last executing test programs: 12.183853662s ago: executing program 1 (id=173): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 10.913005962s ago: executing program 0 (id=174): madvise(&(0x7f0000e84000/0x4000)=nil, 0x4000, 0xa) r0 = userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000240)={'macsec0\x00', 0x1}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d617463680000003400028008000240000000001c0003000afe6cbf96caa5debdad61b67ddb2fb68fcf19f7807076430a00010071756f7461"], 0xc8}}, 0x4040) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, 0x0, &(0x7f0000000080)=0x28) socket$inet6(0xa, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r5, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "75287ad1ee602ec4452a04ea7cdcd151bb2cd9893bc31f80718316d9bd3517076db9ad1f6a120d8be6d7f81cd81ec2757d0386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) r6 = socket$netlink(0x10, 0x3, 0x6) close_range(r6, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, 0x3}, &(0x7f0000000340), &(0x7f0000000280)) 10.714142497s ago: executing program 4 (id=175): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd32", 0xb) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}, {{0x0, 0x0, 0x0}, 0x7e0}], 0x2, 0x60002000, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007640)=ANY=[], 0x3aa0}}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r7 = openat$audio(0xffffffffffffff9c, 0x0, 0x9e966e64318092aa, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f) syz_emit_vhci(&(0x7f00000012c0)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x0, 0xc9, "0d24b2002987f91c"}}}, 0xe) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) request_key(&(0x7f0000000300)='id_resolver\x00', &(0x7f0000000340)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000003c0)='pkcs7_test\x00', &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000500)="14a0fc15d269a3523a7dea685da36a300909cbe0aba8074bdfe7551333d7016251775fad74a68ddc5e18861e2e6a44a4eba2c2768aff295a2d166fc4048f2b1ee6b772659141fbee0423fdf5d750ae383fa2b1dee861052ec402a4eedbd535332d9219a6b4e01e0c1ef9bb43194f83b664", 0x71, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) socket$nl_route(0x10, 0x3, 0x0) 10.248078969s ago: executing program 0 (id=177): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x18, 0x0, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @link_local, 'veth1_macvtap\x00'}}, 0xffffffffffffff32) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x404c000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0, 0x44000}, 0x93) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bind$netlink(r2, 0x0, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$TCXONC(r7, 0x540a, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=@newtaction={0x60, 0x30, 0xb, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ct={0x48, 0x1, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x10}, @TCA_CT_LABELS={0x14, 0x7, "296524f13eb7394549979c0db12f7a74"}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x60}}, 0x0) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000780)=ANY=[@ANYBLOB="1401000033000100000000000000000002"], 0x114}], 0x1}, 0x0) socket$kcm(0x28, 0x1, 0x0) 9.309922111s ago: executing program 4 (id=178): syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r0 = semget(0x2, 0x1, 0x3) semctl$GETPID(r0, 0x1, 0xb, &(0x7f0000000180)=""/236) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r4 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r4, 0x0, 0x400000000000000, 0x2) semctl$SEM_STAT_ANY(r0, 0x2, 0x14, &(0x7f0000000040)=""/61) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r5, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}, {&(0x7f0000000140)='2', 0x1}], 0x2, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000380)='setgroups\x00') read$FUSE(r6, &(0x7f0000009540)={0x2020}, 0x2020) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x0, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe]}}, 0x5c) 8.556154216s ago: executing program 1 (id=179): prlimit64(0x0, 0xa, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d89}, &(0x7f0000000440)=0x0, &(0x7f0000000040)=0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) r5 = syz_io_uring_setup(0x4171, &(0x7f0000000780)={0x0, 0xb395, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000003c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/43, 0x2b}], 0x1}) io_uring_enter(r5, 0x567, 0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4000, @fd=r1, 0x800, &(0x7f0000001100)=[{&(0x7f0000000900)="d487e764a941f1c9f079b0aa145d501544dc03bb62b5357ef0ef49955e5068639a0cc2ba391a9215c98b64a656bf5ca6fb76f5cfb523bbf40cd686ed6f48d1d3835a1c3d07c715f2295e7190fc1285005507a7553e56fe111819a3c80047c7", 0x5f}, {&(0x7f0000000980)="5aef85183f09e3d71cd35ed5aeb3e878f12a894b2bf5d542f0081e974dc880a15fd9773e9fa69058688312c455a91113555eb654bb1f30a9dd68dd8680d9643ba89ec457b74b307ad35e674ce6d0ad01b2f0c79b903953e0bbae59b90d126f458bb7abe807de86325acde20ce35da988f8033535", 0x74}, {&(0x7f0000000a40)="0a23ff4f89b3a913c809416b14fb3897c8915050c92b3329e3f10822bb386feeb9", 0x21}, {&(0x7f0000000a80)="027736083dbfae1089517ca25b", 0xd}], 0x4, 0x4, 0x1, {0x3}}) io_uring_enter(r2, 0x8aa, 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f000000fcc0)={0x2020}, 0x2020) 8.080735404s ago: executing program 0 (id=180): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_pktinfo(r6, 0x0, 0x8, 0x0, &(0x7f0000000040)) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) 8.07882957s ago: executing program 4 (id=181): mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x8001, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000001300)=[{{&(0x7f0000000300)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10, 0x0}}, {{&(0x7f0000000840)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="100000000000000000000000070000e35ea38c2a416c8b66"], 0x10}}], 0x2, 0x0) syz_usb_connect$uac1(0x2, 0x92, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d0101400001e702010902800003010000000904000000010100000a2401e700000201020a2408000f00006383125f6b9c112b000000090401000001020000090401010101020000090501092000ff080a07250180090800090402000001020000090402010101020000102402010903bd02bcad7504a2156d010724010000000009acb6a4ac359f1862b5db7b44450582093e0000050007250102030700"], &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0}) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x8040001) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f00000005c0)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/73, &(0x7f0000000880)=""/72}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000480)=0x800001) ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af04, 0x0) fchdir(0xffffffffffffffff) setuid(0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x10, 0x0, 0xc8, 0x2, &(0x7f0000000600)="ada67d28006913bb1265f9830337823a4fbb5a883be7029e4a7a914fd92d4185fc801772ebcb3db816ee9dc5ca3707e5e17911b6822741c4e1fa43abaffff430fd54b9bf06ad9a759380ee64c688ac06cdcd7e9f4cddb40c93aaa43a4ec2f5d81dfa7e767f9aabc6698d7bce4b28cb6c4ae335c5a3c7183a1785a008eabc81aff156086488bdf50aa20b974e1d27582d7092793d9c7970516bf1b5647aece1ff9ca254806ee49176739f2712998c4a62468cc2c65e55d0bd58795224c85b60dd18e9b7b2d70af8811e6953f4c0949a87c1246a49b6bb855b5060178dc36842ff707b67", 0x2}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x10}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 7.966095266s ago: executing program 3 (id=182): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002000)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, 'y'}]}, 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r6, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}}, 0x0) 7.848785684s ago: executing program 3 (id=183): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 6.505564441s ago: executing program 2 (id=184): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4e757000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8) connect$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff48, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0xfc, 0x0, 0x1000}, {0x6}]}, 0x10) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40840) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 6.241839651s ago: executing program 3 (id=185): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x7, &(0x7f0000000100)=0x43, 0x4) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000fe9d77878d938f53e0c9aa4f642a9f950c8a8717418119b62fce3a8be3e880ee910980e5352ba5bd9f5a3c97ea5eab1156ad3442fd47ec374ec629b8731613f04efab919c9e8ca36d470bf600768883ce095359e035a46bd1bd5982d302c1d183bee15d83aabcd749577817a7e8f46cc4ccb712d44b06006", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000500"/27], 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_io_uring_setup(0x230, &(0x7f00000035c0)={0x0, 0x4, 0x8, 0x0, 0x40000000}, &(0x7f0000000100), 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) accept(r2, &(0x7f0000000040)=@qipcrtr, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900"], 0x16) 5.490132198s ago: executing program 2 (id=186): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4e757000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8) connect$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff48, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0xfc, 0x0, 0x1000}, {0x6}]}, 0x10) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40840) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) 5.385309733s ago: executing program 0 (id=187): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(0xffffffffffffffff, &(0x7f0000002540)=@abs, 0x6e) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 4.354914301s ago: executing program 1 (id=188): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd32", 0xb) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/96, 0x60}], 0x1}, 0xc}, {{0x0, 0x0, 0x0}, 0x7e0}], 0x2, 0x60002000, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007640)=ANY=[], 0x3aa0}}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r7 = openat$audio(0xffffffffffffff9c, 0x0, 0x9e966e64318092aa, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000080)=0x7f) syz_emit_vhci(&(0x7f00000012c0)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x0, 0xc9, "0d24b2002987f91c"}}}, 0xe) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) request_key(&(0x7f0000000300)='id_resolver\x00', &(0x7f0000000340)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000003c0)='pkcs7_test\x00', &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000500)="14a0fc15d269a3523a7dea685da36a300909cbe0aba8074bdfe7551333d7016251775fad74a68ddc5e18861e2e6a44a4eba2c2768aff295a2d166fc4048f2b1ee6b772659141fbee0423fdf5d750ae383fa2b1dee861052ec402a4eedbd535332d9219a6b4e01e0c1ef9bb43194f83b664", 0x71, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) socket$nl_route(0x10, 0x3, 0x0) 4.321286648s ago: executing program 0 (id=189): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x0) userfaultfd(0x801) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 4.248475413s ago: executing program 3 (id=190): write$vga_arbiter(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x2, 0x1, 0x0) geteuid() ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x25c000) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="120100004bec0220a20603008cb4010203010902120001000000000904dfa0"], 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x80000, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="14000000150001030000"], 0x14}}, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x7}, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000340)) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f00000005c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000e00)=ANY=[]}, 0x78) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8ae8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000140)='sys_exit\x00', r4}, 0x18) getsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f0000000800)={@multicast2, @initdev, 0x0}, &(0x7f00000006c0)=0xc) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040025bd7000fbdbdf251200000008000800ff7f0000080008008eb2fb5e08000700030000000800070004000000080009000000000008000900020000002000018008000100", @ANYRES32=r5, @ANYBLOB="1400020070696d72656731000000000000000000080009002700000008000700020000000800080001000000"], 0x7c}}, 0x20000000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f00000004c0)={'sit0\x00', &(0x7f0000000480)={@mcast2, @loopback, 0x17, 0xa}}) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000500)) 4.148049891s ago: executing program 2 (id=191): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = semget(0x2, 0x1, 0x3) semctl$GETPID(r1, 0x1, 0xb, &(0x7f0000000180)=""/236) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r5 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r5, 0x0, 0x400000000000000, 0x2) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f0000000040)=""/61) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}, {&(0x7f0000000140)='2', 0x1}], 0x2, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000380)='setgroups\x00') r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x0, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe]}}, 0x5c) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x17}) 3.132151763s ago: executing program 1 (id=192): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4e757000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8) connect$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff48, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0xfc, 0x0, 0x1000}, {0x6}]}, 0x10) sendmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40840) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) syz_genetlink_get_family_id$nfc(&(0x7f0000000c80), r0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYRES64=r1], 0x28}, 0x1, 0x0, 0x0, 0xbc785c1ca1ee7206}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) sendmsg$NFC_CMD_VENDOR(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}, 0x1, 0x0, 0x0, 0xc63df298fd3b99e6}, 0x0) socket$xdp(0x2c, 0x3, 0x0) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'}) 3.126241956s ago: executing program 2 (id=193): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002000)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, 'y'}]}, 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r6, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}}, 0x0) 2.975890444s ago: executing program 4 (id=194): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = semget(0x2, 0x1, 0x3) semctl$GETPID(r1, 0x1, 0xb, &(0x7f0000000180)=""/236) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r5 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r5, 0x0, 0x400000000000000, 0x2) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f0000000040)=""/61) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}, {&(0x7f0000000140)='2', 0x1}], 0x2, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000380)='setgroups\x00') r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x0, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe]}}, 0x5c) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x17}) 2.768730721s ago: executing program 2 (id=195): r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYRESDEC=r1, @ANYRES16=r2]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0) r3 = socket$kcm(0x2, 0x922000000001, 0x106) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpu.stat\x00', 0x26e1, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x3a) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r5, 0x8004745a, 0x2000000c) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_procs(r6, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f00000001c0), 0x12) syz_clone(0x28280000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r4, 0x4) chdir(&(0x7f0000000080)='./file1\x00') mkdir(0x0, 0x0) listen(r0, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, &(0x7f0000000040), &(0x7f0000000200)=0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'dummy0\x00'}) 1.790390764s ago: executing program 4 (id=196): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}}) 1.726186445s ago: executing program 1 (id=197): io_submit(0x0, 0x0, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) syz_io_uring_setup(0x3bd6, &(0x7f0000000000)={0x0, 0xfffffffc, 0x2, 0xfffffff7, 0x10330}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4008840) r5 = socket$igmp6(0xa, 0x3, 0x2) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) 614.277343ms ago: executing program 4 (id=198): io_submit(0x0, 0x0, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) syz_io_uring_setup(0x3bd6, &(0x7f0000000000)={0x0, 0xfffffffc, 0x2, 0xfffffff7, 0x10330}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840) r5 = socket$igmp6(0xa, 0x3, 0x2) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) 572.102235ms ago: executing program 3 (id=199): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(0xffffffffffffffff, &(0x7f0000002540)=@abs, 0x6e) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 530.660747ms ago: executing program 2 (id=200): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20004000) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000540)={0x5, 0x6dff, 0x3fb, 0x0, 0x12}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000001c0)={0x0, 0x7b77, 0x3ff}) iopl(0x3) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x7) syz_emit_ethernet(0x86, &(0x7f00000010c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500007800000000000190780a010102ac1414aa03049078ac14142a4700000000000000001100000000000000000000440c0001ac1414bb4e210000443c0001e0000001000000000000000000000000ac1414000000000000000000000000000000000000000000ac1e0001000014000002000000000000"], 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "4c1b6ddecbd7136e", "f7d3d598ef57121fdc81e6a0faa655309226590a7af88be818a8f441da4daa5b", "3c9b40e4", "cd0b8df721c2b9fe"}, 0x38) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4004, 0x5) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x120, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x10c, 0x1, [@m_mpls={0x108, 0xf, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x6bc0d}, @TCA_MPLS_PROTO={0x6, 0x4, 0x6005}, @TCA_MPLS_LABEL={0x8, 0x5, 0x6cdc5}]}, {0xc3, 0x6, "884031c62477559f46a76eaed58d04449968c9818f548ea847559b6f2ff42aeb7fffa72b048df72120a4248a9338f5d65cd67211f15c3f1de9f144b171f030b5afeafe56d6b82d58e4f7464e61b6842bb719780ee8c2c8accf36060b2c48cde85b03492769a04df7f7f54efa7d904992539369a13de78b459d1c6917cd74283f9daad5911fa9e2375bee9be375e0790fe4137a91d98a8fea0c99685f3ea80f077719416b97bc159eefe263789adc992e23e0f0f86d8bc86ba71cfd686ec40f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x120}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) 486.537566ms ago: executing program 0 (id=201): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x7, &(0x7f0000000100)=0x43, 0x4) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000fe9d77878d938f53e0c9aa4f642a9f950c8a8717418119b62fce3a8be3e880ee910980e5352ba5bd9f5a3c97ea5eab1156ad3442fd47ec374ec629b8731613f04efab919c9e8ca36d470bf600768883ce095359e035a46bd1bd5982d302c1d183bee15d83aabcd749577817a7e8f46cc4ccb712d44b06006", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYBLOB="000000000500"/28], 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_io_uring_setup(0x230, &(0x7f00000035c0)={0x0, 0x4, 0x8, 0x0, 0x40000000}, &(0x7f0000000100), 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) accept(r2, &(0x7f0000000040)=@qipcrtr, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900"], 0x16) 196.215988ms ago: executing program 1 (id=202): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = semget(0x2, 0x1, 0x3) semctl$GETPID(r1, 0x1, 0xb, &(0x7f0000000180)=""/236) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r5 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r5, 0x0, 0x400000000000000, 0x2) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f0000000040)=""/61) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}, {&(0x7f0000000140)='2', 0x1}], 0x2, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000380)='setgroups\x00') read$FUSE(r7, &(0x7f0000009540)={0x2020}, 0x2020) socket(0xa, 0x3, 0x3a) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x17}) 0s ago: executing program 3 (id=203): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) userfaultfd(0x1) socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_setup(0x6bb1, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2}, 0x0, 0x0) r1 = syz_io_uring_setup(0x2fdd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r1, 0x2d3e, 0x0, 0x7f00, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts. [ 51.785252][ T29] audit: type=1400 audit(1736201208.587:88): avc: denied { mounton } for pid=5804 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 51.789836][ T5804] cgroup: Unknown subsys name 'net' [ 51.808023][ T29] audit: type=1400 audit(1736201208.587:89): avc: denied { mount } for pid=5804 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 51.835428][ T29] audit: type=1400 audit(1736201208.617:90): avc: denied { unmount } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 51.996688][ T5804] cgroup: Unknown subsys name 'cpuset' [ 52.004302][ T5804] cgroup: Unknown subsys name 'rlimit' [ 52.199712][ T29] audit: type=1400 audit(1736201208.997:91): avc: denied { setattr } for pid=5804 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.223339][ T29] audit: type=1400 audit(1736201208.997:92): avc: denied { create } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 52.244640][ T29] audit: type=1400 audit(1736201208.997:93): avc: denied { write } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 52.266464][ T29] audit: type=1400 audit(1736201208.997:94): avc: denied { read } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 52.287060][ T29] audit: type=1400 audit(1736201209.027:95): avc: denied { read } for pid=5486 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 52.307998][ T29] audit: type=1400 audit(1736201209.027:96): avc: denied { mounton } for pid=5804 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 52.320792][ T5807] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 52.332783][ T29] audit: type=1400 audit(1736201209.027:97): avc: denied { mount } for pid=5804 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 53.288253][ T5804] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.884499][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 56.884515][ T29] audit: type=1400 audit(1736201213.687:103): avc: denied { create } for pid=5814 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.942730][ T29] audit: type=1400 audit(1736201213.717:104): avc: denied { read write } for pid=5814 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 57.022059][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.030283][ T29] audit: type=1400 audit(1736201213.717:105): avc: denied { open } for pid=5814 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 57.054907][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.062432][ T29] audit: type=1400 audit(1736201213.737:106): avc: denied { ioctl } for pid=5814 comm="syz-executor" path="socket:[5415]" dev="sockfs" ino=5415 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.087938][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.104211][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.113968][ T5817] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.121488][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.130274][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.167690][ T29] audit: type=1400 audit(1736201213.967:107): avc: denied { read } for pid=5814 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.171460][ T5131] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.193367][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.204873][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.213018][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.220301][ T5824] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.230357][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.238708][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.248072][ T5828] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.253905][ T29] audit: type=1400 audit(1736201213.967:108): avc: denied { open } for pid=5814 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.255564][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.285618][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.295967][ T5131] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.296122][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.303393][ T5131] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.318243][ T5131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.326232][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.353299][ T29] audit: type=1400 audit(1736201213.967:109): avc: denied { mounton } for pid=5814 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 57.353946][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.387512][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.389962][ T5821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.412329][ T5821] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.419954][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.427581][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.437666][ T5824] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.454574][ T5824] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.663815][ T29] audit: type=1400 audit(1736201214.457:110): avc: denied { module_request } for pid=5814 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 57.732478][ T5814] chnl_net:caif_netlink_parms(): no params data found [ 57.786124][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 57.796303][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 57.923313][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 57.970415][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 57.986532][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.994455][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.001929][ T5814] bridge_slave_0: entered allmulticast mode [ 58.009394][ T5814] bridge_slave_0: entered promiscuous mode [ 58.027166][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.034324][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.041419][ T5822] bridge_slave_0: entered allmulticast mode [ 58.048038][ T5822] bridge_slave_0: entered promiscuous mode [ 58.074203][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.081325][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.088748][ T5814] bridge_slave_1: entered allmulticast mode [ 58.095225][ T5814] bridge_slave_1: entered promiscuous mode [ 