last executing test programs: 8.239798325s ago: executing program 1 (id=6): syz_usb_connect$cdc_ncm(0x6, 0x76, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a44000010203010902640002010000000904000001020d000008240600015a25b505240000000d240f0100000000000000000006241a00000005240100000905810300000000000904010000020d00000904010102020d000009058202"], 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="120100009c147010861246205bb4018203010902240001000000000904000002ff0401"], 0x0) 7.957950844s ago: executing program 2 (id=3): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) 7.402214314s ago: executing program 4 (id=5): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=@flushsa={0x14, 0x28, 0x1, 0x0, 0x0, {0xff}}, 0x14}}, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) 6.24002357s ago: executing program 3 (id=7): syz_emit_ethernet(0x46, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) open(0x0, 0xc02, 0xf1) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) 5.731191358s ago: executing program 2 (id=8): listen(0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'tunl0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) 5.244019243s ago: executing program 4 (id=10): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwritev2(r0, &(0x7f0000000400)=[{&(0x7f0000000040)='U', 0x1}], 0x1, 0x3, 0xe89a, 0x12) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0) 4.986549233s ago: executing program 0 (id=11): listen(0xffffffffffffffff, 0x101) syz_open_dev$mouse(&(0x7f0000000040), 0x3, 0x2a101) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) shutdown(r1, 0x0) r2 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r2, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 4.728196353s ago: executing program 1 (id=12): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000040)="0f015900440f20c0663502000000440f22c067660f3a2272076f3e26660f3880a98d250f0f8d0100b066aad8e7f30fc7330f73d613f30fc7b3385d", 0x3b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.551152771s ago: executing program 3 (id=13): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_vhci(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getuid() r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) fstat(r2, &(0x7f00000002c0)) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x37, 0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000000c0)=0x0) setresuid(r1, r4, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001080)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20) sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 4.550819744s ago: executing program 2 (id=14): socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x44004) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) dup(r7) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x1fa7}}]}}]}, 0x48}}, 0x0) 4.550629512s ago: executing program 4 (id=15): syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10) socket(0x25, 0x1, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000010c0)={{0x12, 0x1, 0x0, 0xec, 0x68, 0xd4, 0x20, 0x93a, 0x50f, 0x56a5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7b, 0x90, 0x64}}]}}]}}, 0x0) 3.667189535s ago: executing program 0 (id=16): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x8, 0xf, &(0x7f0000000c80)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r5, 0x0, 0x0}, 0x10) 3.626269147s ago: executing program 1 (id=17): fanotify_init(0x200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020400) preadv(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) 3.45169035s ago: executing program 3 (id=18): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) eventfd2(0x8000, 0x80001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x4, &(0x7f0000000e00)=ANY=[@ANYRESDEC, @ANYRESOCT=r1, @ANYRES16, @ANYBLOB="0e6c2cfe7113850c92d915305f3edba899360b8ea1578b404ade716e93cf91305f5f68642b153f787846d3b77211ab95803a697fd4f2aa3f73870831ac6aeaa7ca202d0e1ce7dec62ed4d7d0facb1751ff28228401ad9e51a8be41afc94355751ab5230b4160c1543d1b9e78f5ae1342235ca09d238767ea18c4169ba88dd7fedceddcf2bb7e5f75ebe67a3d43a44491c337d40125de8e7d7d30aae24657a07d22c909b3ff26a2fa0aa076455c67c0704b654842d5a44e95add3b0c6c6db264d4b50ddafd809c7a9a8d3b8c2dafaf24687e529256b87c1df73b441a07ed72a35df8f42f9af6eae"], 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x50}}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_setup(0x5, &(0x7f0000000100)=0x0) openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) io_submit(r4, 0x1, &(0x7f0000001580)=[0x0]) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="7c010000100001000000000000000000ac1414aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033020000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000002000000020001000000000000000000890001007368613235360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008020000"], 0x17c}}, 0x0) 2.642924645s ago: executing program 0 (id=19): sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x8040) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0xca, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x50}}) 2.31203933s ago: executing program 1 (id=20): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x4, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7a2, 0x0, 0x4, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x6000000000, 0x0, 0x4, r2, 0x5}) 2.281451063s ago: executing program 3 (id=21): socket$inet_udp(0x2, 0x2, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000340)={{{@in=@initdev, @in=@multicast2}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x5c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r2, 0x0, 0x3, 0x0, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$dri(0x0, 0x1ff, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/4\x00') r4 = epoll_create1(0x0) fcntl$dupfd(r4, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x11) memfd_create(0x0, 0x7) setitimer(0x1, 0x0, 0x0) pipe2$9p(0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00') 1.745083527s ago: executing program 0 (id=22): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000040)={0x3, 