last executing test programs: 4.795117951s ago: executing program 0 (id=1): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000040000000400000022"], 0x50) r4 = socket$inet(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000280), &(0x7f0000000100)=@tcp=r4, 0x2}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$inet(0x2, 0x3, 0x6) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x8000, &(0x7f00000001c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, 0x0, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xa, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e62e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) ioctl$FBIOBLANK(r6, 0x4611, 0x3) ioctl$FBIOGET_FSCREENINFO(r6, 0x4602, &(0x7f0000000540)) ioctl$FBIO_WAITFORVSYNC(r6, 0x40044620, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000000001030101000000000a000000000000000c0002000000000000000069"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x14) syz_usb_connect(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000e1310a10f0031d58b776050203010902240001000000000904310002ff0107ff09058a02100000fa000905ff"], 0x0) 4.592683514s ago: executing program 3 (id=4): syz_usb_connect$uac1(0x5, 0x86, &(0x7f0000000f40)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x3, 0x1, 0xb, 0x30, 0x10, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfffc, 0x8}, [@mixer_unit={0x7, 0x24, 0x4, 0x5, 0x2, "4680"}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x305, 0x4, 0x3, 0x7}, @mixer_unit={0x5, 0x24, 0x4, 0x1, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xf7, 0x6, 0x4, {0x7, 0x25, 0x1, 0x0, 0x0, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x3, 0xa, 0xba, {0x7, 0x25, 0x1, 0x2, 0x0, 0x8000}}}}}}}]}}, &(0x7f0000001180)={0x0, 0x0, 0x3f, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) syz_usb_connect(0x1, 0x138, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x24, 0x77, 0x83, 0x18, 0x4dd, 0x8007, 0xe3da, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x126, 0x1, 0xff, 0x80, 0x10, 0x6, [{{0x9, 0x4, 0x64, 0xc0, 0x6, 0x2, 0x6, 0x0, 0x6, [], [{{0x9, 0x5, 0x80, 0x1, 0x8, 0x67, 0x40, 0x0, [@generic={0xde, 0xf, "a6c9481b1ba716d225291d4d93bc138ff96e05f4a6a11b13a59c7fc01e3243ef8842b1b4824677d3d0fd7744edbf10a040279a7942ec07d99c4d48407c57ba7e3dc2ce2937a3a477684cce6801413ab218019a6bccece26901f14bea958d1bb70e2d71f6fd3065dee11bae888ec138aa632e350c5a34adb2f43127af4e2de2f69ca8239b51285432472320976b8960c8fbd5eadfe80bae0e6a2c6d9e40159706dbd08d6c61390e89c65e19b309166adb0358bc429f73bbd54ffa256b365e89f27c6f4d21bc96a43d960663195116249ee813e430f1b9f1a5f1ad2776"}]}}, {{0x9, 0x5, 0x8, 0xc, 0x3ff, 0x7, 0x7}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x20, 0xd, 0x6}}, {{0x9, 0x5, 0xe, 0x8, 0x3ff, 0x0, 0x3, 0x4}}, {{0x9, 0x5, 0x2, 0x4, 0x40, 0xb, 0x3}}, {{0x9, 0x5, 0x0, 0x2, 0x20, 0x0, 0x4, 0x4}}]}}]}}]}}, &(0x7f0000000ec0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0x9, 0x5, 0x81, 0x8, 0x81}, 0x25, &(0x7f0000000040)={0x5, 0xf, 0x25, 0x1, [@ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0x4, 0x0, 0xabbb, [0x0, 0x3f00, 0xff00c0, 0x3f3f, 0x0]}]}, 0x5, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x1007}}, {0x78, &(0x7f0000000280)=@string={0x78, 0x3, "ad2f3ffc299fb7ea191e01aa671bf3a20f306632e429c34183bbceaf0aa6d4c3a3ecf0b3061d0320c6a5a7bbf65d485b8a6fc9e778e8784462200dc9f7a02599c4c489a90d954d5985b949ef8cfe66d2e14e1675c1daa37fe5077781268451ba756976fdee86c7c3e1ffc854e1ca593c61ee88290b13"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4}}, {0x4, &(0x7f0000000e40)=@lang_id={0x4, 0x3, 0x42c}}, {0x1c, &(0x7f0000000e80)=@string={0x1c, 0x3, "d7f272e0a7ef79a5bc1d2efd02890af5d56b4369f6ae06ba617d"}}]}) socket(0x15, 0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="25003300d0000000080211000001080211000000505050505050d00003"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000100)={0x2c, &(0x7f0000000200)=ANY=[@ANYRES16=r0, @ANYRES64=r0, @ANYRESOCT, @ANYRES8, @ANYRESHEX, @ANYRES32, @ANYRES8=0x0, @ANYRES8, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.478373602s ago: executing program 1 (id=2): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$packet(0x11, 0x3, 0x300) sendmsg$IPSET_CMD_GET_BYNAME(r1, 0x0, 0xd1302af0c2963958) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x121000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES8=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open(&(0x7f0000000580)='./file0\x00', 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="600000000206030000000000b8791fa80000000014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r5], &(0x7f0000000400)='syzkaller\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36}, 0x94) shutdown(r0, 0x1) unshare(0x6a040000) syz_usb_connect(0x0, 0x3b4, &(0x7f00000009c0)=ANY=[@ANYBLOB="120100005f859240cbf43558f597010203010902a203010000000009046e0910dd9c730009050e0c00020f03040905090208000f7fb3090501004000000302072501830408008a0c29bf671c36a65a164dbb51749e1579efc089bafb5cb303486f593f0adbf6ee8d9db2e5e5cbeb54492c469bf3a5ab10044a2cb283ebf3afde790a324fb92813206ca0de312861f4dc6b8c4dd83eb0c43ec94043fe9f4f27857794916be3b26fb72265adb7ed2ba6fa0e626081d9510c816a525398a67ff1b75dab4e5343ca9b3d4802ca55b7e9ea6e0905020000020109f509050710100001840209050010ff03067f9a0725018081e7d8072501000c4598090585040004f7c1ffc233da8ca05f5edc4b15c9dacd614b119119139c98f69addeee0b6747889ba1d363f768f4d69a668910a50c6a2ccb75fbda5eff721b3da28839c7be27113056a732be23a6ba1b21b9b563ed91a5e6b80b9c1d271d4fb3c69bcd7b845c1ec366e1ed9593950065ca267c53c38884b33f01ad9603f555f1efe28ebe49bcb9ff0b39977c0d5e0db3d7033dc2c33fdd74ac261565b3eeac28c1726a6392bff0df2289a88ef8c3e92624064ed47e1e70b330934aa3ca1e491bfa004c10e5846a30d57143609050e000004ff090509050817892407ff0607250102b4020009050804200000000000050d000000f5fa0b0725010340d4e807250183f0040009050c0808000dda0309050f10080000080b07250102050700fe0e9aa460abea877551b60daf02c6250b59d41fc61aaa9faea92b91eff6a2a886c892052cc394216782634286024dda6c61fd61050159edd19d591cfc6bb13487f4235563c0b188003f45ff7825306f716306fe6d61ddbec168e5c6a460d5a40cf5dde1ae1b914cf3ef48bf86b7e90e7517907441235f8f96117694d22235d6e24bd98e1e1c2ea53456bcdb60d9eb22ca31eae16ab1649c78897f9c5ce4d5b7f70ee887e815221835a10eee5380fa15e76882151c01bfada537cea556b1a1acecf01d3a16908f935c21846b009c862ce28a3c85935b40c29137b2e3f3402e4e8b530ee4a5fe24e24cae40ab2b478b224a779750a674da924a09050f042000010109072501800809000725010207050009050f00200002020602057501476942ae5ed5d9d4c01074f329cb6eb696da3d087cb19c2b8ade450920f2172a4ab6cda9133b16450a8ed9e0dbdf112cce661a945fcb659ea6f9e60095ccf82b168c86402437f3161fdffb2166d3338f9e46c402e3a30eb8cd1e0f871c556e06c182bafb157b1dc4d5860d48699d0ea6c7dbb0090500104000090303"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x2c, &(0x7f0000000640)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}, @in6={0xa, 0x4e21, 0x4, @local, 0x5}]}, &(0x7f0000000600)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) 3.36137819s ago: executing program 2 (id=3): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x1, 0x0, 0x7fff0001}]}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00') getdents64(r1, &(0x7f0000000480)=""/4081, 0x103a) ioctl$F2FS_IOC_DECOMPRESS_FILE(r0, 0xf517, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x208600, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) recvmmsg(r4, &(0x7f0000021a40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/22, 0x16}, {&(0x7f0000000200)=""/13, 0xd}], 0x2}, 0x59243306}], 0x1, 0x2000, 0x0) r5 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x8501) fcntl$setstatus(r5, 0x4, 0x2400) recvmsg(r3, &(0x7f0000000400)={&(0x7f0000000240)=@xdp, 0x80, &(0x7f0000000180)=[{&(0x7f0000001480)=""/125, 0x7d}, {&(0x7f0000001500)=""/99, 0x63}, {&(0x7f0000001580)=""/180, 0xb4}], 0x3}, 0x21) writev(r5, &(0x7f0000000500)=[{&(0x7f0000000440)='7', 0x1}], 0x1) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$IOMMU_VFIO_GET_API_VERSION(r2, 0x3b64) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a0b04000000000000000002000003200004801c0001800a00010071756575650000000c00028008000440000000100900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a77c004bb802e11a94cdea7d26a8f4844e5045a915d8720b464ce1c443b8fe1ec26e7122d7af731df493b63771bca1da802d343b0e47339147a0cbe0ff2e8aacb403f16bedefc089df861258e7c7ac9dd2d109b21bc73"], 0x74}}, 0x0) getdents64(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000) clock_gettime(0x0, &(0x7f00000003c0)={0x0, 0x0}) setitimer(0x1, &(0x7f0000000400)={{r8, r9/1000+60000}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) 2.495624223s ago: executing program 4 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x1}, 0x0) r8 = socket(0x2a, 0x2, 0x0) getsockname$packet(r8, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r10 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='cpu.weight\x00', 0x2, 0x0) write$cgroup_int(r10, &(0x7f0000000180)=0xca56, 0x12) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r9, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}]}, 0x3c}}, 0x4000) 2.26061137s ago: executing program 2 (id=6): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x4008040, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.29834424s ago: executing program 3 (id=7): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x4008040, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) r5 = socket(0x840000000002, 0x3, 0xff) mremap(&(0x7f0000ffb000/0x3000)=nil, 0x7ffffffff002, 0x7ffffffff002, 0x0, &(0x7f0000000000/0x4000)=nil) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000880)={{{@in=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f00000005c0)=0xe8) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) setreuid(r7, r8) ioctl$EVIOCSKEYCODE_V2(r6, 0x40284504, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, "4620f63a4e6b5c9b4410b99e0e549fcfdeb92566761ad1c34ca4a1abe476fa96"}) syz_io_uring_setup(0x79a4, &(0x7f0000000300)={0x0, 0x7de3, 0x100, 0x0, 0x305}, &(0x7f00000000c0), &(0x7f0000000480)) syz_open_dev$loop(&(0x7f0000000540), 0x5, 0x309000) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 1.296960791s ago: executing program 4 (id=8): syz_io_uring_submit(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) (async) r1 = syz_io_uring_setup(0x2c57, &(0x7f0000000140)={0x0, 0x57d0, 0x2, 0x0, 0x3}, &(0x7f0000000240), &(0x7f0000000480)=0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440), 0x1) (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async, rerun: 64) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async) sched_setscheduler(0x0, 0x3, &(0x7f0000000b00)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000003200)=[{{&(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000680)="2e43026bf6cd13594fba68a2be339ea7b8277c05a183b0de7df29b32840431c6340052e9375a41e137c9748dbcbdf991de46458b21a88f0aebb7fa4f2a6089d33fdcfe658fbad5fde75569e29ec96f03246bb8a9e7804e4eb8abb5f1a7a4d71400aabf1029e144abe369877ee2cad7e5511188b30bfd3b278a0aa6a8faa7614f9d51562590be6e34d7d1b46faf4656167b00eba05508170c048dd07ef5d56efb1ebca192115cf98e824241d780434143023161a529b7bf8b6f2d8d510602162df9664f243db99fdc23d17a3a8b12da2b30fe2ee53ce678d8652d217eecd586fe", 0xe0}, {&(0x7f00000001c0)="edce2d5870cb6392a68fd852cb8e871c188c38be7f25ed88c18ea2cc416dfbc261fbf830e1abc8cb18db7c8ecddd2d80", 0x30}, {&(0x7f00000008c0)="9227631037199a83066c024c8d90b4d154f2e8d0935a7c1a602ca123f919d837d584e8ef93c276a945cb88a8c7007c2e32489ceb6ce73c2c4ea3a2e7d8799320217f841fe7873f24d2ba5625b711d403a9ecb9b760f1ebc5fb69453a2443fdb433ad7bfd4f73c88ed35af302f059e1b61b5cfd186c74c4f8412d9fb65560d0a671182af98990eac2ad67a9daee39ea80cf2063876beb09b8e45871249009816d14ecea3fc096c322988265fdd36a69d57ddf13e42fc803ad51fa19bc3fa5842b9634ed", 0xc3}, {&(0x7f0000000540)="c617fa97ff8c49f5ff28a3384000881320d11b01e0d95fbbd32eee28907da13bed11decfaa1c58d1f39588d41aa4354a77f3800588b64d519a2103cef0bab7f1cb1499547e386478", 0x48}, {&(0x7f00000007c0)="f6205b6e156a3a05560f6f766e061c5a4730ee1fc5961de51d385ff3cf7b5e7d45f8054998ea572cad90aa89209a95183bafe8a76d49740d7ce7a452ce47a67a703aecc1a6baddcc8be1d22b599485e126df55eae5f51c8c2f6998245b9e3f966a77f08b0b30c120b2a0388d120170c10614f76896d44dcb810a9d1be51aa6a3586e93db285a5ac5d2d26184d5b938ce87cb1879128fe0cde4033134baeac619f85672bda2619a08ea93eeb0de67a5fc08e9b98c2a6f65fcef4c70", 0xbb}, {&(0x7f00000009c0)="f2606e06a23e428e1c2e7698ea2d9efe1635a7c6107f7de98fcd3abd816b7117ccbc716ad254227f2e54e0010bc18288b320f802a7f53b4d8e21796cd8da8b0a39fe279f6bf44304a53fc953ad1ea05e106c202441d95bebf039066e3f5d459b5e8d26ab", 0x64}, {&(0x7f0000000a40)="9ee9e974a4557780073adda33381c7d83bb79999a8530b8519cb76c4037a0183ead741ebaa6737f291d9cddd8172065b29c149ced76f63df2ae877caf772b0660056492d5263b2fc9273c47e590ab201b5758da85b68380a4033b95ef281dea4c323f16d68e217ae053c262878551b1a4d2c141bf78a7358d86324883f2c0964d88a4a121f2774326e1d7394f5a5e5853135f5fbec844892958201fa20562d5022b1929ca6a1d0b376d50a8a6790", 0xae}], 0x7, &(0x7f0000000c00)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r3, @ANYRES32=r0, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r6, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r7, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r6, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES64=r7, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x118, 0x4008001}}, {{&(0x7f0000002f40)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000003140), 0x0, &(0x7f00000081c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="0000000038000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r7, @ANYRES32=r3, @ANYRES32, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r6, @ANYRES32=r4, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=0x0, @ANYRES8=r6, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r7, @ANYRES32=r6, @ANYRES32, @ANYRES32=r6, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="004b421013000000000000000100000001000000", @ANYRES32, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5], 