program: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000280)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x3, 0x0, 0x9, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffe, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x86}, @sadb_x_sa2={0x2, 0x13, 0x3}]}, 0x60}, 0x1, 0x7}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) io_setup(0x222, &(0x7f0000000180)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000004002, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x2b}, 0x0, @in6=@private2}}, 0xe8) listen(r4, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}, 0x0) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000f40)={[], [], 0x2c}, 0x1, 0xee6, &(0x7f0000002d40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBzj+p6c2IqEfEpfeg/KFRTBo19EAUiOkBUQlRpIhTxYGKC6VSilQkUKUq6qntqVVvPVSoFypVqRTUQxspcRX7zXr32cOux/asvfv7SZ/fvnmz833jjTYz49m3ARhYtaWfR45MZyG8+9mVY6+ezD65s+yR5hr7ln5msdcIIdRb+lmyvc/jgls3Lp1Yq83CoaWfeT88d7353PEQwkLYF66FRvhodv7LD997dv/Hb4zd9/bFs69t0e43pfsBAAD96Oqf5v/2xD//+NTUzat758Joc3l+fN6I/fF43H8gHijnx8u10N7PWqLVSLLeUIxast5Qst5wkme4IF892U69YL2RDvmGWpattZ8AAACwE+XntY2Q1Wba+rXazMzyef8dn0+OZDPnzsyfvtCjQgEAAIDS/nN56aZbIYQQQgghhBBC9HEsTvb6CgQAAAAwaNL5wlZZ2NyZuppba3SX//oztbWfD5ug6n//8u+s/B+87h0HAIDy+vVoMt+v/Dg6n8cgnUdwKHneOo//mxcDhpLtdqtoXsGdMt9gUZ3p73W7Kqp/va9jrxTVn86HuV0V1Z/O07ldFdU/WnEdZRXVP1ZxHWUV1b+r4jrKKqp/d8V1lFVU/3jFdZRVVP9ExXWUVVT/XRXXUVZR/XsqrqOsovp3ym21RfU3Kq6jrKL6pyquo6yi+u+uuI6yiuq/p+I6yiqq/96K6+iVh2Ob/x72JuOt58/pOd1OOccDAACAQfc/8/8JIYQQQgghRC9j5fbT3tci+jgu9/TqAwAAALAd5J8LyD/1vhjl40Mdxodbx8dWVsjH6x2eP9JhfLTDOAAAABDCb988/cA72crn/Dc4H15z3qhd4ZPbocQ8Rul8hOvNv9F5zzaaf6fMWwYAAMBgyb537faTx95/eerm1b1zLWe/t+P5bj4P6HC8NvBp7Of3BUwk/Sw/h55rz1MrWC+9PnBX0fae3+COAgAAwADLz98bIavNtJx3N0KtNjOzcj4+HerZ6TPzpw7Efv79LH+YrI/eWX6w4roBAACA7q2c7699/p9/j+90GMlmzp2ZP31huT/RXF6vtV4XmFxZnrVeF2gkyw8VLD8c+/n3d/5gctfS8pkTP5w/udk7DwAAAAPiwisXz74wP3/qRx544IEHzQe9fmcCAAA22xdfXKn/+PDE75Y//78y/13++f99sd+Ic/v9Oa6Q3yeQfw5g1ef1j7fnmSxa73z7eo1kvaEYo0ndYy3bCUvzDbY/b6ooX6N9OyMF+caTfBNJvnSeguFk/TzfnmR5Oj9hvt5ksjydh3E4yZEl+R8NAAAAUGz25ZfOz1545eLTZ1564cVTL546d/jQ0e8ePXrg4HcOzi7d1z/benc/AAAAsBOt3PTb/XP+vpUFAQAAAAAAAAAAAAAAAAAAwACq4uvEer2PAAAAMOj+fTmEsCCEEKVjcbT3NQghhBBCCCE6xOJi+k3zAAAAAFvr1o1LJ1rbVRayTc3X3Fpjubkd8+btxNN/nboT+WrXn2m/XrJ7U6th0FX971/+nZX/g9c3N/9Y/qDr979a+wbmyuV9fPaX0635HxzuMn+6/8+Xy78/yf946C7/4vtJ/uPl8j+R5N/dZf5V+3++XP4nY/7p2N//WLf521//0djm+7Gry/zfTvb/ZOg2f7L/jS4TJp6K+QFgENV6XcAWyY8S8uPo8djP9zcebob07of1Hv/Xku0Mb7jy9u3mx0H3x35+vDSR5M2tt/7xZHt3lawztVPuKimqf7Nex61WVH+94jrKKqp/pOI6yiqqf7TiOsoqqn+s4jrKKqq/2/PQXiuqf6dcVy6qf7ziOsoqqn+i4jrKKqp/vf+P90pR/XsqrqOsovonK66jrKL6S15Wq1xR/VMV11FWUf13V1xHWUX131NxHWUV1X9vxXX0ykOxLTofzs8/J+NY3m8k/dE1fpf9em0BAAAAdpp/mf9PCCGEEO2x/GeB3tchhPjKWFxsHtRvwvb+u7is9/slRBJz26CGPomWdw0G0NZ+mhmA7cr7/2Dz+g82r/9g8/rzVfJ7+LOknxvqMD7cYbzeYXwkGU//vY52GL8n2e5ifl0zurfD+Nc6jO/pMH5/h/HpDuMPdBh/sMP4Qx3GAQAAGAz3xdb5IQAAAPSvV3/16Vu/efz4jambV/fOhZFV884fiP3R+Lf1N2M/nfc+V49/8/9J7P8itr+P7T+S9d1/AgAAAFsv/54Yf/8HAACA/pV/T6nzfwAAAOhfU7F1/g8AAAD96+7YOv8HAACAPpaNrb04tvl1gUdj2+28fgDA9vf12D4c272xfSS234htfhzwWGy/WVF9AMDm+fn3f3r0nWxlvv/DyfituDxvV1lYvlKQ1dpn8t8V292x/VaX9aTfB9Bt/tyeLvNsVf7JDeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPpHbennkSPTWQjvfnbl2M9G3vrLnWWPNNfYt/Qzi71GCKHefF4+utL/dVzx1o1LJ1rb27HNwqGQhay5PDx3vZlpPISwEPaFa6ERPpqd//LD957d//EbY/e9ffHsa1v4K2jbPwAAAOhH/w8AAP//kQsoAA==") syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b00"], 