last executing test programs: 5.420653456s ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000f9ffff", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000000000000010000000000000a000000000000000000"], 0x50) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x5453, 0xfffffffffffffffe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) writev(r1, &(0x7f0000000740)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c48473099d4a4654cfd97a67c9e79afc0d444e6c78b0216d2201b128df9d4ed5b4dbe676fe56a6354f819d997a6acb8595633cff6f77473b2b3abcc65b51cb3d3a30bf9b0b2ce59d568d3a89b49331904da2a37c89ea236f5d5640c32c3ac74e4bde1a62c560cb63836552f881c8a8305d2a13d838a5160a6c06c63decc865a92e9539f3513af3a1e6f78608890f912f087214dac06387a94d5e1b31c35be117ee540dc4560aa500269b81a0bbc", 0xf0}, {&(0x7f00000007c0)="1d4ac370cf8c47025bd7a6546c8bd2123991596dfcd1abdb72276d5f80b1d38cedd7d704de6e472fa6961cd700b4f8e0f594861c0296ca9277c9bbf83e11a3ab33449d0e26aa8bcb6c2ef9", 0x4b}, {&(0x7f0000000380)="88e584aac45d6d83e6c2e7857149eb55d2c259a747dbdfc0787e87150d7e40953e657417f2c201284dd4714eb14ce94fb9be03e73d06a982f5502b3ae3a800c03902057e1ec6", 0x46}, {&(0x7f0000000400)="83c0b58e5bcffe6c14ab199d81f63d9e77512d040c3f3a7b41a3a1ed6cf40450443e4e377139b523eb3dd725f87a1ed946e28c6b19e1fc6ea21fe2eef736ec85289f34830b89c7169369862871b9608f2e976924a41f64f236a395563ddb3b994b4d9cf9f465dea2adad06013851713e9d30f195383be99db35611dd11a69721e423fcf5904c2af8ca4b1774bc6438d1c6218a2ada56c8b5b289274c2d116ecd4aafbd01536f931c84ec7f95ce8c6d118d1dec3bfa645c3e72018e9c154a80fd84b6e0233520ee1dc56ec6247282000000000000000000", 0xd7}, {&(0x7f0000004480)="d21e96a9f6be3d72e3f91fa2db455d6b88df49377d7988389bd1ecc97042b565d013ec3fcee93a43afdf71b3751d0f53e4ca87fd4b71713fcc3b729c601778385e68ae4e55370c965ca8189dcf4f4e8c70fc343965f9c540163a19215f1d988f1bf6b6f57ce74575d0a1223da74c72adeed27d968bfdcd14597ebe90fc5167cbc1f5856d6b387bc5c419db52f682bcf13ce9e1d6110291bce66848b7392445ffb232c6b70bff2783564b2a62fa6cf3783f6cf6e84c90162b7cbf0192971f05c597dc20b3c879bd342e9e29e93c8240e8dbb137d3d8fcc8f49b37938a52ef12f7d963ff76b91f1473369d06d500d9b88c4f0e0b0ca9049d6b2f3c1886ff41404fab2855eaf1310fa65425a3e9513e33cee970a08de795368e9fe8055fdc5786010c764b3d3ccebec687d242267e932df33cf50c665ea82f1dcf1af952b0e4bf2e35d3c1bdead12e22b371543769fc19a0d893ebb9d71c4da000e2d18a572fdf7c23d921d959caebfbe3ab9157fc9ab6e3dcb88eaa5a5a8af223d7a25a8f198b10dedf68b6d2759a806b6a5bcf3693734ceebeea16b995304511db8d97b62f548213c614bc2dd9b843450eb575c8a8f290af70331a269f1cab6fd6e1f9ef687d80952ba7f14da8cf892d0a5b16dd181d8a7b780055d3b79782a2f4c29c6b9c64bdcde1175ef26c75d0bca19e2be27acb3fdf22a7cff8a659899de59fb2d3e4920881a0900958685263b3fb8dafa6402f5812f16de9e53eda3c86520d5267df729d2add8724d7541b60a3e9a4b70b5f1af83e81071d7e3eb6a9817383632008fbfff89f1c1ab39d9d898d555a0190fa11c8bdfd2d1b49d06fc56acdc426568ccbebbf6f3ce278148f319a1f84adcfb49a675c6d119f52e10386cdd0740199b20087f7c8f75d93959e39d2948a17789f6c6fda65dcb42743b466bcdd06bbe7afccd2b59c0c3f4dc62b8cee2a785ce704bbc47f480079b5f21ace7e5f2f149360370e866565af026b14ec4d9214884661156b5313c233ef1abd2807eb9b586845e3df8001e56b8d4f7c5c9b7e46b81e278ea0a7afb8286183285c390558d750277a7d72a6dab2cf1f29b0d4c847991ec65dd1757889dc9a6e94ce22b58e25cfac06c73532a53663a27208daaf3b4ad5a8c74e4e62b160219f49b6983674f7a71e56f45c3df8c13c93b2ed468749843dd8954a0d03acc61e5008ccc5a5db5a42d04abdf112e71e4d5876c3ea0db715648a5bb55b5ffd2377aea32f19a07e610456b5a6dda7ab4e6d11a88a5910f7f394c7a53d7c032e5506c3b26d54cbe73bfb37cda2439b23c785566668d8111570b7004fa565a156e45c9b672c6ebfb4d08bc681de9ea0215a43a1eefe7a0fb72caf494414c61510c00a8c5e37c4efeca3a1d171f44abbca94a9899b299363bbd1ecdc91d19d6a179f00bd958e372916fde873aaa167bb6be50219c76e6bee7a207f43b729eea5c00052eccb9986b6c137019c47f3fc1d69d68569f8c1d97ecc6b3dec37813f358778edfa2515fd9c4ca7e73966942f65c1a3cc9770065836625671725e3617030df067961c50d2e53a1c69d0e116eb9e0c052e71b3bcc85354829b71295cae5ffbcd5c2794fd16f8601ff5d7278693e384d477920e4619be578ac11f4ef327e5c5298d24ba29fddc7317fc90c69ddc991ee2f3a34c40c2afcd77350c008b9f70b76c97f51bd1359d376cfc83ec0f14a183cef8eccc014bf36d8384262edd4bb03f743c4628bccfef1050deafd13bdcbd73a356a8c630cc4f0665420d414c59276ff1d85ef058069a1ea280b9ae476ea9aa64652c4a83b9b086fd02a3372ae9683521d81ce846ce9b030e81b7523e8f5355c26c66d9182b9b3e089917089a07bf5159f1439200ad74d735b020ccb78225a015c76a57c19344556bce75da0d44e88e2227f5f4a90bb00eb27decf0d0dcf1b6dd0f9146f0191a7f58e3c6a1568e747ba674c33fd6715678232ea1385e8e54955e70ce306fad514235c8bc2576e84444a674c149a67d8db5fea81813aa311fa701bc401101b14661b0f091dad3a1895f3d32fc7012e59e090f487fc9f19e878e04c40eb906deedb29cf65839486f11c4fb7d9c1be6a1c95471d939cc0c85f6fead85e4d081ccc6e2a51784ec4d3f0b13796609161bfcb38a029c10b084e87ceff5483ec6c9691b0ad6a3d05e13e8c48d0700cc58b9436d8011c48381d6ca0ac279c3c71a625585c8b257c54fcb9e9d07183ee0d90b0b5255d153fae38c6c25636846c31142f269229ac4a1d35df88eeaa9413dde791642c9b0ce903cef64609886d18df63515de769df208c9db2acda7db5181f52bb99e74f84b01106c8419543ec2b5106623789316cd825995e42d0cf9f8296f2e5155dbaae8113de5c7a1dddfe42770064e2aae3f100f97d890e3e7eb63ca80d1a8c672ae8e8eaee5b838653a20a58171dc78509a55ea2c590bcffe3f0ca7731edecc2cf3e63c8e8ce335a4f9541691282df4f24a208cd1400dce5e40ddde35dd22c9e75ded061cb349d8cbc92bc00f9c9c4ff49fe887ea630ffc66a087065a90e072b56c9386f3cccda4acb0f10538f361cd860a7efec0eb83ea5165d6a6612800a8d6c7426b0916fc6aec0e7d81ee1a57657ac5c32b58d4e573bf820bc67cc0896012ccff2ace1de0b13f70a744e116a300aaffd1a6ad24513532fb9b9452454874a432cb5f5f6fa2f35668e6e3eb98fdc5c15dc5513c44a26d318d2b7372d6dc1da69d342b95ecb05777716264c79f4a3b953d6acc1006318fd352eb92621360d62b1c651c1fa0dec9a9fe674347902228373bed540251eebb2a8ede5e4f47bacf6acde6f8c5b95dc8b8214175d5649994c710709a5bfdd73360c35af7fc2ea4d35f14994bdccce242be14bff1ce7010b1c353479a1f038dc52e76d5d97340d98e3ad783a4ad95a469eee9193c7e5f93d84f847a6710230fb26f6e0122cb3f0400e7c485b704e3916c4fb0340bed2b4e7640b3ea40a9741f32f81e761119919e9e3fe16aba0b691e9d4e8fc959ae97dad37225a0d3fff627d6241fc0826cc863ec6e0a6c78956dc8878bb8c34dec173161c844462baf2a0d40fb6ea7c6bcf6a4501b92b1bf35c9b1c7d09ad3ee84b5c846404062d6fef2e53f4121b3a04341b58c05460bfa09ff6b92275923798897293e4cc80e6ee6facbab718550e838724ac19c2f86ee656fd607106951936eb56a3263819a69525b9d8bd4b1196ae503b6ee7071f881d740c5781040a78168037ccf819e24a9e3b55dc629aa788972a018d72371e2d64905bcc52b68977a5be41c52dfd42c6dd106a073682ef6c1b09c3d6004436bb6f59c06445768c217b3f36cf8f231e5128944f15fca908e1340cb4d175e9da1f15d5cbdf8fdc2493620b62dee93dfcaf1a56f781b04ef16d0b33e774d89deb827c6ccc4cb83d510c5ba6029317379896b3880f1b2d9f08e6aaf1518b9378f87b135c526782c09eb28b5d74d09cae156dc1809ae258753a59a6b453f28580c3f8ca41cd2977fb2c8f78159e5b5360417b2a72e359e8dc3ee76bed00cce7018286ddd88ee211457683b8136380c1f6281c23308dc08943bdcc36a4bd310d097ac2f5603b214fc3616e1092f3f4c2cda3e098709cf98cbfbd20995c8daa7ece6bb4349c17f07c591eebf1a94c94f1211c6e52837c1e75409c7e7c115b3871fc5cdf1262ece5894a9a4cb264931047074ddc6b4cccf6707b160be4558c6cc0d8c7dc2de6b86af7489815c84517d106ba538c1f4ea22ec6fd29cbc76f94467c51684778649d867041e2c952f4717c6d20345c94ad67f343985f7db04bf6010f6f9308d4ec9ed41620efc7c95fd8c596d22d0302654f81f96a31a05b954768deb359c624537a6fdb450ad54324618b14df9e03f82cbf3f7b73f3535bfe44