last executing test programs: 9.441065824s ago: executing program 4 (id=65): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) socket(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) socket(0x29, 0x6, 0xfffffff8) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket(0x200000000000011, 0x2, 0xfffffffe) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000002a8925c36d303c1c800b00010062617461647600000400028008000a00", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000040)={0xc80, 0x258, 0x1e0, 0x960, 0x32, 0x1, 0x0, 0x0, {0x0, 0x6}, {0x6}, {}, {}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="660a0000000000006111a8000000000018000000000000000000000000000000950000000000000054b1f3e92561e1b5f28676880bae2d1c5ac65fb5afa0a97f05b80e743cea2f8622eb9131a5892e9b73573df8106b43162f7f8fda7e668cb69123f4791544761bf9fa93f4b75ea7d6c397a7cc853580eecf5831e11d10f7cb7161cfb715f68be947b5cab254fb0ce5fae7810e4a75ddcf0705c5d038a8e9e48d5a37bdbc17459baa196346c67839f5972ffe3dd72260664b59287272c5317a"], &(0x7f0000000000)='GPL\x00'}, 0x94) setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x3, 0x4) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x20000003, @mcast1, 0x6}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000000700)={0xa, 0x2, 0x0, @rand_addr, 0x2}, 0x1c) sendmmsg$inet(r2, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="ce0fefdf61", 0x5}], 0x1}}], 0x1, 0x4004851) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010002da755608ac0533faaacb01020301090224003a33ad01040700fd018009050102ff0329fb10090502034000080801"], 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=@deltfilter={0x24, 0x2d, 0xf01, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xc73625dc2d040e19, 0xf}, {0x0, 0xb}, {0x10, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4084}, 0x20008098) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) 7.534221624s ago: executing program 4 (id=73): syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x83) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000055}}], 0x1, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) 5.840258159s ago: executing program 3 (id=81): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x2, 0x3, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x36}}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xd5}, @sadb_address={0x3, 0x5, 0x0, 0x20, 0x0, @in={0x2, 0xfd, @empty}}]}, 0x58}, 0x1, 0x7}, 0x0) 5.651107069s ago: executing program 0 (id=84): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010800fffe000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000001004000014001a80100002800c000180080016000600000008001b"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 5.629505812s ago: executing program 3 (id=85): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) getuid() sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, 0x0, 0x24000090) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0) r2 = eventfd(0x487) add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x1ff, 0x3, r2}) write(r0, &(0x7f0000000000)="05000000010001", 0x7) 5.262185625s ago: executing program 3 (id=86): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) msgctl$IPC_RMID(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x1ff, 0x0, 0xeeee8000, 0x1000, &(0x7f0000001000/0x1000)=nil}) 5.066961191s ago: executing program 4 (id=88): r0 = getpid() syz_open_procfs(r0, &(0x7f0000000080)='net/ip_tables_names\x00') prlimit64(r0, 0x6, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r3, 0x6, 0x4, 0x0, &(0x7f0000000080)) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$packet(0x11, 0x3, 0x300) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x11) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) close(r1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9513551563be62ca4b8e6e58723a793c7ef74dccf31e65a03c3f81b98264ce5965e1ea5341e659c8bae7257bf58105c576386035737842edcff1aaff0b119f7a2ff74757381c0ad2ec09e403b1ee2d9253e9bb72b97ab889beb869b2d1034a4f3243f9c2ef60d80843956edbcfccf5fa6c7a409b2423b54aae4d36d26193a6231733e3697958230c250da4d8397badb1c0f534c3c286f9ac97cf610bce4d3595df62f4844e76f66ef24361b31262c56207465444e972eb1817abfa76d5399cfa19286c040df8e84a3204ab8a953b11b9bc420a4d924c", @ANYRES32=0x0, @ANYRES64=0xffffffffffffffff], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) socket(0x2a, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000005c40), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r7, &(0x7f0000005e40)={0x0, 0x0, &(0x7f0000005e00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="21008d002100fbdbdf250300000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x14, 0x5, &(0x7f0000000040)=ANY=[@ANYRESDEC=r6], &(0x7f0000000200)='GPL\x00', 0x40000, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0xfffffffffffffee6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000500)='sys_exit\x00', r9}, 0x18) syz_open_dev$video(&(0x7f0000000580), 0x7, 0x800) 5.045381213s ago: executing program 3 (id=89): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x65364000) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000370400"/20, @ANYRES32=r2, @ANYBLOB="83040500000000002800128008000100677265001c00028006000f00458c53f508000600ac1414bb06000e0002"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmmsg$inet(r0, &(0x7f0000000880), 0x0, 0x4880) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/crash_elfcorehdr_size', 0x20000, 0x20) syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) r4 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) read$FUSE(r3, &(0x7f0000003700)={0x2020}, 0x2020) keyctl$set_reqkey_keyring(0xe, 0x5) r6 = io_uring_setup(0x4238, &(0x7f0000000000)={0x0, 0x0, 0x400, 0x0, 0x0, 0x0, r3}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000001240)=[@ioring_restriction_sqe_flags_required={0x3, 0x2}, @ioring_restriction_sqe_flags_allowed={0x2, 0x9}, @ioring_restriction_register_op={0x0, 0x1a}, @ioring_restriction_sqe_op={0x1, 0x11}], 