0x128, 0x4004000}}], 0x2, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) (async) r8 = socket(0x1, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x24, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) (async, rerun: 32) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0f00faff04000000040000001200000200000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async, rerun: 32) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000100)={'batadv0\x00', &(0x7f0000000300)=@ethtool_eee={0x45, 0x2, 0xfffffff7, 0x5, 0x2, 0x8, 0x4, 0xfffffffd, [0x690, 0x100]}}) write$binfmt_script(r10, &(0x7f00000002c0)={'#! ', '', [], 0xa, "f85ddd5084854fa36d2ae1756789f3"}, 0x13) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r10, 0x0) (async, rerun: 32) r11 = socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 32) ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000100)={'veth0_vlan\x00', 0x0}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r9, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r8}, 0x20) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x5452, &(0x7f0000000000)={'syztnl1\x00', 0x0}) (async) recvmsg(r8, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000440)=""/103, 0x67}], 0x1}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32) 659.230316ms ago: executing program 2 (id=9): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1000000000088}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x142, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_POWER(r4, 0x112, 0x9, 0x0, 0x0) setsockopt$bt_BT_VOICE(r4, 0x112, 0xb, 0x0, 0x0) connect$inet6(r3, 0x0, 0x0) r5 = fcntl$dupfd(r3, 0x406, r3) write$cgroup_pid(r5, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='dctcp', 0x5) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x23) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r8}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) 624.485438ms ago: executing program 0 (id=10): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom1\x00', 0x0, 0x0) ioctl$BINDER_FREEZE(r3, 0x400c620e, &(0x7f0000000040)={r0, 0x0, 0x7fff}) r4 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r4, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c) r5 = dup2(r4, r4) sendmmsg$unix(r5, &(0x7f0000008380), 0x400000000000174, 0x4008890) 0s ago: executing program 1 (id=11): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0000200"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18) r1 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0) r2 = signalfd4(r0, &(0x7f0000000000)={[0x5c]}, 0x8, 0x80000) ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000540)={0xc, 0x0}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r2, 0x3b87, &(0x7f0000000580)={0x18, 0x1, 0x1, 0x0, r3, 0x9}) socket(0x10, 0x80002, 0xd) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000240)=0x3) syz_open_dev$radio(0x0, 0x2, 0x2) ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0)) read$dsp(r5, &(0x7f00000001c0)=""/95, 0x5f) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x0, '\x00', 0x0, r6, 0x0, 0x0, 0x1}, 0x50) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r7, 0xc0044dff, &(0x7f0000000200)=0xb) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x6, "96ab3f272339cf3935a8824943478cb18a5722d2da3a03f39b5eaee25558f362e7"}}) syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x0, 0xaa, 0x1000, &(0x7f0000000340)="2e56a423d8e1db5a8750a107e6c19b7e3cdfc46399d3e4fdee800cd7b748ce2588206eb2c1e2bd7f5129e276a439c4a2044492c7717fa6518b6819a2a46adb0869997eff1d3910bb5a592ef2ffa496a727c9b456ab55051339aa069a24aecfacdd4d3fd4c417830d7b827305af08ef810db140b47797c4ff627842cc6e55e627175a29c079771406281595b975fcdd560f10281da9db70930db449c29dd9a2d49bcd1c23b61fe1974cbb", &(0x7f0000000840)=""/4096, 0x3, 0x0, 0x3b, 0x6e, &(0x7f0000000400)="cda5f9deb34424d59169d84398045047a8f4dc4055ef2933f2b803f96ca6a942be253ef6f550964f4e6454b21eaba6c02e115fdc1def4bccb522a7", &(0x7f0000000440)="e923250bf8bb6e3b26ff222e13c4a037d3fba53427efe772bdbd77f05d9e5d1ea9507964a9b2d8d629ff7726b7e9f576914ab2d73f64988a179dfa365c433fb7ba2cc5e9755350635550c73d61e80c09e25e5485f75410b4ca2ad1b1791234882ebfdd9a3cc3ac17cf4645339511", 0x4, 0x0, 0x2}, 0x50) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts. [ 57.771674][ T30] audit: type=1400 audit(1765679349.157:62): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 57.795155][ T30] audit: type=1400 audit(1765679349.177:63): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.797665][ T5799] cgroup: Unknown subsys name 'net' [ 57.824542][ T30] audit: type=1400 audit(1765679349.207:64): avc: denied { unmount } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.938385][ T5799] cgroup: Unknown subsys name 'cpuset' [ 57.946665][ T5799] cgroup: Unknown subsys name 'rlimit' [ 58.145537][ T30] audit: type=1400 audit(1765679349.527:65): avc: denied { setattr } for pid=5799 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 58.178938][ T30] audit: type=1400 audit(1765679349.537:66): avc: denied { create } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.207908][ T30] audit: type=1400 audit(1765679349.537:67): avc: denied { write } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.232194][ T5801] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 58.232376][ T30] audit: type=1400 audit(1765679349.537:68): avc: denied { read } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 58.261777][ T30] audit: type=1400 audit(1765679349.547:69): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 58.287326][ T30] audit: type=1400 audit(1765679349.547:70): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 58.310887][ T30] audit: type=1400 audit(1765679349.637:71): avc: denied { relabelto } for pid=5801 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 59.250733][ T5799] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.044583][ T5137] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.053498][ T5811] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.061478][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.070033][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.077868][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.082846][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.086297][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.096790][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.099426][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.106177][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.161918][ T5811] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.170505][ T5811] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.178554][ T5811] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 61.185991][ T5137] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.193476][ T5137] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.201608][ T5811] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 61.210117][ T5137] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.210138][ T5811] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.225248][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.233503][ T5815] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.240803][ T5811] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.248605][ T5815] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.263237][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.278478][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.286415][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.577076][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 61.594054][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 61.782123][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.789753][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.797483][ T5812] bridge_slave_0: entered allmulticast mode [ 61.804194][ T5812] bridge_slave_0: entered promiscuous mode [ 61.811957][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 61.839886][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.847242][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.854414][ T5809] bridge_slave_0: entered allmulticast mode [ 61.861224][ T5809] bridge_slave_0: entered promiscuous mode [ 61.868627][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.875952][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.883114][ T5809] bridge_slave_1: entered allmulticast mode [ 61.890139][ T5809] bridge_slave_1: entered promiscuous mode [ 61.897161][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.904233][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.911420][ T5812] bridge_slave_1: entered allmulticast mode [ 61.918159][ T5812] bridge_slave_1: entered promiscuous mode [ 61.968775][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 61.996997][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.011663][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.043955][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.087585][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.102673][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 62.130920][ T5809] team0: Port device team_slave_0 added [ 62.143661][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.151069][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.158234][ T5817] bridge_slave_0: entered allmulticast mode [ 62.164878][ T5817] bridge_slave_0: entered promiscuous mode [ 62.179797][ T5809] team0: Port device team_slave_1 added [ 62.193742][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.200878][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.208043][ T5817] bridge_slave_1: entered allmulticast mode [ 62.214643][ T5817] bridge_slave_1: entered promiscuous mode [ 62.222305][ T5812] team0: Port device team_slave_0 added [ 62.256667][ T5812] team0: Port device team_slave_1 added [ 62.296174][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.303127][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.329055][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.343544][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.350835][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.358000][ T5816] bridge_slave_0: entered allmulticast mode [ 62.364611][ T5816] bridge_slave_0: entered promiscuous mode [ 62.373425][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.390473][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.397500][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.423583][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.438300][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.445399][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.452987][ T5816] bridge_slave_1: entered allmulticast mode [ 62.459710][ T5816] bridge_slave_1: entered promiscuous mode [ 62.467426][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.477053][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.483970][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.509998][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.547862][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.554800][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.580847][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.623405][ T5817] team0: Port device team_slave_0 added [ 62.631678][ T5817] team0: Port device team_slave_1 added [ 62.637511][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.644644][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.652137][ T5818] bridge_slave_0: entered allmulticast mode [ 62.658843][ T5818] bridge_slave_0: entered promiscuous mode [ 62.668382][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.691661][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.698816][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.706392][ T5818] bridge_slave_1: entered allmulticast mode [ 62.713051][ T5818] bridge_slave_1: entered promiscuous mode [ 62.721011][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.767984][ T5809] hsr_slave_0: entered promiscuous mode [ 62.774088][ T5809] hsr_slave_1: entered promiscuous mode [ 62.788589][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.795884][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.821964][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.850371][ T5812] hsr_slave_0: entered promiscuous mode [ 62.857043][ T5812] hsr_slave_1: entered promiscuous mode [ 62.862941][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 62.869233][ T5812] Cannot create hsr debugfs directory [ 62.875223][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.882598][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.908832][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.921180][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.931756][ T5816] team0: Port device team_slave_0 added [ 62.943952][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.954277][ T5816] team0: Port device team_slave_1 added [ 63.038924][ T5818] team0: Port device team_slave_0 added [ 63.044987][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.052457][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.078953][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.104589][ T5818] team0: Port device team_slave_1 added [ 63.110662][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.117847][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.143779][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.157897][ T5817] hsr_slave_0: entered promiscuous mode [ 63.163913][ T5817] hsr_slave_1: entered promiscuous mode [ 63.169985][ T5817] debugfs: 'hsr0' already exists in 'hsr' [ 63.175785][ T5817] Cannot create hsr debugfs directory [ 63.186263][ T5137] Bluetooth: hci0: command tx timeout [ 63.191903][ T5814] Bluetooth: hci1: command tx timeout [ 63.236335][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.243276][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.269488][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.280200][ T5814] Bluetooth: hci4: command tx timeout [ 63.301068][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.308109][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.334506][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.346169][ T5137] Bluetooth: hci2: command tx timeout [ 63.351704][ T5814] Bluetooth: hci3: command tx timeout [ 63.416131][ T5816] hsr_slave_0: entered promiscuous mode [ 63.422151][ T5816] hsr_slave_1: entered promiscuous mode [ 63.428889][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 63.434606][ T5816] Cannot create hsr debugfs directory [ 63.510993][ T5818] hsr_slave_0: entered promiscuous mode [ 63.517328][ T5818] hsr_slave_1: entered promiscuous mode [ 63.523195][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 63.529046][ T5818] Cannot create hsr debugfs directory [ 63.651749][ T5809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.671948][ T5809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.694327][ T5809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.716078][ T5809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.786011][ T5812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.810659][ T5812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.820952][ T5812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.834736][ T5812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.876233][ T5817] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.897723][ T5817] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.920017][ T5817] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.938435][ T5817] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.988840][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 64.004473][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 64.017259][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 64.028676][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 64.062086][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.121503][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.132562][ T5818] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.142231][ T5818] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.158774][ T5818] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.172831][ T1031] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.180070][ T1031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.188722][ T5818] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.205395][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.212472][ T1031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.239475][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.285435][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.304568][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.311662][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.337811][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.344918][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.357352][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.391863][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.413262][ T4262] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.420344][ T4262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.439466][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.457212][ T4262] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.464271][ T4262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.488784][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 64.488798][ T30] audit: type=1400 audit(1765679355.877:84): avc: denied { sys_module } for pid=5809 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 64.512172][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.532375][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.569797][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.576945][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.590446][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.597591][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.627096][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.672462][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.679648][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.721868][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.728955][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.743338][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.796445][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.912248][ T5809] veth0_vlan: entered promiscuous mode [ 64.923888][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.944992][ T5809] veth1_vlan: entered promiscuous mode [ 65.103554][ T5809] veth0_macvtap: entered promiscuous mode [ 65.130050][ T5809] veth1_macvtap: entered promiscuous mode [ 65.147451][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.161439][ T5812] veth0_vlan: entered promiscuous mode [ 65.171762][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.199180][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.223457][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.233883][ T5812] veth1_vlan: entered promiscuous mode [ 65.248256][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.260072][ T4326] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.270828][ T5137] Bluetooth: hci0: command tx timeout [ 65.276394][ T5814] Bluetooth: hci1: command tx timeout [ 65.282343][ T4326] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.299290][ T4326] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.311815][ T4326] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.355874][ T5137] Bluetooth: hci4: command tx timeout [ 65.372078][ T5812] veth0_macvtap: entered promiscuous mode [ 65.396774][ T5817] veth0_vlan: entered promiscuous mode [ 65.408686][ T5812] veth1_macvtap: entered promiscuous mode [ 65.427212][ T5814] Bluetooth: hci2: command tx timeout [ 65.432665][ T5137] Bluetooth: hci3: command tx timeout [ 65.457557][ T5817] veth1_vlan: entered promiscuous mode [ 65.478154][ T5818] veth0_vlan: entered promiscuous mode [ 65.497766][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.521433][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.542986][ T5092] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.552602][ T5092] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.569543][ T5092] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.578563][ T5092] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.587837][ T5818] veth1_vlan: entered promiscuous mode [ 65.597618][ T1031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.608249][ T1031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.636482][ T5817] veth0_macvtap: entered promiscuous mode [ 65.667988][ T1031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.677592][ T1031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.685888][ T5817] veth1_macvtap: entered promiscuous mode [ 65.716235][ T30] audit: type=1400 