58.109298][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.116500][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.123815][ T5822] bridge_slave_1: entered allmulticast mode [ 58.130264][ T5822] bridge_slave_1: entered promiscuous mode [ 58.136917][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.144119][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.151322][ T5826] bridge_slave_0: entered allmulticast mode [ 58.158234][ T5826] bridge_slave_0: entered promiscuous mode [ 58.185671][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.192751][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.199998][ T5826] bridge_slave_1: entered allmulticast mode [ 58.207115][ T5826] bridge_slave_1: entered promiscuous mode [ 58.250027][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.272550][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.284986][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.302618][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.333159][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.345227][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.367741][ T5814] team0: Port device team_slave_0 added [ 58.374573][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.381668][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.388874][ T5818] bridge_slave_0: entered allmulticast mode [ 58.395789][ T5818] bridge_slave_0: entered promiscuous mode [ 58.425490][ T5814] team0: Port device team_slave_1 added [ 58.431343][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.439048][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.446735][ T5829] bridge_slave_0: entered allmulticast mode [ 58.453440][ T5829] bridge_slave_0: entered promiscuous mode [ 58.461621][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.468817][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.476712][ T5818] bridge_slave_1: entered allmulticast mode [ 58.483174][ T5818] bridge_slave_1: entered promiscuous mode [ 58.491799][ T5822] team0: Port device team_slave_0 added [ 58.500743][ T5822] team0: Port device team_slave_1 added [ 58.509041][ T5826] team0: Port device team_slave_0 added [ 58.522171][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.529373][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.537044][ T5829] bridge_slave_1: entered allmulticast mode [ 58.543499][ T5829] bridge_slave_1: entered promiscuous mode [ 58.564812][ T5826] team0: Port device team_slave_1 added [ 58.578063][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.585064][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.611149][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.648467][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.655488][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.681646][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.700329][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.707567][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.734019][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.746712][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.757829][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.768822][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.780028][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.789601][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.796835][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.822830][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.857075][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.864079][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.890291][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.922165][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.934100][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.960168][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.985840][ T5818] team0: Port device team_slave_0 added [ 59.005618][ T5829] team0: Port device team_slave_0 added [ 59.018292][ T5818] team0: Port device team_slave_1 added [ 59.038514][ T5814] hsr_slave_0: entered promiscuous mode [ 59.046948][ T5814] hsr_slave_1: entered promiscuous mode [ 59.064306][ T5829] team0: Port device team_slave_1 added [ 59.072305][ T5822] hsr_slave_0: entered promiscuous mode [ 59.078502][ T5822] hsr_slave_1: entered promiscuous mode [ 59.085190][ T5822] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.092961][ T5822] Cannot create hsr debugfs directory [ 59.119297][ T5826] hsr_slave_0: entered promiscuous mode [ 59.125476][ T5826] hsr_slave_1: entered promiscuous mode [ 59.131854][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.139693][ T5826] Cannot create hsr debugfs directory [ 59.159415][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.166482][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.192829][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.205450][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.212402][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.238842][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.250017][ T5824] Bluetooth: hci0: command tx timeout [ 59.266528][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.273472][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.299575][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.330006][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.337190][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.363230][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.403692][ T5824] Bluetooth: hci2: command tx timeout [ 59.440683][ T5818] hsr_slave_0: entered promiscuous mode [ 59.446913][ T5818] hsr_slave_1: entered promiscuous mode [ 59.452849][ T5818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.460576][ T5818] Cannot create hsr debugfs directory [ 59.484437][ T5828] Bluetooth: hci1: command tx timeout [ 59.487729][ T5824] Bluetooth: hci3: command tx timeout [ 59.500625][ T5829] hsr_slave_0: entered promiscuous mode [ 59.506986][ T5829] hsr_slave_1: entered promiscuous mode [ 59.512975][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.520941][ T5829] Cannot create hsr debugfs directory [ 59.563735][ T5824] Bluetooth: hci4: command tx timeout [ 59.731901][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.749664][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.759294][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.776715][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.817753][ T5814] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.830208][ T5814] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.838946][ T5814] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.853479][ T5814] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.910855][ T5822] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 59.929594][ T5822] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 59.947387][ T5822] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 59.956702][ T5822] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.005462][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.026807][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.041673][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.059575][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.069096][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.121394][ T5818] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 60.130795][ T5818] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 60.141603][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.156819][ T5818] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 60.166333][ T5818] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 60.197132][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.204475][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.213332][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.220426][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.306253][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.340882][ T5814] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.360646][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.392874][ T29] audit: type=1400 audit(1736201217.187:111): avc: denied { sys_module } for pid=5826 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 60.425112][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.432790][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.439909][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.451474][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.458627][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.481397][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.497998][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.528565][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.535675][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.562267][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.601532][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.619918][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.627080][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.642226][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.649356][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.670208][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.699301][ T4886] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.706403][ T4886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.743200][ T4886] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.750344][ T4886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.772897][ T4886] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.780019][ T4886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.806343][ T5826] veth0_vlan: entered promiscuous mode [ 60.820604][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.868598][ T5826] veth1_vlan: entered promiscuous mode [ 60.953404][ T5814] veth0_vlan: entered promiscuous mode [ 60.986611][ T5826] veth0_macvtap: entered promiscuous mode [ 60.999803][ T5814] veth1_vlan: entered promiscuous mode [ 61.019185][ T5826] veth1_macvtap: entered promiscuous mode [ 61.068873][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.108239][ T5814] veth0_macvtap: entered promiscuous mode [ 61.127401][ T5814] veth1_macvtap: entered promiscuous mode [ 61.148930][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.169478][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.183443][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.194189][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.202910][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.212281][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.231696][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.242596][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.255158][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.268189][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.280768][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.304244][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.315650][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.326543][ T5824] Bluetooth: hci0: command tx timeout [ 61.327300][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.355678][ T5814] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.366783][ T5814] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.377577][ T5814] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.386490][ T5814] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.480384][ T5829] veth0_vlan: entered promiscuous mode [ 61.486135][ T5824] Bluetooth: hci2: command tx timeout [ 61.518515][ T5818] veth0_vlan: entered promiscuous mode [ 61.539675][ T5829] veth1_vlan: entered promiscuous mode [ 61.553413][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.563810][ T5824] Bluetooth: hci1: command tx timeout [ 61.564336][ T5828] Bluetooth: hci3: command tx timeout [ 61.571074][ T5829] veth0_macvtap: entered promiscuous mode [ 61.587403][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.607516][ T5829] veth1_macvtap: entered promiscuous mode [ 61.624162][ T5818] veth1_vlan: entered promiscuous mode [ 61.644888][ T5828] Bluetooth: hci4: command tx timeout [ 61.660401][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.671144][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.681571][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.692159][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.706037][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.718457][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.718733][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.739351][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.747133][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.757243][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.767872][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.778546][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.811372][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.827070][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.829641][ T5829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.843431][ T5829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.852652][ T5829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.861421][ T5829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.890263][ T29] audit: type=1400 audit(1736201218.687:112): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/root/syzkaller.KyeYzd/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 