0x6}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', 0x0}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@ifindex=r3, 0x35, 0x0, 0xbb09, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000180), &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)}, 0x40) r4 = socket$inet(0x2, 0x3, 0x100) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) poll(0x0, 0x0, 0x0) ptrace$pokeuser(0x6, r5, 0x358, 0x800000000000) 1.696050024s ago: executing program 1 (id=23): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@cgroup, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 1.646697914s ago: executing program 3 (id=24): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0xa, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0) ftruncate(r2, 0x2007ffb) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) sendfile(r3, r2, 0x0, 0x7ffff000) 1.208413693s ago: executing program 0 (id=25): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c000}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) 1.107910814s ago: executing program 1 (id=26): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$packet(0x11, 0x3, 0x300) socket$kcm(0x11, 0xa, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) socket(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) socket$kcm(0x10, 0x2, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, 0x1040}}, 0x20}}, 0x400c004) 230.874022ms ago: executing program 3 (id=27): open(0x0, 0x113402, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r2 = memfd_create(&(0x7f00000003c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f00000009c0)=ANY=[@ANYBLOB="0020000002000000", @ANYRES32=r2, @ANYBLOB="0000000000000000000000000080"]) bind$inet6(0xffffffffffffffff, 0x0, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x88, 0x65, 0x0, 0xfffffffffffffcbe) r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 117.478631ms ago: executing program 4 (id=28): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x103) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/68, &(0x7f0000000880)=""/72, 0x8080000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000140)=&(0x7f00000002c0)) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) exit(0x1) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) 0s ago: executing program 0 (id=29): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000580)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) gettid() read$FUSE(0xffffffffffffffff, &(0x7f0000004080)={0x2020}, 0xe62) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.31' (ED25519) to the list of known hosts. [ 49.316428][ T29] audit: type=1400 audit(1737686602.190:88): avc: denied { mounton } for pid=5805 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 49.319569][ T5805] cgroup: Unknown subsys name 'net' [ 49.339188][ T29] audit: type=1400 audit(1737686602.190:89): avc: denied { mount } for pid=5805 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 49.368462][ T29] audit: type=1400 audit(1737686602.250:90): avc: denied { unmount } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 49.532265][ T5805] cgroup: Unknown subsys name 'cpuset' [ 49.539729][ T5805] cgroup: Unknown subsys name 'rlimit' [ 49.701035][ T29] audit: type=1400 audit(1737686602.580:91): avc: denied { setattr } for pid=5805 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.736044][ T29] audit: type=1400 audit(1737686602.580:92): avc: denied { create } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.757322][ T29] audit: type=1400 audit(1737686602.580:93): avc: denied { write } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.777943][ T29] audit: type=1400 audit(1737686602.580:94): avc: denied { read } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.798247][ T29] audit: type=1400 audit(1737686602.590:95): avc: denied { mounton } for pid=5805 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 49.804561][ T5808] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 49.823045][ T29] audit: type=1400 audit(1737686602.590:96): avc: denied { mount } for pid=5805 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 49.854919][ T29] audit: type=1400 audit(1737686602.600:97): avc: denied { read } for pid=5487 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 50.693481][ T5805] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.687022][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.688261][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.695487][ T5822] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.704867][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.709114][ T5822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.721297][ T5823] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.723505][ T5822] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 52.737144][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.737802][ T5822] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.750447][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.752460][ T5822] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 52.758822][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.767289][ T5822] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.779845][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 52.786913][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.788585][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.795233][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.801361][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.815947][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.826884][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.836010][ T5823] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.843429][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.850189][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.851844][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.858015][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.872635][ T5832] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.879907][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.887621][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.896091][ T5832] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.907460][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.064512][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 53.202823][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 53.214414][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 53.223084][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.230802][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.238006][ T5815] bridge_slave_0: entered allmulticast mode [ 53.244965][ T5815] bridge_slave_0: entered promiscuous mode [ 53.253758][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.261369][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.268466][ T5815] bridge_slave_1: entered allmulticast mode [ 53.274900][ T5815] bridge_slave_1: entered promiscuous mode [ 53.295227][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.319246][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.395600][ T5815] team0: Port device team_slave_0 added [ 53.404873][ T5815] team0: Port device team_slave_1 added [ 53.416690][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 53.443955][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.451226][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.458305][ T5820] bridge_slave_0: entered allmulticast mode [ 53.465299][ T5820] bridge_slave_0: entered promiscuous mode [ 53.497616][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.504821][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.512082][ T5820] bridge_slave_1: entered allmulticast mode [ 53.518454][ T5820] bridge_slave_1: entered promiscuous mode [ 53.534238][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.541228][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.567282][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.578647][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.585860][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.593330][ T5816] bridge_slave_0: entered allmulticast mode [ 53.599926][ T5816] bridge_slave_0: entered promiscuous mode [ 53.609043][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.616287][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.623488][ T5816] bridge_slave_1: entered allmulticast mode [ 53.630000][ T5816] bridge_slave_1: entered promiscuous mode [ 53.648288][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.655375][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.681553][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.692852][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 53.715972][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.732545][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.743378][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.755802][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.809064][ T5820] team0: Port device team_slave_0 added [ 53.836565][ T5816] team0: Port device team_slave_0 added [ 53.844791][ T5816] team0: Port device team_slave_1 added [ 53.851062][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.858137][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.865280][ T5826] bridge_slave_0: entered allmulticast mode [ 53.871695][ T5826] bridge_slave_0: entered promiscuous mode [ 53.879383][ T5820] team0: Port device team_slave_1 added [ 53.890098][ T5815] hsr_slave_0: entered promiscuous mode [ 53.896185][ T5815] hsr_slave_1: entered promiscuous mode [ 53.907282][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.914383][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.921548][ T5826] bridge_slave_1: entered allmulticast mode [ 53.927913][ T5826] bridge_slave_1: entered promiscuous mode [ 53.958222][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.965346][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.991929][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.008411][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.016129][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.023593][ T5824] bridge_slave_0: entered allmulticast mode [ 54.030289][ T5824] bridge_slave_0: entered promiscuous mode [ 54.037845][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.044991][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.071459][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.087003][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.094228][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.120271][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.142483][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.149543][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.156781][ T5824] bridge_slave_1: entered allmulticast mode [ 54.163252][ T5824] bridge_slave_1: entered promiscuous mode [ 54.169888][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.176838][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.202809][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.215056][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.225944][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.271831][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.283001][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.295011][ T5826] team0: Port device team_slave_0 added [ 54.322774][ T5826] team0: Port device team_slave_1 added [ 54.346887][ T5820] hsr_slave_0: entered promiscuous mode [ 54.352826][ T5820] hsr_slave_1: entered promiscuous mode [ 54.358558][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.366403][ T5820] Cannot create hsr debugfs directory [ 54.377908][ T5824] team0: Port device team_slave_0 added [ 54.390372][ T5816] hsr_slave_0: entered promiscuous mode [ 54.396283][ T5816] hsr_slave_1: entered promiscuous mode [ 54.402372][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.409949][ T5816] Cannot create hsr debugfs directory [ 54.422301][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.429245][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.455210][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.467679][ T5824] team0: Port device team_slave_1 added [ 