0x73) madvise(&(0x7f00006d3000/0x4000)=nil, 0x4000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) 4.895012084s ago: executing program 2 (id=91): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r2, 0x0, 0xa, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0xc01, 0x3, 0x1230, 0x10e8, 0x5002004a, 0xa, 0x10e8, 0x0, 0x1208, 0x3c8, 0x3c8, 0x1208, 0x3c8, 0x3, 0x0, {[{{@ip={@private, @loopback, 0x0, 0x0, 'syzkaller0\x00', 'syzkaller0\x00'}, 0x60, 0x10a0, 0x10e8, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x0, {@ipv6=@private0, 'wg2\x00'}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "53f99237f41c832fc8969da1f2b7a86ddedeb7587f1590839a7a3acebc0f"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x1290) chmod(&(0x7f0000000000)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000013c0)={&(0x7f0000000040)='mmc_request_done\x00', r3, 0x0, 0x4}, 0x18) move_pages(0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1], 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) getpid() (async) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) setsockopt$inet_int(r2, 0x0, 0xa, 0x0, 0x0) (async) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0xc01, 0x3, 0x1230, 0x10e8, 0x5002004a, 0xa, 0x10e8, 0x0, 0x1208, 0x3c8, 0x3c8, 0x1208, 0x3c8, 0x3, 0x0, {[{{@ip={@private, @loopback, 0x0, 0x0, 'syzkaller0\x00', 'syzkaller0\x00'}, 0x60, 0x10a0, 0x10e8, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x0, {@ipv6=@private0, 'wg2\x00'}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "53f99237f41c832fc8969da1f2b7a86ddedeb7587f1590839a7a3acebc0f"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x1290) (async) chmod(&(0x7f0000000000)='./file0\x00', 0x0) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000013c0)={&(0x7f0000000040)='mmc_request_done\x00', r3, 0x0, 0x4}, 0x18) (async) move_pages(0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1], 0x0, 0x0) (async) 4.69329691s ago: executing program 1 (id=92): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0x18, 0x2, [@TCA_FW_ACT={0x4}, @TCA_FW_MASK={0x8, 0x5, 0x7f76}, @TCA_FW_CLASSID={0x8, 0x1, {0xb, 0x4}}]}}]}, 0x44}}, 0x24000000) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.591862651s ago: executing program 2 (id=93): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) socket(0x40000000015, 0x5, 0x0) r0 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0xffffffff, 0x10100}, &(0x7f0000000480), &(0x7f0000000300)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0xc5f7}, &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r0, 0x48e9, 0x0, 0x0, 0x0, 0x0) 4.506922825s ago: executing program 1 (id=94): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0x403, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, 0x235, 0x2881}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0xd, 0x1, 'BATMAN_IV'}, @IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}, @IFLA_BATADV_ALGO_NAME={0xd, 0x1, 'BATMAN_IV'}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x68}, 0x1, 0xba01, 0x0, 0x4000080}, 0x0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x7, 0x4, 0x80}, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1c}}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x1, 0x0, {0x2, 0x14}}, 0x1c}}, 0x2400c044) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @local}, @CTA_NAT_PROTO={0x4}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000090}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff) socket$l2tp6(0xa, 0x2, 0x73) read$char_usb(0xffffffffffffffff, &(0x7f0000000000)=""/188, 0xbc) 4.506155272s ago: executing program 0 (id=95): connect$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') socket$inet6(0xa, 0x80001, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 3.487859567s ago: executing program 0 (id=96): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7786}, [@call={0x85, 0x0, 0x0, 0x28}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0}, 0x50) 3.484267987s ago: executing program 2 (id=97): sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="7961fdffffff000000007e0000000c0099"], 0x20}}, 0x4000054) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000}, 0x2c004) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 2.943073172s ago: executing program 0 (id=98): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) creat(0x0, 0x40) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000c00), r5) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000020000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 2.723051064s ago: executing program 0 (id=99): syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x83) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000004c0)={0x3, &(0x7f0000000900)=[{0x20, 0x52, 0x1, 0xfffff010}, {0x20, 0x0, 0x1, 0xdffff010}, {0x6}]}, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000055}}], 0x1, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) 2.721066308s ago: executing program 2 (id=100): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) (async, rerun: 64) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) (async, rerun: 64) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01082abd7000000000002a000000080058000000000008000300020080000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x44}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="00012ebd7800f6dbdf251b00000a"], 0x14}, 0x1, 0x0, 0x0, 0x20044061}, 0x240048d5) (async) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8) (async) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)=@newqdisc={0x3c, 0x24, 0x200, 0x800, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {0x7, 0xa}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24008884) (rerun: 32) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r1, @ANYRES16, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r5 = getpid() (rerun: 64) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000700)=r5) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='jffs2\x00', 