737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.644258][ T5631] IPVS: stop unused estimator thread 0... [ 582.808542][ T9822] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 582.876418][ T8] IPVS: starting estimator thread 0... [ 583.026948][ T9974] IPVS: using max 15 ests per chain, 36000 per kthread [ 583.138551][ T9737] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.201002][ T9822] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 583.452046][ T9822] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 583.565364][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.572537][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 583.620212][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.627397][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 583.654064][ T9822] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 583.722522][ T9986] program syz.3.864 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 583.732296][ T9986] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 584.537183][ T9737] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 584.557074][ T9737] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 585.576312][ T9822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 585.594863][ T9822] 8021q: adding VLAN 0 to HW filter on device team0 [ 585.618018][ T9822] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 585.628484][ T9822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 585.648701][ T6262] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.656149][ T6262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.670482][ T6262] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.677636][ T6262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.560145][ T29] audit: type=1400 audit(1728378892.477:288): avc: denied { map } for pid=10003 comm="syz.3.867" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=31527 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 586.892169][ T29] audit: type=1400 audit(1728378892.477:289): avc: denied { read write } for pid=10003 comm="syz.3.867" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=31527 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 587.105329][ T9822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.159135][ T9737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.265266][ T9822] veth0_vlan: entered promiscuous mode [ 587.286991][ T9822] veth1_vlan: entered promiscuous mode [ 587.345064][ T9822] veth0_macvtap: entered promiscuous mode [ 587.382476][ T9822] veth1_macvtap: entered promiscuous mode [ 587.838637][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.882834][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.922090][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.954883][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.981610][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.993683][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.008476][ T9822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 588.030288][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.041573][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.054512][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.065748][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.075909][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.203175][T10032] syz.0.870: attempt to access beyond end of device [ 588.203175][T10032] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 588.222156][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.987937][T10032] syz.0.870: attempt to access beyond end of device [ 588.987937][T10032] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 589.009036][T10032] Mount JFS Failure: -5 [ 589.013782][ T9822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.027789][T10032] jfs_mount failed w/return code = -5 [ 589.030850][ T9822] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.092428][ T9822] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.107391][ T9822] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.116860][ T9822] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.240493][T10040] program syz.3.871 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 589.250211][T10040] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 590.106659][ T9737] veth0_vlan: entered promiscuous mode [ 590.175803][ T7658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.187067][ T9737] veth1_vlan: entered promiscuous mode [ 590.193742][ T7658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.434120][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 590.449980][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 590.459936][ T9737] veth0_macvtap: entered promiscuous mode [ 590.491831][ T9737] veth1_macvtap: entered promiscuous mode [ 590.532556][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.557683][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.569201][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.585363][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.616333][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.640132][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.654036][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 590.665173][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.709277][ T9737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 590.724169][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 590.734847][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.746750][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 590.774422][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.786878][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 590.801218][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.835715][ T9737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 591.112722][T10050] kvm: pic: non byte write [ 591.346244][ T9737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 591.400767][ T9737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 591.515468][ T9737] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.536837][ T9737] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.578878][ T9737] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.592203][ T9737] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.697698][ T6262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.725274][ T6262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.787684][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.799799][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.033534][T10056] program syz.4.833 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 592.043764][T10056] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 593.753009][T10067] xt_policy: too many policy elements [ 595.040206][T10077] program syz.2.879 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 595.049677][T10077] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 596.080965][ T5218] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 596.876652][ T5218] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 597.835843][ T4611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 598.154526][T10074] syz.4.878: attempt to access beyond end of device [ 598.154526][T10074] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 598.167512][T10074] syz.4.878: attempt to access beyond end of device [ 598.167512][T10074] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 598.180319][T10074] Mount JFS Failure: -5 [ 598.184824][T10074] jfs_mount failed w/return code = -5 [ 598.657647][ T4611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 598.690154][ T4611] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 598.703404][ T4611] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 598.833026][T10102] syz.2.883: attempt to access beyond end of device [ 598.833026][T10102] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 598.850548][T10102] syz.2.883: attempt to access beyond end of device [ 598.850548][T10102] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 598.864582][T10102] Mount JFS Failure: -5 [ 598.868928][T10102] jfs_mount failed w/return code = -5 [ 600.483345][T10080] chnl_net:caif_netlink_parms(): no params data found [ 600.712545][T10121] kvm: pic: non byte write [ 600.783076][ T4611] Bluetooth: hci2: command tx timeout [ 601.000753][T10127] xt_policy: too many policy elements [ 601.842749][ T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 601.943137][T10080] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.852186][T10080] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.859439][T10080] bridge_slave_0: entered allmulticast mode [ 602.918352][T10080] bridge_slave_0: entered promiscuous mode [ 602.934329][T10080] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.949266][T10080] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.960971][ T54] Bluetooth: hci2: command tx timeout [ 602.966658][ T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 603.041938][T10080] bridge_slave_1: entered allmulticast mode [ 603.050099][T10080] bridge_slave_1: entered promiscuous mode [ 603.063980][ T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 603.073257][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 603.082039][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 603.092606][ T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 603.364724][T10080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 603.376185][T10080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 603.450919][ T29] audit: type=1400 audit(1728378909.727:290): avc: denied { accept } for pid=10140 comm="syz.4.892" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 604.403899][ T29] audit: type=1400 audit(1728378910.687:291): avc: denied { write } for pid=10140 comm="syz.4.892" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 604.470112][T10080] team0: Port device team_slave_0 added [ 604.520808][T10080] team0: Port device team_slave_1 added [ 604.550763][T10080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 604.588485][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.614857][T10080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 