54.493530][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.500666][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.526777][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.564384][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.571725][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.597726][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.610023][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.616961][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.642919][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.730796][ T5826] hsr_slave_0: entered promiscuous mode [ 54.736874][ T5826] hsr_slave_1: entered promiscuous mode [ 54.743072][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.751002][ T5826] Cannot create hsr debugfs directory [ 54.758494][ T5824] hsr_slave_0: entered promiscuous mode [ 54.764778][ T5824] hsr_slave_1: entered promiscuous mode [ 54.770721][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.778259][ T5824] Cannot create hsr debugfs directory [ 54.834308][ T5815] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.861852][ T5815] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.882169][ T5815] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.890688][ T5819] Bluetooth: hci0: command tx timeout [ 54.892158][ T5832] Bluetooth: hci1: command tx timeout [ 54.898073][ T5815] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.961905][ T5820] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.969956][ T5832] Bluetooth: hci2: command tx timeout [ 54.974170][ T5825] Bluetooth: hci4: command tx timeout [ 54.981493][ T5819] Bluetooth: hci3: command tx timeout [ 54.989096][ T5820] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.000232][ T5820] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.024444][ T5820] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.067309][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.075448][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.085659][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.105226][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.151295][ T5824] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.176373][ T5824] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.184657][ T5824] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.195266][ T5824] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.244321][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.254355][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.268198][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.276802][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.300424][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.311844][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.342923][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.383167][ T3610] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.390508][ T3610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.405723][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.419407][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.426961][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.435553][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.442641][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.460651][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.467721][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.482831][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.513378][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.524501][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.550517][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.557585][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.565864][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.572928][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.615445][ T5815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.634304][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 55.634319][ T29] audit: type=1400 audit(1737686608.510:111): avc: denied { sys_module } for pid=5820 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.652115][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.681923][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.703274][ T5816] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.717928][ T5816] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.753451][ T3610] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.760551][ T3610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.788307][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.795413][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.821932][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.871054][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.878168][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.889515][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.896641][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.939407][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.953385][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.064398][ T5815] veth0_vlan: entered promiscuous mode [ 56.078774][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.096956][ T5820] veth0_vlan: entered promiscuous mode [ 56.107363][ T5815] veth1_vlan: entered promiscuous mode [ 56.155743][ T5820] veth1_vlan: entered promiscuous mode [ 56.167231][ T5815] veth0_macvtap: entered promiscuous mode [ 56.176653][ T5815] veth1_macvtap: entered promiscuous mode [ 56.197643][ T5816] veth0_vlan: entered promiscuous mode [ 56.216437][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.238649][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.246523][ T5816] veth1_vlan: entered promiscuous mode [ 56.265943][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.281570][ T5820] veth0_macvtap: entered promiscuous mode [ 56.296464][ T5815] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.306035][ T5815] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.315352][ T5815] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.324257][ T5815] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.357021][ T5820] veth1_macvtap: entered