0x202800a, 0x0) (async, rerun: 64) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f00000000c0)='./file0\x00', 0x60004ce) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000000600000008000300cfacbf6239024dffb8e35746b06015985ea7f385725203437fcb3ec51317ad3e51839dcfd96a8540eea3c0f93e25a0cae8b4710c70420ae36e31395aaaf85d81d6b01c31f041056a2bd86e47e08460e60f1390c7a621ef9268863fdfe9de559efac818b28b696e56ab563cee56c9adcd8d6d2600b061930ef632ed5df4d349a780b7dd5e7cfae6497c3362c3d615b5a34658a1ee9a32071e781fca87591916a12e66b3954faae3f45d3642c9f63bfd3702290dff8b9f0ba37a3abef25976f3a7d8a96244f9ce8f2374408e6adcaf0dd93db30e5976d3bafbeb0601d01b52e899b5e0e74dfd3f", @ANYRES32=r8, @ANYBLOB="080005000b000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc) (async, rerun: 64) r9 = syz_open_dev$ttys(0xc, 0x2, 0x1) (rerun: 64) ioctl$PIO_UNIMAP(r9, 0x4b67, &(0x7f0000000280)={0x7, &(0x7f0000000200)=[{0xf040, 0xfff5}, {0x7c, 0x8}, {0x8001, 0x5}, {0x1, 0x1}, {0x9, 0x6}, {0xa8e, 0xcae}, {0x3, 0x6}]}) (async) splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0) socket(0x400000000010, 0x3, 0x0) 2.703579945s ago: executing program 4 (id=101): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000210001000000000000000000fc020000000000000000000000000000fe80000000000000000000020000003500000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000034011100ac14140c000000000000000000000000fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aa330000000200000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ff020000000000000000000000000001ff020000003500000a000800ac"], 0x184}}, 0x0) 2.631317071s ago: executing program 3 (id=102): socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$tipc(0x1e, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0xfff4, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 2.542991007s ago: executing program 4 (id=103): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000380), 0x0, &(0x7f0000000400)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xfc}}], 0x18}, 0x840) close(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x8, 0x800) socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000900)={0x1d, r5, 0x1}, 0x18) sendmmsg$unix(r4, &(0x7f0000004a80)=[{{&(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000440)="bd", 0x1}], 0x1, 0x0, 0x0, 0x40000}}, {{&(0x7f0000000940)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x533509e98f3a73c}}], 0x2, 0x1d3) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000000}, [@FRA_FLOW={0x8, 0xb, 0xb05}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) 1.660989203s ago: executing program 3 (id=104): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) socket$inet6(0xa, 0x11, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r2 = socket(0x1e, 0x4, 0x0) (rerun: 64) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async, rerun: 32) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50) (async) chown(&(0x7f00000079c0)='.\x00', 0x0, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async) userfaultfd(0x801) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) mount(0x0, 0x0, &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b04000000000000000002000000300004802c0001800b0001006e756d67656e00001c00028008000240800000000800034000000000080001400000000d0900010073797a30000000000900020073797a32"], 0x84}}, 0x0) 1.380900253s ago: executing program 1 (id=105): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d3f426b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800) 1.228595182s ago: executing program 4 (id=106): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$FUSE_INIT(r2, &(0x7f0000000400)={0x6f, 0x0, 0x0, {0x7, 0x28, 0x80000001, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0xfffffede) fcntl$setpipe(r2, 0x407, 0x2000000) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) setgid(0x0) r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000001480)={0x24, 0x0, 0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="00220a000000832d7566155b42dd07f6"], &(0x7f0000001440)={0x0, 0x21, 0x9, {0x9, 0x21, 0x27f, 0xfd, 0x1, {0x22, 0xdad}}}}, &(0x7f0000001700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001600)=ANY=[@ANYBLOB="20010060e500"], 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x27, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRESOCT=r1], 0xac}, 0x1, 0x0, 0x0, 0x12}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000007c0)='./binderfs2/custom0\x00', 0x800, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000800)={0x73622a85, 0x100a, 0x100000000002}) syz_usb_ep_write(r3, 0x81, 0x1, &(0x7f00000004c0)='P') syz_usb_control_io(r3, &(0x7f0000000280)={0x2c, &(0x7f0000000040)={0x40, 0x10, 0x11, {0x11, 0xc3b4636d5ff242f3, "16bb74ffe42f25b69fbfb602b34856"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41f}}, &(0x7f0000000100)=ANY=[@ANYBLOB="000fd5000000050fd50003a8102467bf0906855b4068d8c6565059f103be93937ecf6e78ea3b01f5289b3dc4d7e33ca9770dcf919af9c93ba252d095733eec468326dfdf790bf01de9350352ab01b1ad760c774d4c8c4401dca5f8438dad7e7d5c18940c5b15433057086a00539730da846233715282d2fea9089c72c9eacba7681986f55c2a5423bbb8973cf09f75de341f605323a718f9304a0f88708799d6e692735021c91ae4e62246f6fc3e368c0d952fb2f01c14100419d276de53e7982d7fdac53bfd210422b514100a09a2110800000f060000ff0000ff"], &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x10, 0x60, 0x3, 0xc7, "e88b5680", "8a9dbbb2"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x80, 0x1, 0x9, 0x8, 0x0, 0x3}}}, &(0x7f0000000700)={0x84, &(0x7f00000002c0)={0x40, 0x14, 0x7, "2c9890856de25e"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x4, 0x1}}, &(0x7f00000003c0)={0x20, 0x0, 0x8, {0x1e0, 0x8, [0xf000]}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000480)={0x40, 0xb, 0x2, "7c90"}, &(0x7f0000000500)={0x40, 0xf, 0x2, 0x7fff}, &(0x7f0000000540)={0x40, 0x13, 0x6, @local}, &(0x7f0000000580)={0x40, 0x17, 0x6, @multicast}, &(0x7f00000005c0)={0x40, 0x19, 