program: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5, "a508006f523bddc70c48667eb34200"}) r1 = dup(r0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000200)={0x9, 0x0, 0x0, 0x82f6, 0x0, "0800000000000002"}) (async) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000200)={0x9, 0x0, 0x0, 0x82f6, 0x0, "0800000000000002"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) (async) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)) r3 = syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='gid=', @ANYRESDEC, @ANYBLOB="2c62733d30303030303030303030303030303030303030362c00f68abf5ef724b19b88d852a284b9bc4128970e4fa793ad58e0723245d077d10587ad5dc338f1f111d921798396c1fd1054030a98db"], 0x1, 0xc3c, &(0x7f0000000d00)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1V+1nVVawSpIwA0Igoq0Ai7IDRIXXOQGCa0QirhZJECKQJUWgUSgabQSAmYFCysqYXRm3rHHbtK4+bLT/H5t/J8585w575n2OT4TzXsmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIL/30saGDaatHAQA8SK+NvzF02O9/AHiknPL+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA20tRxFuR4r2xVpps3+8YONGcO3d+YnTs5qsNpkhRiaJdX/4ZOHjo8JEXX3p5uJsfv/699rl4ffzUsdrx+dmFxcbSUmO6NjHXPD0/3dj0M9zt+hvtbb8Atdk3z02fObNUO3Tg8LqHz1dv7Hxsd/Xo8LP7nu/WToyOjY331PT13/HWPyLdu6fiU2RHFPHlSPGt/d9J9YioxN33wm2OHffbYPSV/dfeiYnRsfaOzDTrc8vlg6mSq/oiqj0rjXR75AH04l0ZibhQ/ncqB7y33L3xhfpifWqmUTtZX1xuLjfn51KlM9pyf6pRieEUsRARrWKrB8920x9FvBopbnzYSlMRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTx25Hi3cmhOJ37qt021yO+WOYrEW+VeSXFxXw/lQeI4Yjv+n0CD7W+KOJvIsV8aqXpbu+3zytPfLX2lbkz8z213fPKh/79wYPk3IRtbCCKmGqf8bfSnf9lFwAAAAAAAAAAAADwYBTxzUhxeXZPWojeOaXNubO1U/Wpmc6ngruf/a/ltVZWVlaqqZO1nEM5R3KezDmZcyHnhZwXc17KeTnnlZxXc17L2coZlbz9nLWcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhnmPQEAAAAAAAAAAAAAAAAAAHCPDUYRvxEp/v33v9b+Xulofy/9Z48OHz/xmd7vjH/mNs9T1h6IiG/G5r6Td0f+rvFUKf+59/sF3N5AFPH1/P1/v7zVgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaFShTxK5HiG99rpUgRMRIxGZ28Vmz16AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0s5UxKuR4md/d2R1WV9EpPa/HXvKH0dipMj5RJmvxMjBdlZGjpU5EHFgC8YP3Lmlt995sz4z01h0ww033Fi9sdVHJgAAAAAAAAAAAAAAAAB4hKUi/j5S/OTvtVI1Is5Xb+x8bHf16PCz+54vomhfBCD11r8+fupY7fj87MJiY2mpMV2bmGuenp9ubHZzAyeac+fOT4yO3Zedua3B+zz+wYHj8wtvLzbP/sLyTR/fNXBsaml5sX765g/HYPRFDPUu2dse8MToWHvQM836XHvVVLnFAPsiapvdGR55u1IR/xsp3tv/7Xg8L8vX/+jv3Fvr/j/8xbV7P9y3Plf/d2wfPz57dPj4ruc2czttdqB7241XNsLYeM/ivjzKH+pZVs3j2vRzwyOq7P8XIsXP/1GRuj2U+/8HOveK1dr/+fpaTx3dkKu2qP+f6Fl2NB+1+vsiBpZnF/qfjhhYevud/c3Z+tnG2cbckUMvvzR85OUXj7zUvyNi4ExzpjG0dmvTrx0AAAAAAAAAAAAAAAAA3C/9qYgvRYpf+ru/XJ03nuf/faZzb23+X+/83z0bnqf3ugG3un3TuX63mdfXq9xmSkU8FSme/bNn2uNNscucd7hDu1IR3y/7afrL6Qt5We7/PLP/5v1/YUOu2qL5v4/3LLuQjxP/ESke/4Nn4gs9x4mNs3vLur+IFFM/8vlcFzvKuu7zdeZEdyYGl7VfixTvn1xf2503/cRa7cHN7hZspbL/ZyPFP/zW38aP5mXrr/9x8/7ftSFXbVH/P9m7TxGx9PY7b9ZnZhqLS5t+KeCRU/b/r0eKv/6Tb8dzednHXf+ne52fPc+tz8Fu0Rb1/1M9y6p5XD/2CV8LAAAAAAAAAAAAeFjsSkX8U6T48z/dl/bnZZv5/O/0hly1RZ//e7pn2fS6z//evxubfpEBAGCb6E9F/ESk+OPp66k7N/aW839fWZv/M7rxxL19Tv+D7Xn+n+hc/xPM/y+3mVIR/5fn9Q7dZl7vj0eKX/upfbku7S7rRrrDbf8ceG1+bv+xmZn50/Xl+tRMoza+UD/dKNfdGyn+9d8+n9ettOf5dudHd+YGr80J/p1I8XMfdGs7c4K7cymfXKs9WNbujxTff399bXfe1VNrtYfK2t+MFGP/ffPa3Wu1h8vaf4wU//lurVu7q6ztvp97eq32wOn5mY+8ZQMAAAAAAAAAAAAAAAAAAGDr9aciUqS48jOXVufGr7/+V/c6AOuv/7XR/fr+/+q92U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeCikKOK/IsV7Y610rSjvdwycaM6dOz8xOnbz1QZTpKhE0a4v/wwcPHT4yIsvvTzczY9f/177XLw+fupY7fj87MJiY2mpMV2bmGuenp9ubPoZ7nb9jfa2X4Da7Jvnps+cWaodOnB43cPnqzd2Pra7enT42X3Pd2snRsfGxntq+vrveOsfke7dU/EpsiOK+KtI8a3930n/XERU4u574TbHjvttMPrK/mvvxMToWHtHZpr1ueXywVTJVX0R1Z6VRro98gB68a6MRFyIiEo54L3l7o0v1BfrUzON2sn64nJzuTk/lyqd0Zb7U41KDKeIhYhoFVs9eLab/ijiSqS48WEr/UsRUXT74IXXxt8YOnzrFfse4CBvsflqEXE1HoKehW1qZxTxZKR4d3Io3i86fdVum+sRXyzzlYi3yryS4mK+n8oDxHDEd/0+gYdaXxRxMlLMp1a6XuTeb59Xnvhq7StzZ+Z7arvnlQ/9+4MHybkJ29hAFPFB+4y/lT7w+xwAAAAAAAAAAAAAtrkiXo0Ul2f3pPb80NU5pc25s7VT9amZzsf6u5/9r+W1VlZWVqqpk7WcQzlHcp7MOZlzIeeFnBdzXsp5OeeVnFdzXsvZyhmVvP2ctZxDOUdynsw5mXMh54WcF3Neynk555WcV3Ney9nKGT4nDQAAAAAAAAAAAAAAAADAfVKJIn41Unzje620UnS+X3YyOnnNPFf4VPv/AAAA//84/iOE") poll(&(0x7f0000000140)=[{r2}], 0x1, 0x0) r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x101480, 0x0) ioctl$CDROM_SEND_PACKET(r4, 0x5393, &(0x7f0000000000)={"9fb803f4b9030dfe0fa66eb5", 0x0, 0x0, 0xbcd, 0x0, 0x0, 0x0, 0xfffffff9, 0x0}) (async) ioctl$CDROM_SEND_PACKET(r4, 0x5393, &(0x7f0000000000)={"9fb803f4b9030dfe0fa66eb5", 0x0, 0x0, 0xbcd, 0x0, 0x0, 0x0, 0xfffffff9, 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f00000019c0)={{0x1, 0x1, 0x18, r3}, './file0/file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f00000019c0)={{0x1, 0x1, 0x18, r3}, './file0/file0\x00'}) bpf$OBJ_GET_MAP(0x7, &(0x7f0000001a40)=@generic={&(0x7f0000001a00)='./file0\x00', 0x0, 0x10}, 0x18) (async) r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001a40)=@generic={&(0x7f0000001a00)='./file0\x00', 0x0, 0x10}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001b00)={{0x1}, &(0x7f0000001a80), &(0x7f0000001ac0)='%ps \x00'}, 0x20) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet_tcp(0x2, 0x1, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001940)=ANY=[@ANYBLOB="9c747bcb1ee6", @ANYRES32=r6, @ANYRES32, @ANYRESDEC=r9, @ANYBLOB="d2b8966f8af0dab4391a4313d58339f16e1797b9ada103b379045ff37e72242492e5b341ff5908dda362de3d5430bb7b4fe30a52a659acdc6edd334adfcb1ffd28ad2b70", @ANYRESDEC=r4], 0x80}}, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x20}}, 0x0) [ 76.113800][ T4658] Bluetooth: hci0: command tx timeout [ 76.244243][ T5311] loop0: detected capacity change from 0 to 2048 [ 76.278001][ T5312] sr 2:0:0:0: [sr0] tag#10 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 76.282358][ T5312] sr 2:0:0:0: [sr0] tag#10 CDB: Service action out(16), sa=0x18 9f b8 03 f4 b9 03 0d fe 0f a6 6e b5 [ 76.302563][ T5311] sr 2:0:0:0: [sr0] tag#11 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 76.306042][ T5311] sr 2:0:0:0: [sr0] tag#11 CDB: Service action out(16), sa=0x18 9f b8 03 f4 b9 03 0d fe 0f a6 6e b5 [ 76.364906][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.367418][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.606159][ T5311] ================================================================== [ 77.609647][ T5311] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x396/0x430 [ 77.613038][ T5311] Write of size 4064 at addr ffffc9000d651020 by task syz.0.0/5311 [ 77.616136][ T5311] [ 77.617140][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 77.617149][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.617154][ T5311] Call Trace: [ 77.617159][ T5311] [ 77.617163][ T5311] dump_stack_lvl+0x189/0x250 [ 77.617177][ T5311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.617186][ T5311] ? __pfx__printk+0x10/0x10 [ 77.617193][ T5311] ? __pfx__printk+0x10/0x10 [ 77.617198][ T5311] ? __virt_addr_valid+0xc3/0x540 [ 77.617207][ T5311] print_report+0xb4/0x290 [ 77.617217][ T5311] ? vrealloc_noprof+0x396/0x430 [ 77.617229][ T5311] kasan_report+0x118/0x150 [ 77.617243][ T5311] ? vrealloc_noprof+0x396/0x430 [ 77.617256][ T5311] kasan_check_range+0x29a/0x2b0 [ 77.617269][ T5311] __asan_memset+0x22/0x50 [ 77.617278][ T5311] vrealloc_noprof+0x396/0x430 [ 77.617292][ T5311] push_insn_history+0x184/0x650 [ 77.617305][ T5311] do_check+0x597/0xd630 [ 77.617321][ T5311] ? __pfx_do_check+0x10/0x10 [ 77.617327][ T5311] ? __asan_memset+0x22/0x50 [ 77.617333][ T5311] ? init_func_state+0x1ddf/0x2d20 [ 77.617342][ T5311] do_check_common+0x168d/0x20b0 [ 77.617352][ T5311] bpf_check+0x13679/0x19a70 [ 77.617360][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617370][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617406][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617421][ T5311] ? do_raw_spin_lock+0x121/0x290 [ 77.617437][ T5311] ? __pfx_bpf_check+0x10/0x10 [ 77.617447][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617460][ T5311] ? cgroup_rstat_updated+0x144/0xb50 [ 77.617470][ T5311] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 77.617478][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617488][ T5311] ? __lock_acquire+0xaac/0xd20 [ 77.617496][ T5311] ? ktime_get_with_offset+0x8c/0x2a0 [ 77.617504][ T5311] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 77.617510][ T5311] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.617559][ T5311] ? ktime_get_with_offset+0x8c/0x2a0 [ 77.617568][ T5311] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 77.617578][ T5311] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 77.617592][ T5311] ? bpf_obj_name_cpy+0x194/0x1e0 [ 77.617606][ T5311] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 77.617619][ T5311] ? security_bpf_prog_load+0x7f/0x310 [ 77.617627][ T5311] bpf_prog_load+0x1318/0x1930 [ 77.617640][ T5311] ? __pfx_bpf_prog_load+0x10/0x10 [ 77.617654][ T5311] ? bpf_lsm_bpf+0x9/0x20 [ 77.617665][ T5311] ? security_bpf+0x7e/0x300 [ 77.617673][ T5311] __sys_bpf+0x5f1/0x860 [ 77.617685][ T5311] ? __pfx___sys_bpf+0x10/0x10 [ 77.617696][ T5311] ? rcu_is_watching+0x15/0xb0 [ 77.617713][ T5311] ? rcu_is_watching+0x15/0xb0 [ 77.617727][ T5311] __x64_sys_bpf+0x7c/0x90 [ 77.617737][ T5311] do_syscall_64+0xf6/0x210 [ 77.617755][ T5311] ? clear_bhb_loop+0x45/0xa0 [ 77.617767][ T5311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.617777][ T5311] RIP: 0033:0x7f05a018e969 [ 77.617788][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.617796][ T5311] RSP: 002b:00007f05a0ffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 77.617805][ T5311] RAX: ffffffffffffffda RBX: 00007f05a03b5fa0 RCX: 00007f05a018e969 [ 77.617809][ T5311] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 77.617814][ T5311] RBP: 00007f05a0210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 77.617818][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.617822][ T5311] R13: 0000000000000000 R14: 00007f05a03b5fa0 R15: 00007ffcbb602378 [ 77.617828][ T5311] [ 77.617831][ T5311] [ 77.758644][ T5311] The buggy address belongs to the virtual mapping at [ 77.758644][ T5311] [ffffc9000d631000, ffffc9000d653000) created by: [ 77.758644][ T5311] kvrealloc_noprof+0x82/0xe0 [ 77.766069][ T5311] [ 77.767219][ T5311] The buggy address belongs to the physical page: [ 77.769878][ T5311] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88803fe18280 pfn:0x3fe18 [ 