553c0a37dad2070b5c0565111da8ecf31d412b744d897ebc8e98fbb1e25312686539fd021b68ce5cfada2682a617932911350326eab213b43f436b0d65922bfbc459238d54708f39bdff1ee745aa1bf072670fa55a13e146df08c157927326556667f98002b54fe3ed150a59d359c2b481708b92e204dc3b9a30aae1489cfdc37a17669f5b5077945e0a8ae33c8c1c228486a313560773b32b05aec13f3fd9c42a1824d7c82c7b0b04d55064cf7a0924b243cf184567d26bd4095fbe0dc326ca71b0a3dba3b66511ad69cfb9dabcf71b85342db0bb9d23f29b7d1f1213d48e215eaf70e132e8ce34cf5e2dfd93bbbe7420a6db52641d1be52abeccb216193a993a18f0620a70b479776ccc705f095e915b9cc4a0fb62d11228fb1e5bcc0efa78969639969799dbe63f5f27be3d3fd7f2f5134f5ac3abf3a0a5601480296a6b85bea2090bf13c8f3d3c3a7ffa858b20775f249aaea7d753e9129bae065332bad8d783f9967322a2c358147f450fb5d6a7176c8015b33333106d30d2c690781703c18afb5e88423ffd8b6da20901db90e28647cb4727dbed71210db7ab7c9909b6a142e26757f22f742f84148ac2d88c6ec3bb24832a4b9889705571ced0e0d541a6ae909e3aa854c7f52e939c7062563711890e7046f0736b92188fdbae304953dc5e0bf9de92558ef9d41524ea68ec5f380902fd00719afd0bbc77e9b5034004f0820f22cac8ba92557c9186050a8aa7065a5d5d06b7d8b7bd0fcc4a30aaff5fa0bb2fdd85e801b53859dad6151be7c00f68c34ca8fcd96ddf9980d809d28730d1a86d057f2716637bea7ae9c34dcbf69a9e400cf42dfbbea8b03dc34683df85b3696c7570bed2bfee77bcbbaf3035d81a0308371ff1df315c53c66198221e3be1046eab7e71903dea93c388de23a13848d4b1d6109c067f40f67b17ab3dd7554ba9c51fc7b715acf04ff50d5588898c2db0f83c7b3948fe7ce0dbb6fde93de2d", 0xd99}], 0x5) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) readv(r1, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1) 5.406758066s ago: executing program 3 (id=4): connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x80b02, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x359, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", 0xffffffffffffffff}) r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc091, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xb7, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x61680, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r6}, 0x10) syz_usb_control_io$hid(r4, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "a46a236f"}]}}, 0x0}, 0x0) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r3, &(0x7f0000000100)={0xb000000d}) dup3(r3, r2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYBLOB]) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r8, &(0x7f0000004100)={0x2020}, 0x2020) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="4000000010000906", @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') 3.755407417s ago: executing program 2 (id=3): bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) syz_usb_connect(0x2, 0x0, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) socket$kcm(0xa, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r5, &(0x7f0000000340)={0x18, 0x2, {0x80, @loopback}}, 0x1e) connect$pptp(r5, &(0x7f0000000040)={0x18, 0x2, {0x0, @empty}}, 0x1e) sendmmsg(r4, 0x0, 0x0, 0x40840) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x1, 0x21e, [0x200000002300, 0x0, 0x0, 0x2000000024be, 0x2000000024ee], 0x0, 0x0, &(0x7f0000002300)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="02040000000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000000100000007000300000000005cae641872319dfae5a988272763a36abcf1f74cfd4bf988531a30a528c1c044813d8205fd8b1fdf1c2ccd79b5fb7f9e096fbd1c7eeee4b6646c0b2fc39d3fe20000000072656469726563740000000000000000000000000000000000000000000000000800000000000000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff00000000"]}, 0x1d0) 3.614621736s ago: executing program 1 (id=6): io_setup(0x205, &(0x7f0000002500)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.498332682s ago: executing program 0 (id=1): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000001c0), 0x348, 0x4008810) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x105000, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = syz_io_uring_setup(0x10e, &(0x7f0000001cc0)={0x0, 0xfb80, 0x400, 0x80002, 0x101}, &(0x7f0000000400)=0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index=0x1, 0x8, &(0x7f0000002a40)=[{0x0}, {0x0}], 0x2, 0x1d}) io_uring_enter(r6, 0x8aa, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x30020880) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x3238, 0x400, 0xffffffff, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000540)=0x0) r11 = socket$kcm(0x10, 0x2, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) sendmsg$inet(r11, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000340)=[{&(0x7f0000000440)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc00800190007000200060018c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x438}, 0x0, 0x12f4c4729364eade, 0x1}) 2.403978279s ago: executing program 4 (id=5): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r2, 0x8008f513, &(0x7f00000000c0)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) r3 = socket(0x2, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000280)={'team_slave_1\x00', &(0x7f0000000040)=@ethtool_cmd={0x2, 0x6, 0x10, 0x3, 0xe8, 0x3, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0x0, 0x200, 0xb, 0x47, 0x3, [0x100, 0xfffffff9]}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') 1.476967444s ago: executing program 1 (id=7): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000380)=0x3) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r1, @ANYRES64], 0x5a8) fsopen(&(0x7f0000000240)='btrfs\x00', 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 947.907123ms ago: executing program 4 (id=8): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x190a}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/custom0\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x2}) socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1c0000000000000, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) lremovexattr(0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x11e) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="fc000000160033060000000000000080ff0100000000000000000000000000017f00000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRESDEC=r2, @ANYRES32=r1], 0xfc}}, 0x8000) 822.491805ms ago: executing program 1 (id=9): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r3, 0x4144, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000040)={'lo\x00'}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000005340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c880) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) syz_open_dev$loop(0x0, 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f0000000000)={0x7c}) openat$nvram(0xffffffffffffff9c, &(0x7f0000002400), 0x2000, 0x0) r4 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r4, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) write$tun(r3, &(0x7f0000000240)={@void, @void, @x25={0x2, 0xa6, 0xf, "1c1073259caf511c8625f8ed871e6f9db02c3cd13221ee5af9e9b29479f2e66e0d555c7c4d2b01455a91487bda511b34ad75ae9d74d6a7be2e53ee156629207c08a451af5de7ce5214f379c7afc93d2133e9f419"}}, 0x57) bind$inet(r4, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) listen(r5, 0x7) listen(r4, 0x0) keyctl$session_to_parent(0x12) close_range(r0, 0xffffffffffffffff, 0x0) 