last executing test programs: 12.396885926s ago: executing program 4 (id=7): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x63) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x5842, 0x136) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) writev(r2, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000000e00)='t', 0x2fd200}, {0x0, 0x2200}, {&(0x7f0000001000)="d6", 0x20c00}], 0x21) 10.359451496s ago: executing program 4 (id=12): syz_genetlink_get_family_id$nl802154(&(0x7f0000004f80), 0xffffffffffffffff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone3(0x0, 0x0) madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x48020100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) mmap$usbmon(&(0x7f000066f000/0x4000)=nil, 0x4000, 0x2, 0x2010, 0xffffffffffffffff, 0x5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9.605755892s ago: executing program 4 (id=18): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40) recvmmsg(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}, 0x2}], 0x400000000000077, 0x20000020, 0x0) 8.460895497s ago: executing program 4 (id=22): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x5e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) sendmmsg$inet(r2, &(0x7f0000000440)=[{{&(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x400000000000247, 0x44008004) 7.504738074s ago: executing program 4 (id=27): r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000169000/0x400000)=nil) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x7542d000) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x5}) unshare(0x400) ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) syz_kvm_add_vcpu$x86(r0, &(0x7f0000000100)={0x0, 0x0}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000279000/0x4000)=nil, 0x4000}}) 6.921725686s ago: executing program 0 (id=29): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sigaltstack(&(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xfffffffffffffefa}, &(0x7f0000000080)={&(0x7f0000000040)}) sigaltstack(&(0x7f0000000040)={0x0, 0x80000002}, 0x0) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014) listen(r0, 0x200) accept4$llc(r0, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000400)=0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 6.156763597s ago: executing program 3 (id=35): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x4, 0x1, 0x0, 0x1, 0xba7e}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000540)={'wlan1\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x1}}) syz_clone3(&(0x7f0000000240)={0x8000, &(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080), {0x3}, &(0x7f00000000c0)=""/56, 0x38, &(0x7f0000000100)=""/10, &(0x7f0000000140)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58) sched_setscheduler(r4, 0x0, &(0x7f00000002c0)=0x1) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000580)={[{0x0, 0xa8, 0x5, 0x5, 0x4, 0x1, 0x1, 0xf1, 0xe5, 0x1, 0x6, 0x8, 0x81}, {0x3, 0x4, 0x8, 0x10, 0x96, 0x7f, 0x9, 0x2, 0x3, 0xd0, 0x1a, 0x0, 0xa}, {0x8, 0x2, 0x3, 0x3, 0x1, 0x9, 0x4, 0x8, 0x6, 0x10, 0x8, 0x1, 0x4a}], 0xffffff81}) 5.999693635s ago: executing program 1 (id=36): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2084) writev(r0, &(0x7f00000021c0)=[{&(0x7f0000002080)='T01\n', 0x4}, {&(0x7f0000002300)="08b5b2c0caf6337a3cabd4830ba9a93fc8cb47b98d0bf44c71e4e4b5f9f3bf4688a45e5b0e157505385d401cec3dad", 0x2f}], 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x14) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) write$rfkill(r2, &(0x7f0000000080)={0x1, 0x1, 0x3, 0x1}, 0x8) write$rfkill(r2, &(0x7f0000000140)={0x8, 0x3, 0x0, 0x1, 0x1}, 0x8) fchdir(r2) 5.937955716s ago: executing program 0 (id=37): syz_usb_connect(0x3, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000080), 0x3, 0x8ac02) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x7}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x24000045, &(0x7f0000000000)={0xa, 0x2, 0xffff, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x6}, 0x1c) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5.800254617s ago: executing program 3 (id=38): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x50) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000180)=ANY=[], 0xe) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10) 5.306430494s ago: executing program 2 (id=40): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000300)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b8000000000f23c00f21f8be010003000f23f8ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x4b}], 0x1, 0x3b, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x36, 0x40000000788, 0x40000000003, 0x81, 0x400000005, 0x0, 0xee, 0x10000080000001, 0x7, 0x200001000045, 0xfffc, 0x9, 0xe, 0x2, 0x9, 0x2], 0xdddd0000, 0x344210}) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xcc98137d2ecfa827}, 0x841) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.646838043s ago: executing program 3 (id=41): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'veth1_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x0, 0x1, 0x1, 0xfffe}) fremovexattr(r0, &(0x7f0000000000)=@known='system.posix_acl_default\x00') 4.273051328s ago: executing program 1 (id=42): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req={0x80000001, 0x10, 0x2, 0x5}, 0x10) recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/246, 0xf6}], 0x1}, 0x20) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) keyctl$read(0x2, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x9e) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 4.115737958s ago: executing program 2 (id=43): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in6=@local, 0x0, 0x0, 0x4e22, 0x0, 0xa}, {}, {0x0, 0x0, 0x2}}, {{@in=@dev, 0x0, 0x2b}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0xe4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xf}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.01749438s ago: executing program 0 (id=44): getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x80004e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000140)={0x1, 0x10, 0xfa00, {&(0x7f0000000100), r3}}, 0x18) 3.925703754s ago: executing program 2 (id=45): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) fchdir(0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'ovf\x00', 0x28, 0xc, 0x5c}, 0x2c) 3.784337996s ago: executing program 4 (id=46): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfb, 0x40000000}, 