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x73, 0x1501) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000080)={0x4b5a9da54893e123, 0x3, 0x2, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r7 = syz_mount_image$udf(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x8000, &(0x7f0000000100)={[{@rootdir={'rootdir', 0x3d, 0x1}}, {@undelete}]}, 0x1, 0x4e8, &(0x7f0000000ac0)="$eJzs3M9vHFcdAPDvG3vdtQvUbUNqSiWMfIhp6sg/mjhgVGGSmFaqQGrqHhAScmI7WPWPyHaqpuJHuXHjhMSJC6pUIagqJCTUAyeE+AOQQBSJcEGCA/IJjqAZ7+yu7SU2rNeO489HSnZ29juz7432O++98bwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDii9emR8fScZcCADhKX77+yui49h8ATpVXjf8BAOC0SJHFvUjx9z9upXPF+23Vl5dW77w5e3Wm9Wa9qdiyq4jP/1XHxieev3hp8nL5ev/tD9sn4ivXX50evLK2cnt9YWNjYX5wdnXp5tr8woH30O72uz1bHIDBldfvzC8ubgyOX5jY8fGb/X995NGz/VOXRybOl7GzV2dmrjfFdFf+72/fwwiPVnoii59Hih9+7r00HBFZtJ8L+5w7Oq03uvP8Kyoxe3WmqMjy0tzqZv5hKhOhe2dO9JQ5cgS52JbhiJG8rD0ymvZVIovpSPGp2EqfiYiuMg/OF38Y3H8H3UdQyBbyck5GxItxAnIWHlCPRBa/jBQrj1Xj2eNLZ+AYdEcW34sU517YSueL/kDenubd5pdfG3xpdXGtKTalWot60scHR0nfhAdYNbIYLnr8W+m54y4McKR6I4vFSJH94o3iulIU16Ufm7o888LF5itMT+2znzz2QkRMHHBMXimvNebbZodbJwAAAAAAAAAAAHjYVVMWP40U3/pktXj/Yv0G+Xv/Lhxz+YAOSln8IFK89NpWMTW++bkUXU3P96g76XN/Olv+3uqVtdt315dufWOz5ed91ekbG5vrczdbfxy9UW3cF13Y7zkG0IZKyuJKpPjLe+82bsPvT/lvsDYVuKse+87nG7/N6u7fX3He+Nj282zKOQTXvjrUvNzyJ/s/zI/LvzOlLH4bKb50Y6AoS4q+2JMzsR13LY/78JlaXNaT16ic39y/vcfFpeWF0Tz295HiT38oY6OILScKPtmIHctjs0jx6V/tjO2rxZ5pxI6XZbjzs9axH2/ETuSxP44UA/ODZWxfHnumFnu2EXvh5tryfKtDCQAHlbf/r0SKv00NprJt7N5uf/a2/99sjAXe3r2j/9Lmt9v+9zete7vWrk9HisUPBmrl7CtK2qr9fy5S3HjnmbI+RdtbdiseL/5vtP8jkeLpf+yMrdZin2jEjh34wMIJkOf/1yLFu/98v54btRyovW1kbXP+P107OzTGDJ3J/8eb1vXXvrfncKoOp97G3bden1teXli3YMGChfrCcZ+ZgE7L+/8/ihRD3/+wPt6t9f8/sv2uMf7/17cb/f+p3TvqUP//iaZ1U7XRSCUfm2+u3K48FVHduPvWyNLK3K2FWwurE8+PXhybvPTZS5OVnnJw31hq+1jBwybP/z9Hiq//+if1v3ftHP+3vv7Xt3tHHcr/J5vW9e0Yr7RddTj18vz/aKT43Rvv13P6ftf/yut9w0Pbr/WH6XYo/880reuvfe+jh1N1AAAAAAAAAAAAOLEqKYvfRIrvDnWn8l67g9z/u+cBNB26/+9s07r5I5qv2PZBBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYI8ssliLFB98YSt9J18xEHGu+RV4aP0nAAD//5okKSs=") bpf$BPF_PROG_DETACH(0x9, &(0x7f00000008c0)={@cgroup, r7, 0x2f, 0x0, 0x0, @void, @value}, 0x20) syz_mount_image$udf(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x14, &(0x7f0000002440)=ANY=[], 0xff, 0xc0c, &(0x7f00000008c0)="$eJzs3V9sHVdaAPDvjO3YSdHupduk3aVa3RapG7JssJ1t08or0VBjsWy2NXW8C5SH3sROuMS5vrKdblrBbnjqA0iYReKFRUJCiyoeVkZoH+BpkZB4tdC+IaSwLKUIId2HrfqCajRzz42vHacJdRznz+8nJd/cme/MnDlnMjN3zh0lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIX/rlU6Njab9rAQDcTS/PvDo67voPAA+VM77/AwAAAAAAAAAAAADAvS5FEe9Fim882UmvV5+7Rk43W5evzE5O7VzsYKpKDlT55Z+RsfETX3z2uZPP9+JHl7/TPh2vzJw5VX9p8VJ7aX55eX6uPttqnlucm7/tNey2/HbHqgaoX7p4ee78+eX6+PETWxZfqb07/MiR2sTJsdcO93JnJ6emZvpyBoc+9tZvcLM3PA5EEecjxcV33kuNiChi921xi2Nnrx2sduJYtROzk1PVjiw0G62VcuF0ryGKiFpfoRd7bXQX+mJX6hFXy+qXFT5W7t5Mu7HUOLswX59uLK00V5qLrenUrW2q0ot4PkW0I6IzfOPqhqKIb0aKt7/TSWcjYqDXDp+vXgy+dX2KPdjH2zAYEbWhiPXiPuize9hwFPG9SPHtb43GudyuVbM9E/HVMh6JuFzGaxGrZfxsRCoPkMci3t/heOL+MhhF/EGk+MlEJ831+r46r5z+Wv3LrfOLfbm988p9f324m+7xc9NIFNGozvid9PFvdgAAAAAAuPcU8ceR4qkfHk3t6B9TbLYu1M80zi50nwr3nv3Xc6mNjY2NWurG0Rync2znuJrjWo7rZYzNFdSKXD7H6RzbOa7muJbjeo6dHGsDuXyO0zm2c1zNcS3H9Rw7OdYGc/kcpwerml1t58+rOa7luJ5jZ3A/+gkAAAAAAAAAbu5gFPH1SPHML7xRvVcc1Xvpn5w4+erxX+1/Z/yJW6ynzD0eEWvF7b2TeyC/OjydplPap3eI6b7/93v5/b/f3+/KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+6qIIp6OFG98v5MiRUQ94vXoxmvD+107AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgThhJRbwfKf70KyPV5/Ui4jcj4sONDzci4tqHG3fafu8xAAAAAAAAADyAUhFvRoqnX+2kWkRcqb07/MiR2sTJsdcOD8RApDKlP/+VmTOn6i8tXmovzS8vz8/VZ1vNc4tz87e7uZHTzdblK7OTU3uyM7d0cI/rf3DkpcX2m0vNC7+9suPyQyOnzi6vLDXO7bw4DkYRUe+fc6yq8OzkVFXphWajVRWdTrdbYwAAAAAAAAAeBkOpiA8jxdt/9c71cefB7pj/4Pbc734posjTk3n8+fowdPW7gU9UvxvoTn9y4uSvjX+mf3rHIetj1YB6fXZyamqmb/bg0I2pI3m7o7vbZfqU/b8SKf7wz+vpqTxva/8PXM/97u9u9vfV7Su6SZ//P/p/S4/3+v+n++aV20ypiL+JFD/z60/EU1U9D8UNv5nIeV+JFL+x9mTOiwNl3tN5+aPV3yPnmwvzo2XulUjxD5e35j6Tcz+1mTt2u+16vyj7/+lI8d+/tXa9bXL/5x7Y7LX+/v/M9qNj9/2/47//R/vm1fJ2f/bO7DoRsfzmWxcbCwvzSw/jxMC9UQ0TJnaeiKv7t/X9PjNxN5TX/69Hir//k3+5fr+Tr/8/FdVt1eb93wff3Lz+T2xf0R5d/z/VN28i340MDUaMrFxqDz0eMbL85ltfaF5qXJi/MN86cfKF58ZHXxgbPTF0oHdztzm1fcs3fL95GJX9/zuR4ns/+uv4XJ639f5v5/v/Q9tXtEf9/1jfvENb7ld2vevk/v/fSPFPkz+Io3neR93/977/H8034dfvz/eo/w/3zau+430i4uf65h09HPHAfSkDAACAOyylIn6Qx1NHbzGe+o+R4q3/+vmcl46UeS/m5bXq75GXF1tfOLWwsHiusdI4uzBfn2k3zs2XZX8cKTp/+WQuW1Tjq73x5u4Y7+ZY7D9Hihd+pZfbHYvtPZt6bDN3rMw9Hin+6OWtub3nGIc3c8fL3H+NFGOv7Zx7ZDP3RJn7n5Higz+r93IPlblfyrmPb+YeP7e4MLcH3QIAAAAAALsylIp4LlL83YnB1Hu+fTu//7zhofce/f7v8b55c3fpfZVdNyoA3OPK6//R8qr+i39xfSx/6/V/8z2Z/uv/dv3/b8DNpj/O9b92Z3YTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KGToojFSPGNJzvp2nD5uWvkdLN1+crs5NTOxQ6mquRAlV/+GRkbP/HFZ587+XwvfnT5O+3T8crMmVP1lxYvtZfml5fn5+qzrea5xbn5217Dbstvd6xqgPqli5fnzp+PGD9+YsviK7V3hx85Ups4Ofba4V7u7OTU1ExfzuDQx976DXr9WmybfyCK+J9IcfGd99K/Deflu2yLWxw7e+1gFPG3EVHuxOzkVLUjC81Ga6VcON3XELW+Qi/22ugu9MWu1COultUvK3ys3L2ZdmOpcXZhvj7dWFpprjQXW9OpW9tUpRfxfIpoR0Rn+MbVDUURQ5Hi7e900o+GIwZ67fD5l2deHR2/SSVGNie3H1B3yWBE1IYi1ov7oM/uYcNRxLOR4tvfGo1/H+62a9Vsz0R8tYxHIi6X8VrEahk/G5HKA+SxiPd3OJ64vwxGEY9Gip9MdNKPh3PfV+eV01+rf7l1frEvt3deue+vD3fTPX5uGoki3qvO+J30H/49AwAAAAA8QIp4IlI89cOjqRofvD6m2GxdqJ9pnF3oPtbvPfuv51IbGxsbtdSNozlO59jOcTXHtRzXc+zkWCty+Rync2znuJrjWo7rOXZyrA3k8jlO59jOcTXHtRzXc+zkWBvM5XOczrGd42qOazmu59gZ3M/+AgAAAAAAANhZEUV8LlK88f1O2hjuDvC+Ht14zftAD7z/CwAA//9v9lF3") ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000040)={{}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0xc0086c43, &(0x7f0000000080)=0x700) open_by_handle_at(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="2000000061000000000000000000000002000000000027"], 0x0) r9 = eventfd(0x1) io_submit(r2, 0x2, &(0x7f0000000340)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0xffff, r3, 0x0, 0x0, 0x4, 0x0, 0x1, r9}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x1, r3, 0x0, 0x0, 0x1000000000000000}]) [ 58.273368][ T5308] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 58.278307][ T5308] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5308, name: kworker/u5:2 [ 58.294410][ T5308] preempt_count: 0, expected: 0 [ 58.296225][ T5308] RCU nest depth: 1, expected: 0 [ 58.298156][ T5308] 4 locks held by kworker/u5:2/5308: [ 58.300808][ T5308] #0: ffff888035407948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 58.305147][ T5308] #1: ffffc9000d44fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 58.310965][ T5308] #2: ffff88804dfe8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 58.314977][ T5308] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.318825][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.322873][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.327001][ T5308] Workqueue: hci0 hci_rx_work [ 58.328781][ T5308] Call Trace: [ 58.330127][ T5308] [ 58.331330][ T5308] dump_stack_lvl+0x241/0x360 [ 