604.627906][T10080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 604.636381][T10080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 604.662386][T10080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 604.909860][ T5265] IPVS: starting estimator thread 0... [ 605.007378][T10158] IPVS: using max 15 ests per chain, 36000 per kthread [ 605.022993][ T54] Bluetooth: hci2: command tx timeout [ 605.032260][ T25] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 605.193341][ T54] Bluetooth: hci6: command tx timeout [ 605.953239][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 606.820028][T10080] hsr_slave_0: entered promiscuous mode [ 606.827025][T10080] hsr_slave_1: entered promiscuous mode [ 606.833745][T10080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 606.841362][T10080] Cannot create hsr debugfs directory [ 607.005470][T10129] chnl_net:caif_netlink_parms(): no params data found [ 607.102200][ T54] Bluetooth: hci2: command tx timeout [ 607.228728][ T25] usb 5-1: device descriptor read/all, error -71 [ 607.262521][ T54] Bluetooth: hci6: command tx timeout [ 607.497016][T10182] syz.4.898: attempt to access beyond end of device [ 607.497016][T10182] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 607.515941][T10182] syz.4.898: attempt to access beyond end of device [ 607.515941][T10182] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 607.529748][T10182] Mount JFS Failure: -5 [ 607.534907][T10182] jfs_mount failed w/return code = -5 [ 607.637278][T10080] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.008905][T10129] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.018262][T10129] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.034230][T10129] bridge_slave_0: entered allmulticast mode [ 608.063014][T10129] bridge_slave_0: entered promiscuous mode [ 608.094334][T10080] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.129764][T10129] bridge0: port 2(bridge_slave_1) entered blocking state [ 608.137434][T10129] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.146246][T10129] bridge_slave_1: entered allmulticast mode [ 608.161202][T10129] bridge_slave_1: entered promiscuous mode [ 608.247489][T10080] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.341365][T10129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.178956][T10129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.290880][T10080] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.399078][ T54] Bluetooth: hci6: command tx timeout [ 609.466902][T10129] team0: Port device team_slave_0 added [ 610.294880][T10129] team0: Port device team_slave_1 added [ 610.375334][T10129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 610.389491][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.428283][T10129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 611.369152][T10129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 611.381135][T10129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.416956][T10129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 611.427830][ T54] Bluetooth: hci6: command tx timeout [ 611.514857][T10206] syz.2.903: attempt to access beyond end of device [ 611.514857][T10206] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 611.528624][T10206] syz.2.903: attempt to access beyond end of device [ 611.528624][T10206] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 611.542755][T10206] Mount JFS Failure: -5 [ 611.547031][T10206] jfs_mount failed w/return code = -5 [ 611.984965][T10080] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 612.001682][T10129] hsr_slave_0: entered promiscuous mode [ 612.010523][T10129] hsr_slave_1: entered promiscuous mode [ 612.016235][ T9] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 612.035949][T10129] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 612.052110][T10129] Cannot create hsr debugfs directory [ 612.066201][T10080] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 612.113132][T10080] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 612.138358][T10080] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 612.185908][ T9] usb 5-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 612.224344][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.256968][ T9] usb 5-1: Product: syz [ 612.261211][ T9] usb 5-1: Manufacturer: syz [ 613.050865][ T9] usb 5-1: SerialNumber: syz [ 613.063691][ T9] usb 5-1: config 0 descriptor?? [ 613.390106][T10217] program syz.2.908 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 613.399908][T10217] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 613.472505][ T9] peak_usb 5-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels) [ 614.054056][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 614.921804][T10129] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.012071][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 615.021643][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 615.095371][T10129] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.113494][ T9] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 615.130027][T10080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 615.139012][ T9] usb 5-1: USB disconnect, device number 9 [ 615.631192][T10225] program syz.0.911 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 615.640636][T10225] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 615.659097][T10080] 8021q: adding VLAN 0 to HW filter on device team0 [ 615.694544][T10129] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.716236][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.723390][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 615.740650][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.747812][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 615.781321][T10129] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.745899][T10129] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 617.241887][T10129] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 617.745490][T10129] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 617.807309][T10129] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 618.631122][T10080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 620.365895][T10080] veth0_vlan: entered promiscuous mode [ 620.597495][T10080] veth1_vlan: entered promiscuous mode [ 621.483698][T10129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 621.523278][T10129] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.559120][T10129] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 621.569631][T10129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 621.604205][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.611337][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.769971][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.777185][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.444565][T10080] veth0_macvtap: entered promiscuous mode [ 622.508723][T10080] veth1_macvtap: entered promiscuous mode [ 622.626524][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.650796][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.672116][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.690441][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.700823][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.741879][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.791949][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.852449][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.872966][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.884040][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.990670][T10283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.921'. [ 623.614543][T10080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 623.645332][T10129] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 623.668252][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.726734][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.765325][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.788431][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.822088][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.849038][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.870190][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.898918][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.909029][T10080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.921483][T10080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.934289][T10080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 624.006363][T10080] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.036348][T10080] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.059298][T10080] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.085449][T10080] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.228458][T10129] veth0_vlan: entered promiscuous mode [ 624.309947][T10129] veth1_vlan: entered promiscuous mode [ 624.345789][ T7658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.373677][ T7658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.443085][T10129] veth0_macvtap: entered promiscuous mode [ 624.486078][ T6906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.488979][T10129] veth1_macvtap: entered promiscuous mode [ 624.510660][ T6906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.546485][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.552287][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.552911][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.586932][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.621660][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.650856][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.670410][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.714016][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.734931][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.818678][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.903534][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.932155][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.972159][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 624.998720][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.020216][T10129] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 