audit(1765679357.107:85): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.t6OS4A/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 65.746124][ T30] audit: type=1400 audit(1765679357.107:86): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.757410][ T5092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.784360][ T5092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.794230][ T30] audit: type=1400 audit(1765679357.107:87): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.t6OS4A/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 65.823728][ T30] audit: type=1400 audit(1765679357.107:88): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 65.836787][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.857236][ T30] audit: type=1400 audit(1765679357.107:89): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.t6OS4A/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 65.866020][ T5818] veth0_macvtap: entered promiscuous mode [ 65.889615][ T30] audit: type=1400 audit(1765679357.107:90): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.t6OS4A/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7699 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 65.891416][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.933873][ T30] audit: type=1400 audit(1765679357.117:91): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 65.956042][ T30] audit: type=1400 audit(1765679357.127:92): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 65.972728][ T5818] veth1_macvtap: entered promiscuous mode [ 65.979628][ T30] audit: type=1400 audit(1765679357.127:93): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="gadgetfs" ino=7720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 65.992509][ T5816] veth0_vlan: entered promiscuous mode [ 66.020521][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.070919][ T38] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.080796][ T38] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.099443][ T5092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.107333][ T5092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.115140][ T38] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.126544][ T38] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.157667][ T5816] veth1_vlan: entered promiscuous mode [ 66.169174][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.209423][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.257059][ T38] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.351960][ T5816] veth0_macvtap: entered promiscuous mode [ 66.399391][ T38] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.415899][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.449884][ T5816] veth1_macvtap: entered promiscuous mode [ 66.606238][ T5915] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 66.617318][ T38] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.646494][ T38] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.689176][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.722845][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 66.747092][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.754920][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.775061][ T3856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.784008][ T3856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.785700][ T5915] usb 4-1: Using ep0 maxpacket: 16 [ 66.818756][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.837966][ T5915] usb 4-1: config 1 has an invalid interface number: 5 but max is 2 [ 66.852084][ T5915] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 66.946269][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 66.955778][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 66.982971][ T72] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.992740][ T10] usb 1-1: config 0 has an invalid interface number: 49 but max is 0 [ 67.005563][ T5915] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 67.018370][ T38] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.027818][ T10] usb 1-1: config 0 has no interface number 0 [ 67.033889][ T10] usb 1-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 67.050639][ T38] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.060344][ T5915] usb 4-1: config 1 has no interface number 1 [ 67.067392][ T5915] usb 4-1: too many endpoints for config 1 interface 5 altsetting 2: 70, using maximum allowed: 30 [ 67.080088][ T10] usb 1-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 67.091934][ T5915] usb 4-1: config 1 interface 5 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 70 [ 67.115625][ T10] usb 1-1: config 0 interface 49 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 67.128427][ T38] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.138296][ T5915] usb 4-1: config 1 interface 5 has no altsetting 0 [ 67.146036][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.159412][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 67.168787][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.178311][ T10] usb 1-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 67.187570][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.188405][ T5915] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 67.206621][ T10] usb 1-1: Product: syz [ 67.211363][ T10] usb 1-1: Manufacturer: syz [ 67.216274][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.225894][ T10] usb 1-1: SerialNumber: syz [ 67.232290][ T5915] usb 4-1: Product: syz [ 67.240191][ T5915] usb 4-1: Manufacturer: syz [ 67.241358][ T4326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.249988][ T5915] usb 4-1: SerialNumber: syz [ 67.258069][ T10] usb 1-1: config 0 descriptor?? [ 67.262451][ T4326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.300957][ T5924] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 67.310391][ T4326] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.354546][ T5814] Bluetooth: hci1: command tx timeout [ 67.361163][ T5137] Bluetooth: hci0: command tx timeout [ 67.363677][ T4326] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.426177][ T5814] Bluetooth: hci4: command tx timeout [ 67.498235][ T4262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.506263][ T5814] Bluetooth: hci3: command tx timeout [ 67.506300][ T5814] Bluetooth: hci2: command tx timeout [ 67.567371][ T4262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.575918][ T5923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.603973][ T5923] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.805614][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.813936][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.825807][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.834061][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.886282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 67.894579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 