0x2, "d484"}, &(0x7f0000000840)={0x40, 0x1a, 0x2, 0x2}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0xa}, &(0x7f0000000680)={0x40, 0x1e, 0x1, 0x1}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x5}}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x8) 1.205758736s ago: executing program 1 (id=107): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWSET={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x48}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x34, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x20003}]}, @CTA_TUPLE_ORIG={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x14, r2, 0x601}, 0x14}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000180042800c00018006000600800a0000200002801c0017800400ad0014"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r4, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)={0x1e8, r2, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xe4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xa, 0x3, "0ce95897af56"}, @TIPC_NLA_NODE_ID={0x79, 0x3, "5d194791085a9b73cd2f23e2a1e80130f94ac4a17ec5e5bbb08e4f94b24faade0a72f06b1a27f9dd24a4ee6837b01200753c79bbbcb3d3e1864ad1b79bfcbf1a13be8af8d6144a6d34df3c73118888b86fc30e01ea37db982c9b78a00e69ef040ac07dfd105de2823896503504b9c1d922f6762d9f"}, @TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "33dc8c97978563b18717be98fbada961ea3b671b24e686412c1c50dc9c53"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x95d}]}, @TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7fff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffff9f7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd06}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x94d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "eb44d43f770e1437995b7bcc9266e956ede63ac88a124c1024e40b"}}]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x4040}, 0x10) 945.790516ms ago: executing program 1 (id=108): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sched_setscheduler(0x0, 0x2, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0xff84, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x800) 718.793487ms ago: executing program 1 (id=109): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect(r0, &(0x7f0000000280)=@hci={0x1f, 0x2, 0x3}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000ddffff94"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x7, 0x0, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r7, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) r8 = socket$inet_smc(0x2b, 0x1, 0x0) getsockname$inet(r8, 0x0, &(0x7f0000000080)) r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 485.278078ms ago: executing program 2 (id=110): sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="7961fdffffff000000007e0000000c0099"], 0x20}}, 0x4000054) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000}, 0x2c004) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 335.960204ms ago: executing program 0 (id=111): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_connect$cdc_ecm(0x1, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48, 0x1, 0x1, 0x1, 0xf0, 0x83, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0x1, {{0xa, 0x24, 0x6, 0x0, 0x0, "e36735408b"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x61a5, 0x1, 0x0, 0x4}, [@mbim_extended={0x8, 0x24, 0x1c, 0x2, 0xc5, 0x3}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0xa, 0x9, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x7f, 0x4, 0x1}}}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0xd, 0x3, 0x0, 0x8, 0xed}, 0xf, &(0x7f0000000140)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0xfa, 0x4, 0xe}]}, 0x3, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x414}}, {0x24, &(0x7f0000000380)=@string={0x24, 0x3, "f18f9850ea42c503254adf920728a689a8308f2eddc8578a2eb41a625a8a7fa6696c"}}, {0xfa, &(0x7f0000002980)=@string={0xfa, 0x3, "d214de695213f3cd3cabe5771a64f955503f4bdb9daee655edf1db38b31b3f56f9b96409098497878634764fa1cbd6d8329c23f22c9b2cc0be63b62cd9f3d9a4ab47223466a308dde49489e28403dabedbd0d38f193292315fbf4f07db984e559be8ca1bcf20ab08413d00fb817b588659a2795a94095e4b6a830b43de529f802ef7b706a2c4e3ffef4a894daffc289a64046fedd9c681ed6b02411b097b1e14da1d168352e33fe13df7158b331f99c38e7a7fb8f107be1788c77641fc13ac503c3770133c1c65d8185dcf9b5eaa376543439cbf92b3a361096f9be949c36df98c9db0558e3e937cdb36ff211a8f1be4e99017591a16147d"}}]}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000008c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x53, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5") r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$notify(r1, 0x402, 0x8) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x20040840}, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020000010007000000080009400000000114000880100007800a001100aaaaaaaaaaaa000089fd31ee6abaeff21cc5887bbeeb79be45b279cdd1a00374dcbaf1173c5dd4afcc50db6b1091faed3352ebb0d8fcde9e363450a5ed7d5f0fc5cc9bfdd5035c65b590ec253fedc4ec69c5cad67e5bd1a649da9f40e85c179076f17df426cdd4c0fc6061a164b49f73c6d8a83cca101b625634249a244f5dc6c29779eb9ef013617c5b2c59ded70a00b811296acca66ff4a10607aed1a7e5520e91813e30a2238cf20f3a830c54959b2aefb82c477c97a7685e0657aba10343dab2bcf4f7b5918ed068fa110977d04c7285af56acce513dc3"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000042003303"], 0x14}, 0x1, 0x0, 0x0, 0x4015}, 0x24040004) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000003a80)=[{0x0}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/182, 0xb6}, {0x0}, {&(0x7f0000002880)=""/247, 0xf7}, {&(0x7f0000002a80)=""/4096, 0x1000}], 0x7}, 0x10020) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r4) 0s ago: executing program 2 (id=112): socketpair$unix(0x1, 0x2, 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz0\x00', 0x1ff) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2$9p(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030012f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2944], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x4a) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. [ 