625.075975][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.095631][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.108225][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.120781][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.137196][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.148134][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.158954][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.170781][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.190832][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.212982][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.245076][T10129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 625.275927][T10129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 625.312971][T10129] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 625.373049][T10129] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.389359][T10129] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.398327][T10129] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.407160][T10129] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 625.621829][ T7898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 625.630847][ T7898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 626.013946][ T1066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 626.021800][ T1066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 628.330927][T10320] program syz.3.928 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 628.340591][T10320] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 631.785337][T10339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.930'. [ 634.745780][T10349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'. [ 634.848741][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.937'. [ 635.777265][T10358] program syz.2.938 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 635.786847][T10358] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 638.021073][T10374] syz.4.940: attempt to access beyond end of device [ 638.021073][T10374] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 638.035045][T10374] syz.4.940: attempt to access beyond end of device [ 638.035045][T10374] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 638.048773][T10374] Mount JFS Failure: -5 [ 638.053215][T10374] jfs_mount failed w/return code = -5 [ 639.383045][ T4611] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 639.457126][T10385] syz.2.942: attempt to access beyond end of device [ 639.457126][T10385] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 639.471103][T10385] syz.2.942: attempt to access beyond end of device [ 639.471103][T10385] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 639.484462][T10385] Mount JFS Failure: -5 [ 639.488691][T10385] jfs_mount failed w/return code = -5 [ 639.544591][ T4611] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 639.622840][ T4611] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 639.652197][ T4611] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 639.660782][ T4611] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 639.668179][ T4611] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 641.356712][T10404] xt_policy: too many policy elements [ 642.189338][ T4611] Bluetooth: hci7: command tx timeout [ 644.035810][T10378] chnl_net:caif_netlink_parms(): no params data found [ 644.232781][ T4611] Bluetooth: hci7: command tx timeout [ 644.326050][T10427] program syz.4.952 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 644.335480][T10427] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 644.352890][T10378] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.435289][T10378] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.446988][T10378] bridge_slave_0: entered allmulticast mode [ 644.466482][T10378] bridge_slave_0: entered promiscuous mode [ 644.560694][T10378] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.613854][T10378] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.812529][T10378] bridge_slave_1: entered allmulticast mode [ 644.819985][T10378] bridge_slave_1: entered promiscuous mode [ 645.247621][T10378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 645.315065][T10378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 645.557004][T10378] team0: Port device team_slave_0 added [ 645.634654][T10378] team0: Port device team_slave_1 added [ 646.231705][T10378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.407002][ T4611] Bluetooth: hci7: command tx timeout [ 646.451744][T10378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.782341][T10378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.806962][T10378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 646.814609][T10378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.872116][T10378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.003630][ T6906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.428667][T10447] netlink: 16 bytes leftover after parsing attributes in process `syz.4.956'. [ 647.560675][ T6906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.464055][ T4611] Bluetooth: hci7: command tx timeout [ 648.722267][T10456] syz.3.958: attempt to access beyond end of device [ 648.722267][T10456] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 648.738169][T10456] syz.3.958: attempt to access beyond end of device [ 648.738169][T10456] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 648.752440][T10456] Mount JFS Failure: -5 [ 648.756778][T10456] jfs_mount failed w/return code = -5 [ 649.196556][T10464] program syz.4.960 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 649.206266][T10464] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 649.867400][T10466] syz.0.961: attempt to access beyond end of device [ 649.867400][T10466] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 649.881062][T10466] syz.0.961: attempt to access beyond end of device [ 649.881062][T10466] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 649.894391][T10466] Mount JFS Failure: -5 [ 649.903032][T10466] jfs_mount failed w/return code = -5 [ 650.017442][ T6906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.248830][T10378] hsr_slave_0: entered promiscuous mode [ 650.261555][T10378] hsr_slave_1: entered promiscuous mode [ 651.347548][T10378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 651.356420][T10378] Cannot create hsr debugfs directory [ 652.395941][ T4611] Bluetooth: hci5: command 0x0406 tx timeout [ 652.524563][ T6906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.049346][ T6906] bridge_slave_1: left allmulticast mode [ 653.231191][ T6906] bridge_slave_1: left promiscuous mode [ 654.141351][T10498] syz.2.967: attempt to access beyond end of device [ 654.141351][T10498] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 654.157961][T10498] syz.2.967: attempt to access beyond end of device [ 654.157961][T10498] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 654.172049][T10498] Mount JFS Failure: -5 [ 654.176424][T10498] jfs_mount failed w/return code = -5 [ 654.270539][ T6906] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.581650][ T6906] bridge_slave_0: left allmulticast mode [ 654.587585][ T6906] bridge_slave_0: left promiscuous mode [ 654.597000][ T6906] bridge0: port 1(bridge_slave_0) entered disabled state [ 656.978695][T10527] program syz.0.971 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 656.988592][T10527] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 657.844399][T10536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.974'. [ 659.882936][T10545] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 659.892987][T10545] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 659.935252][ T5293] IPVS: starting estimator thread 0... [ 660.028316][T10551] IPVS: using max 30 ests per chain, 72000 per kthread [ 660.857780][ T6906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 661.092434][T10568] program syz.0.980 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.101823][T10568] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 662.272124][ T6906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 662.303081][ T6906] bond0 (unregistering): Released all slaves [ 662.316678][ T29] audit: type=1400 audit(1728378968.597:292): avc: denied { create } for pid=10573 comm="syz.2.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 662.408595][T10576] xt_policy: too many policy elements [ 663.563508][T10585] program syz.4.985 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.573251][T10585] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 665.965382][ T46] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 666.803208][T10600] syz.2.988: attempt to access beyond end of device [ 666.803208][T10600] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 666.817045][T10600] syz.2.988: attempt to access beyond end of device [ 666.817045][T10600] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 666.830521][T10600] Mount JFS Failure: -5 [ 666.834920][T10600] jfs_mount failed w/return code = -5 [ 667.177559][T10378] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 667.275171][T10378] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 667.350529][ T46] usb 5-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 667.359755][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.375474][ T46] usb 5-1: Product: syz [ 667.383112][ T46] usb 5-1: Manufacturer: syz [ 667.387896][ T46] usb 5-1: SerialNumber: syz [ 667.413408][ T46] usb 5-1: config 0 descriptor?? [ 667.432627][ T6906] hsr_slave_0: left promiscuous mode [ 667.438640][ T6906] hsr_slave_1: left promiscuous mode [ 667.466434][ T6906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 667.492224][ T6906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 667.527108][ T6906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 667.560105][ T6906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 667.729143][ T6906] veth1_macvtap: left promiscuous mode [ 667.758131][ T6906] veth0_macvtap: left promiscuous mode [ 667.784301][ T6906] veth1_vlan: left promiscuous mode [ 667.813264][ T6906] veth0_vlan: left promiscuous mode [ 669.353191][T10639] xt_policy: too many policy elements [ 670.473256][T10646] xt_policy: too many policy elements [ 671.882958][ T4611] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 672.015399][T10658] xt_CT: You must specify a L4 protocol and not use inversions on it [ 672.908155][ T4611] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 672.995101][ T4611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 673.032178][ T4611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 673.075307][ T4611] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 673.082741][ T4611] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 674.544514][T10669] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 674.553409][T10669] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 674.815051][ T6906] team0 (unregistering): Port device team_slave_1 removed [ 674.901095][ T6906] team0 (unregistering): Port device team_slave_0 removed [ 675.184947][ T54] Bluetooth: hci2: command tx timeout [ 675.568176][T10378] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 675.578313][T10378] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 675.723816][ T46] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 675.732226][T10619] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'. [ 675.741495][ T46] peak_usb 5-1:0.0: unable to read PCAN-Chip USB firmware info (err -71) [ 676.201280][T10378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 676.276413][T10378] 8021q: adding VLAN 0 to HW filter on device team0 [ 676.493260][T10378] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 676.503679][T10378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 676.529949][ T6262] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.537123][ T6262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 676.546501][ T6262] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.553639][ T6262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.033708][ T46] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71 [ 677.047519][ T46] usb 5-1: USB disconnect, device number 10 [ 677.329713][ T54] Bluetooth: hci2: command tx timeout [ 677.754522][ T46] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 678.036285][T10378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.071834][T10378] veth0_vlan: entered promiscuous mode [ 678.083381][T10378] veth1_vlan: entered promiscuous mode [ 678.105689][T10378] veth0_macvtap: entered promiscuous mode [ 678.114978][T10378] veth1_macvtap: entered promiscuous mode [ 678.130154][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.140819][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.150752][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.162227][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.173030][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.183634][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.193555][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.204030][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.213946][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.224468][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.234949][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.249468][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.262267][T10378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 678.274407][T10654] chnl_net:caif_netlink_parms(): no params data found [ 678.407539][T10693] 9pnet_fd: Insufficient options for proto=fd [ 678.903083][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.922246][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.051560][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.201701][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.211630][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.222219][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.232765][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.243264][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.253219][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.263734][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.276520][T10378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.288138][T10378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.603900][ T54] Bluetooth: hci2: command tx timeout [ 679.694762][T10378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.150694][T10378] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.225557][T10378] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.279385][T10378] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.312520][T10378] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.439351][ T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 680.449239][ T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 680.461139][ T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 680.484910][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 680.493448][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 680.504114][ T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 681.324217][ T1073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.350963][ T1073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.567803][T10654] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.583268][T10654] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.598225][T10654] bridge_slave_0: entered allmulticast mode [ 681.674919][ T5218] Bluetooth: hci2: command tx timeout [ 682.321506][T10654] bridge_slave_0: entered promiscuous mode [ 682.334271][T10654] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.341374][T10654] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.350468][T10654] bridge_slave_1: entered allmulticast mode [ 682.359641][T10654] bridge_slave_1: entered promiscuous mode [ 682.977839][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.035297][ T5218] Bluetooth: hci3: command 0x0406 tx timeout [ 683.045154][ T5218] Bluetooth: hci6: command tx timeout [ 683.081169][T10654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.204267][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.318260][T10654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.417316][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.470249][T10654] team0: Port device team_slave_0 added [ 683.498731][ T5631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.511263][ T5631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.576565][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.634082][T10654] team0: Port device team_slave_1 added [ 683.815872][T10654] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 683.832050][T10654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 683.864547][T10654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 683.878478][T10654] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 683.887369][T10654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 683.919017][T10654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 684.022266][T10737] syz.1.939: attempt to access beyond end of device [ 684.022266][T10737] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 684.038079][T10737] syz.1.939: attempt to access beyond end of device [ 684.038079][T10737] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 684.052023][T10737] Mount JFS Failure: -5 [ 684.056283][T10737] jfs_mount failed w/return code = -5 [ 684.126010][ T8] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 684.463630][ T8] usb 5-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 684.473145][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.481220][ T8] usb 5-1: Product: syz [ 684.492086][ T8] usb 5-1: Manufacturer: syz [ 684.507033][ T8] usb 5-1: SerialNumber: syz [ 684.521398][ T8] usb 5-1: config 0 descriptor?? [ 684.639028][T10654] hsr_slave_0: entered promiscuous mode [ 684.682591][T10654] hsr_slave_1: entered promiscuous mode [ 684.691251][T10654] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 684.722175][T10654] Cannot create hsr debugfs directory [ 684.776822][ T8] peak_usb 5-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels) [ 684.908688][T10706] chnl_net:caif_netlink_parms(): no params data found [ 684.977646][ T8] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 684.989641][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.001284][ T8] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 685.022286][ T8] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 685.102115][ T4611] Bluetooth: hci6: command tx timeout [ 685.148286][ T8] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 685.181621][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.209127][ T5265] usb 5-1: USB disconnect, device number 12 [ 685.320355][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.542585][ T5265] IPVS: starting estimator thread 0... [ 685.655719][T10754] IPVS: using max 18 ests per chain, 43200 per kthread [ 685.686891][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.869638][T10706] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.898600][T10706] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.912240][T10706] bridge_slave_0: entered allmulticast mode [ 685.932993][T10706] bridge_slave_0: entered promiscuous mode [ 685.995356][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.001809][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.192988][T10768] program syz.4.1015 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 686.202837][T10768] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 686.479184][T10706] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.641019][T10706] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.774928][T10706] bridge_slave_1: entered allmulticast mode [ 686.850260][T10706] bridge_slave_1: entered promiscuous mode [ 687.199725][ T4611] Bluetooth: hci6: command tx timeout [ 688.199951][T10785] syz.4.1018: attempt to access beyond end of device [ 688.199951][T10785] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 688.218803][T10785] syz.4.1018: attempt to access beyond end of device [ 688.218803][T10785] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 688.232112][T10785] Mount JFS Failure: -5 [ 688.236445][T10785] jfs_mount failed w/return code = -5 [ 