61.909044][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.922846][ T5822] veth0_vlan: entered promiscuous mode [ 61.929475][ T29] audit: type=1400 audit(1736201218.687:113): avc: denied { mount } for pid=5826 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 61.947971][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.957383][ T29] audit: type=1400 audit(1736201218.687:114): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/root/syzkaller.KyeYzd/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 61.974677][ T5818] veth0_macvtap: entered promiscuous mode [ 61.990308][ T29] audit: type=1400 audit(1736201218.687:115): avc: denied { mount } for pid=5826 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 62.021179][ T29] audit: type=1400 audit(1736201218.687:116): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/root/syzkaller.KyeYzd/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 62.048380][ T29] audit: type=1400 audit(1736201218.687:117): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/root/syzkaller.KyeYzd/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7574 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 62.061183][ T5822] veth1_vlan: entered promiscuous mode [ 62.081606][ T29] audit: type=1400 audit(1736201218.687:118): avc: denied { unmount } for pid=5826 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 62.102306][ T29] audit: type=1400 audit(1736201218.737:119): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 62.129114][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 62.133155][ T29] audit: type=1400 audit(1736201218.737:120): avc: denied { mount } for pid=5826 comm="syz-executor" name="/" dev="gadgetfs" ino=7578 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 62.167272][ T29] audit: type=1400 audit(1736201218.737:121): avc: denied { mount } for pid=5826 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 62.192416][ T29] audit: type=1400 audit(1736201218.737:122): avc: denied { mounton } for pid=5826 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 62.211847][ T5818] veth1_macvtap: entered promiscuous mode [ 62.249256][ T5822] veth0_macvtap: entered promiscuous mode [ 62.257749][ T5822] veth1_macvtap: entered promiscuous mode [ 62.271145][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.281656][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.291651][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.302181][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.312348][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.323077][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.335485][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.388739][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.399577][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.412758][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.414606][ T5897] Zero length message leads to an empty skb [ 62.423648][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.441188][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.452728][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.463959][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.517008][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.542342][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.556909][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.569654][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.600113][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.622094][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.632450][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.643759][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.654566][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.664552][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.675457][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.687454][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.698655][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.709171][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.765269][ T5901] netlink: 'syz.0.1': attribute type 8 has an invalid length. [ 62.773394][ T5901] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1'. [ 62.948890][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.045944][ T5818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.158920][ T5818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.182990][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.210012][ T3583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.218153][ T3583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.321544][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.322504][ T5818] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.338957][ T5818] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.347772][ T5818] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.356545][ T5818] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.384264][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.401797][ T5822] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.413043][ T5822] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.422218][ T5828] Bluetooth: hci0: command tx timeout [ 63.429656][ T5822] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.438439][ T5822] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.558162][ T5904] 9pnet_fd: Insufficient options for proto=fd [ 63.574612][ T5828] Bluetooth: hci2: command tx timeout [ 63.582259][ T3485] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.590151][ T3485] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.656568][ T5828] Bluetooth: hci3: command tx timeout [ 63.661998][ T5828] Bluetooth: hci1: command tx timeout [ 63.662540][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.675385][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.783769][ T5824] Bluetooth: hci4: command tx timeout [ 64.028806][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.036693][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.073216][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.140639][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.808351][ T865] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 64.895351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 64.986479][ T865] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 65.004931][ T865] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 65.074468][ T5909] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 65.080118][ T865] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 65.113680][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 65.126993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 65.177580][ T865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.215698][ T865] usb 2-1: Product: syz [ 65.220027][ T865] usb 2-1: Manufacturer: syz [ 65.243922][ T865] usb 2-1: SerialNumber: syz [ 65.263660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 65.269025][ T865] usb 2-1: config 0 descriptor?? [ 65.283607][ T5915] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 65.324223][ T5915] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 65.558676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 65.599489][ T5915] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 65.607569][ T5915] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 65.622833][ T5824] Bluetooth: hci0: command tx timeout [ 65.633769][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 65.639238][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 65.650892][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 66.048292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 66.191629][ T5824] Bluetooth: hci2: command tx timeout [ 66.197229][ T5824] Bluetooth: hci1: command tx timeout [ 66.276351][ T5824] Bluetooth: hci3: command tx timeout [ 66.281798][ T5824] Bluetooth: hci4: command tx timeout [ 66.293854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 66.499085][ T5915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.168729][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 67.168746][ T29] audit: type=1400 audit(1736201223.367:160): avc: denied { map_create } for pid=5939 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 67.254330][ T5915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.271323][ T29] audit: type=1400 audit(1736201223.377:161): avc: denied { map_read map_write } for pid=5939 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 67.326399][ T5909] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 67.335326][ T5909] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 67.345733][ T5909] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 67.355184][ T29] audit: type=1400 audit(1736201224.117:162): avc: denied { create } for pid=5948 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.374484][ C0] vkms_vblank_simulate: vblank timer overrun [ 67.410110][ T5909] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 67.453822][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=231, SerialNumber=2 [ 67.472399][ T5909] usb 3-1: Product: syz [ 67.481473][ T5909] usb 3-1: Manufacturer: syz [ 67.502668][ T5909] usb 3-1: SerialNumber: syz [ 67.509701][ T29] audit: type=1400 audit(1736201224.317:163): avc: denied { ioctl } for pid=5950 comm="syz.4.15" path="socket:[8340]" dev="sockfs" ino=8340 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.519255][ T5868] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 68.298403][ T29] audit: type=1400 audit(1736201224.597:164): avc: denied { prog_run } for pid=5948 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 68.481940][ T5958] syz_tun: entered allmulticast mode [ 68.499598][ T5958] syz_tun: left allmulticast mode [ 68.510579][ T29] audit: type=1400 audit(1736201225.277:165): avc: denied { setopt } for pid=5950 comm="syz.4.15" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.857573][ T29] audit: type=1400 audit(1736201225.377:166): avc: denied { bind } for pid=5950 comm="syz.4.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 68.879116][ C0] raw-gadget.1 gadget.2: ignoring, device is not running [ 68.889689][ T5909] usb 3-1: can't set config #1, error -32 [ 68.934174][ T5909] usb 3-1: USB disconnect, device number 2 [ 69.130759][ T29] audit: type=1400 audit(1736201225.377:167): avc: denied { setopt } for pid=5950 comm="syz.4.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.683459][ T865] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL [ 69.715214][ T865] usb 2-1: USB disconnect, device number 2 [ 70.183552][ T29] audit: type=1400 audit(1736201226.947:168): avc: denied { create } for pid=5941 comm="syz.0.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 70.412136][ T5963] syz_tun: entered allmulticast mode [ 70.417818][ T5964] syz_tun: left allmulticast mode [ 70.526942][ T29] audit: type=1400 audit(1736201227.027:169): avc: denied { listen } for pid=5941 comm="syz.0.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 70.608516][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.620103][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.630020][ T5868] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 70.639185][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.892307][ T5868] usb 1-1: config 0 descriptor?? [ 71.526597][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.534805][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.625206][ T5868] usbhid 1-1:0.0: can't add hid device: -71 [ 71.633301][ T5868] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 71.644984][ T5868] usb 1-1: USB disconnect, device number 2 [ 71.860706][ T5988] netlink: 304 bytes leftover after parsing attributes in process `syz.3.21'. [ 72.414445][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 72.453300][ T29] audit: type=1400 audit(1736201229.177:182): avc: denied { create } for pid=5986 comm="syz.4.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 73.409857][ T29] audit: type=1400 audit(1736201230.207:183): avc: denied { read } for pid=5996 comm="syz.0.26" name="sg0" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 74.392458][ T29] audit: type=1400 audit(1736201230.207:184): avc: denied { open } for pid=5996 comm="syz.0.26" path="/dev/sg0" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 75.273231][ T29] audit: type=1400 audit(1736201230.237:185): avc: denied { ioctl } for pid=5996 comm="syz.0.26" path="/dev/sg0" dev="devtmpfs" ino=753 ioctlcmd=0x2201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 75.360160][ T29] audit: type=1400 audit(1736201230.237:186): avc: denied { create } for pid=5996 comm="syz.0.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 75.433912][ T29] audit: type=1400 audit(1736201230.337:187): avc: denied { listen } for pid=5996 comm="syz.0.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 75.453120][ C0] vkms_vblank_simulate: vblank timer overrun [ 75.542152][ T29] audit: type=1400 audit(1736201232.037:188): avc: denied { bind } for pid=5986 comm="syz.4.