promiscuous mode [ 56.374046][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.413847][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.426163][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.437759][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.452872][ T5816] veth0_macvtap: entered promiscuous mode [ 56.465557][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.476182][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.487510][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.508773][ T5816] veth1_macvtap: entered promiscuous mode [ 56.530310][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.538249][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.554493][ T5820] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.563563][ T5820] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.574094][ T5820] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.583041][ T5820] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.615375][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.625576][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.635180][ T5824] veth0_vlan: entered promiscuous mode [ 56.645415][ T5826] veth0_vlan: entered promiscuous mode [ 56.655837][ T29] audit: type=1400 audit(1737686609.530:112): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/root/syzkaller.TFKDTY/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 56.662116][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.693706][ T29] audit: type=1400 audit(1737686609.560:113): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 56.696063][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.716278][ T29] audit: type=1400 audit(1737686609.560:114): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/root/syzkaller.TFKDTY/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 56.734185][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.762343][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.772349][ T29] audit: type=1400 audit(1737686609.560:115): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 56.775841][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.805183][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.816673][ T29] audit: type=1400 audit(1737686609.560:116): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/root/syzkaller.TFKDTY/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 56.816831][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.847258][ T29] audit: type=1400 audit(1737686609.560:117): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/root/syzkaller.TFKDTY/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 56.854269][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.893439][ T29] audit: type=1400 audit(1737686609.570:118): avc: denied { unmount } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.895577][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.913507][ T29] audit: type=1400 audit(1737686609.670:119): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 56.928614][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.955142][ T29] audit: type=1400 audit(1737686609.680:120): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="gadgetfs" ino=7143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 56.958368][ T5815] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.979291][ T5819] Bluetooth: hci1: command tx timeout [ 56.998730][ T5825] Bluetooth: hci0: command tx timeout [ 57.007749][ T5826] veth1_vlan: entered promiscuous mode [ 57.028091][ T5824] veth1_vlan: entered promiscuous mode [ 57.041817][ T5816] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.050200][ T5819] Bluetooth: hci2: command tx timeout [ 57.055917][ T5819] Bluetooth: hci3: command tx timeout [ 57.061602][ T5819] Bluetooth: hci4: command tx timeout [ 57.069497][ T5816] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.081782][ T5816] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.093243][ T5816] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.138656][ T5826] veth0_macvtap: entered promiscuous mode [ 57.160890][ T5824] veth0_macvtap: entered promiscuous mode [ 57.186730][ T5826] veth1_macvtap: entered promiscuous mode [ 57.207939][ T5824] veth1_macvtap: entered promiscuous mode [ 57.261164][ T367] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.269009][ T367] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.278341][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.290305][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.301539][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.312248][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.322455][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.333022][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.343925][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.417450][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.428718][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.438738][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.460602][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.475404][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.485987][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.505671][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.545526][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.591701][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.626258][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.638294][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.648423][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.659181][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.669258][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.681822][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.693915][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.721089][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.731962][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.741871][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.752506][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.762424][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.772959][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.782885][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.793642][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.804246][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.814374][ T5824] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.818352][ T3610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.825486][ T5824] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.840985][ T5824] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.850957][ T3610] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.851221][ T5824] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.871283][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.880166][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.888848][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.897672][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.927309][ T367] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.945328][ T367] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.983478][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.991641][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.086462][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.124114][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.187450][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.195761][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.321556][ T3610] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.329379][ T3610] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.739029][ T3531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.801537][ T3531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.962963][ T934] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 59.952230][ T5832] Bluetooth: hci1: command tx timeout [ 59.957660][ T5832] Bluetooth: hci0: command tx timeout [ 59.963114][ T5819] Bluetooth: hci4: command tx timeout [ 59.968509][ T5819] Bluetooth: hci3: command tx timeout [ 59.969788][ T5825] Bluetooth: hci2: command tx timeout [ 60.049681][ T934] usb 2-1: Using ep0 maxpacket: 16 [ 60.058180][ T934] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 60.069361][ T934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 60.097928][ T934] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 60.220136][ T5921] ceph: No mds server is up or the cluster is laggy [ 60.233957][ T25] libceph: connect (1)[c::]:6789 error -101 [ 60.503646][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 60.510606][ T934] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 60.528611][ T934] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 60.644831][ T934] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 60.646961][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 60.646973][ T29] audit: type=1400 audit(1737686613.520:180): avc: denied { ioctl } for pid=5926 comm="syz.3.7" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=8564 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 60.657350][ T934] usb 2-1: Product: syz [ 60.740307][ T934] usb 2-1: Manufacturer: syz [ 60.750270][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 60.758904][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 60.767586][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 60.842398][ T934] usb 2-1: SerialNumber: syz [ 60.856085][ T29] audit: type=1400 audit(1737686613.730:181): avc: denied { create } for pid=5930 comm="syz.0.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 60.862048][ T934] usb 2-1: config 0 descriptor?? [ 60.886060][ T934] usb 2-1: NFC: intf ffff888028295000 id ffffffff8f11a8a0 [ 61.130586][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.232969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.241096][ T29] audit: type=1400 audit(1737686613.760:182): avc: denied { setopt } for pid=5930 comm="syz.0.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 61.335417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.480342][ T934] usb 2-1: USB disconnect, device number 2 [ 61.695168][ T29] audit: type=1400 audit(1737686614.570:183): avc: denied { read } for pid=5939 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 61.777311][ T29] audit: type=1400 audit(1737686614.570:184): avc: denied { open } for pid=5939 comm="syz.1.12" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 61.820445][ T29] audit: type=1400 audit(1737686614.570:185): avc: denied { ioctl } for pid=5939 comm="syz.1.12" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 61.959506][ T29] audit: type=1400 audit(1737686614.650:186): avc: denied { read } for pid=5937 comm="syz.0.11" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 61.987670][ T29] audit: type=1400 audit(1737686614.650:187): avc: denied { open } for pid=5937 comm="syz.0.11" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 61.990054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.011771][ T5819] Bluetooth: hci3: command tx timeout [ 62.025508][ T5134] Bluetooth: hci0: command tx timeout [ 62.031213][ T5134] Bluetooth: hci4: command tx timeout [ 62.037233][ T5134] Bluetooth: hci1: command tx timeout [ 62.045513][ T5832] Bluetooth: hci2: command tx timeout [ 62.053258][ T29] audit: type=1400 audit(1737686614.650:188): avc: denied { write } for pid=5939 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 62.076407][ T29] audit: type=1400 audit(1737686614.760:189): avc: denied { connect } for pid=5937 comm="syz.0.11" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.256971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 62.359370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 62.484069][ T5951] kvm: emulating exchange as write [ 62.739723][ T934] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 63.559772][ T934] usb 5-1: Using ep0 maxpacket: 32 [ 63.670951][ T934] usb 5-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=56.a5 [ 63.786013][ T934] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.922793][ T934] usb 5-1: Product: syz [ 63.926992][ T934] usb 5-1: Manufacturer: syz [ 63.948105][ T934] usb 5-1: SerialNumber: syz [ 64.000050][ T934] usb 5-1: config 0 descriptor?? [ 64.002797][ T5968] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 64.024134][ T934] gspca_main: mars-2.14.0 probing 093a:050f [ 64.079908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 64.090047][ T5832] Bluetooth: hci4: command 0x0405 tx timeout [ 64.225855][ T5976] syz.3.21 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 64.565956][ T5903] usb 5-1: USB disconnect, device number 2 [ 65.940616][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 65.940634][ T29] audit: type=1400 audit(1737686618.130:216): avc: denied { write } for pid=5984 comm="syz.3.24" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 65.990360][ T5987] warning: `syz.0.