606.170026ms ago: executing program 0 (id=10): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r3, 0x4144, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000040)={'lo\x00'}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000005340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c880) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) syz_open_dev$loop(0x0, 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f0000000000)={0x7c}) openat$nvram(0xffffffffffffff9c, &(0x7f0000002400), 0x2000, 0x0) r4 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r4, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) write$tun(r3, &(0x7f0000000240)={@void, @void, @x25={0x2, 0xa6, 0xf, "1c1073259caf511c8625f8ed871e6f9db02c3cd13221ee5af9e9b29479f2e66e0d555c7c4d2b01455a91487bda511b34ad75ae9d74d6a7be2e53ee156629207c08a451af5de7ce5214f379c7afc93d2133e9f419"}}, 0x57) bind$inet(r4, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) bind$inet(r5, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) listen(r4, 0x0) keyctl$session_to_parent(0x12) close_range(r0, 0xffffffffffffffff, 0x0) 365.676779ms ago: executing program 2 (id=11): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d00000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x5f52, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x3}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r5) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r6 = gettid() r7 = syz_open_procfs(r6, &(0x7f0000000040)='timerslack_ns\x00') read$FUSE(r7, &(0x7f00000034c0)={0x2020}, 0x2020) r8 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000580)=0xffffffffffffffff, 0x4) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="180200000500000000000000000000008500000053000000180100002020752500000000000020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fcffffff850000007300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x72}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r10, 0x0, 0xe, 0x0, &(0x7f0000000040)="e07b292fe079989cb9547ed387db", 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000740)=@generic={&(0x7f0000000700)='./file0\x00', 0x0, 0x10}, 0x18) r12 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r12}, 0x2c, {'wfdno', 0x3d, r12}}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0, {0xee00, 0xee00}}, './file0\x00'}) r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r14, @ANYBLOB="0000000000000000b704000002000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x11, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x6}, [@map_idx_val={0x18, 0xa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, @map_fd={0x18, 0x0, 0x1, 0x0, r1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1}, @map_fd={0x18, 0x8, 0x1, 0x0, r8}]}, &(0x7f0000000400)='syzkaller\x00', 0x8, 0x80, &(0x7f00000004c0)=""/128, 0x40f00, 0x40, '\x00', 0x0, @cgroup_skb=0x1, r9, 0x8, &(0x7f0000000680)={0xa, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0x7, 0x9, 0x7}, 0x10, 0xffffffffffffffff, r10, 0x4, &(0x7f00000007c0)=[r11, r12, r0, r13, r14], &(0x7f0000000800)=[{0x0, 0x3, 0xd, 0x7}, {0x0, 0x3, 0x5, 0x1}, {0x5, 0x1, 0xb, 0x8}, {0x4, 0x3, 0x1, 0x7}], 0x10, 0xfff}, 0x94) 0s ago: executing program 3 (id=12): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000001c0), 0x348, 0x4008810) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x105000, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r7 = syz_io_uring_setup(0x10e, &(0x7f0000001cc0)={0x0, 0xfb80, 0x400, 0x80002, 0x101}, &(0x7f0000000400)=0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000004c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4004, @fd_index=0x1, 0x8, &(0x7f0000002a40)=[{0x0}, {0x0}], 0x2, 0x1d}) io_uring_enter(r7, 0x8aa, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x2c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x30020880) sendmsg$NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="062a1e970a32e7144067644954b9ad5c78351385689d9f29701843ea59cb20af292f93922d35ec92f5f99d8cb12e10e7ee5f", @ANYRES16=r3, @ANYBLOB="120601000000fedbdf255400000008000300", @ANYRES32=r6, @ANYBLOB="0c009900020000003e0000000a00060008021100000100000a00060008021100000100000a00060008021100000000000a000600ffffffffffff0000"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x88c0) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x3238, 0x400, 0xffffffff, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000540)=0x0) r12 = socket$kcm(0x10, 0x2, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) sendmsg$inet(r12, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000340)=[{&(0x7f0000000440)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c000cc00800190007000200060018c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x438}, 0x0, 0x12f4c4729364eade, 0x1}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.42' (ED25519) to the list of known hosts. [ 65.007897][ T30] audit: type=1400 audit(1765114182.312:62): avc: denied { mounton } for pid=5798 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 65.031562][ T30] audit: type=1400 audit(1765114182.332:63): avc: denied { mount } for pid=5798 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 65.034682][ T5798] cgroup: Unknown subsys name 'net' [ 65.060486][ T30] audit: type=1400 audit(1765114182.362:64): avc: denied { unmount } for pid=5798 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 65.196254][ T5798] cgroup: Unknown subsys name 'cpuset' [ 65.204582][ T5798] cgroup: Unknown subsys name 'rlimit' [ 65.326479][ T30] audit: type=1400 audit(1765114182.632:65): avc: denied { setattr } for pid=5798 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 65.349827][ T30] audit: type=1400 audit(1765114182.632:66): avc: denied { create } for pid=5798 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.370517][ T30] audit: type=1400 audit(1765114182.632:67): avc: denied { write } for pid=5798 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.414534][ T30] audit: type=1400 audit(1765114182.632:68): avc: denied { read } for pid=5798 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.435374][ T30] audit: type=1400 audit(1765114182.652:69): avc: denied { mounton } for pid=5798 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 65.460187][ T30] audit: type=1400 audit(1765114182.652:70): avc: denied { mount } for pid=5798 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 65.485815][ T5800] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 65.495650][ T30] audit: type=1400 audit(1765114182.802:71): avc: denied { relabelto } for pid=5800 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 66.460904][ T5798] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.593561][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 70.593576][ T30] audit: type=1400 audit(1765114187.902:76): avc: denied { create } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 70.638219][ T30] audit: type=1400 audit(1765114187.902:77): avc: denied { read write } for pid=5808 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 70.663264][ T30] audit: type=1400 audit(1765114187.902:78): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 70.687239][ T30] audit: type=1400 audit(1765114187.942:79): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="socket:[5141]" dev="sockfs" ino=5141 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 70.720967][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.729169][ T5820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.737062][ T5820] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.745094][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.753023][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.759793][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.760995][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.767318][ T5828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.775386][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.782700][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.789637][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.795964][ T5827] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.803155][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.810734][ T5827] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.819276][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.823458][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.831742][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.844533][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.844797][ T5826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.860065][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.860106][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.876915][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.881104][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.887001][ T30] audit: type=1400 audit(1765114188.192:80): avc: denied { read } for pid=5809 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 70.891663][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.930179][ T30] audit: type=1400 audit(1765114188.222:81): avc: denied { open } for pid=5808 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 70.944311][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.953637][ T30] audit: type=1400 audit(1765114188.222:82): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 71.146566][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.153063][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.365796][ T30] audit: type=1400 audit(1765114188.672:83): avc: denied { module_request } for pid=5809 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 71.441982][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 71.551600][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 71.651737][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 71.743101][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.750245][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.757901][ T5809] bridge_slave_0: entered allmulticast mode [ 71.764796][ T5809] bridge_slave_0: entered promiscuous mode [ 71.789104][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 71.809541][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.816826][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.823997][ T5809] bridge_slave_1: entered allmulticast mode [ 71.830722][ T5809] bridge_slave_1: entered promiscuous mode [ 71.838110][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 71.910394][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.917619][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.925155][ T5808] bridge_slave_0: entered allmulticast mode [ 71.931871][ T5808] bridge_slave_0: entered promiscuous mode [ 71.941132][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.975589][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.982787][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.989972][ T5808] bridge_slave_1: entered allmulticast mode [ 71.997022][ T5808] bridge_slave_1: entered promiscuous mode [ 72.004911][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.026467][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.033619][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.040797][ T5812] bridge_slave_0: entered allmulticast mode [ 72.047752][ T5812] bridge_slave_0: entered promiscuous mode [ 72.080793][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.087965][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.095111][ T5812] bridge_slave_1: entered allmulticast mode [ 72.101828][ T5812] bridge_slave_1: entered promiscuous mode [ 72.144555][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.154847][ T5809] team0: Port device team_slave_0 added [ 72.185072][ T5809] team0: Port device team_slave_1 added [ 72.192157][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.220344][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.255708][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.263495][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.270581][ T5823] bridge_slave_0: entered allmulticast mode [ 72.277734][ T5823] bridge_slave_0: entered promiscuous mode [ 72.286227][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.312851][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.319959][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.327241][ T5811] bridge_slave_0: entered allmulticast mode [ 72.334244][ T5811] bridge_slave_0: entered promiscuous mode [ 72.341627][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.349132][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.356336][ T5823] bridge_slave_1: entered allmulticast mode [ 72.363293][ T5823] bridge_slave_1: entered promiscuous mode [ 72.379132][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.386157][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.412257][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.425184][ T5808] team0: Port device team_slave_0 added [ 72.430852][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.438300][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.445555][ T5811] bridge_slave_1: entered allmulticast mode [ 72.452389][ T5811] bridge_slave_1: entered promiscuous mode [ 72.489686][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.496753][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.523370][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.535431][ T5808] team0: Port device team_slave_1 added [ 72.567749][ T5812] team0: Port device team_slave_0 added [ 72.593399][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.605119][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.615265][ T5812] team0: Port device team_slave_1 added [ 72.622270][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.629281][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.655661][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.668693][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.688248][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.698344][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.705444][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.731453][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.793525][ T5823] team0: Port device team_slave_0 added [ 72.808565][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.815992][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.842010][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.863798][ T5823] team0: Port device team_slave_1 added [ 72.879558][ T5811] team0: Port device team_slave_0 added [ 72.885839][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.893609][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.920507][ T5826] Bluetooth: hci0: command tx timeout [ 72.926138][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.941510][ T5809] hsr_slave_0: entered promiscuous mode [ 72.948144][ T5809] hsr_slave_1: entered promiscuous mode [ 72.972859][ T5811] team0: Port device team_slave_1 added [ 72.982978][ T5815] Bluetooth: hci1: command tx timeout [ 72.982990][ T5828] Bluetooth: hci4: command tx timeout [ 72.983163][ T5822] Bluetooth: hci2: command tx timeout [ 72.992773][ T5826] Bluetooth: hci3: command tx timeout [ 73.014822][ T5808] hsr_slave_0: entered promiscuous mode [ 73.020863][ T5808] hsr_slave_1: entered promiscuous mode [ 73.026945][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 73.032825][ T5808] Cannot create hsr debugfs directory [ 73.062122][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.069099][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.095076][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.107253][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.114355][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.140534][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.160510][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.167543][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.193529][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.214313][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.221257][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.247311][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.295038][ T5812] hsr_slave_0: entered promiscuous mode [ 73.301183][ T5812] hsr_slave_1: entered promiscuous mode [ 73.307237][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 73.313522][ T5812] Cannot create hsr debugfs directory [ 73.430854][ T5811] hsr_slave_0: entered promiscuous mode [ 73.437308][ T5811] hsr_slave_1: entered promiscuous mode [ 73.443987][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 73.449711][ T5811] Cannot create hsr debugfs directory [ 73.457938][ T5823] hsr_slave_0: entered promiscuous mode [ 73.465097][ T5823] hsr_slave_1: entered promiscuous mode [ 73.471010][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 73.476785][ T5823] Cannot create hsr debugfs directory [ 73.817123][ T5808] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.829287][ T5808] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.839713][ T5808] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.857310][ T5808] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.905687][ T5812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.921336][ T5812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.931253][ T5812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.943352][ T5812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.020332][ T5809] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.044133][ T5809] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.054700][ T5809] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.066372][ T5809] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.153786][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.165943][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.177830][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.188621][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.286982][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.307836][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.317149][ T5811] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.327039][ T5811] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.336603][ T5811] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.346515][ T5811] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.402214][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.412847][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.430237][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.437505][ T4275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.458103][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.465230][ T4275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.491933][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.499063][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.514990][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.522051][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.576091][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.643774][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.662323][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.684371][ T178] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.691445][ T178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.728282][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.738680][ T30] audit: type=1400 audit(1765114192.042:84): avc: denied { sys_module } for pid=5812 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 74.746316][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.776645][ T4275] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.783809][ T4275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.825877][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.841804][ T3847] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.848963][ T3847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.904658][ T3847] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.911786][ T3847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.950485][ T3847] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.957713][ T3847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.984394][ T5815] Bluetooth: hci0: command tx timeout [ 74.999177][ T2961] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.006325][ T2961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.062669][ T5822] Bluetooth: hci4: command tx timeout [ 75.068106][ T5815] Bluetooth: hci3: command tx timeout [ 75.073825][ T5826] Bluetooth: hci2: command tx timeout [ 75.074189][ T5822] Bluetooth: hci1: command tx timeout [ 75.109080][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.120968][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.329718][ T5812] veth0_vlan: entered promiscuous mode [ 75.356644][ T5808] veth0_vlan: entered promiscuous mode [ 75.388190][ T5808] veth1_vlan: entered promiscuous mode [ 75.405325][ T5812] veth1_vlan: entered promiscuous mode [ 75.507329][ T5812] veth0_macvtap: entered promiscuous mode [ 75.519595][ T5808] veth0_macvtap: entered promiscuous mode [ 75.534077][ T5812] veth1_macvtap: entered promiscuous mode [ 75.550149][ T5808] veth1_macvtap: entered promiscuous mode [ 