58.333281][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.335321][ T5308] ? __pfx__printk+0x10/0x10 [ 58.337161][ T5308] __might_resched+0x5d4/0x780 [ 58.339105][ T5308] ? __mutex_lock+0x112/0xd70 [ 58.340936][ T5308] ? __pfx___might_resched+0x10/0x10 [ 58.343056][ T5308] __mutex_lock+0xc1/0xd70 [ 58.344733][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 58.346560][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.348926][ T5308] ? __pfx_lock_release+0x10/0x10 [ 58.350904][ T5308] ? __pfx___mutex_lock+0x10/0x10 [ 58.352729][ T5308] ? trace_contention_end+0x3c/0x120 [ 58.354758][ T5308] ? skb_pull_data+0x112/0x230 [ 58.356585][ T5308] ? hci_conn_set_handle+0x9a/0x270 [ 58.358555][ T5308] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.360920][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 58.362920][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.365226][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.367698][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 58.369646][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.372203][ T5308] hci_event_packet+0xa55/0x1540 [ 58.374158][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.376149][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 58.378201][ T5308] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.380172][ T5308] ? hci_send_to_monitor+0xd8/0x7f0 [ 58.382219][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 58.384032][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.385720][ T5308] ? process_scheduled_works+0x976/0x1850 [ 58.387725][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.389742][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.392108][ T5308] ? assign_work+0x364/0x3d0 [ 58.393930][ T5308] worker_thread+0x870/0xd30 [ 58.395713][ T5308] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.398085][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 58.400065][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.402164][ T5308] kthread+0x2f0/0x390 [ 58.403833][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.405797][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.407597][ T5308] ret_from_fork+0x4b/0x80 [ 58.409390][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.411226][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.413134][ T5308] [ 58.418652][ T5308] [ 58.419624][ T5308] ============================= [ 58.421548][ T5308] [ BUG: Invalid wait context ] [ 58.423349][ T5308] 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 Tainted: G W [ 58.426632][ T5308] ----------------------------- [ 58.428503][ T5308] kworker/u5:2/5308 is trying to lock: [ 58.430568][ T5308] ffffffff8fe40568 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.434423][ T5308] other info that might help us debug this: [ 58.436790][ T5308] context-{4:4} [ 58.438223][ T5308] 4 locks held by kworker/u5:2/5308: [ 58.440468][ T5308] #0: ffff888035407948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 58.444667][ T5308] #1: ffffc9000d44fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 58.449133][ T5308] #2: ffff88804dfe8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 58.453007][ T5308] #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.456928][ T5308] stack backtrace: [ 58.458216][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.462347][ T5308] Tainted: [W]=WARN [ 58.463671][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.467466][ T5308] Workqueue: hci0 hci_rx_work [ 58.469073][ T5308] Call Trace: [ 58.470285][ T5308] [ 58.471388][ T5308] dump_stack_lvl+0x241/0x360 [ 58.473163][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.475153][ T5308] ? __pfx__printk+0x10/0x10 [ 58.476873][ T5308] __lock_acquire+0x154a/0x2050 [ 58.478731][ T5308] lock_acquire+0x1ed/0x550 [ 58.480437][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.482744][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 58.484617][ T5308] ? __mutex_lock+0x112/0xd70 [ 58.486501][ T5308] ? __pfx___might_resched+0x10/0x10 [ 58.488603][ T5308] __mutex_lock+0x136/0xd70 [ 58.490434][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.492875][ T5308] ? __pfx_lock_acquire+0x10/0x10 [ 58.494799][ T5308] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.497181][ T5308] ? __pfx_lock_release+0x10/0x10 [ 58.498924][ T5308] ? __pfx___mutex_lock+0x10/0x10 [ 58.500662][ T5308] ? trace_contention_end+0x3c/0x120 [ 58.502551][ T5308] ? skb_pull_data+0x112/0x230 [ 58.504238][ T5308] ? hci_conn_set_handle+0x9a/0x270 [ 58.506090][ T5308] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 58.508216][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 58.510203][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.512339][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.514855][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 58.516767][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.519354][ T5308] hci_event_packet+0xa55/0x1540 [ 58.521342][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.523431][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 58.525441][ T5308] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.527435][ T5308] ? hci_send_to_monitor+0xd8/0x7f0 [ 58.529467][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 58.531399][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.533288][ T5308] ? process_scheduled_works+0x976/0x1850 [ 58.535571][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.537776][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.540132][ T5308] ? assign_work+0x364/0x3d0 [ 58.541949][ T5308] worker_thread+0x870/0xd30 [ 58.543627][ T5308] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.545914][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 58.547881][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.549836][ T5308] kthread+0x2f0/0x390 [ 58.551302][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.553027][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.554638][ T5308] ret_from_fork+0x4b/0x80 [ 58.556200][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.557856][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.559550][ T5308] [ 58.572874][ T5308] ================================================================== [ 58.576163][ T5308] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 58.579785][ T5308] Read of size 8 at addr ffff888043e8c000 by task kworker/u5:2/5308 [ 58.582995][ T5308] [ 58.583969][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.588447][ T5308] Tainted: [W]=WARN [ 58.589869][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.593667][ T5308] Workqueue: hci0 hci_rx_work [ 58.595389][ T5308] Call Trace: [ 58.596632][ T5308] [ 58.597732][ T5308] dump_stack_lvl+0x241/0x360 [ 58.599551][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.601536][ T5308] ? __pfx__printk+0x10/0x10 [ 