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 76.543925][ T6019] netlink: 'syz.0.28': attribute type 1 has an invalid length. [ 76.551871][ T6019] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.28'. [ 76.754242][ T29] audit: type=1400 audit(1736201232.037:189): avc: denied { ioctl } for pid=5986 comm="syz.4.23" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=8418 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 76.805784][ T29] audit: type=1400 audit(1736201232.457:190): avc: denied { mount } for pid=6014 comm="syz.0.28" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 76.948402][ T29] audit: type=1400 audit(1736201233.407:191): avc: denied { connect } for pid=6016 comm="syz.4.29" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 77.154334][ T51] cfg80211: failed to load regulatory.db [ 77.183124][ T6032] netlink: 88 bytes leftover after parsing attributes in process `syz.4.32'. [ 77.233716][ T8] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 77.395244][ T8] usb 4-1: config 201 has an invalid interface number: 249 but max is 0 [ 77.413695][ T8] usb 4-1: config 201 descriptor has 1 excess byte, ignoring [ 77.440246][ T8] usb 4-1: config 201 has no interface number 0 [ 77.545518][ T6037] syz_tun: entered allmulticast mode [ 77.556326][ T6037] syz_tun: left allmulticast mode [ 78.228468][ T8] usb 4-1: config 201 interface 249 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 78.242113][ T8] usb 4-1: config 201 interface 249 has no altsetting 0 [ 78.254358][ T8] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 78.263990][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.271993][ T8] usb 4-1: Product: syz [ 78.276578][ T8] usb 4-1: Manufacturer: syz [ 78.281189][ T8] usb 4-1: SerialNumber: syz [ 78.357720][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 78.357759][ T29] audit: type=1400 audit(1736201235.157:202): avc: denied { accept } for pid=6025 comm="syz.0.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.527495][ T8] ath6kl: Failed to submit usb control message: -71 [ 78.603425][ T8] ath6kl: unable to send the bmi data to the device: -71 [ 78.708735][ T8] ath6kl: Unable to send get target info: -71 [ 78.759247][ T8] ath6kl: Failed to init ath6kl core: -71 [ 78.794550][ T8] ath6kl_usb 4-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 78.843388][ T8] usb 4-1: USB disconnect, device number 2 [ 79.298497][ T29] audit: type=1400 audit(1736201236.087:203): avc: denied { read write } for pid=6042 comm="syz.3.36" name="video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 80.114495][ T6043] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 80.162102][ T29] audit: type=1400 audit(1736201236.097:204): avc: denied { open } for pid=6042 comm="syz.3.36" path="/dev/video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 80.333753][ T29] audit: type=1400 audit(1736201236.787:205): avc: denied { connect } for pid=6042 comm="syz.3.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 80.613914][ T29] audit: type=1400 audit(1736201237.347:206): avc: denied { write } for pid=6050 comm="syz.1.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 80.809593][ T29] audit: type=1400 audit(1736201237.347:207): avc: denied { read } for pid=6050 comm="syz.1.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.358008][ T29] audit: type=1400 audit(1736201237.367:208): avc: denied { write } for pid=6050 comm="syz.1.37" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 81.363757][ T5865] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 81.394481][ T29] audit: type=1400 audit(1736201237.847:209): avc: denied { read } for pid=5177 comm="acpid" name="mouse1" dev="devtmpfs" ino=2733 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 81.464819][ T29] audit: type=1400 audit(1736201237.847:210): avc: denied { open } for pid=5177 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2733 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 81.563722][ T29] audit: type=1400 audit(1736201237.857:211): avc: denied { ioctl } for pid=5177 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2733 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 81.797683][ T5865] usb 5-1: Using ep0 maxpacket: 32 [ 81.849780][ T5865] usb 5-1: config 0 has an invalid interface number: 223 but max is 0 [ 81.861648][ T5865] usb 5-1: config 0 has no interface number 0 [ 82.743546][ T6072] QAT: Invalid ioctl 1082156677 [ 82.749076][ T6072] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.815804][ T5865] usb 5-1: config 0 interface 223 has no altsetting 0 [ 82.979531][ T5865] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 82.988945][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.265983][ T6076] netlink: 20 bytes leftover after parsing attributes in process `syz.0.43'. [ 83.731609][ T5865] usb 5-1: Product: syz [ 83.735896][ T5865] usb 5-1: Manufacturer: syz [ 83.740793][ T5865] usb 5-1: SerialNumber: syz [ 83.754173][ T5865] usb 5-1: config 0 descriptor?? [ 83.766495][ T5865] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 83.872644][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 83.872661][ T29] audit: type=1400 audit(1736201240.667:220): avc: denied { write } for pid=6082 comm="syz.0.46" name="vlan0" dev="proc" ino=4026533795 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 83.933209][ T29] audit: type=1400 audit(1736201240.727:221): avc: denied { create } for pid=6082 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 83.953152][ C0] vkms_vblank_simulate: vblank timer overrun [ 84.050942][ T5909] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 84.051126][ T5864] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 84.282389][ T5865] gspca_topro: reg_w err -110 [ 84.292507][ T29] audit: type=1400 audit(1736201240.727:222): avc: denied { bind } for pid=6082 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 84.328031][ T5865] gspca_topro: Sensor soi763a [ 84.467223][ T5865] usb 5-1: USB disconnect, device number 2 [ 84.530021][ T5864] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.542287][ T5864] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.544742][ T5909] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 84.562494][ T5864] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 84.601010][ T5909] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 84.606430][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.636895][ T5909] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 84.651601][ T5864] usb 4-1: config 0 descriptor?? [ 84.661188][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.695107][ T6081] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 84.708841][ T5909] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 84.769026][ T29] audit: type=1400 audit(1736201241.567:223): avc: denied { create } for pid=6097 comm="syz.1.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 84.805374][ T29] audit: type=1400 audit(1736201241.567:224): avc: denied { getopt } for pid=6097 comm="syz.1.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 85.392410][ T29] audit: type=1400 audit(1736201242.187:225): avc: denied { append } for pid=6079 comm="syz.2.45" name="midi3" dev="devtmpfs" ino=2744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 85.532286][ T6103] capability: warning: `syz.1.52' uses 32-bit capabilities (legacy support in use) [ 85.550206][ T5864] magicmouse 0003:05AC:0269.0001: unknown main item tag 0x0 [ 85.593790][ T5864] magicmouse 0003:05AC:0269.0001: unknown main item tag 0x0 [ 85.606051][ T5864] magicmouse 0003:05AC:0269.0001: unknown main item tag 0x0 [ 85.614113][ T5864] magicmouse 0003:05AC:0269.0001: unknown main item tag 0x0 [ 85.621440][ T5864] magicmouse 0003:05AC:0269.0001: unknown main item tag 0x0 [ 85.633158][ T29] audit: type=1400 audit(1736201242.377:226): avc: denied { bind } for pid=6102 comm="syz.1.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 85.652335][ T29] audit: type=1400 audit(1736201242.377:227): avc: denied { name_bind } for pid=6102 comm="syz.1.52" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 85.673910][ T29] audit: type=1400 audit(1736201242.377:228): avc: denied { node_bind } for pid=6102 comm="syz.1.52" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 85.705661][ T5864] magicmouse 0003:05AC:0269.0001: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.3-1/input0 [ 85.764607][ T6103] ucma_write: process 39 (syz.1.52) changed security contexts after opening file descriptor, this is not allowed. [ 85.769647][ T29] audit: type=1400 audit(1736201242.557:229): avc: denied { bind } for pid=6102 comm="syz.1.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 85.884163][ T8] usb 4-1: USB disconnect, device number 3 [ 85.975532][ T6109] netlink: 168 bytes leftover after parsing attributes in process `syz.1.54'. [ 86.003728][ T5909] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 86.063562][ T5865] usb 3-1: USB disconnect, device number 3 [ 86.283758][ T5909] usb 1-1: Using ep0 maxpacket: 32 [ 86.290433][ T5909] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 86.299767][ T5909] usb 1-1: config 0 has no interface number 0 [ 86.317573][ T5909] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 86.334686][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.351312][ T5909] usb 1-1: Product: syz [ 86.360768][ T5909] usb 1-1: Manufacturer: syz [ 86.365755][ T5909] usb 1-1: SerialNumber: syz [ 86.374727][ T5909] usb 1-1: config 0 descriptor?? [ 86.386102][ T5909] smsc95xx v2.0.0 [ 87.480347][ T6128] netlink: 20 bytes leftover after parsing attributes in process `syz.4.56'. [ 88.566027][ T6141] syz_tun: entered allmulticast mode [ 88.578192][ T6141] syz_tun: left allmulticast mode [ 88.930594][ T6134] netlink: 40 bytes leftover after parsing attributes in process `syz.4.62'. [ 90.643706][ T5864] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 90.813851][ T5864] usb 4-1: Using ep0 maxpacket: 32 [ 90.853375][ T5864] usb 4-1: unable to get BOS descriptor or descriptor too short [ 90.896023][ T5864] usb 4-1: config 2 has an invalid interface number: 155 but max is 1 [ 90.964168][ T5864] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 90.974491][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 90.974505][ T29] audit: type=1400 audit(1736201247.747:239): avc: denied { read write } for pid=6154 comm="syz.2.67" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 91.121029][ T5909] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 91.131876][ T5909] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 91.141948][ T5909] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 91.153115][ T5909] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 91.189710][ T5864] usb 4-1: config 2 has 1 interface, different from the descriptor's value: 2 [ 91.199189][ T5864] usb 4-1: config 2 has no interface number 0 [ 91.211707][ T5864] usb 4-1: too many endpoints for config 2 interface 155 altsetting 15: 96, using maximum allowed: 30 [ 91.222782][ T5864] usb 4-1: config 2 interface 155 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 96 [ 91.236086][ T5864] usb 4-1: config 2 interface 155 has no altsetting 0 [ 91.245748][ T5864] usb 4-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 91.255723][ T29] audit: type=1400 audit(1736201247.747:240): avc: denied { open } for pid=6154 comm="syz.2.67" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 91.255762][ T29] audit: type=1400 audit(1736201247.747:241): avc: denied { read write } for pid=6154 comm="syz.2.67" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 91.255790][ T29] audit: type=1400 audit(1736201247.747:242): avc: denied { open } for pid=6154 comm="syz.2.67" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 91.283802][ T5909] usb 1-1: USB disconnect, device number 3 [ 91.916461][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.924943][ T5864] usb 4-1: Product: syz [ 91.929125][ T5864] usb 4-1: Manufacturer: syz [ 92.542513][ T5864] usb 4-1: SerialNumber: syz [ 92.713825][ T5864] usb-storage 4-1:2.155: USB Mass Storage device detected [ 92.736283][ T5864] usb-storage 4-1:2.155: Quirks match for vid 0781 pid 0100: 1 [ 92.750269][ T29] audit: type=1400 audit(1736201249.547:243): avc: denied { lock } for pid=6154 comm="syz.2.67" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 92.976824][ T5864] usb 4-1: USB disconnect, device number 4 [ 93.271301][ T6179] hub 6-0:1.0: USB hub found [ 93.278325][ T6179] hub 6-0:1.0: 1 port detected [ 93.329657][ T6179] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.968662][ T29] audit: type=1326 audit(1736201250.657:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6181 comm="syz.4.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 94.296908][ T29] audit: type=1326 audit(1736201250.757:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6181 comm="syz.4.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 94.353715][ T29] audit: type=1400 audit(1736201250.927:246): avc: denied { sys_module } for pid=6154 comm="syz.2.67" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 94.988651][ T6194] netlink: 40 bytes leftover after parsing attributes in process `syz.1.74'. [ 95.128546][ T29] audit: type=1326 audit(1736201251.917:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6181 comm="syz.4.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 95.318693][ T29] audit: type=1326 audit(1736201251.917:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6181 comm="syz.4.