75.579278][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.594806][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.612265][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.643503][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.655518][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.676112][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.685657][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.710546][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.730379][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.740626][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.753458][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.790670][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.806021][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.822887][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.831614][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.968763][ T5823] veth0_vlan: entered promiscuous mode [ 75.987861][ T4275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.995656][ T5823] veth1_vlan: entered promiscuous mode [ 76.001478][ T4275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.028497][ T5811] veth0_vlan: entered promiscuous mode [ 76.051327][ T3847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.065728][ T5811] veth1_vlan: entered promiscuous mode [ 76.073646][ T3847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.133535][ T5809] veth0_vlan: entered promiscuous mode [ 76.139506][ T4275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.148872][ T4275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.172053][ T30] audit: type=1400 audit(1765114193.472:85): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.dzSP8b/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 76.206602][ T30] audit: type=1400 audit(1765114193.472:86): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 76.207637][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.229185][ T30] audit: type=1400 audit(1765114193.472:87): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.dzSP8b/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 76.270620][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.290473][ T30] audit: type=1400 audit(1765114193.472:88): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 76.294574][ T5809] veth1_vlan: entered promiscuous mode [ 76.318458][ T30] audit: type=1400 audit(1765114193.472:89): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.dzSP8b/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 76.361804][ T5823] veth0_macvtap: entered promiscuous mode [ 76.371653][ T5808] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 76.377458][ T30] audit: type=1400 audit(1765114193.472:90): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.dzSP8b/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7641 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 76.414749][ T30] audit: type=1400 audit(1765114193.472:91): avc: denied { unmount } for pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 76.422372][ T5823] veth1_macvtap: entered promiscuous mode [ 76.440956][ T30] audit: type=1400 audit(1765114193.542:92): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 76.489704][ T30] audit: type=1400 audit(1765114193.542:93): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="gadgetfs" ino=7678 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 76.527083][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.573558][ T5811] veth0_macvtap: entered promiscuous mode [ 76.592945][ T30] audit: type=1400 audit(1765114193.542:94): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 76.594840][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.647096][ T5811] veth1_macvtap: entered promiscuous mode [ 76.677582][ T2961] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.692070][ T2961] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.709132][ T5809] veth0_macvtap: entered promiscuous mode [ 76.715646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 76.797098][ T2961] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.829965][ T2961] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.920594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.944799][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.979381][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.996238][ T5809] veth1_macvtap: entered promiscuous mode [ 77.018885][ T2961] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.044309][ T2961] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.073065][ T5822] Bluetooth: hci0: command tx timeout [ 77.074493][ T55] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 77.092990][ T2961] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.102055][ T2961] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.149235][ T5822] Bluetooth: hci1: command tx timeout [ 77.152818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 77.155161][ T5822] Bluetooth: hci2: command tx timeout [ 77.168287][ T5822] Bluetooth: hci3: command tx timeout [ 77.173718][ T5822] Bluetooth: hci4: command tx timeout [ 77.333516][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 77.352285][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.370359][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.381730][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.388802][ T55] usb 4-1: New USB device found, idVendor=046d, idProduct=c091, bcdDevice= 0.00 [ 77.427191][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 77.435974][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.444492][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.464494][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.489240][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.515091][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.529251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 77.548183][ T55] usb 4-1: config 0 descriptor?? [ 77.680035][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.727248][ T2961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.741437][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.743281][ T2961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.772600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 77.781185][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.800616][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.963040][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.982623][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 78.016002][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.034878][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.044532][ T3007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.053235][ T3007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.325147][ T55] logitech-hidpp-device 0003:046D:C091.0001: hidraw0: USB HID v0.00 Device [HID 046d:c091] on usb-dummy_hcd.3-1/input0 [ 78.413295][ T3847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.421140][ T3847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.152626][ T5815] Bluetooth: hci0: command tx timeout [ 79.223021][ T5828] Bluetooth: hci1: command tx timeout [ 79.229596][ T5822] Bluetooth: hci3: command tx timeout [ 79.235140][ T5826] Bluetooth: hci2: command tx timeout [ 79.240597][ T5815] Bluetooth: hci4: command tx timeout [ 79.299803][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.315589][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.373734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 