64.735283][ T30] audit: type=1400 audit(1752616805.789:62): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 64.738864][ T5817] cgroup: Unknown subsys name 'net' [ 64.758254][ T30] audit: type=1400 audit(1752616805.789:63): avc: denied { mount } for pid=5817 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.787875][ T30] audit: type=1400 audit(1752616805.849:64): avc: denied { unmount } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.922858][ T5817] cgroup: Unknown subsys name 'cpuset' [ 64.930580][ T5817] cgroup: Unknown subsys name 'rlimit' [ 65.036851][ T30] audit: type=1400 audit(1752616806.089:65): avc: denied { setattr } for pid=5817 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 65.060188][ T30] audit: type=1400 audit(1752616806.089:66): avc: denied { create } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.100605][ T30] audit: type=1400 audit(1752616806.089:67): avc: denied { write } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.121046][ T30] audit: type=1400 audit(1752616806.089:68): avc: denied { read } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.141605][ T30] audit: type=1400 audit(1752616806.119:69): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 65.166804][ T30] audit: type=1400 audit(1752616806.119:70): avc: denied { mount } for pid=5817 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 65.171065][ T5819] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 65.190088][ T30] audit: type=1400 audit(1752616806.139:71): avc: denied { read } for pid=5499 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 66.114214][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.393958][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.421866][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.429534][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.437143][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.449628][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.457755][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.476915][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.486023][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.499966][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.506412][ T5155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.515010][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.523143][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.534968][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.542357][ T5830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.550589][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.559962][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.567103][ T5830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.574913][ T5155] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 68.575420][ T5830] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.588970][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.590157][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 68.603270][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.604581][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.611355][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.630094][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.952007][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 69.045083][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 69.174908][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.183034][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.190222][ T5831] bridge_slave_0: entered allmulticast mode [ 69.197524][ T5831] bridge_slave_0: entered promiscuous mode [ 69.206585][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 69.236087][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.243272][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.250449][ T5831] bridge_slave_1: entered allmulticast mode [ 69.257082][ T5831] bridge_slave_1: entered promiscuous mode [ 69.270914][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 69.297390][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.305121][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.312547][ T5827] bridge_slave_0: entered allmulticast mode [ 69.319582][ T5827] bridge_slave_0: entered promiscuous mode [ 69.350105][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.358971][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.366193][ T5827] bridge_slave_1: entered allmulticast mode [ 69.373671][ T5827] bridge_slave_1: entered promiscuous mode [ 69.413682][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.429770][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 69.441880][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.477941][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.514686][ T5831] team0: Port device team_slave_0 added [ 69.523275][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.564659][ T5831] team0: Port device team_slave_1 added [ 69.587608][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.594860][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.602645][ T5837] bridge_slave_0: entered allmulticast mode [ 69.609282][ T5837] bridge_slave_0: entered promiscuous mode [ 69.616579][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.624171][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.631336][ T5838] bridge_slave_0: entered allmulticast mode [ 69.637935][ T5838] bridge_slave_0: entered promiscuous mode [ 69.665198][ T5827] team0: Port device team_slave_0 added [ 69.671306][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.678385][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.685803][ T5837] bridge_slave_1: entered allmulticast mode [ 69.692816][ T5837] bridge_slave_1: entered promiscuous mode [ 69.699610][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.707139][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.714669][ T5838] bridge_slave_1: entered allmulticast mode [ 69.721434][ T5838] bridge_slave_1: entered promiscuous mode [ 69.735869][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.742962][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.770614][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.783375][ T5827] team0: Port device team_slave_1 added [ 69.789560][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.796561][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.822665][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.904122][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.911648][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.918746][ T5843] bridge_slave_0: entered allmulticast mode [ 69.925770][ T5843] bridge_slave_0: entered promiscuous mode [ 69.933755][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.941271][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.948365][ T5843] bridge_slave_1: entered allmulticast mode [ 69.955091][ T5843] bridge_slave_1: entered promiscuous mode [ 69.962398][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.969349][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.996207][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.008932][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.020850][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.032542][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.056863][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.063911][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.090140][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.142434][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.182849][ T5837] team0: Port device team_slave_0 added [ 70.197026][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.209794][ T5831] hsr_slave_0: entered promiscuous mode [ 70.216539][ T5831] hsr_slave_1: entered promiscuous mode [ 70.226026][ T5837] team0: Port device team_slave_1 added [ 70.234187][ T5838] team0: Port device team_slave_0 added [ 70.241863][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.287915][ T5838] team0: Port device team_slave_1 added [ 70.316823][ T5827] hsr_slave_0: entered promiscuous mode [ 70.323347][ T5827] hsr_slave_1: entered promiscuous mode [ 70.329181][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.337503][ T5827] Cannot create hsr debugfs directory [ 70.362587][ T5843] team0: Port device team_slave_0 added [ 70.368850][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.375915][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.402020][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.440689][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.447702][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.474038][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.486580][ T5843] team0: Port device team_slave_1 added [ 70.500786][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.507725][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.533880][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.551031][ T5834] Bluetooth: hci0: command tx timeout [ 70.555147][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.558955][ T5155] Bluetooth: hci1: command tx timeout [ 70.564256][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.594968][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.630663][ T5155] Bluetooth: hci4: command tx timeout [ 70.639361][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.646399][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.672444][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.685352][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.692318][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.713337][ T5155] Bluetooth: hci3: command tx timeout [ 70.718279][ T5834] Bluetooth: hci2: command tx timeout [ 70.723826][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.813854][ T5838] hsr_slave_0: entered promiscuous mode [ 70.820021][ T5838] hsr_slave_1: entered promiscuous mode [ 70.826081][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.834079][ T5838] Cannot create hsr debugfs directory [ 70.854329][ T5837] hsr_slave_0: entered promiscuous mode [ 70.860431][ T5837] hsr_slave_1: entered promiscuous mode [ 70.866338][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.874685][ T5837] Cannot create hsr debugfs directory [ 70.954961][ T5843] hsr_slave_0: entered promiscuous mode [ 70.961621][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.963900][ T5843] hsr_slave_1: entered promiscuous mode [ 70.968035][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.974473][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.990018][ T5843] Cannot create hsr debugfs directory [ 71.141898][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.191266][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.213453][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.236402][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.317387][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.331513][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.341207][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.358973][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.403478][ T5838] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 71.416671][ T5838] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 71.430075][ T5838] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 71.442398][ T5838] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 