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 95.433721][ T5865] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 95.641174][ T5865] usb 3-1: unable to get BOS descriptor or descriptor too short [ 95.673790][ T5865] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 95.681422][ T5865] usb 3-1: can't read configurations, error -71 [ 96.859949][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 96.859967][ T29] audit: type=1400 audit(1736201252.727:259): avc: denied { bind } for pid=6200 comm="syz.0.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 96.893818][ T29] audit: type=1400 audit(1736201252.727:260): avc: denied { setopt } for pid=6200 comm="syz.0.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 98.060171][ T6227] Invalid ELF header type: 0 != 1 [ 98.078047][ T29] audit: type=1400 audit(1736201254.857:261): avc: denied { module_load } for pid=6226 comm="syz.2.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 98.201002][ T6233] netlink: 28 bytes leftover after parsing attributes in process `syz.4.84'. [ 98.233861][ T51] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 98.409437][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.541099][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.572058][ T51] usb 2-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 98.699604][ T6241] random: crng reseeded on system resumption [ 99.275552][ T29] audit: type=1400 audit(1736201255.497:262): avc: denied { read append } for pid=6232 comm="syz.4.84" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 99.308286][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.318331][ T51] usb 2-1: config 0 descriptor?? [ 99.329424][ T29] audit: type=1400 audit(1736201255.497:263): avc: denied { ioctl open } for pid=6232 comm="syz.4.84" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 99.543507][ T6244] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 99.551306][ T6244] audit: out of memory in audit_log_start [ 99.555676][ T29] audit: type=1400 audit(1736201256.357:264): avc: denied { mount } for pid=6224 comm="syz.1.82" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 99.817260][ T51] magicmouse 0003:05AC:0269.0002: unknown main item tag 0x0 [ 99.834933][ T51] magicmouse 0003:05AC:0269.0002: unknown main item tag 0x0 [ 99.868896][ T51] magicmouse 0003:05AC:0269.0002: unknown main item tag 0x0 [ 99.884250][ T6250] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 99.891886][ T51] magicmouse 0003:05AC:0269.0002: unknown main item tag 0x0 [ 99.939772][ T51] magicmouse 0003:05AC:0269.0002: unknown main item tag 0x0 [ 99.982411][ T51] magicmouse 0003:05AC:0269.0002: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.1-1/input0 [ 99.997218][ T29] audit: type=1400 audit(1736201256.777:265): avc: denied { setopt } for pid=6249 comm="syz.3.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 100.115730][ T51] usb 2-1: USB disconnect, device number 3 [ 100.133478][ T5828] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 100.144674][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: kworker/u9:5 Not tainted 6.13.0-rc6-syzkaller-00006-g5428dc1906dd #0 [ 100.155533][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 100.165574][ T5828] Workqueue: hci4 hci_rx_work [ 100.170259][ T5828] Call Trace: [ 100.173527][ T5828] [ 100.176444][ T5828] dump_stack_lvl+0x16c/0x1f0 [ 100.181111][ T5828] sysfs_warn_dup+0x7f/0xa0 [ 100.185603][ T5828] sysfs_create_dir_ns+0x24d/0x2b0 [ 100.190721][ T5828] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 100.196363][ T5828] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 100.201738][ T5828] ? kobject_add_internal+0x12d/0x990 [ 100.207119][ T5828] ? do_raw_spin_unlock+0x172/0x230 [ 100.212326][ T5828] kobject_add_internal+0x2c8/0x990 [ 100.217525][ T5828] kobject_add+0x16f/0x240 [ 100.221931][ T5828] ? __pfx_kobject_add+0x10/0x10 [ 100.226960][ T5828] ? class_to_subsys+0x3e/0x160 [ 100.231809][ T5828] ? do_raw_spin_unlock+0x172/0x230 [ 100.237019][ T5828] ? kobject_put+0xab/0x5a0 [ 100.241520][ T5828] device_add+0x289/0x1a70 [ 100.246105][ T5828] ? __pfx_dev_set_name+0x10/0x10 [ 100.251116][ T5828] ? __pfx_device_add+0x10/0x10 [ 100.255998][ T5828] ? mgmt_send_event_skb+0x2f2/0x460 [ 100.261274][ T5828] hci_conn_add_sysfs+0x17e/0x230 [ 100.266305][ T5828] le_conn_complete_evt+0x107f/0x1da0 [ 100.271670][ T5828] ? __pfx_lock_release+0x10/0x10 [ 100.276687][ T5828] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 100.282388][ T5828] ? trace_contention_end+0xee/0x140 [ 100.287660][ T5828] ? __mutex_lock+0x1cc/0xa60 [ 100.292330][ T5828] hci_le_conn_complete_evt+0x23c/0x370 [ 100.297868][ T5828] hci_le_meta_evt+0x2e2/0x5d0 [ 100.302632][ T5828] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 100.308690][ T5828] hci_event_packet+0x666/0x1180 [ 100.313656][ T5828] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 100.318957][ T5828] ? __pfx_hci_event_packet+0x10/0x10 [ 100.324328][ T5828] ? mark_held_locks+0x9f/0xe0 [ 100.329084][ T5828] ? kcov_remote_start+0x3cf/0x6e0 [ 100.334178][ T5828] ? lockdep_hardirqs_on+0x7c/0x110 [ 100.339366][ T5828] hci_rx_work+0x2c5/0x16b0 [ 100.343857][ T5828] ? process_one_work+0x921/0x1ba0 [ 100.348950][ T5828] process_one_work+0x9c5/0x1ba0 [ 100.353880][ T5828] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 100.359511][ T5828] ? __pfx_process_one_work+0x10/0x10 [ 100.364885][ T5828] ? rcu_is_watching+0x12/0xc0 [ 100.369648][ T5828] ? assign_work+0x1a0/0x250 [ 100.374250][ T5828] worker_thread+0x6c8/0xf00 [ 100.378842][ T5828] ? __kthread_parkme+0x148/0x220 [ 100.383851][ T5828] ? __pfx_worker_thread+0x10/0x10 [ 100.388975][ T5828] kthread+0x2c1/0x3a0 [ 100.393035][ T5828] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.398227][ T5828] ? __pfx_kthread+0x10/0x10 [ 100.402831][ T5828] ret_from_fork+0x45/0x80 [ 100.407245][ T5828] ? __pfx_kthread+0x10/0x10 [ 100.411841][ T5828] ret_from_fork_asm+0x1a/0x30 [ 100.416604][ T5828] [ 100.430719][ T5828] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 100.474382][ T5828] Bluetooth: hci4: failed to register connection device [ 100.517881][ T6252] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 100.628753][ T29] audit: type=1400 audit(1736201257.427:266): avc: denied { create } for pid=6258 comm="syz.0.91" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 100.691192][ T6257] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 100.698769][ T6257] IPv6: NLM_F_CREATE should be set when creating new route [ 102.174390][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 102.174406][ T29] audit: type=1400 audit(1736201258.977:269): avc: denied { bind } for pid=6263 comm="syz.3.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 102.245896][ T29] audit: type=1400 audit(1736201259.047:270): avc: denied { connect } for pid=6263 comm="syz.3.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 102.269813][ T29] audit: type=1400 audit(1736201259.047:271): avc: denied { read write } for pid=6263 comm="syz.3.92" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 102.469940][ T6286] netlink: 'syz.1.96': attribute type 8 has an invalid length. [ 102.477699][ T6286] netlink: 244 bytes leftover after parsing attributes in process `syz.1.96'. [ 102.524215][ T5828] Bluetooth: hci4: command tx timeout [ 102.720044][ T29] audit: type=1400 audit(1736201259.047:272): avc: denied { open } for pid=6263 comm="syz.3.92" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 102.811155][ T29] audit: type=1400 audit(1736201259.047:273): avc: denied { ioctl } for pid=6263 comm="syz.3.92" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 102.992704][ T29] audit: type=1400 audit(1736201259.067:274): avc: denied { listen } for pid=6280 comm="syz.0.97" lport=37130 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 103.034113][ T29] audit: type=1400 audit(1736201259.447:275): avc: denied { accept } for pid=6280 comm="syz.0.97" lport=37130 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 103.056797][ C1] vkms_vblank_simulate: vblank timer overrun [ 103.099202][ T29] audit: type=1400 audit(1736201259.667:276): avc: denied { remount } for pid=6280 comm="syz.0.97" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 103.350675][ T6299] mmap: syz.0.100 (6299) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 103.938576][ T29] audit: type=1400 audit(1736201260.717:277): avc: denied { audit_control } for pid=6300 comm="syz.0.101" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 105.724053][ T6314] syz_tun: entered allmulticast mode [ 105.731956][ T6314] syz_tun: left allmulticast mode [ 106.768634][ T6320] netlink: 12 bytes leftover after parsing attributes in process `syz.4.107'. [ 106.853202][ T29] audit: type=1400 audit(1736201263.647:278): avc: denied { read write } for pid=6322 comm="syz.4.108" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 107.010330][ T5909] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 107.018048][ T5865] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 108.055454][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.086698][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.131247][ T5909] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 108.141067][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.274410][ T5909] usb 1-1: config 0 descriptor?? [ 108.521452][ T5865] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 108.544121][ T5865] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 108.690186][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 108.690671][ T29] audit: type=1400 audit(1736201265.457:280): avc: denied { write } for pid=6355 comm="syz.3.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 108.726684][ T5865] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 108.750481][ T29] audit: type=1400 audit(1736201265.457:281): avc: denied { nlmsg_read } for pid=6355 comm="syz.3.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 108.783950][ T5865] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 108.793052][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=231, SerialNumber=2 [ 108.808432][ T5909] magicmouse 0003:05AC:0269.0003: unknown main item tag 0x0 [ 108.818766][ T5909] magicmouse 0003:05AC:0269.0003: unknown main item tag 0x0 [ 108.833768][ T5865] usb 3-1: Product: syz [ 108.838016][ T5865] usb 3-1: Manufacturer: syz [ 108.842775][ T5909] magicmouse 0003:05AC:0269.0003: unknown main item tag 0x0 [ 108.853874][ T5865] usb 3-1: SerialNumber: syz [ 108.880587][ T5909] magicmouse 0003:05AC:0269.0003: unknown main item tag 0x0 [ 108.911593][ T5909] magicmouse 0003:05AC:0269.0003: unknown main item tag 0x0 [ 109.083248][ T5909] magicmouse 0003:05AC:0269.0003: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.0-1/input0 [ 109.102772][ T29] audit: type=1400 audit(1736201265.907:282): avc: denied { create } for pid=6315 comm="syz.2.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 109.193023][ T6390] netlink: 20 bytes leftover after parsing attributes in process `syz.4.111'. [ 109.787671][ T5909] usb 1-1: USB disconnect, device number 4 [ 110.055434][ T6394] FAULT_INJECTION: forcing a failure. [ 110.055434][ T6394] name failslab, interval 1, probability 0, space 0, times 0 [ 110.090770][ T6394] CPU: 1 UID: 0 PID: 6394 Comm: syz.4.113 Not tainted 6.13.0-rc6-syzkaller-00006-g5428dc1906dd #0 [ 110.101397][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 110.111470][ T6394] Call Trace: [ 110.114775][ T6394] [ 110.117718][ T6394] dump_stack_lvl+0x16c/0x1f0 [ 110.122420][ T6394] should_fail_ex+0x497/0x5b0 [ 110.127129][ T6394] ? fs_reclaim_acquire+0xae/0x150 [ 110.132260][ T6394] should_failslab+0xc2/0x120 [ 110.136966][ T6394] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 110.142355][ T6394] ? skb_clone+0x190/0x3f0 [ 110.146789][ T6394] skb_clone+0x190/0x3f0 [ 110.151045][ T6394] nfnetlink_rcv_batch+0x1d9/0x24e0 [ 110.156278][ T6394] ? __pfx___lock_acquire+0x10/0x10 [ 110.161496][ T6394] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 110.167149][ T6394] ? find_held_lock+0x2d/0x110 [ 110.171962][ T6394] ? avc_has_perm_noaudit+0x119/0x3a0 [ 110.177365][ T6394] ? avc_has_perm_noaudit+0x143/0x3a0 [ 110.182754][ T6394] ? __asan_memset+0x23/0x50 [ 110.187353][ T6394] ? __nla_validate_parse+0x601/0x2880 [ 110.192830][ T6394] ? __pfx___nla_validate_parse+0x10/0x10 [ 110.198569][ T6394] ? find_held_lock+0x2d/0x110 [ 110.203354][ T6394] ? cap_capable+0x1cf/0x240 [ 110.207958][ T6394] ? __nla_parse+0x40/0x60 [ 110.212391][ T6394] nfnetlink_rcv+0x3c3/0x430 [ 110.216997][ T6394] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 110.222143][ T6394] netlink_unicast+0x53c/0x7f0 [ 110.226933][ T6394] ? __pfx_netlink_unicast+0x10/0x10 [ 110.232239][ T6394] netlink_sendmsg+0x8b8/0xd70 [ 110.237029][ T6394] ? __pfx_netlink_sendmsg+0x10/0x10 [ 110.242338][ T6394] ____sys_sendmsg+0xaaf/0xc90 [ 110.247123][ T6394] ? copy_msghdr_from_user+0x10b/0x160 [ 110.252590][ T6394] ? __pfx_____sys_sendmsg+0x10/0x10 [ 110.257897][ T6394] ___sys_sendmsg+0x135/0x1e0 [ 110.262584][ T6394] ? __pfx____sys_sendmsg+0x10/0x10 [ 110.267799][ T6394] ? __pfx_lock_release+0x10/0x10 [ 110.272832][ T6394] ? trace_lock_acquire+0x14e/0x1f0 [ 110.278059][ T6394] ? __fget_files+0x206/0x3a0 [ 110.282753][ T6394] __sys_sendmsg+0x16e/0x220 [ 110.287353][ T6394] ? __pfx___sys_sendmsg+0x10/0x10 [ 110.292490][ T6394] do_syscall_64+0xcd/0x250 [ 110.297017][ T6394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.302924][ T6394] RIP: 0033:0x7f1148385d29 [ 110.307353][ T6394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.326972][ T6394] RSP: 002b:00007f11490f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.335408][ T6394] RAX: ffffffffffffffda RBX: 00007f1148575fa0 RCX: 00007f1148385d29 [ 110.343403][ T6394] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 110.351390][ T6394] RBP: 00007f11490f3090 R08: 0000000000000000 R09: 0000000000000000 [ 110.359382][ T6394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.367376][ T6394] R13: 0000000000000000 R14: 00007f1148575fa0 R15: 00007fff58318618 [ 110.375373][ T6394] [ 110.378476][ C1] vkms_vblank_simulate: vblank timer overrun [ 110.842099][ T6405] netlink: 'syz.1.115': attribute type 8 has an invalid length. [ 110.850078][ T6405] netlink: 244 bytes leftover after parsing attributes in process `syz.1.115'. [ 111.578942][ T5865] usb 3-1: 0:2 : does not exist [ 111.933717][ T865] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 112.195035][ T5865] usb 3-1: USB disconnect, device number 6 [ 112.904377][ T6415] syz_tun: entered allmulticast mode [ 112.910179][ T6415] syz_tun: left allmulticast mode [ 113.658447][ T865] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 113.686679][ T865] usb 1-1: can't read configurations, error -71 [ 114.904758][ T29] audit: type=1400 audit(1736201271.037:283): avc: denied { wake_alarm } for pid=6424 comm="syz.4.121" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 114.909387][ T5959] udevd[5959]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 115.562435][ T865] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 116.310523][ T865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.321537][ T865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.332571][ T865] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 116.344985][ T865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.355070][ T865] usb 1-1: config 0 descriptor?? [ 116.378510][ T29] audit: type=1400 audit(1736201273.137:284): avc: denied { rename } for pid=5174 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 116.452029][ T29] audit: type=1400 audit(1736201273.137:285): avc: denied { unlink } for pid=5174 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 116.608114][ T29] audit: type=1400 audit(1736201273.147:286): avc: denied { create } for pid=5174 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 117.075504][ T29] audit: type=1400 audit(1736201273.877:287): avc: denied { read } for pid=6459 comm="syz.2.129" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 117.123857][ T29] audit: type=1400 audit(1736201273.877:288): avc: denied { open } for pid=6459 comm="syz.2.129" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 117.147734][ T29] audit: type=1400 audit(1736201273.877:289): avc: denied { ioctl } for pid=6459 comm="syz.2.129" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 117.173428][ T29] audit: type=1400 audit(1736201273.897:290): avc: denied { sqpoll } for pid=6459 comm="syz.2.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 117.233094][ T865] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0 [ 117.240814][ T865] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0 [ 117.249314][ T865] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0 [ 117.256879][ T865] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0 [ 117.264410][ T865] magicmouse 0003:05AC:0269.0004: unknown main item tag 0x0 [ 117.320630][ T865] magicmouse 0003:05AC:0269.0004: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.0-1/input0 [ 117.622065][ T25] usb 1-1: USB disconnect, device number 6 [ 117.919502][ T29] audit: type=1400 audit(1736201274.717:291): avc: denied { bind } for pid=6464 comm="syz.2.130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 118.326851][ T6470] syz_tun: entered allmulticast mode [ 118.338223][ T6470] syz_tun: left allmulticast mode [ 119.402595][ T6476] syz_tun: entered allmulticast mode [ 119.411566][ T6476] syz_tun: left allmulticast mode [ 120.898569][ T6488] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.888444][ T6504] syz.3.140 (6504): drop_caches: 0 [ 122.525197][ T5865] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 122.697205][ T5865] usb 2-1: Using ep0 maxpacket: 32 [ 122.705074][ T5865] usb 2-1: config 0 has an invalid interface number: 223 but max is 0 [ 122.713265][ T5865] usb 2-1: config 0 has no interface number 0 [ 122.730894][ T5865] usb 2-1: config 0 interface 223 has no altsetting 0 [ 122.755411][ T5865] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 122.770475][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.794577][ T5865] usb 2-1: Product: syz [ 122.811046][ T5865] usb 2-1: Manufacturer: syz [ 122.833043][ T5865] usb 2-1: SerialNumber: syz [ 122.911508][ T5865] usb 2-1: config 0 descriptor?? [ 122.926612][ T5865] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 123.203893][ T29] audit: type=1400 audit(1736201279.967:292): avc: denied { write } for pid=6503 comm="syz.1.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 123.516335][ T5865] gspca_topro: reg_w err -110 [ 123.543709][ T5865] gspca_topro: Sensor soi763a [ 124.388566][ T25] usb 2-1: USB disconnect, device number 4 [ 124.544135][ T6534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.146'. [ 125.546635][ T29] audit: type=1326 audit(1736201282.297:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 125.638172][ T6544] veth1_macvtap: left promiscuous mode [ 125.643782][ T6544] macsec0: entered promiscuous mode [ 125.663310][ T29] audit: type=1326 audit(1736201282.297:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 125.726042][ T29] audit: type=1326 audit(1736201282.307:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 125.793796][ T29] audit: type=1326 audit(1736201282.307:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 125.872030][ T29] audit: type=1326 audit(1736201282.307:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 126.001541][ T29] audit: type=1326 audit(1736201282.307:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 126.033700][ T29] audit: type=1326 audit(1736201282.307:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 126.184900][ T6554] netlink: 20 bytes leftover after parsing attributes in process `syz.3.151'. [ 126.575728][ T29] audit: type=1326 audit(1736201282.307:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 126.599975][ C0] vkms_vblank_simulate: vblank timer overrun [ 126.733810][ T29] audit: type=1326 audit(1736201282.307:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6524 comm="syz.4.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1148385d29 code=0x7ffc0000 [ 127.131283][ T6557] netlink: 20 bytes leftover after parsing attributes in process `syz.1.149'. [ 127.282292][ T6563] netlink: 20 bytes leftover after parsing attributes in process `syz.0.153'. [ 127.352004][ T6565] netlink: 12 bytes leftover after parsing attributes in process `syz.4.156'. [ 127.668381][ T6571] netlink: 40 bytes leftover after parsing attributes in process `syz.4.158'. [ 127.963214][ T5909] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 128.825999][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 128.826019][ T29] audit: type=1400 audit(1736201285.007:328): avc: denied { create } for pid=6573 comm="syz.4.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 128.857827][ T5909] usb 3-1: Using ep0 maxpacket: 32 [ 128.872830][ T29] audit: type=1400 audit(1736201285.007:329): avc: denied { setopt } for pid=6573 comm="syz.4.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 128.872925][ T5909] usb 3-1: config 0 has an invalid interface number: 223 but max is 0 [ 128.970348][ T5909] usb 3-1: config 0 has no interface number 0 [ 128.989114][ T5909] usb 3-1: config 0 interface 223 has no altsetting 0 [ 129.006098][ T5909] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 129.040396][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.586746][ T5909] usb 3-1: Product: syz [ 129.590964][ T5909] usb 3-1: Manufacturer: syz [ 129.595663][ T5909] usb 3-1: SerialNumber: syz [ 129.602136][ T5909] usb 3-1: config 0 descriptor?? [ 129.612260][ T5909] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 130.685132][ T5909] gspca_topro: reg_w err -110 [ 130.879926][ T5909] gspca_topro: Sensor soi763a [ 130.893423][ T5909] usb 3-1: USB disconnect, device number 7 [ 132.543986][ T6617] netlink: 32 bytes leftover after parsing attributes in process `syz.0.169'. [ 132.952218][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.958570][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.365902][ T6629] netlink: 'syz.0.172': attribute type 8 has an invalid length. [ 133.373715][ T6629] netlink: 244 bytes leftover after parsing attributes in process `syz.0.172'. [ 135.635812][ T6637] netlink: 'syz.0.177': attribute type 8 has an invalid length. [ 135.643473][ T6637] netlink: 244 bytes leftover after parsing attributes in process `syz.0.177'. [ 136.783134][ T6652] hub 6-0:1.0: USB hub found [ 136.790111][ T6652] hub 6-0:1.0: 1 port detected [ 136.946576][ T6656] netlink: 32 bytes leftover after parsing attributes in process `syz.3.182'. [ 137.225347][ T865] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 138.288698][ T865] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 138.328941][ T865] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 138.628716][ T865] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 138.667613][ T865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.812521][ T6671] hub 6-0:1.0: USB hub found [ 138.823869][ T6671] hub 6-0:1.0: 1 port detected [ 139.267846][ T29] audit: type=1400 audit(1736201296.047:330): avc: denied { setopt } for pid=6672 comm="syz.3.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 139.319250][ T29] audit: type=1400 audit(1736201296.067:331): avc: denied { bind } for pid=6672 comm="syz.3.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 139.344200][ T29] audit: type=1400 audit(1736201296.097:332): avc: denied { listen } for pid=6672 comm="syz.3.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 139.364202][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.406652][ T5828] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 139.463933][ T29] audit: type=1400 audit(1736201296.097:333): avc: denied { accept } for pid=6672 comm="syz.3.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 140.720070][ T865] usb 2-1: can't set config #27, error -71 [ 140.754618][ T865] usb 2-1: USB disconnect, device number 5 [ 141.925372][ T6700] netlink: 32 bytes leftover after parsing attributes in process `syz.2.193'. [ 141.983740][ T5909] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 142.308502][ T6704] hub 6-0:1.0: USB hub found [ 142.315026][ T6704] hub 6-0:1.0: 1 port detected [ 142.887070][ T5909] usb 4-1: Using ep0 maxpacket: 32 [ 142.898886][ T5909] usb 4-1: config 0 has an invalid interface number: 223 but max is 0 [ 143.144668][ T5909] usb 4-1: config 0 has no interface number 0 [ 143.150820][ T5909] usb 4-1: config 0 interface 223 has no altsetting 0 [ 143.169533][ T5909] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 143.178903][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.190130][ T5909] usb 4-1: Product: syz [ 143.194510][ T5909] usb 4-1: Manufacturer: syz [ 143.199165][ T5909] usb 4-1: SerialNumber: syz [ 143.213674][ T5909] usb 4-1: config 0 descriptor?? [ 143.221744][ T5909] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 143.398722][ T6714] No control pipe specified [ 143.734038][ T5909] gspca_topro: reg_w err -110 [ 143.764215][ T5909] gspca_topro: Sensor soi763a [ 144.291179][ T9] usb 4-1: USB disconnect, device number 5 [ 145.169242][ T5824] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 145.179057][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: kworker/u9:4 Not tainted 6.13.0-rc6-syzkaller-00006-g5428dc1906dd #0 [ 145.189932][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 145.200012][ T5824] Workqueue: hci3 hci_rx_work [ 145.204736][ T5824] Call Trace: [ 145.208035][ T5824] [ 145.210972][ T5824] dump_stack_lvl+0x16c/0x1f0 [ 145.215682][ T5824] sysfs_warn_dup+0x7f/0xa0 [ 145.220210][ T5824] sysfs_create_dir_ns+0x24d/0x2b0 [ 145.225347][ T5824] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 145.231036][ T5824] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 145.236435][ T5824] ? kobject_add_internal+0x12d/0x990 [ 145.241834][ T5824] ? do_raw_spin_unlock+0x172/0x230 [ 145.247060][ T5824] kobject_add_internal+0x2c8/0x990 [ 145.252288][ T5824] kobject_add+0x16f/0x240 [ 145.256728][ T5824] ? __pfx_kobject_add+0x10/0x10 [ 145.261710][ T5824] ? class_to_subsys+0x3e/0x160 [ 145.266592][ T5824] ? do_raw_spin_unlock+0x172/0x230 [ 145.271805][ T5824] ? kobject_put+0xab/0x5a0 [ 145.276334][ T5824] device_add+0x289/0x1a70 [ 145.280773][ T5824] ? __pfx_dev_set_name+0x10/0x10 [ 145.285816][ T5824] ? __pfx_device_add+0x10/0x10 [ 145.290688][ T5824] ? mgmt_send_event_skb+0x2f2/0x460 [ 145.295999][ T5824] hci_conn_add_sysfs+0x17e/0x230 [ 145.301048][ T5824] le_conn_complete_evt+0x107f/0x1da0 [ 145.306446][ T5824] ? __pfx_lock_release+0x10/0x10 [ 145.311490][ T5824] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 145.317227][ T5824] ? trace_contention_end+0xee/0x140 [ 145.322535][ T5824] ? __mutex_lock+0x1cc/0xa60 [ 145.327248][ T5824] hci_le_conn_complete_evt+0x23c/0x370 [ 145.332826][ T5824] hci_le_meta_evt+0x2e2/0x5d0 [ 145.337611][ T5824] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 145.343684][ T5824] hci_event_packet+0x666/0x1180 [ 145.348613][ T5824] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 145.353886][ T5824] ? __pfx_hci_event_packet+0x10/0x10 [ 145.359244][ T5824] ? mark_held_locks+0x9f/0xe0 [ 145.363992][ T5824] ? kcov_remote_start+0x3cf/0x6e0 [ 145.369087][ T5824] ? lockdep_hardirqs_on+0x7c/0x110 [ 145.374273][ T5824] hci_rx_work+0x2c5/0x16b0 [ 145.378763][ T5824] ? process_one_work+0x921/0x1ba0 [ 145.383861][ T5824] process_one_work+0x9c5/0x1ba0 [ 145.388789][ T5824] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 145.394407][ T5824] ? __pfx_process_one_work+0x10/0x10 [ 145.399759][ T5824] ? rcu_is_watching+0x12/0xc0 [ 145.404510][ T5824] ? assign_work+0x1a0/0x250 [ 145.409096][ T5824] worker_thread+0x6c8/0xf00 [ 145.413684][ T5824] ? __kthread_parkme+0x148/0x220 [ 145.418696][ T5824] ? __pfx_worker_thread+0x10/0x10 [ 145.423795][ T5824] kthread+0x2c1/0x3a0 [ 145.427846][ T5824] ? _raw_spin_unlock_irq+0x23/0x50 [ 145.433045][ T5824] ? __pfx_kthread+0x10/0x10 [ 145.437625][ T5824] ret_from_fork+0x45/0x80 [ 145.442021][ T5824] ? __pfx_kthread+0x10/0x10 [ 145.446598][ T5824] ret_from_fork_asm+0x1a/0x30 [ 145.451367][ T5824] [ 145.454432][ C0] vkms_vblank_simulate: vblank timer overrun [ 145.513735][ T5824] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 145.528885][ T5824] Bluetooth: hci3: failed to register connection device [ 146.396658][ T5824] ================================================================== [ 146.404765][ T5824] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x22a/0x240 [ 146.413643][ T5824] Read of size 8 at addr ffff888079f21580 by task kworker/u9:4/5824 [ 146.421638][ T5824] [ 146.423697][ T29] audit: type=1400 audit(1736201302.287:334): avc: denied { execheap } for pid=6724 comm="syz.2.