77.773928][ T5311] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 77.776967][ T5311] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 77.780357][ T5311] raw: ffff88803fe18280 0000000000000000 00000001ffffffff 0000000000000000 [ 77.783850][ T5311] page dumped because: kasan: bad access detected [ 77.786415][ T5311] page_owner tracks the page as allocated [ 77.788690][ T5311] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5311, tgid 5310 (syz.0.0), ts 77605997559, free_ts 76756688385 [ 77.795467][ T5311] post_alloc_hook+0x1d8/0x230 [ 77.797475][ T5311] get_page_from_freelist+0x21ce/0x22b0 [ 77.799812][ T5311] __alloc_pages_slowpath+0x2fe/0xcc0 [ 77.802035][ T5311] __alloc_frozen_pages_noprof+0x319/0x370 [ 77.804460][ T5311] alloc_pages_mpol+0x232/0x4a0 [ 77.806457][ T5311] alloc_pages_noprof+0xa9/0x190 [ 77.808462][ T5311] __vmalloc_node_range_noprof+0x8fe/0x12c0 [ 77.810973][ T5311] __kvmalloc_node_noprof+0x3a0/0x5e0 [ 77.813201][ T5311] kvrealloc_noprof+0x82/0xe0 [ 77.815112][ T5311] push_insn_history+0x184/0x650 [ 77.817259][ T5311] do_check+0x597/0xd630 [ 77.819091][ T5311] do_check_common+0x168d/0x20b0 [ 77.821236][ T5311] bpf_check+0x13679/0x19a70 [ 77.823255][ T5311] bpf_prog_load+0x1318/0x1930 [ 77.825365][ T5311] __sys_bpf+0x5f1/0x860 [ 77.827199][ T5311] __x64_sys_bpf+0x7c/0x90 [ 77.829159][ T5311] page last free pid 5309 tgid 5309 stack trace: [ 77.831889][ T5311] __free_frozen_pages+0xb0e/0xcd0 [ 77.834071][ T5311] __put_partials+0x161/0x1c0 [ 77.836115][ T5311] put_cpu_partial+0x17c/0x250 [ 77.838247][ T5311] __slab_free+0x2f7/0x400 [ 77.840175][ T5311] qlist_free_all+0x9a/0x140 [ 77.842183][ T5311] kasan_quarantine_reduce+0x148/0x160 [ 77.844453][ T5311] __kasan_slab_alloc+0x22/0x80 [ 77.846518][ T5311] __kmalloc_cache_noprof+0x1be/0x3d0 [ 77.848820][ T5311] drm_atomic_state_alloc+0xa9/0x100 [ 77.851078][ T5311] drm_atomic_helper_dirtyfb+0xed/0xee0 [ 77.853421][ T5311] drm_fbdev_shmem_helper_fb_dirty+0x15d/0x2f0 [ 77.856121][ T5311] drm_fb_helper_damage_work+0x221/0x710 [ 77.858579][ T5311] process_scheduled_works+0xadb/0x17a0 [ 77.860993][ T5311] worker_thread+0x8a0/0xda0 [ 77.863007][ T5311] kthread+0x70e/0x8a0 [ 77.864761][ T5311] ret_from_fork+0x4b/0x80 [ 77.866711][ T5311] [ 77.867775][ T5311] Memory state around the buggy address: [ 77.870108][ T5311] ffffc9000d650f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.873460][ T5311] ffffc9000d650f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.876857][ T5311] >ffffc9000d651000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 77.880281][ T5311] ^ [ 77.882520][ T5311] ffffc9000d651080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 77.885936][ T5311] ffffc9000d651100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 77.889367][ T5311] ================================================================== [ 78.075317][ T5311] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.078394][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 78.083076][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.087481][ T5311] Call Trace: [ 78.088958][ T5311] [ 78.090221][ T5311] dump_stack_lvl+0x99/0x250 [ 78.092183][ T5311] ? __asan_memcpy+0x40/0x70 [ 78.094207][ T5311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.096476][ T5311] ? __pfx__printk+0x10/0x10 [ 78.098504][ T5311] panic+0x2db/0x790 [ 78.100134][ T5311] ? __pfx_panic+0x10/0x10 [ 78.102009][ T5311] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 78.104494][ T5311] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 78.107109][ T5311] ? print_memory_metadata+0x314/0x400 [ 78.109418][ T5311] ? vrealloc_noprof+0x396/0x430 [ 78.111516][ T5311] check_panic_on_warn+0x89/0xb0 [ 78.113680][ T5311] ? vrealloc_noprof+0x396/0x430 [ 78.115802][ T5311] end_report+0x78/0x160 [ 78.117660][ T5311] kasan_report+0x129/0x150 [ 78.119607][ T5311] ? vrealloc_noprof+0x396/0x430 [ 78.121666][ T5311] kasan_check_range+0x29a/0x2b0 [ 78.123723][ T5311] __asan_memset+0x22/0x50 [ 78.125692][ T5311] vrealloc_noprof+0x396/0x430 [ 78.127767][ T5311] push_insn_history+0x184/0x650 [ 78.129866][ T5311] do_check+0x597/0xd630 [ 78.131646][ T5311] ? __pfx_do_check+0x10/0x10 [ 78.133604][ T5311] ? __asan_memset+0x22/0x50 [ 78.135470][ T5311] ? init_func_state+0x1ddf/0x2d20 [ 78.137669][ T5311] do_check_common+0x168d/0x20b0 [ 78.139740][ T5311] bpf_check+0x13679/0x19a70 [ 78.141697][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.143764][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.145949][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.148166][ T5311] ? do_raw_spin_lock+0x121/0x290 [ 78.150402][ T5311] ? __pfx_bpf_check+0x10/0x10 [ 78.152520][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.154620][ T5311] ? cgroup_rstat_updated+0x144/0xb50 [ 78.157003][ T5311] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 78.159417][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.161579][ T5311] ? __lock_acquire+0xaac/0xd20 [ 78.163458][ T5311] ? ktime_get_with_offset+0x8c/0x2a0 [ 78.165737][ T5311] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 78.168366][ T5311] ? lockdep_hardirqs_on+0x9c/0x150 [ 78.170515][ T5311] ? ktime_get_with_offset+0x8c/0x2a0 [ 78.172786][ T5311] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 78.175367][ T5311] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 78.178143][ T5311] ? bpf_obj_name_cpy+0x194/0x1e0 [ 78.180386][ T5311] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 78.182573][ T5311] ? security_bpf_prog_load+0x7f/0x310 [ 78.184780][ T5311] bpf_prog_load+0x1318/0x1930 [ 78.186759][ T5311] ? __pfx_bpf_prog_load+0x10/0x10 [ 78.188781][ T5311] ? bpf_lsm_bpf+0x9/0x20 [ 78.190628][ T5311] ? security_bpf+0x7e/0x300 [ 78.192593][ T5311] __sys_bpf+0x5f1/0x860 [ 78.194444][ T5311] ? __pfx___sys_bpf+0x10/0x10 [ 78.196399][ T5311] ? rcu_is_watching+0x15/0xb0 [ 78.198349][ T5311] ? rcu_is_watching+0x15/0xb0 [ 78.200312][ T5311] __x64_sys_bpf+0x7c/0x90 [ 78.202084][ T5311] do_syscall_64+0xf6/0x210 [ 78.203834][ T5311] ? clear_bhb_loop+0x45/0xa0 [ 78.205738][ T5311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.208309][ T5311] RIP: 0033:0x7f05a018e969 [ 78.210406][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.220017][ T5311] RSP: 002b:00007f05a0ffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 78.223202][ T5311] RAX: ffffffffffffffda RBX: 00007f05a03b5fa0 RCX: 00007f05a018e969 [ 78.226329][ T5311] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 78.229560][ T5311] RBP: 00007f05a0210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 78.232880][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.236148][ T5311] R13: 0000000000000000 R14: 00007f05a03b5fa0 R15: 00007ffcbb602378 [ 78.239350][ T5311] [ 78.240986][ T5311] Kernel Offset: disabled [ 78.242905][ T5311] Rebooting in 86400 seconds..