0xb8) mlock(&(0x7f000040a000/0x4000)=nil, 0x4000) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 3.564902675s ago: executing program 2 (id=47): socket$inet(0x2, 0x1, 0x100) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xce}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {&(0x7f0000000100)}], 0x2) io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) 3.437846324s ago: executing program 3 (id=48): ioperm(0x7, 0x4, 0x7) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') 3.366241557s ago: executing program 1 (id=49): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e22, 0x2, @private1, 0x5}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000001340)=[{&(0x7f0000004940)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 2.372765266s ago: executing program 1 (id=50): memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x400, @loopback}], 0x1c) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.127492204s ago: executing program 3 (id=51): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 1.65830902s ago: executing program 1 (id=52): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff1000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff1000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xd}}}, 0x24}}, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.53360332s ago: executing program 2 (id=53): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x600, 0x0, 0x48815, 0x40103}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, 0x0}, 0x40880) socket(0x2b, 0x1, 0x1) socket$kcm(0x2, 0xa, 0x2) 1.322591113s ago: executing program 0 (id=54): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e40)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r2, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xd, 0xd0ea, 0x20000001, 0x3, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x50}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x66, 0x221, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0xb, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800) 1.130701561s ago: executing program 1 (id=55): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r1, 0x2) r2 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x2) flock(r2, 0x1) flock(r1, 0x5) 481.492557ms ago: executing program 0 (id=56): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 55.89677ms ago: executing program 3 (id=57): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) sendto$inet6(r0, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c) 18.4525ms ago: executing program 0 (id=58): ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0xfe}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000880)={0x0, 0x7, 0x94d}) 0s ago: executing program 2 (id=59): socket$packet(0x11, 0x3, 0x300) fanotify_init(0x1b, 0x40000) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x4008800) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) syz_clone3(0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x6, 0x0, 0xffffffffffffffff, 0xfffffffdffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.122' (ED25519) to the list of known hosts. [ 60.467677][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 60.467692][ T30] audit: type=1400 audit(1778612919.673:129): avc: denied { mounton } for pid=5594 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 60.497571][ T30] audit: type=1400 audit(1778612919.703:130): avc: denied { mount } for pid=5594 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 60.500671][ T5594] cgroup: Unknown subsys name 'net' [ 60.527700][ T30] audit: type=1400 audit(1778612919.733:131): avc: denied { unmount } for pid=5594 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 60.679043][ T5594] cgroup: Unknown subsys name 'cpuset' [ 60.686751][ T5594] cgroup: Unknown subsys name 'rlimit' [ 60.805388][ T30] audit: type=1400 audit(1778612920.003:132): avc: denied { setattr } for pid=5594 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.838501][ T30] audit: type=1400 audit(1778612920.003:133): avc: denied { create } for pid=5594 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 60.887614][ T30] audit: type=1400 audit(1778612920.003:134): avc: denied { write } for pid=5594 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 60.901387][ T5596] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 60.908484][ T30] audit: type=1400 audit(1778612920.013:135): avc: denied { read } for pid=5594 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 60.937532][ T30] audit: type=1400 audit(1778612920.013:136): avc: denied { mounton } for pid=5594 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 60.962987][ T30] audit: type=1400 audit(1778612920.013:137): avc: denied { mount } for pid=5594 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 60.988488][ T30] audit: type=1400 audit(1778612920.123:138): avc: denied { relabelto } for pid=5596 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 61.902667][ T5594] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.263098][ T5609] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.271283][ T5609] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.279939][ T5609] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.289196][ T5609] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.297509][ T5609] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.305148][ T5609] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.323369][ T5622] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.331266][ T5622] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.340334][ T5624] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.341108][ T5622] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.353747][ T5612] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.362846][ T5622] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.362944][ T5624] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.370988][ T5622] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.378048][ T5612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.386701][ T5622] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.393474][ T5612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.399562][ T5622] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.406173][ T5624] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.415888][ T4927] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.422365][ T5624] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.428060][ T4927] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.441272][ T4927] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.451304][ T5609] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.465176][ T5609] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.522456][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 65.522471][ T30] audit: type=1400 audit(1778612924.723:151): avc: denied { sys_module } for pid=5607 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 65.790872][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 65.799401][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 66.649431][ T5613] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.657429][ T5613] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.664953][ T5613] bridge_slave_0: entered allmulticast mode [ 66.671856][ T5613] bridge_slave_0: entered promiscuous mode [ 66.714097][ T5613] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.721567][ T5613] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.730603][ T5613] bridge_slave_1: entered allmulticast mode [ 66.737437][ T5613] bridge_slave_1: entered promiscuous mode [ 66.820783][ T5613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.858605][ T5613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.904558][ T5616] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.912033][ T5616] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.919334][ T5616] bridge_slave_0: entered allmulticast mode [ 66.925977][ T5616] bridge_slave_0: entered promiscuous mode [ 66.953894][ T5606] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.961075][ T5606] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.968248][ T5606] bridge_slave_0: entered allmulticast mode [ 66.974906][ T5606] bridge_slave_0: entered promiscuous mode [ 66.981884][ T5619] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.989086][ T5619] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.996165][ T5619] bridge_slave_0: entered allmulticast mode [ 67.002935][ T5619] bridge_slave_0: entered promiscuous mode [ 67.009839][ T5616] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.017010][ T5616] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.024173][ T5616] bridge_slave_1: entered allmulticast mode [ 67.030913][ T5616] bridge_slave_1: entered promiscuous mode [ 67.037612][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.044697][ T5607] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.052064][ T5607] bridge_slave_0: entered allmulticast mode [ 67.058688][ T5607] bridge_slave_0: entered promiscuous mode [ 67.067119][ T5613] team0: Port device team_slave_0 added [ 67.072796][ T5606] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.079880][ T5606] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.087030][ T5606] bridge_slave_1: entered allmulticast mode [ 67.093712][ T5606] bridge_slave_1: entered promiscuous mode [ 67.100580][ T5619] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.107857][ T5619] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.114996][ T5619] bridge_slave_1: entered allmulticast mode [ 67.121914][ T5619] bridge_slave_1: entered promiscuous mode [ 67.134151][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.141381][ T5607] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.149168][ T5607] bridge_slave_1: entered allmulticast mode [ 67.155788][ T5607] bridge_slave_1: entered promiscuous mode [ 67.163692][ T5613] team0: Port device team_slave_1 added [ 67.213167][ T5606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.230714][ T5616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.247197][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.254187][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.280320][ T5613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.293418][ T5606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.304811][ T5619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.315889][ T5616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.327147][ T5607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.336997][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.344369][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.370506][ T5613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.389301][ T5619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.409421][ T5607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.458653][ T5607] team0: Port device team_slave_0 added [ 67.465877][ T5606] team0: Port device team_slave_0 added [ 67.467179][ T5615] Bluetooth: hci1: command tx timeout [ 67.472197][ T5609] Bluetooth: hci3: command tx timeout [ 67.477702][ T5615] Bluetooth: hci0: command tx timeout [ 67.485561][ T5606] team0: Port device team_slave_1 added [ 67.501558][ T5616] team0: Port device team_slave_0 added [ 67.509324][ T5616] team0: Port device team_slave_1 added [ 67.515894][ T5607] team0: Port device team_slave_1 added [ 67.529749][ T5619] team0: Port device team_slave_0 added [ 67.546433][ T5615] Bluetooth: hci2: command tx timeout [ 67.556396][ T5615] Bluetooth: hci4: command tx timeout [ 67.574683][ T5619] team0: Port device team_slave_1 added [ 67.594766][ T5616] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.601820][ T5616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.628029][ T5616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.644979][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.652030][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.678391][ T5606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.699768][ T5613] hsr_slave_0: entered promiscuous mode [ 67.706234][ T5613] hsr_slave_1: entered promiscuous mode [ 67.713008][ T5616] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.720328][ T5616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.746296][ T5616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.762940][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.769908][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.795988][ T5607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.807370][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.814386][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.840287][ T5606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.851524][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.858547][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.884478][ T5619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.896912][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.903909][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.929806][ T5619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.948047][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.955006][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.981145][ T5607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.053828][ T5607] hsr_slave_0: entered promiscuous mode [ 68.060037][ T5607] hsr_slave_1: entered promiscuous mode [ 68.065867][ T5607] debugfs: 'hsr0' already exists in 'hsr' [ 68.071825][ T5607] Cannot create hsr debugfs directory [ 68.105575][ T5616] hsr_slave_0: entered promiscuous mode [ 68.111763][ T5616] hsr_slave_1: entered promiscuous mode [ 68.118643][ T5616] debugfs: 'hsr0' already exists in 'hsr' [ 68.124399][ T5616] Cannot create hsr debugfs directory [ 68.148778][ T5619] hsr_slave_0: entered promiscuous mode [ 68.154836][ T5619] hsr_slave_1: entered promiscuous mode [ 68.160989][ T5619] debugfs: 'hsr0' already exists in 'hsr' [ 68.166729][ T5619] Cannot create hsr debugfs directory [ 68.176286][ T5606] hsr_slave_0: entered promiscuous mode [ 68.183019][ T5606] hsr_slave_1: entered promiscuous mode [ 68.189243][ T5606] debugfs: 'hsr0' already exists in 'hsr' [ 68.194946][ T5606] Cannot create hsr debugfs directory [ 68.537167][ T5613] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.548250][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 68.556012][ T5613] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.566138][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 68.574188][ T5613] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.583665][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 68.591517][ T5613] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.602874][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 68.661269][ T5607] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 68.672643][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 68.680429][ T5607] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 68.688872][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 68.697416][ T5607] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 68.706432][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 68.714227][ T5607] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 68.722929][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 68.797460][ T5606] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 68.807224][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 68.815129][ T5606] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 68.823616][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 68.831996][ T5606] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 68.841402][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 68.849345][ T5606] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 68.859650][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 68.950401][ T5613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.960129][ T5619] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 68.969196][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 68.977297][ T5619] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 68.985796][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 68.993530][ T5619] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 69.002275][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 69.010646][ T5619] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 69.019088][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 69.077773][ T5613] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.110447][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.117864][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.155458][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.162570][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.172751][ T5616] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 69.181978][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 69.191361][ T5607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.204405][ T5616] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 69.213568][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 69.221551][ T5616] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 69.230161][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 69.248449][ T5616] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 69.257666][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 69.291727][ T5606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.303664][ T5607] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.339178][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.346288][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.369203][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.376390][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.388206][ T5606] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.405419][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.412518][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.438993][ T1724] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.446154][ T1724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.532684][ T5619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.547848][ T5615] Bluetooth: hci3: command tx timeout [ 69.547942][ T5609] Bluetooth: hci1: command tx timeout [ 69.553453][ T5615] Bluetooth: hci0: command tx timeout [ 69.563723][ T5606] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.576017][ T5606] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.619561][ T5619] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.626437][ T5609] Bluetooth: hci4: command tx timeout [ 69.626763][ T4927] Bluetooth: hci2: command tx timeout [ 69.646798][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.653966][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.690777][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.697922][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.772111][ T5616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.819460][ T5616] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.866258][ T3373] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.873441][ T3373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.919828][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.926986][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.014091][ T5613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.183585][ T5613] veth0_vlan: entered promiscuous mode [ 70.224572][ T5613] veth1_vlan: entered promiscuous mode [ 70.314312][ T5613] veth0_macvtap: entered promiscuous mode [ 70.339614][ T5613] veth1_macvtap: entered promiscuous mode [ 70.418835][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.450327][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.482499][ T5607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.513617][ T3373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.540500][ T5606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.560573][ T3373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.589158][ T3373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.601128][ T3373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.789619][ T5606] veth0_vlan: entered promiscuous mode [ 70.821085][ T1724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.840580][ T1724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.853821][ T5619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.880822][ T5616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.893053][ T5606] veth1_vlan: entered promiscuous mode [ 70.905391][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.917466][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.943191][ T30] audit: type=1400 audit(1778612930.143:152): avc: denied { mounton } for pid=5613 comm="syz-executor" path="/root/syzkaller.s8HhVa/syz-tmp" dev="sda1" ino=2042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 70.979352][ T5607] veth0_vlan: entered promiscuous mode [ 70.987157][ T30] audit: type=1400 audit(1778612930.143:153): avc: denied { mount } for pid=5613 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 71.009383][ T30] audit: type=1400 audit(1778612930.163:154): avc: denied { mounton } for pid=5613 comm="syz-executor" path="/root/syzkaller.s8HhVa/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 71.021754][ T5607] veth1_vlan: entered promiscuous mode [ 71.043620][ T30] audit: type=1400 audit(1778612930.163:155): avc: denied { mount } for pid=5613 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 71.067862][ T30] audit: type=1400 audit(1778612930.163:156): avc: denied { mounton } for pid=5613 comm="syz-executor" path="/root/syzkaller.s8HhVa/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 71.095036][ T30] audit: type=1400 audit(1778612930.173:157): avc: denied { mounton } for pid=5613 comm="syz-executor" path="/root/syzkaller.s8HhVa/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 71.123652][ T30] audit: type=1400 audit(1778612930.173:158): avc: denied { unmount } for pid=5613 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 71.124308][ T5616] veth0_vlan: entered promiscuous mode [ 71.154781][ T30] audit: type=1400 audit(1778612930.183:159): avc: denied { mounton } for pid=5613 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 71.169972][ T5606] veth0_macvtap: entered promiscuous mode [ 71.180057][ T30] audit: type=1400 audit(1778612930.193:160): avc: denied { mount } for pid=5613 comm="syz-executor" name="/" dev="gadgetfs" ino=7158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 71.202516][ T5607] veth0_macvtap: entered promiscuous mode [ 71.215188][ T5613] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 71.219044][ T30] audit: type=1400 audit(1778612930.203:161): avc: denied { mount } for pid=5613 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 71.235140][ T5619] veth0_vlan: entered promiscuous mode [ 71.264190][ T5616] veth1_vlan: entered promiscuous mode [ 71.281414][ T5607] veth1_macvtap: entered promiscuous mode [ 71.305773][ T5606] veth1_macvtap: entered promiscuous mode [ 71.332125][ T5619] veth1_vlan: entered promiscuous mode [ 71.379146][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.389649][ T5616] veth0_macvtap: entered promiscuous mode [ 71.400237][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.406629][ T29] libceph: connect (1)[c::]:6789 error -101 [ 71.415202][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 71.415843][ T5616] veth1_macvtap: entered promiscuous mode [ 71.425143][ T5803] ceph: No mds server is up or the cluster is laggy [ 71.439736][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.455184][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.495311][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.506134][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.524864][ T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.534893][ T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.557331][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.565489][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.579944][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.604694][ T5619] veth0_macvtap: entered promiscuous mode [ 71.621279][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.631056][ T4927] Bluetooth: hci0: command tx timeout [ 71.631065][ T5609] Bluetooth: hci3: command tx timeout [ 71.637875][ T5609] Bluetooth: hci1: command tx timeout [ 71.643041][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.675332][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.702040][ T5619] veth1_macvtap: entered promiscuous mode [ 71.708501][ T5609] Bluetooth: hci2: command tx timeout [ 71.722620][ T5609] Bluetooth: hci4: command tx timeout [ 71.750778][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.779873][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.791154][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.824703][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.840268][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.855703][ T3373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.873986][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.883666][ T3373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.931938][ T3373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.944497][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.958960][ T3373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.968493][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.005029][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.034991][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.064275][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.086985][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.139478][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.162802][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.207498][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.256302][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.343970][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.365460][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.419229][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.443398][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.510119][ T1724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.599931][ T1724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.707022][ T5609] Bluetooth: hci0: command tx timeout [ 73.707033][ T4927] Bluetooth: hci1: command tx timeout [ 73.707054][ T4927] Bluetooth: hci3: command tx timeout [ 73.796521][ T5615] Bluetooth: hci2: command tx timeout [ 73.804105][ T4927] Bluetooth: hci4: command tx timeout [ 74.233691][ T5838] kvm: pic: non byte write [ 76.287543][ T5868] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 76.483028][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 76.483044][ T30] audit: type=1400 audit(1778612935.683:212): avc: denied { audit_write } for pid=5870 comm="syz.0.21" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 76.601400][ T30] audit: type=1400 audit(1778612935.803:213): avc: denied { watch watch_reads } for pid=5870 comm="syz.0.21" path="/4" dev="tmpfs" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 76.705193][ T30] audit: type=1400 audit(1778612935.893:214): avc: denied { read } for pid=5873 comm="syz.1.24" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 76.809520][ T30] audit: type=1400 audit(1778612935.893:215): avc: denied { open } for pid=5873 comm="syz.1.24" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 77.161927][ T30] audit: type=1400 audit(1778612936.353:216): avc: denied { read } for pid=5877 comm="syz.4.22" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 77.216166][ T30] audit: type=1400 audit(1778612936.413:217): avc: denied { open } for pid=5877 comm="syz.4.22" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 77.277571][ T30] audit: type=1400 audit(1778612936.463:218): avc: denied { write } for pid=5886 comm="syz.1.26" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 77.346772][ T30] audit: type=1400 audit(1778612936.533:219): avc: denied { name_bind } for pid=5877 comm="syz.4.22" src=24097 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 77.748030][ T30] audit: type=1400 audit(1778612936.953:220): avc: denied { ioctl } for pid=5890 comm="syz.4.27" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9248 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 77.895612][ T30] audit: type=1400 audit(1778612937.093:221): avc: denied { create } for pid=5893 comm="syz.0.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 77.923346][ T5894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28'. [ 77.963579][ T5894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28'. [ 78.182043][ T5899] netlink: 24 bytes leftover after parsing attributes in process `syz.1.30'. [ 78.336066][ T5904] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5904 comm=syz.1.30 [ 78.873422][ T5912] netlink: 'syz.2.34': attribute type 1 has an invalid length. [ 78.918863][ T5909] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 78.972821][ T5912] vlan2: entered allmulticast mode [ 79.005623][ T5912] veth0_to_bond: entered allmulticast mode [ 79.037940][ T5912] veth0_to_bond: entered promiscuous mode [ 79.063387][ T5916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.36'. [ 79.085709][ T5912] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 79.373495][ T5925] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 79.411077][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.618318][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 79.685647][ T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 79.709529][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 79.725535][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.801970][ T5918] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 79.877348][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 79.966089][ T5936] kvm: pic: non byte read [ 79.970804][ T5936] kvm: pic: non byte read [ 79.975536][ T5936] kvm: pic: non byte read [ 79.980700][ T5936] kvm: pic: non byte read [ 80.088448][ T5936] kvm: pic: level sensitive irq not supported [ 80.102209][ T5936] kvm: pic: non byte read [ 80.141149][ T5936] kvm: pic: non byte read [ 80.172347][ T5936] kvm: pic: non byte read [ 80.209281][ T5936] kvm: pic: non byte read [ 80.232822][ T5936] kvm: pic: single mode not supported [ 80.232888][ T5936] kvm: pic: non byte read [ 80.352691][ T24] usb 1-1: USB disconnect, device number 2 [ 81.168508][ T804] cfg80211: failed to load regulatory.db [ 81.175084][ T5967] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 81.197833][ T10] IPVS: starting estimator thread 0... [ 81.317708][ T5970] IPVS: using max 44 ests per chain, 105600 per kthread [ 81.524723][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 81.524738][ T30] audit: type=1400 audit(1778612940.723:256): avc: denied { write } for pid=5975 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.623781][ T30] audit: type=1400 audit(1778612940.823:257): avc: denied { name_bind } for pid=5980 comm="syz.1.49" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 81.716803][ T30] audit: type=1400 audit(1778612940.893:258): avc: denied { getopt } for pid=5980 comm="syz.1.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 81.777068][ T30] audit: type=1400 audit(1778612940.893:259): avc: denied { connect } for pid=5980 comm="syz.1.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 81.846838][ T30] audit: type=1400 audit(1778612940.893:260): avc: denied { name_connect } for pid=5980 comm="syz.1.49" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 81.931425][ T30] audit: type=1400 audit(1778612941.133:261): avc: denied { read write } for pid=5961 comm="syz.0.44" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 82.002402][ T30] audit: type=1400 audit(1778612941.133:262): avc: denied { open } for pid=5961 comm="syz.0.44" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 82.412917][ T30] audit: type=1400 audit(1778612941.613:263): avc: denied { write } for pid=5987 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 82.683226][ T30] audit: type=1400 audit(1778612941.883:264): avc: denied { write } for pid=6001 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 83.500787][ T30] audit: type=1400 audit(1778612942.703:265): avc: denied { create } for pid=6015 comm="syz.1.