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 146.423955][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: kworker/u9:4 Not tainted 6.13.0-rc6-syzkaller-00006-g5428dc1906dd #0 [ 146.453882][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 146.463957][ T5824] Workqueue: hci3 hci_rx_work [ 146.468662][ T5824] Call Trace: [ 146.471938][ T5824] [ 146.475140][ T5824] dump_stack_lvl+0x116/0x1f0 [ 146.479842][ T5824] print_report+0xc3/0x620 [ 146.484279][ T5824] ? __virt_addr_valid+0x5e/0x590 [ 146.489318][ T5824] ? __phys_addr+0xc6/0x150 [ 146.493838][ T5824] kasan_report+0xd9/0x110 [ 146.498268][ T5824] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 146.504353][ T5824] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 146.510432][ T5824] l2cap_sock_new_connection_cb+0x22a/0x240 [ 146.516399][ T5824] l2cap_connect_cfm+0x85f/0xf10 [ 146.521321][ T5824] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 146.526757][ T5824] ? hci_cb_lookup+0x319/0x4e0 [ 146.531502][ T5824] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 146.537130][ T5824] le_conn_complete_evt+0x168d/0x1da0 [ 146.542504][ T5824] ? __pfx_lock_release+0x10/0x10 [ 146.547518][ T5824] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 146.553235][ T5824] ? trace_contention_end+0xee/0x140 [ 146.558520][ T5824] hci_le_conn_complete_evt+0x23c/0x370 [ 146.564066][ T5824] hci_le_meta_evt+0x2e2/0x5d0 [ 146.568828][ T5824] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 146.574890][ T5824] hci_event_packet+0x666/0x1180 [ 146.579821][ T5824] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 146.585105][ T5824] ? __pfx_hci_event_packet+0x10/0x10 [ 146.590470][ T5824] ? mark_held_locks+0x9f/0xe0 [ 146.595231][ T5824] ? kcov_remote_start+0x3cf/0x6e0 [ 146.600337][ T5824] ? lockdep_hardirqs_on+0x7c/0x110 [ 146.605551][ T5824] hci_rx_work+0x2c5/0x16b0 [ 146.610070][ T5824] ? process_one_work+0x921/0x1ba0 [ 146.615186][ T5824] process_one_work+0x9c5/0x1ba0 [ 146.620126][ T5824] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 146.625751][ T5824] ? __pfx_process_one_work+0x10/0x10 [ 146.631120][ T5824] ? rcu_is_watching+0x12/0xc0 [ 146.635893][ T5824] ? assign_work+0x1a0/0x250 [ 146.640483][ T5824] worker_thread+0x6c8/0xf00 [ 146.645074][ T5824] ? __kthread_parkme+0x148/0x220 [ 146.650104][ T5824] ? __pfx_worker_thread+0x10/0x10 [ 146.655206][ T5824] kthread+0x2c1/0x3a0 [ 146.659266][ T5824] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.664455][ T5824] ? __pfx_kthread+0x10/0x10 [ 146.669039][ T5824] ret_from_fork+0x45/0x80 [ 146.673445][ T5824] ? __pfx_kthread+0x10/0x10 [ 146.678027][ T5824] ret_from_fork_asm+0x1a/0x30 [ 146.682791][ T5824] [ 146.685795][ T5824] [ 146.688106][ T5824] Allocated by task 5824: [ 146.692413][ T5824] kasan_save_stack+0x33/0x60 [ 146.697083][ T5824] kasan_save_track+0x14/0x30 [ 146.701749][ T5824] __kasan_kmalloc+0xaa/0xb0 [ 146.706326][ T5824] __kmalloc_noprof+0x21c/0x510 [ 146.711166][ T5824] sk_prot_alloc+0x1a8/0x2a0 [ 146.715745][ T5824] sk_alloc+0x36/0xb90 [ 146.719807][ T5824] bt_sock_alloc+0x3b/0x3a0 [ 146.724301][ T5824] l2cap_sock_alloc.constprop.0+0x33/0x1c0 [ 146.730103][ T5824] l2cap_sock_new_connection_cb+0x101/0x240 [ 146.735993][ T5824] l2cap_connect_cfm+0x85f/0xf10 [ 146.740923][ T5824] le_conn_complete_evt+0x168d/0x1da0 [ 146.746293][ T5824] hci_le_conn_complete_evt+0x23c/0x370 [ 146.751837][ T5824] hci_le_meta_evt+0x2e2/0x5d0 [ 146.756596][ T5824] hci_event_packet+0x666/0x1180 [ 146.761528][ T5824] hci_rx_work+0x2c5/0x16b0 [ 146.766024][ T5824] process_one_work+0x9c5/0x1ba0 [ 146.770951][ T5824] worker_thread+0x6c8/0xf00 [ 146.775528][ T5824] kthread+0x2c1/0x3a0 [ 146.779593][ T5824] ret_from_fork+0x45/0x80 [ 146.784005][ T5824] ret_from_fork_asm+0x1a/0x30 [ 146.788764][ T5824] [ 146.791070][ T5824] Freed by task 6732: [ 146.795030][ T5824] kasan_save_stack+0x33/0x60 [ 146.799697][ T5824] kasan_save_track+0x14/0x30 [ 146.804369][ T5824] kasan_save_free_info+0x3b/0x60 [ 146.809388][ T5824] __kasan_slab_free+0x51/0x70 [ 146.814144][ T5824] kfree+0x14f/0x4b0 [ 146.818026][ T5824] __sk_destruct+0x5eb/0x720 [ 146.822784][ T5824] sk_destruct+0xc2/0xf0 [ 146.827020][ T5824] __sk_free+0xf4/0x3e0 [ 146.831170][ T5824] sk_free+0x6a/0x90 [ 146.835080][ T5824] l2cap_sock_kill+0x171/0x2d0 [ 146.839857][ T5824] l2cap_sock_cleanup_listen+0x3d/0x2a0 [ 146.845408][ T5824] l2cap_sock_release+0x5c/0x210 [ 146.850347][ T5824] __sock_release+0xb0/0x270 [ 146.854933][ T5824] sock_close+0x1c/0x30 [ 146.859081][ T5824] __fput+0x3f8/0xb60 [ 146.863064][ T5824] task_work_run+0x14e/0x250 [ 146.867656][ T5824] get_signal+0x1d3/0x26c0 [ 146.872064][ T5824] arch_do_signal_or_restart+0x90/0x7e0 [ 146.877603][ T5824] syscall_exit_to_user_mode+0x150/0x2a0 [ 146.883227][ T5824] do_syscall_64+0xda/0x250 [ 146.887722][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.893610][ T5824] [ 146.895919][ T5824] The buggy address belongs to the object at ffff888079f21000 [ 146.895919][ T5824] which belongs to the cache kmalloc-2k of size 2048 [ 146.909956][ T5824] The buggy address is located 1408 bytes inside of [ 146.909956][ T5824] freed 2048-byte region [ffff888079f21000, ffff888079f21800) [ 146.923933][ T5824] [ 146.926251][ T5824] The buggy address belongs to the physical page: [ 146.932650][ T5824] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79f20 [ 146.941395][ T5824] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 146.949880][ T5824] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 146.960735][ T5824] page_type: f5(slab) [ 146.964706][ T5824] raw: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001 [ 146.973365][ T5824] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 146.981936][ T5824] head: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001 [ 146.990593][ T5824] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 146.999251][ T5824] head: 00fff00000000003 ffffea0001e7c801 ffffffffffffffff 0000000000000000 [ 147.007911][ T5824] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 147.016561][ T5824] page dumped because: kasan: bad access detected [ 147.022980][ T5824] page_owner tracks the page as allocated [ 147.028700][ T5824] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5814, tgid 5814 (syz-executor), ts 60982069954, free_ts 60965292467 [ 147.049889][ T5824] post_alloc_hook+0x2d1/0x350 [ 147.054682][ T5824] get_page_from_freelist+0xfce/0x2f80 [ 147.060138][ T5824] __alloc_pages_noprof+0x223/0x25b0 [ 147.065420][ T5824] alloc_pages_mpol_noprof+0x2c9/0x610 [ 147.070870][ T5824] new_slab+0x2c9/0x410 [ 147.075013][ T5824] ___slab_alloc+0xd7d/0x17a0 [ 147.079678][ T5824] __slab_alloc.constprop.0+0x56/0xb0 [ 147.085040][ T5824] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 147.091447][ T5824] kmalloc_reserve+0xef/0x2c0 [ 147.096117][ T5824] pskb_expand_head+0x243/0x1240 [ 147.101045][ T5824] netlink_trim+0x1ef/0x250 [ 147.105538][ T5824] netlink_broadcast_filtered+0xc7/0xef0 [ 147.111162][ T5824] nlmsg_notify+0x9e/0x220 [ 147.115574][ T5824] rtnetlink_event+0x177/0x1f0 [ 147.120329][ T5824] notifier_call_chain+0xb7/0x410 [ 147.125349][ T5824] call_netdevice_notifiers_info+0xbe/0x140 [ 147.131236][ T5824] page last free pid 5881 tgid 5881 stack trace: [ 147.137570][ T5824] free_unref_page+0x661/0x1080 [ 147.142413][ T5824] qlist_free_all+0x4e/0x120 [ 147.146993][ T5824] kasan_quarantine_reduce+0x195/0x1e0 [ 147.152442][ T5824] __kasan_slab_alloc+0x69/0x90 [ 147.157285][ T5824] kmem_cache_alloc_noprof+0x226/0x3d0 [ 147.162740][ T5824] getname_flags.part.0+0x4c/0x550 [ 147.167851][ T5824] getname+0x8d/0xe0 [ 147.171734][ T5824] vfs_fstatat+0xdf/0xf0 [ 147.175968][ T5824] __do_sys_newfstatat+0xa2/0x130 [ 147.180983][ T5824] do_syscall_64+0xcd/0x250 [ 147.185481][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.191368][ T5824] [ 147.193675][ T5824] Memory state around the buggy address: [ 147.199295][ T5824] ffff888079f21480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.207342][ T5824] ffff888079f21500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.215385][ T5824] >ffff888079f21580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.223428][ T5824] ^ [ 147.227481][ T5824] ffff888079f21600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.235527][ T5824] ffff888079f21680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.243568][ T5824] ================================================================== [ 147.251662][ C0] vkms_vblank_simulate: vblank timer overrun [ 147.263730][ T5824] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 147.270951][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: kworker/u9:4 Not tainted 6.13.0-rc6-syzkaller-00006-g5428dc1906dd #0 [ 147.281814][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 147.291873][ T5824] Workqueue: hci3 hci_rx_work [ 147.296563][ T5824] Call Trace: [ 147.299821][ T5824] [ 147.302731][ T5824] dump_stack_lvl+0x3d/0x1f0 [ 147.307305][ T5824] panic+0x71d/0x800 [ 147.311176][ T5824] ? __pfx_panic+0x10/0x10 [ 147.315572][ T5824] ? irqentry_exit+0x3b/0x90 [ 147.320159][ T5824] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.325339][ T5824] ? preempt_schedule_thunk+0x1a/0x30 [ 147.330689][ T5824] ? preempt_schedule_common+0x44/0xc0 [ 147.336137][ T5824] check_panic_on_warn+0xab/0xb0 [ 147.341057][ T5824] end_report+0x117/0x180 [ 147.345367][ T5824] kasan_report+0xe9/0x110 [ 147.349761][ T5824] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 147.355822][ T5824] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 147.361902][ T5824] l2cap_sock_new_connection_cb+0x22a/0x240 [ 147.367780][ T5824] l2cap_connect_cfm+0x85f/0xf10 [ 147.372721][ T5824] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 147.378164][ T5824] ? hci_cb_lookup+0x319/0x4e0 [ 147.382915][ T5824] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 147.388353][ T5824] le_conn_complete_evt+0x168d/0x1da0 [ 147.393710][ T5824] ? __pfx_lock_release+0x10/0x10 [ 147.398712][ T5824] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 147.404411][ T5824] ? trace_contention_end+0xee/0x140 [ 147.409677][ T5824] hci_le_conn_complete_evt+0x23c/0x370 [ 147.415203][ T5824] hci_le_meta_evt+0x2e2/0x5d0 [ 147.419945][ T5824] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 147.426014][ T5824] hci_event_packet+0x666/0x1180 [ 147.430946][ T5824] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 147.436226][ T5824] ? __pfx_hci_event_packet+0x10/0x10 [ 147.441576][ T5824] ? mark_held_locks+0x9f/0xe0 [ 147.446327][ T5824] ? kcov_remote_start+0x3cf/0x6e0 [ 147.451419][ T5824] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.456695][ T5824] hci_rx_work+0x2c5/0x16b0 [ 147.461214][ T5824] ? process_one_work+0x921/0x1ba0 [ 147.466309][ T5824] process_one_work+0x9c5/0x1ba0 [ 147.471235][ T5824] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 147.476865][ T5824] ? __pfx_process_one_work+0x10/0x10 [ 147.482224][ T5824] ? rcu_is_watching+0x12/0xc0 [ 147.486978][ T5824] ? assign_work+0x1a0/0x250 [ 147.491551][ T5824] worker_thread+0x6c8/0xf00 [ 147.496147][ T5824] ? __kthread_parkme+0x148/0x220 [ 147.501160][ T5824] ? __pfx_worker_thread+0x10/0x10 [ 147.506252][ T5824] kthread+0x2c1/0x3a0 [ 147.510305][ T5824] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.515505][ T5824] ? __pfx_kthread+0x10/0x10 [ 147.520075][ T5824] ret_from_fork+0x45/0x80 [ 147.524469][ T5824] ? __pfx_kthread+0x10/0x10 [ 147.529040][ T5824] ret_from_fork_asm+0x1a/0x30 [ 147.533803][ T5824] [ 147.537008][ T5824] Kernel Offset: disabled [ 147.541316][ T5824] Rebooting in 86400 seconds..