58.603425][ T5308] ? _printk+0xd5/0x120 [ 58.605153][ T5308] ? __virt_addr_valid+0x183/0x530 [ 58.607253][ T5308] ? __virt_addr_valid+0x183/0x530 [ 58.609315][ T5308] print_report+0x169/0x550 [ 58.611229][ T5308] ? __virt_addr_valid+0x183/0x530 [ 58.613179][ T5308] ? __virt_addr_valid+0x183/0x530 [ 58.615212][ T5308] ? __virt_addr_valid+0x45f/0x530 [ 58.617144][ T5308] ? __phys_addr+0xba/0x170 [ 58.618964][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 58.621369][ T5308] kasan_report+0x143/0x180 [ 58.623130][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 58.625546][ T5308] hci_le_create_big_complete_evt+0x383/0xae0 [ 58.627906][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 58.629875][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.632265][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.634826][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 58.636631][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.639218][ T5308] hci_event_packet+0xa55/0x1540 [ 58.641144][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.643171][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 58.645088][ T5308] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.646843][ T5308] ? hci_send_to_monitor+0xd8/0x7f0 [ 58.648615][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 58.650427][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.651982][ T5308] ? process_scheduled_works+0x976/0x1850 [ 58.653996][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.655865][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.658015][ T5308] ? assign_work+0x364/0x3d0 [ 58.659851][ T5308] worker_thread+0x870/0xd30 [ 58.661722][ T5308] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.663954][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 58.665976][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.667975][ T5308] kthread+0x2f0/0x390 [ 58.669543][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.671451][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.673269][ T5308] ret_from_fork+0x4b/0x80 [ 58.675008][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.676713][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.678504][ T5308] [ 58.679672][ T5308] [ 58.680601][ T5308] Allocated by task 5308: [ 58.682273][ T5308] kasan_save_track+0x3f/0x80 [ 58.684121][ T5308] __kasan_kmalloc+0x98/0xb0 [ 58.685909][ T5308] __kmalloc_cache_noprof+0x19c/0x2c0 [ 58.687969][ T5308] __hci_conn_add+0x2f9/0x1850 [ 58.689889][ T5308] hci_le_big_sync_established_evt+0x414/0xc20 [ 58.692297][ T5308] hci_event_packet+0xa55/0x1540 [ 58.694263][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.696012][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.698152][ T5308] worker_thread+0x870/0xd30 [ 58.699942][ T5308] kthread+0x2f0/0x390 [ 58.701509][ T5308] ret_from_fork+0x4b/0x80 [ 58.703259][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.705321][ T5308] [ 58.706455][ T5308] Freed by task 5308: [ 58.707891][ T5308] kasan_save_track+0x3f/0x80 [ 58.709697][ T5308] kasan_save_free_info+0x40/0x50 [ 58.711649][ T5308] __kasan_slab_free+0x59/0x70 [ 58.713537][ T5308] kfree+0x1a0/0x440 [ 58.715081][ T5308] device_release+0x99/0x1c0 [ 58.716901][ T5308] kobject_put+0x22f/0x480 [ 58.718586][ T5308] hci_conn_del+0x8c4/0xc40 [ 58.720269][ T5308] hci_le_create_big_complete_evt+0x619/0xae0 [ 58.722635][ T5308] hci_event_packet+0xa55/0x1540 [ 