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 66.206456][ T29] audit: type=1400 audit(1737686618.980:217): avc: denied { create } for pid=5990 comm="syz.1.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 66.295242][ T29] audit: type=1400 audit(1737686619.080:218): avc: denied { create } for pid=5990 comm="syz.1.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 66.687294][ T5992] ================================================================== [ 66.695392][ T5992] BUG: KASAN: use-after-free in ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 66.704522][ T5992] Read of size 8 at addr ffff88805da38108 by task syz.1.26/5992 [ 66.712151][ T5992] [ 66.714474][ T5992] CPU: 0 UID: 0 PID: 5992 Comm: syz.1.26 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 66.714493][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 66.714502][ T5992] Call Trace: [ 66.714508][ T5992] [ 66.714514][ T5992] dump_stack_lvl+0x116/0x1f0 [ 66.714538][ T5992] print_report+0xc3/0x620 [ 66.714560][ T5992] ? __virt_addr_valid+0x5e/0x590 [ 66.714582][ T5992] ? __phys_addr+0xc6/0x150 [ 66.714606][ T5992] kasan_report+0xd9/0x110 [ 66.714627][ T5992] ? ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 66.714652][ T5992] ? ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 66.714677][ T5992] ? __pfx_ipv4_mtu+0x10/0x10 [ 66.714697][ T5992] ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 66.714720][ T5992] ? __pfx_ip_dst_mtu_maybe_forward.constprop.0+0x10/0x10 [ 66.714743][ T5992] ? find_held_lock+0x2d/0x110 [ 66.714767][ T5992] ? __pfx_ipv4_mtu+0x10/0x10 [ 66.714787][ T5992] ip_setup_cork+0x921/0xad0 [ 66.714803][ T5992] ? __pfx_lock_release+0x10/0x10 [ 66.714822][ T5992] ip_make_skb+0x1bf/0x300 [ 66.714842][ T5992] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 66.714860][ T5992] ? __pfx_ip_make_skb+0x10/0x10 [ 66.714878][ T5992] ? ip_route_output_key_hash+0x16c/0x2e0 [ 66.714905][ T5992] ? __pfx_lock_release+0x10/0x10 [ 66.714925][ T5992] ? udp_sendmsg+0x18c7/0x2a30 [ 66.714943][ T5992] udp_sendmsg+0x18c7/0x2a30 [ 66.714964][ T5992] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 66.714984][ T5992] ? __pfx_udp_sendmsg+0x10/0x10 [ 66.715002][ T5992] ? avc_has_perm+0x11b/0x1c0 [ 66.715020][ T5992] ? __pfx___lock_acquire+0x10/0x10 [ 66.715037][ T5992] ? do_wp_page+0xd41/0x4670 [ 66.715065][ T5992] ? __pfx_udp_sendmsg+0x10/0x10 [ 66.715084][ T5992] inet_sendmsg+0x105/0x140 [ 66.715113][ T5992] ____sys_sendmsg+0x98c/0xc90 [ 66.715128][ T5992] ? copy_msghdr_from_user+0x10b/0x160 [ 66.715149][ T5992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 66.715165][ T5992] ? hlock_class+0x4e/0x130 [ 66.715188][ T5992] ? __lock_acquire+0x15a9/0x3c40 [ 66.715208][ T5992] ___sys_sendmsg+0x135/0x1e0 [ 66.715229][ T5992] ? __pfx____sys_sendmsg+0x10/0x10 [ 66.715249][ T5992] ? __pfx___lock_acquire+0x10/0x10 [ 66.715267][ T5992] ? handle_mm_fault+0x497/0xaa0 [ 66.715297][ T5992] ? __pfx___might_resched+0x10/0x10 [ 66.715318][ T5992] ? __might_fault+0xe3/0x190 [ 66.715343][ T5992] __sys_sendmmsg+0x201/0x420 [ 66.715365][ T5992] ? __pfx___sys_sendmmsg+0x10/0x10 [ 66.715386][ T5992] ? __local_bh_enable_ip+0xa4/0x120 [ 66.715409][ T5992] ? __pfx_do_futex+0x10/0x10 [ 66.715429][ T5992] ? xfd_validate_state+0x5d/0x180 [ 66.715447][ T5992] ? rcu_is_watching+0x12/0xc0 [ 66.715472][ T5992] __x64_sys_sendmmsg+0x9c/0x100 [ 66.715493][ T5992] ? lockdep_hardirqs_on+0x7c/0x110 [ 66.715510][ T5992] do_syscall_64+0xcd/0x250 [ 66.715529][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.715551][ T5992] RIP: 0033:0x7fbc0ab8cd29 [ 66.715563][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.715578][ T5992] RSP: 002b:00007fbc0bad2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 66.715593][ T5992] RAX: ffffffffffffffda RBX: 00007fbc0ada5fa0 RCX: 00007fbc0ab8cd29 [ 66.715603][ T5992] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000006 [ 66.715612][ T5992] RBP: 00007fbc0ac0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 66.715621][ T5992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.715630][ T5992] R13: 0000000000000000 R14: 00007fbc0ada5fa0 R15: 00007fff3f069c58 [ 66.715645][ T5992] [ 66.715650][ T5992] [ 67.066454][ T5992] The buggy address belongs to the physical page: [ 67.072844][ T5992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5da38 [ 67.081584][ T5992] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 67.088671][ T5992] page_type: f0(buddy) [ 67.092719][ T5992] raw: 00fff00000000000 ffffea0000a75008 ffffea0001f59208 0000000000000000 [ 67.101281][ T5992] raw: 0000000000000000 0000000000000002 00000000f0000000 0000000000000000 [ 67.109849][ T5992] page dumped because: kasan: bad access detected [ 67.116233][ T5992] page_owner tracks the page as freed [ 67.121574][ T5992] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO), pid 5815, tgid 5815 (syz-executor), ts 52943550716, free_ts 66670273983 [ 67.143080][ T5992] post_alloc_hook+0x2d1/0x350 [ 67.147842][ T5992] get_page_from_freelist+0xfce/0x2f80 [ 67.153285][ T5992] __alloc_pages_noprof+0x221/0x2470 [ 67.158552][ T5992] ___kmalloc_large_node+0x84/0x1b0 [ 67.163728][ T5992] __kmalloc_large_node_noprof+0x1c/0x70 [ 67.169339][ T5992] __kmalloc_node_noprof.cold+0x5/0x5f [ 67.174785][ T5992] __kvmalloc_node_noprof+0x6f/0x1a0 [ 67.180053][ T5992] alloc_netdev_mqs+0xd9/0x15d0 [ 67.184893][ T5992] __tun_chr_ioctl+0x2139/0x4b80 [ 67.189820][ T5992] __x64_sys_ioctl+0x190/0x200 [ 67.194560][ T5992] do_syscall_64+0xcd/0x250 [ 67.199045][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.204927][ T5992] page last free pid 5994 tgid 5990 stack trace: [ 67.211226][ T5992] free_unref_page+0x661/0x1080 [ 67.216063][ T5992] __folio_put+0x32a/0x450 [ 67.220458][ T5992] kvfree+0x47/0x50 [ 67.224247][ T5992] device_release+0xa1/0x240 [ 67.228822][ T5992] kobject_put+0x1e4/0x5a0 [ 67.233222][ T5992] netdev_run_todo+0x881/0x13d0 [ 67.238059][ T5992] rtnl_dellink+0x3e6/0xaa0 [ 67.242542][ T5992] rtnetlink_rcv_msg+0x95b/0xea0 [ 67.247458][ T5992] netlink_rcv_skb+0x16b/0x440 [ 67.252204][ T5992] netlink_unicast+0x53c/0x7f0 [ 67.256948][ T5992] netlink_sendmsg+0x8b8/0xd70 [ 67.261690][ T5992] ____sys_sendmsg+0xaaf/0xc90 [ 67.266429][ T5992] ___sys_sendmsg+0x135/0x1e0 [ 67.271087][ T5992] __sys_sendmsg+0x16e/0x220 [ 67.275658][ T5992] do_syscall_64+0xcd/0x250 [ 67.280140][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.286017][ T5992] [ 67.288318][ T5992] Memory state around the buggy address: [ 67.293930][ T5992] ffff88805da38000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.301972][ T5992] ffff88805da38080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.310012][ T5992] >ffff88805da38100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.318045][ T5992] ^ [ 67.322354][ T5992] ffff88805da38180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.330393][ T5992] ffff88805da38200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 67.338432][ T5992] ================================================================== [ 67.376383][ T29] audit: type=1400 audit(1737686619.620:219): avc: denied { mounton } for pid=5998 comm="syz.0.29" path="/proc/27/task" dev="proc" ino=7759 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 67.445318][ T29] audit: type=1400 audit(1737686620.320:220): avc: denied { read } for pid=5993 comm="syz.3.27" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 67.603961][ T29] audit: type=1400 audit(1737686620.320:221): avc: denied { open } for pid=5993 comm="syz.3.27" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 67.704243][ T5992] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 67.711465][ T5992] CPU: 1 UID: 0 PID: 5992 Comm: syz.1.26 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 67.721593][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 67.731626][ T5992] Call Trace: [ 67.734883][ T5992] [ 67.737803][ T5992] dump_stack_lvl+0x3d/0x1f0 [ 67.742374][ T5992] panic+0x71d/0x800 [ 67.746249][ T5992] ? __pfx_panic+0x10/0x10 [ 67.750642][ T5992] ? irqentry_exit+0x3b/0x90 [ 67.755207][ T5992] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.760476][ T5992] ? preempt_schedule_thunk+0x1a/0x30 [ 67.765870][ T5992] ? preempt_schedule_common+0x44/0xc0 [ 67.771412][ T5992] check_panic_on_warn+0xab/0xb0 [ 67.776340][ T5992] end_report+0x117/0x180 [ 67.780661][ T5992] kasan_report+0xe9/0x110 [ 67.785053][ T5992] ? ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 67.791809][ T5992] ? ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 67.798550][ T5992] ? __pfx_ipv4_mtu+0x10/0x10 [ 67.803202][ T5992] ip_dst_mtu_maybe_forward.constprop.0+0x466/0x4c0 [ 67.809776][ T5992] ? __pfx_ip_dst_mtu_maybe_forward.constprop.0+0x10/0x10 [ 67.816889][ T5992] ? find_held_lock+0x2d/0x110 [ 67.821637][ T5992] ? __pfx_ipv4_mtu+0x10/0x10 [ 67.826290][ T5992] ip_setup_cork+0x921/0xad0 [ 67.830858][ T5992] ? __pfx_lock_release+0x10/0x10 [ 67.835863][ T5992] ip_make_skb+0x1bf/0x300 [ 67.840264][ T5992] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 67.845801][ T5992] ? __pfx_ip_make_skb+0x10/0x10 [ 67.850714][ T5992] ? ip_route_output_key_hash+0x16c/0x2e0 [ 67.856427][ T5992] ? __pfx_lock_release+0x10/0x10 [ 67.861449][ T5992] ? udp_sendmsg+0x18c7/0x2a30 [ 67.866189][ T5992] udp_sendmsg+0x18c7/0x2a30 [ 67.870755][ T5992] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 67.876277][ T5992] ? __pfx_udp_sendmsg+0x10/0x10 [ 67.881187][ T5992] ? avc_has_perm+0x11b/0x1c0 [ 67.885841][ T5992] ? __pfx___lock_acquire+0x10/0x10 [ 67.891021][ T5992] ? do_wp_page+0xd41/0x4670 [ 67.895591][ T5992] ? __pfx_udp_sendmsg+0x10/0x10 [ 67.900519][ T5992] inet_sendmsg+0x105/0x140 [ 67.904999][ T5992] ____sys_sendmsg+0x98c/0xc90 [ 67.909744][ T5992] ? copy_msghdr_from_user+0x10b/0x160 [ 67.915193][ T5992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 67.920450][ T5992] ? hlock_class+0x4e/0x130 [ 67.924930][ T5992] ? __lock_acquire+0x15a9/0x3c40 [ 67.929932][ T5992] ___sys_sendmsg+0x135/0x1e0 [ 67.934586][ T5992] ? __pfx____sys_sendmsg+0x10/0x10 [ 67.939760][ T5992] ? __pfx___lock_acquire+0x10/0x10 [ 67.944930][ T5992] ? handle_mm_fault+0x497/0xaa0 [ 67.949869][ T5992] ? __pfx___might_resched+0x10/0x10 [ 67.955131][ T5992] ? __might_fault+0xe3/0x190 [ 67.959795][ T5992] __sys_sendmmsg+0x201/0x420 [ 67.964467][ T5992] ? __pfx___sys_sendmmsg+0x10/0x10 [ 67.969645][ T5992] ? __local_bh_enable_ip+0xa4/0x120 [ 67.974907][ T5992] ? __pfx_do_futex+0x10/0x10 [ 67.979574][ T5992] ? xfd_validate_state+0x5d/0x180 [ 67.984659][ T5992] ? rcu_is_watching+0x12/0xc0 [ 67.989415][ T5992] __x64_sys_sendmmsg+0x9c/0x100 [ 67.994332][ T5992] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.999522][ T5992] do_syscall_64+0xcd/0x250 [ 68.004010][ T5992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.009896][ T5992] RIP: 0033:0x7fbc0ab8cd29 [ 68.014286][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.033881][ T5992] RSP: 002b:00007fbc0bad2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 68.042266][ T5992] RAX: ffffffffffffffda RBX: 00007fbc0ada5fa0 RCX: 00007fbc0ab8cd29 [ 68.050211][ T5992] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000006 [ 68.058167][ T5992] RBP: 00007fbc0ac0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.066112][ T5992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.074069][ T5992] R13: 0000000000000000 R14: 00007fbc0ada5fa0 R15: 00007fff3f069c58 [ 68.082033][ T5992] [ 68.085233][ T5992] Kernel Offset: disabled [ 68.089532][ T5992] Rebooting in 86400 seconds..