79.567128][ T5954] netlink: 'syz.0.1': attribute type 25 has an invalid length. [ 79.575021][ T5954] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1'. [ 79.605274][ T5933] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4'. [ 81.345010][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 81.345023][ T30] audit: type=1400 audit(1765114198.652:136): avc: denied { read } for pid=5965 comm="syz.1.9" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 81.484262][ T849] cfg80211: failed to load regulatory.db [ 81.492043][ T30] audit: type=1400 audit(1765114198.652:137): avc: denied { open } for pid=5965 comm="syz.1.9" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 81.581460][ T30] audit: type=1400 audit(1765114198.682:138): avc: denied { setopt } for pid=5965 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 81.651819][ T30] audit: type=1400 audit(1765114198.682:139): avc: denied { bind } for pid=5965 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 81.694922][ T5969] usb 4-1: USB disconnect, device number 2 [ 81.710284][ T30] audit: type=1400 audit(1765114198.682:140): avc: denied { name_bind } for pid=5965 comm="syz.1.9" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 81.884275][ T30] audit: type=1400 audit(1765114198.682:141): avc: denied { node_bind } for pid=5965 comm="syz.1.9" saddr=224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 81.907063][ T30] audit: type=1400 audit(1765114198.682:142): avc: denied { listen } for pid=5965 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 82.039603][ T30] audit: type=1400 audit(1765114199.312:143): avc: denied { name_bind } for pid=5971 comm="syz.0.10" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 82.100860][ T30] audit: type=1400 audit(1765114199.312:144): avc: denied { node_bind } for pid=5971 comm="syz.0.10" saddr=224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 87.229880][ T30] audit: type=1400 audit(1765114199.512:145): avc: denied { mounton } for pid=5974 comm="syz.2.11" path="/proc/8/task" dev="proc" ino=7925 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 95.141865][ C1] wlan0: beacon TX faster than countdown (channel/color switch) completion [ 192.242452][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 192.249456][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5980 P2961/1:b..l [ 192.258085][ C1] rcu: (detected by 1, t=10502 jiffies, g=9089, q=1327 ncpus=2) [ 192.265809][ C1] task:kworker/u8:8 state:R running task stack:24520 pid:2961 tgid:2961 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 192.279847][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 192.286089][ C1] Call Trace: [ 192.289345][ C1] [ 192.292250][ C1] ? __schedule+0x10b9/0x6150 [ 192.296908][ C1] __schedule+0x1139/0x6150 [ 192.301392][ C1] ? cfg80211_inform_single_bss_data+0xa4c/0x1d30 [ 192.307787][ C1] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 192.314440][ C1] ? __pfx___schedule+0x10/0x10 [ 192.319271][ C1] ? mark_held_locks+0x49/0x80 [ 192.324030][ C1] preempt_schedule_irq+0x51/0x90 [ 192.329033][ C1] irqentry_exit+0x1d8/0x8c0 [ 192.333600][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 192.339547][ C1] RIP: 0010:unwind_next_frame+0xea3/0x20a0 [ 192.345331][ C1] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9e 0c 00 00 49 89 6d 40 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 27 0c 00 00 41 39 5d 00 0f 84 [ 192.364915][ C1] RSP: 0018:ffffc9000c287450 EFLAGS: 00000a02 [ 192.370963][ C1] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff912548dc [ 192.378913][ C1] RDX: 1ffff92001850e98 RSI: 0000000000000001 RDI: 0000000000000001 [ 192.386867][ C1] RBP: ffffc9000c287508 R08: ffffffff912548e0 R09: 00000000ae4a951d [ 192.394818][ C1] R10: 0000000000000002 R11: 000000000000a961 R12: ffffc9000c287510 [ 192.402765][ C1] R13: ffffc9000c2874c0 R14: ffffc9000c2875f0 R15: ffffc9000c2874f4 [ 192.410733][ C1] ? stack_trace_save+0x8e/0xc0 [ 192.415657][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 192.421797][ C1] arch_stack_walk+0x94/0x100 [ 192.426489][ C1] ? kasan_save_stack+0x33/0x60 [ 192.431343][ C1] stack_trace_save+0x8e/0xc0 [ 192.435997][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 192.441342][ C1] ? __lock_acquire+0x436/0x2890 [ 192.446252][ C1] kasan_save_stack+0x33/0x60 [ 192.450924][ C1] kasan_save_track+0x14/0x30 [ 192.455574][ C1] kasan_save_free_info+0x3b/0x60 [ 192.460572][ C1] __kasan_slab_free+0x5f/0x80 [ 192.465305][ C1] kfree+0x2f8/0x6e0 [ 192.469174][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 192.474346][ C1] ? ieee80211_ibss_rx_queued_mgmt+0x1ab4/0x2fc0 [ 192.480647][ C1] ? ieee80211_ibss_rx_queued_mgmt+0x1ab4/0x2fc0 [ 192.486955][ C1] ieee80211_ibss_rx_queued_mgmt+0x1ab4/0x2fc0 [ 192.493092][ C1] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 192.499577][ C1] ? kcov_remote_start+0x399/0x680 [ 192.504702][ C1] ieee80211_iface_work+0xe28/0x1350 [ 192.509964][ C1] ? rcu_is_watching+0x12/0xc0 [ 192.514699][ C1] cfg80211_wiphy_work+0x3fb/0x560 [ 192.519790][ C1] process_one_work+0x9ba/0x1b20 [ 192.524721][ C1] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 192.530358][ C1] ? __pfx_process_one_work+0x10/0x10 [ 192.535708][ C1] ? assign_work+0x1a0/0x250 [ 192.540274][ C1] worker_thread+0x6c8/0xf10 [ 192.544842][ C1] ? __kthread_parkme+0x19e/0x250 [ 192.549837][ C1] ? __pfx_worker_thread+0x10/0x10 [ 192.554920][ C1] kthread+0x3c5/0x780 [ 192.558965][ C1] ? __pfx_kthread+0x10/0x10 [ 192.563533][ C1] ? rcu_is_watching+0x12/0xc0 [ 192.568267][ C1] ? __pfx_kthread+0x10/0x10 [ 192.572830][ C1] ret_from_fork+0x983/0xb10 [ 192.577391][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 192.582473][ C1] ? __switch_to+0x7af/0x10d0 [ 192.587122][ C1] ? __pfx_kthread+0x10/0x10 [ 192.591688][ C1] ret_from_fork_asm+0x1a/0x30 [ 192.596432][ C1] [ 192.599423][ C1] task:syz.2.11 state:R running task stack:26856 pid:5980 tgid:5974 ppid:5823 task_flags:0x400140 flags:0x00080000 [ 192.612863][ C1] Call Trace: [ 192.616115][ C1] [ 192.618928][ C1] sched_show_task+0x423/0x630 [ 192.623672][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 192.628947][ C1] ? rcu_dump_cpu_stacks+0x376/0x530 [ 192.634212][ C1] ? wq_watchdog_touch+0xe2/0x190 [ 192.639220][ C1] rcu_sched_clock_irq+0x2634/0x31f0 [ 192.644497][ C1] ? __pfx_tmigr_requires_handle_remote_up+0x10/0x10 [ 192.651152][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 192.656766][ C1] ? tmigr_requires_handle_remote+0x13f/0x300 [ 192.662834][ C1] ? __pfx_tmigr_requires_handle_remote+0x10/0x10 [ 192.669490][ C1] ? __cgroup_account_cputime_field+0x12c/0x1f0 [ 192.675739][ C1] ? hrtimer_run_queues+0x97/0x500 [ 192.680847][ C1] update_process_times+0x178/0x2d0 [ 192.686026][ C1] ? __pfx_update_process_times+0x10/0x10 [ 192.691728][ C1] tick_nohz_handler+0x506/0x720 [ 192.696652][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 192.702113][ C1] ? __hrtimer_run_queues+0x58f/0xc40 [ 192.707478][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 192.712919][ C1] __hrtimer_run_queues+0x64e/0xc40 [ 192.718117][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 