58.724594][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.726356][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.728413][ T5308] worker_thread+0x870/0xd30 [ 58.730165][ T5308] kthread+0x2f0/0x390 [ 58.731735][ T5308] ret_from_fork+0x4b/0x80 [ 58.733525][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.735440][ T5308] [ 58.736379][ T5308] The buggy address belongs to the object at ffff888043e8c000 [ 58.736379][ T5308] which belongs to the cache kmalloc-8k of size 8192 [ 58.741513][ T5308] The buggy address is located 0 bytes inside of [ 58.741513][ T5308] freed 8192-byte region [ffff888043e8c000, ffff888043e8e000) [ 58.746401][ T5308] [ 58.747304][ T5308] The buggy address belongs to the physical page: [ 58.749692][ T5308] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43e88 [ 58.752935][ T5308] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 58.756019][ T5308] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 58.758886][ T5308] page_type: f5(slab) [ 58.760484][ T5308] raw: 04fff00000000040 ffff88801ac42280 ffffea00010df400 0000000000000003 [ 58.763674][ T5308] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 58.766952][ T5308] head: 04fff00000000040 ffff88801ac42280 ffffea00010df400 0000000000000003 [ 58.770202][ T5308] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 58.773420][ T5308] head: 04fff00000000003 ffffea00010fa201 ffffffffffffffff 0000000000000000 [ 58.776452][ T5308] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 58.779665][ T5308] page dumped because: kasan: bad access detected [ 58.782209][ T5308] page_owner tracks the page as allocated [ 58.784304][ T5308] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5304, tgid 5304 (sh), ts 55524644915, free_ts 55518233152 [ 58.791896][ T5308] post_alloc_hook+0x1f3/0x230 [ 58.793876][ T5308] get_page_from_freelist+0x3649/0x3790 [ 58.796118][ T5308] __alloc_pages_noprof+0x292/0x710 [ 58.798107][ T5308] alloc_pages_mpol_noprof+0x3e8/0x680 [ 58.800199][ T5308] alloc_slab_page+0x6a/0x140 [ 58.802037][ T5308] allocate_slab+0x5a/0x2f0 [ 58.803754][ T5308] ___slab_alloc+0xcd1/0x14b0 [ 58.805557][ T5308] __slab_alloc+0x58/0xa0 [ 58.807202][ T5308] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 58.809338][ T5308] tomoyo_init_log+0x11cd/0x2050 [ 58.811236][ T5308] tomoyo_supervisor+0x38a/0x11f0 [ 58.813211][ T5308] tomoyo_env_perm+0x178/0x210 [ 58.815121][ T5308] tomoyo_find_next_domain+0x146e/0x1d40 [ 58.817322][ T5308] tomoyo_bprm_check_security+0x114/0x180 [ 58.819480][ T5308] security_bprm_check+0x86/0x250 [ 58.821437][ T5308] bprm_execve+0xa56/0x1770 [ 58.823184][ T5308] page last free pid 5304 tgid 5304 stack trace: [ 58.825604][ T5308] free_unref_page+0xdf9/0x1140 [ 58.827425][ T5308] __put_partials+0xeb/0x130 [ 58.829170][ T5308] put_cpu_partial+0x17c/0x250 [ 58.831031][ T5308] __slab_free+0x2ea/0x3d0 [ 58.832680][ T5308] qlist_free_all+0x9a/0x140 [ 58.834448][ T5308] kasan_quarantine_reduce+0x14f/0x170 [ 58.836520][ T5308] __kasan_slab_alloc+0x23/0x80 [ 58.838363][ T5308] kmem_cache_alloc_noprof+0x135/0x2a0 [ 58.840401][ T5308] getname_flags+0xb7/0x540 [ 58.842167][ T5308] vfs_fstatat+0x12c/0x190 [ 58.843861][ T5308] __x64_sys_newfstatat+0x11d/0x1a0 [ 58.845863][ T5308] do_syscall_64+0xf3/0x230 [ 58.847561][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.849766][ T5308] [ 58.850689][ T5308] Memory state around the buggy address: [ 58.852877][ T5308] ffff888043e8bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.856006][ T5308] ffff888043e8bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.859041][ T5308] >ffff888043e8c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.861868][ T5308] ^ [ 58.863407][ T5308] ffff888043e8c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.866480][ T5308] ffff888043e8c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.869579][ T5308] ================================================================== [ 58.889824][ T5308] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.892365][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/u5:2 Tainted: G W 6.12.0-rc7-syzkaller-00189-ge8bdb3c8be08 #0 [ 58.896687][ T5308] Tainted: [W]=WARN [ 58.898111][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.901796][ T5308] Workqueue: hci0 hci_rx_work [ 58.903593][ T5308] Call Trace: [ 58.904804][ T5308] [ 58.905833][ T5308] dump_stack_lvl+0x241/0x360 [ 58.907508][ T5308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.909394][ T5308] ? __pfx__printk+0x10/0x10 [ 58.911029][ T5308] ? rcu_is_watching+0x15/0xb0 [ 58.912676][ T5308] ? preempt_schedule+0xe1/0xf0 [ 58.914292][ T5308] ? vscnprintf+0x5d/0x90 [ 58.915792][ T5308] panic+0x349/0x880 [ 58.917193][ T5308] ? check_panic_on_warn+0x21/0xb0 [ 58.919241][ T5308] ? __pfx_panic+0x10/0x10 [ 58.921033][ T5308] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 58.923334][ T5308] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.925769][ T5308] ? print_report+0x502/0x550 [ 58.927611][ T5308] check_panic_on_warn+0x86/0xb0 [ 58.929540][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 58.931910][ T5308] end_report+0x77/0x160 [ 58.933566][ T5308] kasan_report+0x154/0x180 [ 58.935478][ T5308] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 58.938455][ T5308] hci_le_create_big_complete_evt+0x383/0xae0 [ 58.941132][ T5308] ? __copy_skb_header+0x437/0x5b0 [ 58.943659][ T5308] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 58.945889][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.948914][ T5308] ? hci_le_meta_evt+0x366/0x580 [ 58.951195][ T5308] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 58.954246][ T5308] hci_event_packet+0xa55/0x1540 [ 58.956691][ T5308] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.959176][ T5308] ? __pfx_hci_event_packet+0x10/0x10 [ 58.961571][ T5308] ? do_raw_spin_unlock+0x58/0x8b0 [ 58.963506][ T5308] ? hci_send_to_monitor+0xd8/0x7f0 [ 58.965483][ T5308] ? kcov_remote_start+0x97/0x7d0 [ 58.967447][ T5308] hci_rx_work+0x3e8/0xca0 [ 58.969162][ T5308] ? process_scheduled_works+0x976/0x1850 [ 58.971407][ T5308] process_scheduled_works+0xa63/0x1850 [ 58.973630][ T5308] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.975963][ T5308] ? assign_work+0x364/0x3d0 [ 58.977826][ T5308] worker_thread+0x870/0xd30 [ 58.979584][ T5308] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.981727][ T5308] ? __kthread_parkme+0x169/0x1d0 [ 58.983542][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.985536][ T5308] kthread+0x2f0/0x390 [ 58.987113][ T5308] ? __pfx_worker_thread+0x10/0x10 [ 58.989053][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.990875][ T5308] ret_from_fork+0x4b/0x80 [ 58.992665][ T5308] ? __pfx_kthread+0x10/0x10 [ 58.994437][ T5308] ret_from_fork_asm+0x1a/0x30 [ 58.996258][ T5308] [ 58.997878][ T5308] Kernel Offset: disabled [ 58.999580][ T5308] Rebooting in 86400 seconds..