67.903467][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 68.237966][ T5915] usb 4-1: 0:2 : does not exist [ 68.309708][ T5915] usb 4-1: USB disconnect, device number 2 [ 68.395649][ T5868] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 68.487907][ T5934] udevd[5934]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 68.715305][ T5868] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 68.726640][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.738039][ T5868] usb 2-1: config 0 has no interface number 0 [ 68.759899][ T5868] usb 2-1: config 0 interface 110 altsetting 9 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 69.275595][ T5868] usb 2-1: config 0 interface 110 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 8 [ 69.286952][ T5868] usb 2-1: config 0 interface 110 altsetting 9 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 69.302696][ T5868] usb 2-1: config 0 interface 110 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 69.314135][ T5868] usb 2-1: config 0 interface 110 altsetting 9 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 69.485710][ T5137] Bluetooth: hci1: command tx timeout [ 69.487753][ T5868] usb 2-1: config 0 interface 110 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 69.491901][ T5814] Bluetooth: hci0: command tx timeout [ 69.502566][ T5868] usb 2-1: config 0 interface 110 altsetting 9 endpoint 0x8 has invalid maxpacket 9353, setting to 1024 [ 69.518665][ T5814] Bluetooth: hci4: command tx timeout [ 69.647786][ T5814] Bluetooth: hci3: command tx timeout [ 69.653366][ T5814] Bluetooth: hci2: command tx timeout [ 70.073933][ T5868] usb 2-1: config 0 interface 110 altsetting 9 has a duplicate endpoint with address 0x8, skipping [ 70.178522][ T5868] usb 2-1: config 0 interface 110 altsetting 9 has 10 endpoint descriptors, different from the interface descriptor's value: 16 [ 70.217320][ T10] usb 1-1: USB disconnect, device number 2 [ 70.242636][ T5868] usb 2-1: config 0 interface 110 has no altsetting 0 [ 70.251113][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 70.251126][ T30] audit: type=1400 audit(1765679361.637:134): avc: denied { allowed } for pid=5971 comm="syz.4.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 70.300595][ T5868] usb 2-1: New USB device found, idVendor=f4cb, idProduct=5835, bcdDevice=97.f5 [ 70.356084][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.389102][ T30] audit: type=1400 audit(1765679361.667:135): avc: denied { sqpoll } for pid=5971 comm="syz.4.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 70.418327][ T5868] usb 2-1: Product: syz [ 70.966135][ T5868] usb 2-1: Manufacturer: syz [ 70.970858][ T5868] usb 2-1: SerialNumber: syz [ 70.977951][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.984564][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.993851][ T1296] ================================================================== [ 71.001920][ T1296] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 71.009369][ T1296] Read of size 8 at addr ffff88802ceaf020 by task aoe_tx0/1296 [ 71.016886][ T1296] [ 71.019190][ T1296] CPU: 1 UID: 0 PID: 1296 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 71.019205][ T1296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 71.019213][ T1296] Call Trace: [ 71.019218][ T1296] [ 71.019223][ T1296] dump_stack_lvl+0x116/0x1f0 [ 71.019240][ T1296] print_report+0xcd/0x630 [ 71.019257][ T1296] ? __virt_addr_valid+0x81/0x610 [ 71.019269][ T1296] ? __phys_addr+0xe8/0x180 [ 71.019280][ T1296] ? tty_write_room+0x7d/0x90 [ 71.019295][ T1296] kasan_report+0xe0/0x110 [ 71.019310][ T1296] ? tty_write_room+0x7d/0x90 [ 71.019326][ T1296] tty_write_room+0x7d/0x90 [ 71.019340][ T1296] handle_tx+0x14f/0x630 [ 71.019355][ T1296] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 71.019377][ T1296] dev_hard_start_xmit+0x97/0x6e0 [ 71.019395][ T1296] __dev_queue_xmit+0x6d7/0x4650 [ 71.019412][ T1296] ? rcu_is_watching+0x12/0xc0 [ 71.019424][ T1296] ? finish_task_switch.isra.0+0x207/0xbd0 [ 71.019444][ T1296] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.019464][ T1296] ? __lock_acquire+0x436/0x2890 [ 71.019479][ T1296] ? ref_tracker_free+0x37c/0x830 [ 71.019496][ T1296] ? do_raw_spin_lock+0x12c/0x2b0 [ 71.019513][ T1296] ? find_held_lock+0x2b/0x80 [ 71.019531][ T1296] ? skb_dequeue+0x126/0x180 [ 71.019544][ T1296] ? find_held_lock+0x2b/0x80 [ 71.019561][ T1296] ? rcu_is_watching+0x12/0xc0 [ 71.019573][ T1296] tx+0xcc/0x190 [ 71.019586][ T1296] ? __pfx_tx+0x10/0x10 [ 71.019597][ T1296] kthread+0x1e4/0x3e0 [ 71.019615][ T1296] ? find_held_lock+0x2b/0x80 [ 71.019633][ T1296] ? __pfx_kthread+0x10/0x10 [ 71.019651][ T1296] ? __pfx_default_wake_function+0x10/0x10 [ 71.019669][ T1296] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.019683][ T1296] ? __kthread_parkme+0x19e/0x250 [ 71.019695][ T1296] ? __pfx_kthread+0x10/0x10 [ 71.019712][ T1296] kthread+0x3c5/0x780 [ 71.019726][ T1296] ? __pfx_kthread+0x10/0x10 [ 71.019740][ T1296] ? rcu_is_watching+0x12/0xc0 [ 71.019751][ T1296] ? __pfx_kthread+0x10/0x10 [ 71.019765][ T1296] ret_from_fork+0x983/0xb10 [ 71.019778][ T1296] ? __pfx_ret_from_fork+0x10/0x10 [ 71.019791][ T1296] ? __switch_to+0x7af/0x10d0 [ 71.019807][ T1296] ? __pfx_kthread+0x10/0x10 [ 71.019820][ T1296] ret_from_fork_asm+0x1a/0x30 [ 71.019842][ T1296] [ 71.019846][ T1296] [ 71.238689][ T1296] Allocated by task 5919: [ 71.242989][ T1296] kasan_save_stack+0x33/0x60 [ 71.247645][ T1296] kasan_save_track+0x14/0x30 [ 71.252296][ T1296] __kasan_kmalloc+0xaa/0xb0 [ 71.256858][ T1296] alloc_tty_struct+0x96/0x8c0 [ 71.261597][ T1296] tty_init_dev.part.0+0x1e/0x500 [ 71.266601][ T1296] tty_open+0xa4f/0xf90 [ 71.270741][ T1296] chrdev_open+0x234/0x6a0 [ 71.275138][ T1296] do_dentry_open+0x748/0x1590 [ 71.279878][ T1296] vfs_open+0x82/0x3f0 [ 71.283929][ T1296] path_openat+0x2078/0x3140 [ 71.288497][ T1296] do_filp_open+0x20b/0x470 [ 71.292976][ T1296] do_sys_openat2+0x121/0x290 [ 71.297625][ T1296] __x64_sys_openat+0x174/0x210 [ 71.302447][ T1296] do_syscall_64+0xcd/0xf80 [ 71.306932][ T1296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.312799][ T1296] [ 71.315098][ T1296] Freed by task 789: [ 71.318962][ T1296] kasan_save_stack+0x33/0x60 [ 71.323612][ T1296] kasan_save_track+0x14/0x30 [ 71.328265][ T1296] kasan_save_free_info+0x3b/0x60 [ 71.333268][ T1296] __kasan_slab_free+0x5f/0x80 [ 71.338005][ T1296] kfree+0x2f8/0x6e0 [ 71.341881][ T1296] process_one_work+0x9ba/0x1b20 [ 71.346796][ T1296] worker_thread+0x6c8/0xf10 [ 71.351364][ T1296] kthread+0x3c5/0x780 [ 71.355409][ T1296] ret_from_fork+0x983/0xb10 [ 71.359973][ T1296] ret_from_fork_asm+0x1a/0x30 [ 71.364721][ T1296] [ 71.367019][ T1296] Last potentially related work creation: [ 71.372705][ T1296] kasan_save_stack+0x33/0x60 [ 71.377358][ T1296] kasan_record_aux_stack+0xa7/0xc0 [ 71.382538][ T1296] insert_work+0x36/0x230 [ 71.386844][ T1296] __queue_work+0x94f/0x10e0 [ 71.391410][ T1296] queue_work_on+0x1a4/0x1f0 [ 