688.678021][T10706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.712751][ T11] bridge_slave_1: left allmulticast mode [ 688.718439][ T11] bridge_slave_1: left promiscuous mode [ 688.831800][T10791] syz.0.1019: attempt to access beyond end of device [ 688.831800][T10791] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 688.845430][T10791] syz.0.1019: attempt to access beyond end of device [ 688.845430][T10791] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 688.858782][T10791] Mount JFS Failure: -5 [ 688.863184][T10791] jfs_mount failed w/return code = -5 [ 688.890189][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.130367][ T11] bridge_slave_0: left allmulticast mode [ 689.151375][ T11] bridge_slave_0: left promiscuous mode [ 689.192638][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 689.264569][T10797] xt_policy: too many policy elements [ 689.277609][ T4611] Bluetooth: hci6: command tx timeout [ 689.931545][ T11] bridge_slave_1: left allmulticast mode [ 689.938929][ T11] bridge_slave_1: left promiscuous mode [ 689.945440][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.961210][ T11] bridge_slave_0: left allmulticast mode [ 689.969499][ T11] bridge_slave_0: left promiscuous mode [ 689.980789][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 690.273394][T10801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1022'. [ 692.773106][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 692.797054][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 692.815203][ T11] bond0 (unregistering): Released all slaves [ 692.977968][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 693.004815][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 693.055511][ T11] bond0 (unregistering): Released all slaves [ 693.125763][T10706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 696.538438][T10706] team0: Port device team_slave_0 added [ 696.663375][T10832] syz.0.1030: attempt to access beyond end of device [ 696.663375][T10832] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 696.680866][T10832] syz.0.1030: attempt to access beyond end of device [ 696.680866][T10832] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 696.702238][T10832] Mount JFS Failure: -5 [ 696.707140][T10832] jfs_mount failed w/return code = -5 [ 697.208731][T10837] program syz.1.1031 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 697.218605][T10837] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 699.425879][T10706] team0: Port device team_slave_1 added [ 699.666903][T10706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 699.702920][T10706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.731099][T10706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 699.806602][T10706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 699.821781][T10706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.861799][T10706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 700.135311][T10706] hsr_slave_0: entered promiscuous mode [ 700.171221][T10706] hsr_slave_1: entered promiscuous mode [ 700.195196][T10706] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 700.205279][T10706] Cannot create hsr debugfs directory [ 700.285357][T10868] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1036'. [ 701.910114][T10878] kvm: emulating exchange as write [ 702.314058][ T11] hsr_slave_0: left promiscuous mode [ 702.319783][ T11] hsr_slave_1: left promiscuous mode [ 702.326706][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 702.353924][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 702.427836][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 702.449512][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.510482][ T11] hsr_slave_0: left promiscuous mode [ 702.554024][ T11] hsr_slave_1: left promiscuous mode [ 702.580118][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 702.588065][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 702.613259][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 702.666271][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 702.785302][ T11] veth1_macvtap: left promiscuous mode [ 702.798889][ T11] veth0_macvtap: left promiscuous mode [ 702.804781][ T11] veth1_vlan: left promiscuous mode [ 702.822255][ T11] veth0_vlan: left promiscuous mode [ 702.828768][ T11] veth1_macvtap: left promiscuous mode [ 702.834711][ T11] veth0_macvtap: left promiscuous mode [ 702.858459][ T11] veth1_vlan: left promiscuous mode [ 702.872714][ T11] veth0_vlan: left promiscuous mode [ 704.273388][T10900] program syz.1.1044 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 704.283134][T10900] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 704.916539][T10907] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1046'. [ 707.277982][ T29] audit: type=1400 audit(1728379013.557:293): avc: denied { create } for pid=10917 comm="syz.1.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 707.282529][ T11] team0 (unregistering): Port device team_slave_1 removed [ 707.539268][ T11] team0 (unregistering): Port device team_slave_0 removed [ 708.860961][T10928] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 708.870938][T10928] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 710.581885][T10943] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1055'. [ 712.667488][T10957] xt_CT: You must specify a L4 protocol and not use inversions on it [ 713.785713][T10970] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1063'. [ 714.561596][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 714.573349][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 714.584424][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 714.599700][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 714.622322][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 714.633330][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 714.805627][ T11] team0 (unregistering): Port device team_slave_1 removed [ 714.923263][ T11] team0 (unregistering): Port device team_slave_0 removed [ 716.769919][ T4611] Bluetooth: hci0: command tx timeout [ 718.689601][T10654] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 718.745457][T10654] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 718.784437][ T4611] Bluetooth: hci0: command tx timeout [ 719.030621][T10654] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 719.169514][T10654] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 720.410141][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1070'. [ 721.251665][ T4611] Bluetooth: hci0: command tx timeout [ 721.441684][T10654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 721.745034][T11030] program syz.4.1073 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 721.754566][T11030] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 723.077028][T11038] program syz.4.1074 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 723.086909][T11038] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 723.219486][T10654] 8021q: adding VLAN 0 to HW filter on device team0 [ 723.262528][ T4611] Bluetooth: hci0: command tx timeout [ 723.895323][T11036] syz.1.1075: attempt to access beyond end of device [ 723.895323][T11036] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 723.919493][T11036] syz.1.1075: attempt to access beyond end of device [ 723.919493][T11036] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 723.936649][T11036] Mount JFS Failure: -5 [ 723.941009][T11036] jfs_mount failed w/return code = -5 [ 724.366966][T10971] chnl_net:caif_netlink_parms(): no params data found [ 724.445870][ T6906] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.453058][ T6906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 724.563591][ T6906] bridge0: port 2(bridge_slave_1) entered blocking state [ 724.570716][ T6906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.561144][T11051] syz.4.1078: attempt to access beyond end of device [ 725.561144][T11051] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 725.583050][T11051] syz.4.1078: attempt to access beyond end of device [ 725.583050][T11051] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 725.597072][T11051] Mount JFS Failure: -5 [ 725.601426][T11051] jfs_mount failed w/return code = -5 [ 725.803253][ T11] IPVS: stop unused estimator thread 0... [ 726.244556][T10706] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 726.284530][T10706] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 726.294622][T11059] syz.4.1079: attempt to access beyond end of device [ 726.294622][T11059] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 726.315254][T11059] syz.4.1079: attempt to access beyond end of device [ 726.315254][T11059] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 726.329264][T11059] Mount JFS Failure: -5 [ 726.333718][T11059] jfs_mount failed w/return code = -5 [ 726.790942][T10706] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 726.848537][T10706] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 726.865212][T10971] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.885154][T10971] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.907591][T10971] bridge_slave_0: entered allmulticast mode [ 726.925747][T10971] bridge_slave_0: entered promiscuous mode [ 726.971188][T10971] bridge0: port 2(bridge_slave_1) entered blocking state [ 727.011099][T10971] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.043029][T10971] bridge_slave_1: entered allmulticast mode [ 727.485988][T10971] bridge_slave_1: entered promiscuous mode [ 727.568288][T10971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.664908][T10971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.192998][T10971] team0: Port device team_slave_0 added [ 728.210304][T10971] team0: Port device team_slave_1 added [ 728.273445][T10654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 728.309540][T10971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 728.340054][T10971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.377589][T10971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 728.412896][T10971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 728.426015][T10971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.461130][T10971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 