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 83.741646][ T6025] syz.2.53 uses obsolete (PF_INET,SOCK_PACKET) [ 84.186282][ T6022] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 84.528208][ T6046] netlink: 24 bytes leftover after parsing attributes in process `syz.0.56'. [ 84.612932][ T6048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.56'. [ 84.743479][ T6048] team0: Port device team_slave_1 removed [ 85.315332][ T4927] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 85.325404][ T4927] CPU: 1 UID: 0 PID: 4927 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.325432][ T4927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 85.325445][ T4927] Workqueue: hci2 hci_rx_work [ 85.325473][ T4927] Call Trace: [ 85.325480][ T4927] [ 85.325487][ T4927] dump_stack_lvl+0x100/0x190 [ 85.325513][ T4927] sysfs_warn_dup.cold+0x1c/0x28 [ 85.325540][ T4927] sysfs_create_dir_ns+0x24b/0x2b0 [ 85.325561][ T4927] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 85.325582][ T4927] ? find_held_lock+0x2b/0x80 [ 85.325600][ T4927] ? kobject_add_internal+0x25f/0x930 [ 85.325628][ T4927] ? kobject_add_internal+0x25f/0x930 [ 85.325657][ T4927] ? do_raw_spin_unlock+0x145/0x1e0 [ 85.325685][ T4927] kobject_add_internal+0x2c8/0x930 [ 85.325717][ T4927] kobject_add+0x16a/0x1e0 [ 85.325733][ T4927] ? __pfx_kobject_add+0x10/0x10 [ 85.325748][ T4927] ? class_to_subsys+0x10f/0x150 [ 85.325774][ T4927] ? kobject_put+0xb9/0x640 [ 85.325799][ T4927] ? _raw_spin_unlock+0x28/0x50 [ 85.325826][ T4927] device_add+0x294/0x1950 [ 85.325847][ T4927] ? __pfx_dev_set_name+0x10/0x10 [ 85.325871][ T4927] ? __pfx_device_add+0x10/0x10 [ 85.325892][ T4927] ? mgmt_send_event_skb+0x2fb/0x460 [ 85.325922][ T4927] hci_conn_add_sysfs+0x1a3/0x260 [ 85.325951][ T4927] le_conn_complete_evt+0x11eb/0x1f60 [ 85.325980][ T4927] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 85.326010][ T4927] hci_le_conn_complete_evt+0x23c/0x3a0 [ 85.326035][ T4927] ? skb_pull_data+0x15f/0x1e0 [ 85.326060][ T4927] hci_le_meta_evt+0x34a/0x5f0 [ 85.326085][ T4927] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 85.326111][ T4927] hci_event_packet+0x51c/0xcd0 [ 85.326134][ T4927] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 85.326166][ T4927] ? __pfx_hci_event_packet+0x10/0x10 [ 85.326193][ T4927] ? kcov_remote_start+0x374/0x660 [ 85.326217][ T4927] ? lockdep_hardirqs_on+0x78/0x100 [ 85.326249][ T4927] hci_rx_work+0x451/0xfc0 [ 85.326277][ T4927] process_one_work+0xa0e/0x1980 [ 85.326317][ T4927] ? __pfx_process_one_work+0x10/0x10 [ 85.326347][ T4927] ? __pfx_hci_rx_work+0x10/0x10 [ 85.326370][ T4927] worker_thread+0x5ef/0xe50 [ 85.326402][ T4927] ? kthread+0x13a/0x450 [ 85.326422][ T4927] ? __pfx_worker_thread+0x10/0x10 [ 85.326444][ T4927] kthread+0x370/0x450 [ 85.326463][ T4927] ? __pfx_kthread+0x10/0x10 [ 85.326486][ T4927] ret_from_fork+0x72b/0xd50 [ 85.326510][ T4927] ? __pfx_ret_from_fork+0x10/0x10 [ 85.326536][ T4927] ? __switch_to+0x800/0x1100 [ 85.326565][ T4927] ? __pfx_kthread+0x10/0x10 [ 85.326588][ T4927] ret_from_fork_asm+0x1a/0x30 [ 85.326627][ T4927] [ 85.610844][ T4927] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 85.649255][ T4927] Bluetooth: hci2: failed to register connection device [ 85.709866][ T4927] ================================================================== [ 85.717947][ T4927] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xde7/0xf80 [ 85.725831][ T4927] Read of size 8 at addr ffff8880203f7480 by task kworker/u9:1/4927 [ 85.733805][ T4927] [ 85.736118][ T4927] CPU: 1 UID: 0 PID: 4927 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 85.736138][ T4927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 85.736146][ T4927] Workqueue: hci2 hci_rx_work [ 85.736164][ T4927] Call Trace: [ 85.736170][ T4927] [ 85.736175][ T4927] dump_stack_lvl+0x100/0x190 [ 85.736189][ T4927] print_report+0x13d/0x4b0 [ 85.736205][ T4927] ? __virt_addr_valid+0x239/0x430 [ 85.736219][ T4927] ? l2cap_connect_cfm+0xde7/0xf80 [ 85.736233][ T4927] kasan_report+0xdf/0x1d0 [ 85.736251][ T4927] ? l2cap_connect_cfm+0xde7/0xf80 [ 85.736271][ T4927] l2cap_connect_cfm+0xde7/0xf80 [ 85.736293][ T4927] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.736316][ T4927] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 85.736335][ T4927] le_conn_complete_evt+0x197c/0x1f60 [ 85.736356][ T4927] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 85.736371][ T4927] hci_le_conn_complete_evt+0x23c/0x3a0 [ 85.736385][ T4927] ? skb_pull_data+0x15f/0x1e0 [ 85.736399][ T4927] hci_le_meta_evt+0x34a/0x5f0 [ 85.736413][ T4927] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 85.736426][ T4927] hci_event_packet+0x51c/0xcd0 [ 85.736439][ T4927] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 85.736452][ T4927] ? __pfx_hci_event_packet+0x10/0x10 [ 85.736465][ T4927] ? kcov_remote_start+0x374/0x660 [ 85.736477][ T4927] ? lockdep_hardirqs_on+0x78/0x100 [ 85.736494][ T4927] hci_rx_work+0x451/0xfc0 [ 85.736507][ T4927] process_one_work+0xa0e/0x1980 [ 85.736523][ T4927] ? __pfx_process_one_work+0x10/0x10 [ 85.736538][ T4927] ? __pfx_hci_rx_work+0x10/0x10 [ 85.736551][ T4927] worker_thread+0x5ef/0xe50 [ 85.736566][ T4927] ? kthread+0x13a/0x450 [ 85.736578][ T4927] ? __pfx_worker_thread+0x10/0x10 [ 85.736591][ T4927] kthread+0x370/0x450 [ 85.736603][ T4927] ? __pfx_kthread+0x10/0x10 [ 85.736615][ T4927] ret_from_fork+0x72b/0xd50 [ 85.736628][ T4927] ? __pfx_ret_from_fork+0x10/0x10 [ 85.736641][ T4927] ? __switch_to+0x800/0x1100 [ 85.736657][ T4927] ? __pfx_kthread+0x10/0x10 [ 85.736669][ T4927] ret_from_fork_asm+0x1a/0x30 [ 85.736687][ T4927] [ 85.736709][ T4927] [ 85.939930][ T4927] Allocated by task 4927: [ 85.944230][ T4927] kasan_save_stack+0x30/0x50 [ 85.948882][ T4927] kasan_save_track+0x14/0x30 [ 85.953530][ T4927] __kasan_kmalloc+0xaa/0xb0 [ 85.958096][ T4927] l2cap_chan_create+0x44/0x940 [ 85.962944][ T4927] l2cap_sock_alloc.constprop.0+0xf5/0x1e0 [ 85.968727][ T4927] l2cap_sock_new_connection_cb+0x10f/0x260 [ 85.974606][ T4927] l2cap_connect_cfm+0x4e2/0xf80 [ 85.979529][ T4927] le_conn_complete_evt+0x197c/0x1f60 [ 85.984874][ T4927] hci_le_conn_complete_evt+0x23c/0x3a0 [ 85.990407][ T4927] hci_le_meta_evt+0x34a/0x5f0 [ 85.995147][ T4927] hci_event_packet+0x51c/0xcd0 [ 85.999981][ T4927] hci_rx_work+0x451/0xfc0 [ 86.004379][ T4927] process_one_work+0xa0e/0x1980 [ 86.009289][ T4927] worker_thread+0x5ef/0xe50 [ 86.013865][ T4927] kthread+0x370/0x450 [ 86.017906][ T4927] ret_from_fork+0x72b/0xd50 [ 86.022472][ T4927] ret_from_fork_asm+0x1a/0x30 [ 86.027215][ T4927] [ 86.029512][ T4927] Freed by task 6058: [ 86.033468][ T4927] kasan_save_stack+0x30/0x50 [ 86.038117][ T4927] kasan_save_track+0x14/0x30 [ 86.042773][ T4927] kasan_save_free_info+0x3b/0x70 [ 86.047770][ T4927] __kasan_slab_free+0x5f/0x80 [ 86.052501][ T4927] kfree+0x223/0x6c0 [ 86.056380][ T4927] l2cap_chan_put+0x235/0x300 [ 86.061047][ T4927] l2cap_sock_cleanup_listen+0x4d/0x2d0 [ 86.066582][ T4927] l2cap_sock_release+0x69/0x280 [ 86.071496][ T4927] __sock_release+0xb3/0x260 [ 86.076058][ T4927] sock_close+0x1c/0x30 [ 86.080193][ T4927] __fput+0x3ff/0xb50 [ 86.084248][ T4927] task_work_run+0x150/0x240 [ 86.088809][ T4927] exit_to_user_mode_loop+0x107/0x4f0 [ 86.094153][ T4927] do_syscall_64+0x706/0xf80 [ 86.098713][ T4927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.104588][ T4927] [ 86.106883][ T4927] The buggy address belongs to the object at ffff8880203f7000 [ 86.106883][ T4927] which belongs to the cache kmalloc-2k of size 2048 [ 86.120913][ T4927] The buggy address is located 1152 bytes inside of [ 86.120913][ T4927] freed 2048-byte region [ffff8880203f7000, ffff8880203f7800) [ 86.134859][ T4927] [ 86.137161][ T4927] The buggy address belongs to the physical page: [ 86.143548][ T4927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x203f0 [ 86.152294][ T4927] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.160791][ T4927] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 86.168317][ T4927] page_type: f5(slab) [ 86.172273][ T4927] raw: 00fff00000000040 ffff88813fe35000 dead000000000100 dead000000000122 [ 86.180825][ T4927] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 86.189377][ T4927] head: 00fff00000000040 ffff88813fe35000 dead000000000100 dead000000000122 [ 86.198018][ T4927] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 86.206655][ T4927] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 86.215307][ T4927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 86.223963][ T4927] page dumped because: kasan: bad access detected [ 86.230350][ T4927] page_owner tracks the page as allocated [ 86.236049][ T4927] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3090302452, free_ts 0 [ 86.255645][ T4927] post_alloc_hook+0x153/0x170 [ 86.260397][ T4927] get_page_from_freelist+0x11a6/0x33b0 [ 86.265928][ T4927] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 86.271833][ T4927] new_slab+0xa6/0x6c0 [ 86.275888][ T4927] refill_objects+0x277/0x420 [ 86.280541][ T4927] __pcs_replace_empty_main+0x375/0x650 [ 86.286065][ T4927] __kmalloc_noprof+0x688/0x850 [ 86.290890][ T4927] sk_prot_alloc+0x10b/0x2a0 [ 86.295451][ T4927] sk_alloc+0x36/0xe80 [ 86.299496][ T4927] __netlink_create+0x5e/0x2c0 [ 86.304238][ T4927] __netlink_kernel_create+0xed/0x750 [ 86.309592][ T4927] crypto_netlink_init+0xb7/0x140 [ 86.314586][ T4927] ops_init+0x1e2/0x5f0 [ 86.318724][ T4927] register_pernet_operations+0x3cb/0x740 [ 86.324415][ T4927] register_pernet_subsys+0x28/0x40 [ 86.329585][ T4927] do_one_initcall+0x121/0x750 [ 86.334322][ T4927] page_owner free stack trace missing [ 86.339677][ T4927] [ 86.341977][ T4927] Memory state around the buggy address: [ 86.347578][ T4927] ffff8880203f7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.355629][ T4927] ffff8880203f7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.363849][ T4927] >ffff8880203f7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.371888][ T4927] ^ [ 86.375932][ T4927] ffff8880203f7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.383963][ T4927] ffff8880203f7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.391990][ T4927] ================================================================== [ 86.462494][ T4927] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.469703][ T4927] CPU: 1 UID: 0 PID: 4927 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 86.479133][ T4927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 86.489166][ T4927] Workqueue: hci2 hci_rx_work [ 86.493840][ T4927] Call Trace: [ 86.497092][ T4927] [ 86.499995][ T4927] dump_stack_lvl+0x100/0x190 [ 86.504648][ T4927] vpanic+0x552/0x970 [ 86.508601][ T4927] ? __pfx_vpanic+0x10/0x10 [ 86.513075][ T4927] ? l2cap_connect_cfm+0xde7/0xf80 [ 86.518175][ T4927] panic+0xd1/0xe0 [ 86.521905][ T4927] ? __pfx_panic+0x10/0x10 [ 86.526320][ T4927] ? l2cap_connect_cfm+0xde7/0xf80 [ 86.531429][ T4927] ? preempt_schedule_common+0x42/0xc0 [ 86.536948][ T4927] check_panic_on_warn.cold+0x19/0x34 [ 86.542314][ T4927] end_report.part.0+0x3a/0x90 [ 86.547086][ T4927] kasan_report.cold+0xe/0x18 [ 86.551749][ T4927] ? l2cap_connect_cfm+0xde7/0xf80 [ 86.556849][ T4927] l2cap_connect_cfm+0xde7/0xf80 [ 86.561783][ T4927] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 86.567229][ T4927] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 86.572672][ T4927] le_conn_complete_evt+0x197c/0x1f60 [ 86.578028][ T4927] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 86.583731][ T4927] hci_le_conn_complete_evt+0x23c/0x3a0 [ 86.589259][ T4927] ? skb_pull_data+0x15f/0x1e0 [ 86.594019][ T4927] hci_le_meta_evt+0x34a/0x5f0 [ 86.598774][ T4927] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 86.604822][ T4927] hci_event_packet+0x51c/0xcd0 [ 86.609653][ T4927] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 86.614924][ T4927] ? __pfx_hci_event_packet+0x10/0x10 [ 86.620278][ T4927] ? kcov_remote_start+0x374/0x660 [ 86.625375][ T4927] ? lockdep_hardirqs_on+0x78/0x100 [ 86.630561][ T4927] hci_rx_work+0x451/0xfc0 [ 86.634962][ T4927] process_one_work+0xa0e/0x1980 [ 86.639886][ T4927] ? __pfx_process_one_work+0x10/0x10 [ 86.645255][ T4927] ? __pfx_hci_rx_work+0x10/0x10 [ 86.650176][ T4927] worker_thread+0x5ef/0xe50 [ 86.654758][ T4927] ? kthread+0x13a/0x450 [ 86.658981][ T4927] ? __pfx_worker_thread+0x10/0x10 [ 86.664078][ T4927] kthread+0x370/0x450 [ 86.668142][ T4927] ? __pfx_kthread+0x10/0x10 [ 86.672732][ T4927] ret_from_fork+0x72b/0xd50 [ 86.677308][ T4927] ? __pfx_ret_from_fork+0x10/0x10 [ 86.682414][ T4927] ? __switch_to+0x800/0x1100 [ 86.687080][ T4927] ? __pfx_kthread+0x10/0x10 [ 86.691652][ T4927] ret_from_fork_asm+0x1a/0x30 [ 86.696405][ T4927] [ 86.699851][ T4927] Kernel Offset: disabled [ 86.704149][ T4927] Rebooting in 86400 seconds..