71.395976][ T1296] release_tty+0x4de/0x5d0 [ 71.400370][ T1296] tty_release_struct+0xb7/0xe0 [ 71.405234][ T1296] tty_release+0xe2d/0x1470 [ 71.409716][ T1296] __fput+0x402/0xb70 [ 71.413670][ T1296] task_work_run+0x150/0x240 [ 71.418242][ T1296] do_exit+0x87f/0x2bd0 [ 71.422381][ T1296] do_group_exit+0xd3/0x2a0 [ 71.426890][ T1296] get_signal+0x2671/0x26d0 [ 71.431385][ T1296] arch_do_signal_or_restart+0x8f/0x7e0 [ 71.436911][ T1296] exit_to_user_mode_loop+0x8c/0x540 [ 71.442176][ T1296] do_syscall_64+0x4ee/0xf80 [ 71.446743][ T1296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.452611][ T1296] [ 71.454908][ T1296] The buggy address belongs to the object at ffff88802ceaf000 [ 71.454908][ T1296] which belongs to the cache kmalloc-cg-2k of size 2048 [ 71.469195][ T1296] The buggy address is located 32 bytes inside of [ 71.469195][ T1296] freed 2048-byte region [ffff88802ceaf000, ffff88802ceaf800) [ 71.482967][ T1296] [ 71.485267][ T1296] The buggy address belongs to the physical page: [ 71.491649][ T1296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cea8 [ 71.500382][ T1296] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.508857][ T1296] memcg:ffff888075c91501 [ 71.513071][ T1296] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 71.520590][ T1296] page_type: f5(slab) [ 71.524548][ T1296] raw: 00fff00000000040 ffff88813ff303c0 dead000000000122 0000000000000000 [ 71.533104][ T1296] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888075c91501 [ 71.541660][ T1296] head: 00fff00000000040 ffff88813ff303c0 dead000000000122 0000000000000000 [ 71.550306][ T1296] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888075c91501 [ 71.558949][ T1296] head: 00fff00000000003 ffffea0000b3aa01 00000000ffffffff 00000000ffffffff [ 71.567593][ T1296] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 71.576232][ T1296] page dumped because: kasan: bad access detected [ 71.582614][ T1296] page_owner tracks the page as allocated [ 71.588302][ T1296] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5812, tgid 5812 (syz-executor), ts 65966782123, free_ts 65170610474 [ 71.609638][ T1296] post_alloc_hook+0x1af/0x220 [ 71.614386][ T1296] get_page_from_freelist+0xd0b/0x31a0 [ 71.619816][ T1296] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 71.625683][ T1296] alloc_pages_mpol+0x1fb/0x550 [ 71.630511][ T1296] new_slab+0x2c3/0x430 [ 71.634651][ T1296] ___slab_alloc+0xe18/0x1c90 [ 71.639307][ T1296] __slab_alloc.constprop.0+0x63/0x110 [ 71.644748][ T1296] __kmalloc_node_track_caller_noprof+0x4d6/0x930 [ 71.651136][ T1296] kmemdup_noprof+0x29/0x60 [ 71.655620][ T1296] __devinet_sysctl_register+0xbc/0x360 [ 71.661142][ T1296] devinet_sysctl_register+0x17b/0x200 [ 71.666574][ T1296] inetdev_init+0x2b8/0x580 [ 71.671051][ T1296] inetdev_event+0xc32/0x1870 [ 71.675705][ T1296] notifier_call_chain+0xbc/0x3e0 [ 71.680715][ T1296] call_netdevice_notifiers_info+0xbe/0x110 [ 71.686583][ T1296] register_netdevice+0x1792/0x21d0 [ 71.691757][ T1296] page last free pid 5816 tgid 5816 stack trace: [ 71.698053][ T1296] __free_frozen_pages+0x7df/0x1170 [ 71.703239][ T1296] __put_partials+0x130/0x170 [ 71.707902][ T1296] qlist_free_all+0x4c/0xf0 [ 71.712398][ T1296] kasan_quarantine_reduce+0x195/0x1e0 [ 71.717845][ T1296] __kasan_slab_alloc+0x69/0x90 [ 71.722676][ T1296] __kmalloc_cache_noprof+0x282/0x800 [ 71.728035][ T1296] netdevice_event+0x365/0x9d0 [ 71.732775][ T1296] notifier_call_chain+0xbc/0x3e0 [ 71.737777][ T1296] call_netdevice_notifiers_info+0xbe/0x110 [ 71.743652][ T1296] netif_set_mac_address+0x36f/0x4a0 [ 71.748935][ T1296] do_setlink.constprop.0+0x75f/0x4380 [ 71.754389][ T1296] rtnl_newlink+0x1376/0x1f50 [ 71.759055][ T1296] rtnetlink_rcv_msg+0x95e/0xe90 [ 71.763976][ T1296] netlink_rcv_skb+0x158/0x420 [ 71.768724][ T1296] netlink_unicast+0x5aa/0x870 [ 71.773470][ T1296] netlink_sendmsg+0x8c8/0xdd0 [ 71.778219][ T1296] [ 71.780533][ T1296] Memory state around the buggy address: [ 71.786144][ T1296] ffff88802ceaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.794184][ T1296] ffff88802ceaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.802223][ T1296] >ffff88802ceaf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.810254][ T1296] ^ [ 71.815336][ T1296] ffff88802ceaf080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.823370][ T1296] ffff88802ceaf100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.831425][ T1296] ================================================================== [ 71.839524][ T1296] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.846711][ T1296] CPU: 1 UID: 0 PID: 1296 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 71.855732][ T1296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 71.865806][ T1296] Call Trace: [ 71.869085][ T1296] [ 71.872016][ T1296] dump_stack_lvl+0x3d/0x1f0 [ 71.876611][ T1296] vpanic+0x640/0x6f0 [ 71.880594][ T1296] panic+0xca/0xd0 [ 71.884313][ T1296] ? __pfx_panic+0x10/0x10 [ 71.888737][ T1296] ? check_panic_on_warn+0x1f/0xb0 [ 71.893849][ T1296] check_panic_on_warn+0xab/0xb0 [ 71.898795][ T1296] end_report+0x107/0x160 [ 71.903127][ T1296] kasan_report+0xee/0x110 [ 71.907547][ T1296] ? tty_write_room+0x7d/0x90 [ 71.912230][ T1296] tty_write_room+0x7d/0x90 [ 71.916734][ T1296] handle_tx+0x14f/0x630 [ 71.920979][ T1296] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 71.926795][ T1296] dev_hard_start_xmit+0x97/0x6e0 [ 71.931854][ T1296] __dev_queue_xmit+0x6d7/0x4650 [ 71.936797][ T1296] ? rcu_is_watching+0x12/0xc0 [ 71.941561][ T1296] ? finish_task_switch.isra.0+0x207/0xbd0 [ 71.947369][ T1296] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.952746][ T1296] ? __lock_acquire+0x436/0x2890 [ 71.957675][ T1296] ? ref_tracker_free+0x37c/0x830 [ 71.962709][ T1296] ? do_raw_spin_lock+0x12c/0x2b0 [ 71.967734][ T1296] ? find_held_lock+0x2b/0x80 [ 71.972402][ T1296] ? skb_dequeue+0x126/0x180 [ 71.976980][ T1296] ? find_held_lock+0x2b/0x80 [ 71.981647][ T1296] ? rcu_is_watching+0x12/0xc0 [ 71.986394][ T1296] tx+0xcc/0x190 [ 71.989926][ T1296] ? __pfx_tx+0x10/0x10 [ 71.994086][ T1296] kthread+0x1e4/0x3e0 [ 71.998140][ T1296] ? find_held_lock+0x2b/0x80 [ 72.002802][ T1296] ? __pfx_kthread+0x10/0x10 [ 72.007462][ T1296] ? __pfx_default_wake_function+0x10/0x10 [ 72.013253][ T1296] ? lockdep_hardirqs_on+0x7c/0x110 [ 72.018435][ T1296] ? __kthread_parkme+0x19e/0x250 [ 72.023439][ T1296] ? __pfx_kthread+0x10/0x10 [ 72.028011][ T1296] kthread+0x3c5/0x780 [ 72.032075][ T1296] ? __pfx_kthread+0x10/0x10 [ 72.036642][ T1296] ? rcu_is_watching+0x12/0xc0 [ 72.041383][ T1296] ? __pfx_kthread+0x10/0x10 [ 72.045953][ T1296] ret_from_fork+0x983/0xb10 [ 72.050524][ T1296] ? __pfx_ret_from_fork+0x10/0x10 [ 72.055614][ T1296] ? __switch_to+0x7af/0x10d0 [ 72.060284][ T1296] ? __pfx_kthread+0x10/0x10 [ 72.064853][ T1296] ret_from_fork_asm+0x1a/0x30 [ 72.069619][ T1296] [ 72.072900][ T1296] Kernel Offset: disabled [ 72.077195][ T1296] Rebooting in 86400 seconds..