728.625590][T11082] program syz.4.1083 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 728.635431][T11082] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 728.837924][T10971] hsr_slave_0: entered promiscuous mode [ 728.946631][T10971] hsr_slave_1: entered promiscuous mode [ 729.032999][T10971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 729.127438][T10971] Cannot create hsr debugfs directory [ 729.302986][T10654] veth0_vlan: entered promiscuous mode [ 729.955464][T10654] veth1_vlan: entered promiscuous mode [ 730.131021][T10706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.812500][T11107] program syz.1.1086 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 730.822378][T11107] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 732.771382][T10971] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.925172][T10706] 8021q: adding VLAN 0 to HW filter on device team0 [ 733.063225][T10971] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 733.097618][ T54] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 733.105573][T10738] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 733.116667][ T54] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 733.125486][ T54] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 733.148782][ T6906] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.155952][ T6906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 733.166653][ T54] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 733.175811][ T6906] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.183000][ T6906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.191342][ T54] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 733.200346][ T54] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 733.310660][T10738] usb 2-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 733.392820][T10738] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.477409][T10738] usb 2-1: Product: syz [ 733.576140][T10738] usb 2-1: Manufacturer: syz [ 733.612014][T10738] usb 2-1: SerialNumber: syz [ 733.693956][T10971] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 733.694949][T10738] usb 2-1: config 0 descriptor?? [ 734.094853][T10971] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 734.135590][T10706] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 734.163233][T10738] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-32 [ 734.173257][T10738] peak_usb 2-1:0.0: unable to read PCAN-Chip USB firmware info (err -32) [ 734.231979][T10706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 734.547982][T10738] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -32 [ 735.376263][ T54] Bluetooth: hci8: command tx timeout [ 735.601624][T11159] program syz.4.1091 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 735.611824][T11159] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 735.675512][T10706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 735.770827][T10971] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 735.792405][T10971] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 735.830615][T10971] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 735.850053][T10971] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 736.059492][ T5263] usb 2-1: USB disconnect, device number 20 [ 736.867453][T10971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 736.885584][T10971] 8021q: adding VLAN 0 to HW filter on device team0 [ 736.919737][T10971] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 736.931315][T10971] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 737.017835][T10706] veth0_vlan: entered promiscuous mode [ 737.165401][T10694] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.172532][T10694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.190444][T10694] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.197610][T10694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.259496][T11179] syz.4.1095: attempt to access beyond end of device [ 737.259496][T11179] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 737.272717][T11179] syz.4.1095: attempt to access beyond end of device [ 737.272717][T11179] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 737.285671][T11179] Mount JFS Failure: -5 [ 737.289813][T11179] jfs_mount failed w/return code = -5 [ 737.356129][T11124] chnl_net:caif_netlink_parms(): no params data found [ 737.371430][ T11] bridge_slave_1: left allmulticast mode [ 737.381142][ T11] bridge_slave_1: left promiscuous mode [ 737.402598][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.422909][ T54] Bluetooth: hci8: command tx timeout [ 737.610955][ T11] bridge_slave_0: left allmulticast mode [ 738.362932][ T11] bridge_slave_0: left promiscuous mode [ 738.413912][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.824409][T11208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1097'. [ 738.977443][ T4611] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 738.989597][ T4611] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 738.998178][ T4611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 739.025898][ T4611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 739.043102][ T4611] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 739.052784][ T4611] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 739.176187][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 739.201726][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 739.218709][ T11] bond0 (unregistering): Released all slaves [ 739.251514][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1096'. [ 739.467969][ T11] hsr_slave_0: left promiscuous mode [ 739.481619][ T11] hsr_slave_1: left promiscuous mode [ 739.491644][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 739.502999][ T4611] Bluetooth: hci8: command tx timeout [ 739.514502][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 739.557183][ T11] veth1_vlan: left promiscuous mode [ 739.564499][ T11] veth0_vlan: left promiscuous mode [ 739.775073][T11221] kvm: pic: non byte write [ 740.881783][ T11] team0 (unregistering): Port device team_slave_1 removed [ 740.966021][ T11] team0 (unregistering): Port device team_slave_0 removed [ 741.185905][ T4611] Bluetooth: hci2: command tx timeout [ 741.582073][ T4611] Bluetooth: hci8: command tx timeout [ 741.978297][T11236] program syz.4.1101 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 741.988283][T11236] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 742.776059][T10971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 742.909127][T11124] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.920221][T11124] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.936064][T11124] bridge_slave_0: entered allmulticast mode [ 742.964268][T11124] bridge_slave_0: entered promiscuous mode [ 743.088109][T11124] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.122596][T11124] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.151341][T11124] bridge_slave_1: entered allmulticast mode [ 743.172225][T11124] bridge_slave_1: entered promiscuous mode [ 743.241541][T11124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 743.256628][T11124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 743.262138][ T4611] Bluetooth: hci2: command tx timeout [ 743.377411][T11124] team0: Port device team_slave_0 added [ 743.404411][T11124] team0: Port device team_slave_1 added [ 743.528013][T11124] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 743.558713][T11124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.013922][T11258] syz.1.1104: attempt to access beyond end of device [ 744.013922][T11258] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 744.027227][T11258] syz.1.1104: attempt to access beyond end of device [ 744.027227][T11258] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 744.082013][T11124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 744.133888][T11258] Mount JFS Failure: -5 [ 744.138093][T11258] jfs_mount failed w/return code = -5 [ 744.170618][T10971] veth0_vlan: entered promiscuous mode [ 744.204506][T10971] veth1_vlan: entered promiscuous mode [ 744.344034][T11124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 744.365362][T11124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 745.132078][T11124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 745.613815][ T4611] Bluetooth: hci2: command tx timeout [ 745.786352][T10971] veth0_macvtap: entered promiscuous mode [ 745.924827][T11280] syz.4.1107: attempt to access beyond end of device [ 745.924827][T11280] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 745.941412][T11280] syz.4.1107: attempt to access beyond end of device [ 745.941412][T11280] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 745.959444][T11280] Mount JFS Failure: -5 [ 745.964398][T11280] jfs_mount failed w/return code = -5 [ 746.214709][T11210] chnl_net:caif_netlink_parms(): no params data found [ 746.290520][T10971] veth1_macvtap: entered promiscuous mode [ 746.522415][T11124] hsr_slave_0: entered promiscuous mode [ 746.683700][T11124] hsr_slave_1: entered promiscuous mode [ 746.879569][T11124] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 746.881808][T11283] kvm: pic: non byte write [ 746.887568][T11124] Cannot create hsr debugfs directory [ 747.219996][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.230766][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.241062][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.251627][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.261629][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.272462][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.283263][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.294546][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.304482][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 747.315102][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 747.343380][T10971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.489025][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.495820][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.082075][ T4611] Bluetooth: hci2: command tx timeout [ 