192.723824][ C1] ? read_tsc+0x9/0x20 [ 192.727889][ C1] hrtimer_interrupt+0x397/0x8e0 [ 192.732851][ C1] __sysvec_apic_timer_interrupt+0x10b/0x3c0 [ 192.738816][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 192.744431][ C1] [ 192.747338][ C1] [ 192.750242][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 192.756369][ C1] RIP: 0010:strncpy_from_kernel_nofault+0xf7/0x260 [ 192.762850][ C1] Code: 00 00 00 e8 9b 81 c4 ff 4c 89 f6 4c 89 ef e8 a0 7b c4 ff 4d 39 f5 0f 8d b8 00 00 00 4c 89 fb e8 7f 81 c4 ff 45 31 ed 8a 45 00 <48> b9 00 00 00 00 00 fc ff df 41 89 c4 48 89 d8 48 89 da 48 c1 e8 [ 192.782452][ C1] RSP: 0018:ffffc9000496f7e8 EFLAGS: 00010246 [ 192.788503][ C1] RAX: 0000000000000000 RBX: ffffc9000496f848 RCX: ffffc90010492000 [ 192.796448][ C1] RDX: 0000000000080000 RSI: ffffffff81fa62f1 RDI: ffff8880341797d4 [ 192.804421][ C1] RBP: fffffffffffffffc R08: 0000000000000001 R09: 0000000000000000 [ 192.812373][ C1] R10: 0000000000000001 R11: ffff888034178b30 R12: ffffc9000496f848 [ 192.820323][ C1] R13: fffffffffffffff2 R14: 0000000000000008 R15: fffffffffffffffc [ 192.828278][ C1] ? strncpy_from_kernel_nofault+0xf1/0x260 [ 192.834156][ C1] ? strncpy_from_kernel_nofault+0xf1/0x260 [ 192.840029][ C1] bpf_probe_read_kernel_str+0x26/0x70 [ 192.845469][ C1] bpf_prog_6c8a88f82979c0f2+0x4b/0x51 [ 192.850925][ C1] bpf_test_run+0x3d2/0xb50 [ 192.855410][ C1] ? __pfx_bpf_test_run+0x10/0x10 [ 192.860419][ C1] ? eth_type_trans+0x2e3/0x740 [ 192.865259][ C1] bpf_prog_test_run_skb+0x1035/0x31a0 [ 192.870738][ C1] ? irqentry_exit+0xe1/0x8c0 [ 192.875403][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 192.881197][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 192.886995][ C1] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 192.892790][ C1] __sys_bpf+0x1035/0x4980 [ 192.897194][ C1] ? futex_private_hash_put+0x160/0x1b0 [ 192.902719][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 192.907460][ C1] ? __pfx_futex_wait+0x10/0x10 [ 192.912285][ C1] ? __lock_acquire+0x436/0x2890 [ 192.917201][ C1] ? do_futex+0x122/0x350 [ 192.921527][ C1] ? __fget_files+0x20e/0x3c0 [ 192.926202][ C1] ? xfd_validate_state+0x61/0x180 [ 192.931314][ C1] __x64_sys_bpf+0x78/0xc0 [ 192.935710][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 192.940889][ C1] do_syscall_64+0xcd/0xf80 [ 192.945370][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.951238][ C1] RIP: 0033:0x7ffaf698f749 [ 192.955630][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.975219][ C1] RSP: 002b:00007ffaf7831038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 192.983612][ C1] RAX: ffffffffffffffda RBX: 00007ffaf6be6180 RCX: 00007ffaf698f749 [ 192.991577][ C1] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 192.999530][ C1] RBP: 00007ffaf6a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 193.007476][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.015420][ C1] R13: 00007ffaf6be6218 R14: 00007ffaf6be6180 R15: 00007fffffa50008 [ 193.023379][ C1] [ 193.026372][ C1] rcu: rcu_preempt kthread starved for 10577 jiffies! g9089 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 193.037462][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 193.047495][ C1] rcu: RCU grace-period kthread stack dump: [ 193.053354][ C1] task:rcu_preempt state:R running task stack:28024 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 193.066814][ C1] Call Trace: [ 193.070067][ C1] [ 193.072973][ C1] ? __schedule+0x10b9/0x6150 [ 193.077634][ C1] __schedule+0x1139/0x6150 [ 193.082110][ C1] ? __lock_acquire+0x436/0x2890 [ 193.087030][ C1] ? __mod_timer+0x8f2/0xd30 [ 193.091597][ C1] ? __pfx___schedule+0x10/0x10 [ 193.096441][ C1] ? find_held_lock+0x2b/0x80 [ 193.101195][ C1] ? schedule+0x2d7/0x3a0 [ 193.105500][ C1] schedule+0xe7/0x3a0 [ 193.109545][ C1] schedule_timeout+0x123/0x290 [ 193.114375][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 193.119721][ C1] ? __pfx_process_timeout+0x10/0x10 [ 193.124980][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 193.130758][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 193.136201][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 193.140951][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 193.146213][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 193.151386][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 193.156295][ C1] ? rcu_gp_cleanup+0x7c1/0xe90 [ 193.161118][ C1] ? rcu_gp_fqs_loop+0x90f/0xaf0 [ 193.166031][ C1] rcu_gp_kthread+0x26d/0x380 [ 193.170685][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 193.175855][ C1] ? rcu_is_watching+0x12/0xc0 [ 193.180589][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 193.185768][ C1] ? __kthread_parkme+0x19e/0x250 [ 193.190766][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 193.195940][ C1] kthread+0x3c5/0x780 [ 193.199985][ C1] ? __pfx_kthread+0x10/0x10 [ 193.204546][ C1] ? rcu_is_watching+0x12/0xc0 [ 193.209279][ C1] ? __pfx_kthread+0x10/0x10 [ 193.213841][ C1] ret_from_fork+0x983/0xb10 [ 193.218405][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 193.223487][ C1] ? __switch_to+0x7af/0x10d0 [ 193.228135][ C1] ? __pfx_kthread+0x10/0x10 [ 193.232696][ C1] ret_from_fork_asm+0x1a/0x30 [ 193.237442][ C1] [ 193.240431][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 193.246733][ C1] Sending NMI from CPU 1 to CPUs 0: [ 193.251930][ C0] NMI backtrace for cpu 0 [ 193.251956][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.251983][ C0] Tainted: [L]=SOFTLOCKUP [ 193.251989][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 193.252000][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 193.252031][ C0] Code: 06 60 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 59 13 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 193.252049][ C0] RSP: 0018:ffffffff8e007df8 EFLAGS: 000002c6 [ 193.252064][ C0] RAX: 000000000019d46b RBX: 0000000000000000 RCX: ffffffff8b7706d9 [ 193.252076][ C0] RDX: 0000000000000000 RSI: ffffffff8dac1f05 RDI: ffffffff8bf23a80 [ 193.252088][ C0] RBP: fffffbfff1c12f68 R08: 0000000000000001 R09: ffffed101708673d [ 193.252100][ C0] R10: ffff8880b84339eb R11: ffffffff8e098670 R12: 0000000000000000 [ 193.252112][ C0] R13: ffffffff8e097b40 R14: ffffffff9087fbd0 R15: 0000000000000000 [ 193.252125][ C0] FS: 0000000000000000(0000) GS:ffff888124909000(0000) knlGS:0000000000000000 [ 193.252143][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.252156][ C0] CR2: 00005555635325c8 CR3: 000000005e139000 CR4: 00000000003526f0 [ 193.252168][ C0] Call Trace: [ 193.252174][ C0] [ 193.252180][ C0] default_idle+0x13/0x20 [ 193.252198][ C0] default_idle_call+0x6c/0xb0 [ 193.252216][ C0] do_idle+0x38d/0x510 [ 193.252246][ C0] ? __pfx_do_idle+0x10/0x10 [ 193.252276][ C0] cpu_startup_entry+0x4f/0x60 [ 193.252304][ C0] rest_init+0x16b/0x2b0 [ 193.252323][ C0] ? acpi_subsystem_init+0x133/0x180 [ 193.252351][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 193.252381][ C0] start_kernel+0x3ef/0x4d0 [ 193.252408][ C0] x86_64_start_reservations+0x18/0x30 [ 193.252438][ C0] x86_64_start_kernel+0x130/0x190 [ 193.252465][ C0] common_startup_64+0x13e/0x148 [ 193.252495][ C0]