748.218703][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 748.242119][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 748.260479][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 748.366370][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 748.703334][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 748.773464][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.172189][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 749.212133][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.228446][T10971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 749.241138][T10971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 749.253493][T10971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 749.288940][T11210] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.302222][T11210] bridge0: port 1(bridge_slave_0) entered disabled state [ 749.312957][T11210] bridge_slave_0: entered allmulticast mode [ 749.320138][T11210] bridge_slave_0: entered promiscuous mode [ 749.343264][ T30] INFO: task syz.1.865:9982 blocked for more than 143 seconds. [ 749.358464][ T30] Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 749.381044][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 749.390106][ T30] task:syz.1.865 state:D stack:25824 pid:9982 tgid:9982 ppid:5225 flags:0x00000004 [ 749.413107][ T30] Call Trace: [ 749.441997][ T30] [ 749.444991][ T30] __schedule+0xef5/0x5750 [ 749.449468][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 749.529502][ T30] ? __pfx___schedule+0x10/0x10 [ 749.542026][ T30] ? schedule+0x298/0x350 [ 749.546416][ T30] ? __pfx_lock_release+0x10/0x10 [ 749.551472][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 749.567922][ T30] ? lock_acquire+0x2f/0xb0 [ 749.577672][ T30] ? schedule+0x1fd/0x350 [ 749.582517][ T30] schedule+0xe7/0x350 [ 749.586632][ T30] io_schedule+0xbf/0x130 [ 749.591064][ T30] folio_wait_bit_common+0x3d8/0x9b0 [ 749.596653][ T30] ? folio_wait_bit_common+0x13c/0x9b0 [ 749.605596][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 749.611413][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 749.617158][ T30] ? __pfx___might_resched+0x10/0x10 [ 749.622606][ T30] ? _raw_spin_unlock+0x28/0x50 [ 749.627489][ T30] ? __vma_reservation_common+0x270/0x740 [ 749.634895][ T30] __filemap_get_folio+0x6a4/0xaf0 [ 749.640126][ T30] ? huge_pte_alloc+0x22e/0x3a0 [ 749.645092][ T30] hugetlb_fault+0x16ff/0x2fa0 [ 749.649857][ T30] ? __pfx_hugetlb_fault+0x10/0x10 [ 749.655139][ T30] handle_mm_fault+0x930/0xaa0 [ 749.659947][ T30] do_user_addr_fault+0x60d/0x13f0 [ 749.669442][ T30] exc_page_fault+0x5c/0xc0 [ 749.674208][ T30] asm_exc_page_fault+0x26/0x30 [ 749.679094][ T30] RIP: 0033:0x7fbde4051629 [ 749.683616][ T30] RSP: 002b:00007ffd78449310 EFLAGS: 00010246 [ 749.689801][ T30] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffffff7fffff [ 749.697990][ T30] RDX: 1b01e6ba872dab0f RSI: 0000000020800000 RDI: 0000555587d063c8 [ 749.706055][ T30] RBP: 00007fbde4337a80 R08: 00007fbde4000000 R09: 0000000000000008 [ 749.714128][ T30] R10: 0000000000000000 R11: 0000000000000003 R12: 000000000008f016 [ 749.722271][ T30] R13: 00007ffd78449410 R14: 0000000000000032 R15: fffffffffffffffe [ 749.730381][ T30] [ 749.733522][ T30] INFO: task syz.1.865:9983 blocked for more than 143 seconds. [ 749.744761][ T30] Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 749.752700][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 749.761387][ T30] task:syz.1.865 state:D stack:27456 pid:9983 tgid:9982 ppid:5225 flags:0x00004006 [ 749.771704][ T30] Call Trace: [ 749.775092][ T30] [ 749.778040][ T30] __schedule+0xef5/0x5750 [ 749.782657][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 749.787885][ T30] ? __pfx___schedule+0x10/0x10 [ 749.793050][ T30] ? schedule+0x298/0x350 [ 749.797406][ T30] ? __pfx_lock_release+0x10/0x10 [ 749.802485][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 749.807810][ T30] ? lock_acquire+0x2f/0xb0 [ 749.812447][ T30] ? schedule+0x1fd/0x350 [ 749.816805][ T30] schedule+0xe7/0x350 [ 749.820867][ T30] schedule_preempt_disabled+0x13/0x30 [ 749.827114][ T30] __mutex_lock+0x5b8/0x9c0 [ 749.831651][ T30] ? hugetlb_wp+0x1b4a/0x3320 [ 749.836797][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 749.843491][ T30] ? hugetlb_wp+0x1b4a/0x3320 [ 749.848213][ T30] hugetlb_wp+0x1b4a/0x3320 [ 749.853917][ T30] ? __pfx_hugetlb_wp+0x10/0x10 [ 749.858804][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 749.864315][ T30] ? lock_acquire+0x2f/0xb0 [ 749.868880][ T30] ? hugetlb_fault+0x1141/0x2fa0 [ 749.873895][ T30] hugetlb_fault+0x2248/0x2fa0 [ 749.878679][ T30] ? __pfx_hugetlb_fault+0x10/0x10 [ 749.883972][ T30] ? find_vma+0xc0/0x140 [ 749.888237][ T30] ? __pfx_find_vma+0x10/0x10 [ 749.893008][ T30] ? rep_movs_alternative+0x33/0x70 [ 749.898228][ T30] handle_mm_fault+0x930/0xaa0 [ 749.903336][ T30] do_user_addr_fault+0x7a3/0x13f0 [ 749.908477][ T30] exc_page_fault+0x5c/0xc0 [ 749.913072][ T30] asm_exc_page_fault+0x26/0x30 [ 749.917944][ T30] RIP: 0010:rep_movs_alternative+0x33/0x70 [ 749.923889][ T30] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 749.944661][ T30] RSP: 0018:ffffc900094ffc48 EFLAGS: 00050246 [ 749.950762][ T30] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008 [ 749.958807][ T30] RDX: fffff5200129ff98 RSI: ffffc900094ffcb8 RDI: 000000002001b688 [ 749.967963][ T30] RBP: 000000002001b688 R08: 0000000000000000 R09: fffff5200129ff97 [ 749.976043][ T30] R10: ffffc900094ffcbf R11: 0000000000000000 R12: ffffc900094ffcb8 [ 749.984504][ T30] R13: 000000002001b690 R14: 0000000000000000 R15: 0000000020019680 [ 749.992682][ T30] _copy_to_user+0xac/0xc0 [ 749.997125][ T30] msr_read+0x14f/0x250 [ 750.001282][ T30] ? __pfx_msr_read+0x10/0x10 [ 750.006106][ T30] ? bpf_lsm_file_permission+0x9/0x10 [ 750.011500][ T30] ? security_file_permission+0x71/0x210 [ 750.017232][ T30] ? __pfx_msr_read+0x10/0x10 [ 750.022094][ T30] vfs_read+0x1ce/0xbd0 [ 750.026296][ T30] ? __fget_files+0x23a/0x3f0 [ 750.031000][ T30] ? __pfx_lock_release+0x10/0x10 [ 750.036124][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 750.041616][ T30] ? __pfx_vfs_read+0x10/0x10 [ 750.047415][ T30] ? lock_acquire+0x2f/0xb0 [ 750.051997][ T30] ? __fget_files+0x40/0x3f0 [ 750.056642][ T30] ? __fget_files+0x244/0x3f0 [ 750.061363][ T30] ksys_read+0x12f/0x260 [ 750.065799][ T30] ? __pfx_ksys_read+0x10/0x10 [ 750.070584][ T30] do_syscall_64+0xcd/0x250 [ 750.076148][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.082215][ T30] RIP: 0033:0x7fbde417dff9 [ 750.086685][ T30] RSP: 002b:00007fbde3bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 750.095193][ T30] RAX: ffffffffffffffda RBX: 00007fbde4335f80 RCX: 00007fbde417dff9 [ 750.103284][ T30] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000004 [ 750.111345][ T30] RBP: 00007fbde41f0296 R08: 0000000000000000 R09: 0000000000000000 [ 750.119421][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.127591][ T30] R13: 0000000000000000 R14: 00007fbde4335f80 R15: 00007ffd784491a8 [ 750.135729][ T30] [ 750.138854][ T30] INFO: task syz.3.872:10043 blocked for more than 144 seconds. [ 750.148239][ T30] Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 750.156096][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 750.186427][ T30] task:syz.3.872 state:D stack:27104 pid:10043 tgid:10041 ppid:9487 flags:0x00004006 [ 750.259553][ T30] Call Trace: [ 750.263452][T11210] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.270566][T11210] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.278659][ T30] [ 750.281629][ T30] __schedule+0xef5/0x5750 [ 750.287081][T11210] bridge_slave_1: entered allmulticast mode [ 750.293544][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 750.298818][ T30] ? __pfx___schedule+0x10/0x10 [ 750.306794][T11210] bridge_slave_1: entered promiscuous mode [ 750.322025][ T30] ? schedule+0x298/0x350 [ 750.326425][ T30] ? __pfx_lock_release+0x10/0x10 [ 750.331576][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 750.356627][ T30] ? lock_acquire+0x2f/0xb0 [ 750.361200][ T30] ? schedule+0x1fd/0x350 [ 750.366138][ T30] schedule+0xe7/0x350 [ 750.370256][ T30] schedule_preempt_disabled+0x13/0x30 [ 750.376339][ T30] __mutex_lock+0x5b8/0x9c0 [ 750.380890][ T30] ? mfill_atomic_copy+0x162c/0x1e70 [ 750.386881][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 750.405748][ T30] ? __pfx_down_read+0x10/0x10 [ 750.411051][ T30] ? __pfx___might_resched+0x10/0x10 [ 750.432048][ T30] ? mfill_atomic_copy+0x162c/0x1e70 [ 750.437400][ T30] mfill_atomic_copy+0x162c/0x1e70 [ 750.453374][ T30] ? __pfx_mfill_atomic_copy+0x10/0x10 [ 750.458909][ T30] ? __might_fault+0xe3/0x190 [ 750.470850][ T30] userfaultfd_ioctl+0x1e50/0x3830 [ 750.482120][ T30] ? __pfx_lock_release+0x10/0x10 [ 750.487202][ T30] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 750.510355][ T30] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 750.517349][ T30] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 750.532777][ T30] ? rcu_is_watching+0x12/0xc0 [ 750.537963][ T30] ? selinux_file_ioctl+0x180/0x270 [ 750.552078][ T30] ? selinux_file_ioctl+0xb4/0x270 [ 750.558649][ T30] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 750.564336][ T30] ? __x64_sys_ioctl+0x18f/0x220 [ 750.569332][ T30] __x64_sys_ioctl+0x18f/0x220 [ 750.574233][ T30] do_syscall_64+0xcd/0x250 [ 750.578784][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.585498][ T30] RIP: 0033:0x7f859797dff9 [ 750.589960][ T30] RSP: 002b:00007f85973ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 750.608885][ T30] RAX: ffffffffffffffda RBX: 00007f8597b36058 RCX: 00007f859797dff9 [ 750.621339][ T30] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000007 [ 750.631184][ T30] RBP: 00007f85979f0296 R08: 0000000000000000 R09: 0000000000000000 [ 750.639371][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.648697][ T30] R13: 0000000000000000 R14: 00007f8597b36058 R15: 00007fff742649c8 [ 750.660531][ T30] [ 750.663894][ T30] [ 750.663894][ T30] Showing all locks held in the system: [ 750.689720][ T30] 6 locks held by kworker/u8:0/11: [ 750.710546][ T30] #0: ffff88801beeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 750.762023][ T30] #1: ffffc90000107d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 750.792268][ T30] #2: ffffffff8fecb810 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xb40 [ 750.801681][ T30] #3: ffff8880577400e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x12d/0x2b0 [ 750.863197][ T30] #4: ffff888057744250 (&devlink->lock_key#27){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x137/0x2b0 [ 750.902259][ T30] #5: ffffffff8fee11a8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x1b/0x70 [ 750.932214][ T30] 1 lock held by khungtaskd/30: [ 750.937132][ T30] #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 [ 750.982121][ T30] 2 locks held by kworker/u8:4/61: [ 750.987319][ T30] 2 locks held by getty/4973: [ 751.022119][ T30] #0: ffff88814d7a80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 751.052071][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 [ 751.074020][ T30] 3 locks held by kworker/u8:11/6906: [ 751.079466][ T30] #0: ffff88802e139948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 751.092051][ T30] #1: ffffc90015a17d80 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 751.115122][ T30] #2: ffffffff8fee11a8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcf/0x14d0 [ 751.125059][ T30] 3 locks held by syz.1.865/9982: [ 751.130115][ T30] #0: ffff88802c23e580 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x13e/0x980 [ 751.140609][ T30] #1: ffff8881436963c8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x307/0x2fa0 [ 751.151706][ T30] #2: ffff8880583380e8 (&resv_map->rw_sema){++++}-{3:3}, at: hugetlb_vma_lock_read+0x105/0x140 [ 751.162595][ T30] 2 locks held by syz.1.865/9983: [ 751.167663][ T30] #0: ffff88806cc30198 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x3a9/0x6a0 [ 751.179702][ T30] #1: ffff8881436963c8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_wp+0x1b4a/0x3320 [ 751.191153][ T30] 3 locks held by syz.3.872/10043: [ 751.197332][ T30] #0: ffff88807ccf4070 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x13e/0x980 [ 751.207839][ T30] #1: ffff888063749538 (&ctx->map_changing_lock){.+.+}-{3:3}, at: mfill_atomic_copy+0x1aca/0x1e70 [ 751.218789][ T30] #2: ffff8881436963c8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: mfill_atomic_copy+0x162c/0x1e70 [ 751.230210][ T30] 4 locks held by syz-executor/10378: [ 751.235783][ T30] #0: ffff888026accd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 751.245515][ T30] #1: ffff888026acc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x346/0x1110 [ 751.255423][ T30] #2: ffffffff90149928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 751.267511][ T30] #3: ffffffff8e1c3c38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0 [ 751.278883][ T30] 2 locks held by kworker/1:5/10881: [ 751.284493][ T30] #0: ffff88801b080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 751.295288][ T30] #1: ffffc900042d7d80 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 751.306140][ T30] 2 locks held by syz.0.1043/10890: [ 751.311444][ T30] #0: ffff8880292d1580 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x13e/0x980 [ 751.322335][ T30] #1: ffff8881436963c8 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: hugetlb_fault+0x307/0x2fa0 [ 751.333284][ T30] 3 locks held by syz-executor/10971: [ 751.338679][ T30] #0: ffff88804ca0cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 751.348599][ T30] #1: ffff88804ca0c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x346/0x1110 [ 751.358364][ T30] #2: ffffffff90149928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 751.368552][ T30] 3 locks held by syz-executor/11124: [ 751.375053][ T30] #0: ffff88804f324d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 751.385006][ T30] #1: ffff88804f324078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x346/0x1110 [ 751.394809][ T30] #2: ffffffff90149928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 751.405030][ T30] 3 locks held by syz-executor/11210: [ 751.410419][ T30] #0: ffff88806c8d4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 751.420553][ T30] #1: ffff88806c8d4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x346/0x1110 [ 751.431479][ T30] #2: ffffffff90149928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 751.441710][ T30] 1 lock held by syz.4.1112/11305: [ 751.446938][ T30] #0: ffffffff8fee11a8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x38/0x230 [ 751.469778][ T30] [ 751.472259][ T30] ============================================= [ 751.472259][ T30] [ 751.486200][ T30] NMI backtrace for cpu 1 [ 751.490561][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 751.501054][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 751.511107][ T30] Call Trace: [ 751.514380][ T30] [ 751.517301][ T30] dump_stack_lvl+0x116/0x1f0 [ 751.521988][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 751.526939][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 751.532935][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 751.538923][ T30] watchdog+0xf0c/0x1240 [ 751.543177][ T30] ? __pfx_watchdog+0x10/0x10 [ 751.547854][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 751.553062][ T30] ? __kthread_parkme+0x148/0x220 [ 751.558096][ T30] ? __pfx_watchdog+0x10/0x10 [ 751.562778][ T30] kthread+0x2c1/0x3a0 [ 751.566941][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 751.572147][ T30] ? __pfx_kthread+0x10/0x10 [ 751.576744][ T30] ret_from_fork+0x45/0x80 [ 751.581168][ T30] ? __pfx_kthread+0x10/0x10 [ 751.585775][ T30] ret_from_fork_asm+0x1a/0x30 [ 751.590567][ T30] [ 751.594366][ T30] Sending NMI from CPU 1 to CPUs 0: [ 751.599605][ C0] NMI backtrace for cpu 0 [ 751.599618][ C0] CPU: 0 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 751.599644][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 751.599657][ C0] Workqueue: bat_events batadv_nc_worker [ 751.599682][ C0] RIP: 0010:kasan_check_range+0x57/0x1a0 [ 751.599712][ C0] Code: f8 0f 83 b3 00 00 00 4c 8d 54 37 ff 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 d1 48 c1 ed 03 49 c1 e9 03 48 01 c5 49 01 c1 <48> 89 e8 49 8d 59 01 48 89 da 48 29 ea 48 83 fa 10 0f 8e 8d 00 00 [ 751.599732][ C0] RSP: 0018:ffffc90000bd7ac0 EFLAGS: 00000086 [ 751.599749][ C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81952db6 [ 751.599764][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff905f3708 [ 751.599778][ C0] RBP: fffffbfff20be6e1 R08: 0000000000000000 R09: fffffbfff20be6e1 [ 751.599793][ C0] R10: ffffffff905f370f R11: 0000000000000000 R12: 000000000003dbcc [ 751.599807][ C0] R13: ffff888030634600 R14: 0000000000000000 R15: ffff88804ba20f00 [ 751.599821][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 751.599843][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 751.599858][ C0] CR2: 000055ddb3716068 CR3: 000000000df7c000 CR4: 00000000003526f0 [ 751.599872][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 751.599886][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 751.599900][ C0] Call Trace: [ 751.599906][ C0] [ 751.599914][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 751.599937][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 751.599966][ C0] ? nmi_handle+0x1a9/0x5c0 [ 751.599989][ C0] ? kasan_check_range+0x57/0x1a0 [ 751.600015][ C0] ? default_do_nmi+0x6a/0x160 [ 751.600045][ C0] ? exc_nmi+0x170/0x1e0 [ 751.600073][ C0] ? end_repeat_nmi+0xf/0x53 [ 751.600100][ C0] ? trace_irq_disable.constprop.0+0x36/0x130 [ 751.600132][ C0] ? kasan_check_range+0x57/0x1a0 [ 751.600159][ C0] ? kasan_check_range+0x57/0x1a0 [ 751.600186][ C0] ? kasan_check_range+0x57/0x1a0 [ 751.600213][ C0] [ 751.600219][ C0] [ 751.600226][ C0] ? batadv_nc_purge_paths+0x1c6/0x390 [ 751.600248][ C0] trace_irq_disable.constprop.0+0x36/0x130 [ 751.600278][ C0] ? batadv_nc_purge_paths+0x1c6/0x390 [ 751.600299][ C0] ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10 [ 751.600323][ C0] __local_bh_enable_ip+0xcd/0x120 [ 751.600347][ C0] batadv_nc_purge_paths+0x1c6/0x390 [ 751.600373][ C0] batadv_nc_worker+0x913/0x1060 [ 751.600399][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 751.600420][ C0] ? rcu_is_watching+0x12/0xc0 [ 751.600445][ C0] ? trace_lock_acquire+0x14a/0x1d0 [ 751.600471][ C0] ? process_one_work+0x921/0x1ba0 [ 751.600492][ C0] ? lock_acquire+0x2f/0xb0 [ 751.600516][ C0] ? process_one_work+0x921/0x1ba0 [ 751.600537][ C0] process_one_work+0x9c5/0x1ba0 [ 751.600562][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 751.600584][ C0] ? __pfx_process_one_work+0x10/0x10 [ 751.600608][ C0] ? assign_work+0x1a0/0x250 [ 751.600638][ C0] worker_thread+0x6c8/0xf00 [ 751.600664][ C0] ? __pfx_worker_thread+0x10/0x10 [ 751.600684][ C0] kthread+0x2c1/0x3a0 [ 751.600707][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 751.600729][ C0] ? __pfx_kthread+0x10/0x10 [ 751.600752][ C0] ret_from_fork+0x45/0x80 [ 751.600771][ C0] ? __pfx_kthread+0x10/0x10 [ 751.600795][ C0] ret_from_fork_asm+0x1a/0x30 [ 751.600828][ C0] [ 751.607036][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 751.607052][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 [ 751.607080][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 751.607093][ T30] Call Trace: [ 751.607101][ T30] [ 751.607110][ T30] dump_stack_lvl+0x3d/0x1f0 [ 751.607143][ T30] panic+0x71d/0x800 [ 751.607174][ T30] ? __pfx_panic+0x10/0x10 [ 751.607204][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 751.607232][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 751.607264][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 751.607290][ T30] ? watchdog+0xd76/0x1240 [ 751.607311][ T30] ? watchdog+0xd69/0x1240 [ 751.607337][ T30] watchdog+0xd87/0x1240 [ 751.607363][ T30] ? __pfx_watchdog+0x10/0x10 [ 751.607384][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 751.607412][ T30] ? __kthread_parkme+0x148/0x220 [ 751.607441][ T30] ? __pfx_watchdog+0x10/0x10 [ 751.607464][ T30] kthread+0x2c1/0x3a0 [ 751.607488][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 751.607519][ T30] ? __pfx_kthread+0x10/0x10 [ 751.607547][ T30] ret_from_fork+0x45/0x80 [ 751.607568][ T30] ? __pfx_kthread+0x10/0x10 [ 751.607595][ T30] ret_from_fork_asm+0x1a/0x30 [ 751.607638][ T30] [ 752.065568][ T30] Kernel Offset: disabled [ 752.069881][ T30] Rebooting in 86400 seconds..