71.509847][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.542884][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.552555][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.583516][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.612679][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.666313][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.677943][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.695392][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.706648][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.721729][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.728969][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.739399][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.761046][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.768241][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.792900][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.829789][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.865157][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.892164][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.903550][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.916620][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.923771][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.938912][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.946050][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.959738][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.966861][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.003941][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.026856][ T3531] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.034030][ T3531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.064665][ T3531] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.065116][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 72.065127][ T30] audit: type=1400 audit(1752616813.119:86): avc: denied { sys_module } for pid=5831 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 72.071821][ T3531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.097966][ T3531] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.113362][ T3531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.270199][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.346311][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.392691][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.399813][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.413548][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.420704][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.537546][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.579160][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.627859][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.638674][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.641278][ T5834] Bluetooth: hci1: command tx timeout [ 72.650810][ T5155] Bluetooth: hci0: command tx timeout [ 72.710660][ T5834] Bluetooth: hci4: command tx timeout [ 72.723262][ T5837] veth0_vlan: entered promiscuous mode [ 72.755863][ T5831] veth0_vlan: entered promiscuous mode [ 72.777017][ T5837] veth1_vlan: entered promiscuous mode [ 72.790862][ T5834] Bluetooth: hci2: command tx timeout [ 72.792448][ T5155] Bluetooth: hci3: command tx timeout [ 72.829654][ T5831] veth1_vlan: entered promiscuous mode [ 72.851388][ T5827] veth0_vlan: entered promiscuous mode [ 72.922169][ T5827] veth1_vlan: entered promiscuous mode [ 72.935387][ T5831] veth0_macvtap: entered promiscuous mode [ 72.952517][ T5837] veth0_macvtap: entered promiscuous mode [ 72.973396][ T5831] veth1_macvtap: entered promiscuous mode [ 72.982897][ T5837] veth1_macvtap: entered promiscuous mode [ 73.018715][ T5827] veth0_macvtap: entered promiscuous mode [ 73.033774][ T5827] veth1_macvtap: entered promiscuous mode [ 73.053631][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.063494][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.077843][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.104195][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.124387][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.136686][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.154653][ T5838] veth0_vlan: entered promiscuous mode [ 73.164213][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.173872][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.183644][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.193445][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.205497][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.214595][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.223640][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.232829][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.243662][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.257307][ T5827] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.267014][ T5827] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.277795][ T5827] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.286670][ T5827] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.335853][ T5838] veth1_vlan: entered promiscuous mode [ 73.369017][ T5843] veth0_vlan: entered promiscuous mode [ 73.405822][ T5843] veth1_vlan: entered promiscuous mode [ 73.447079][ T5838] veth0_macvtap: entered promiscuous mode [ 73.465981][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.483172][ T5838] veth1_macvtap: entered promiscuous mode [ 73.489574][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.495903][ T5843] veth0_macvtap: entered promiscuous mode [ 73.515099][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.524956][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.569124][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.569649][ T5843] veth1_macvtap: entered promiscuous mode [ 73.583084][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.628549][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.638773][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.644378][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.655504][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.679606][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.689515][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.698951][ T30] audit: type=1400 audit(1752616814.749:87): avc: denied { mounton } for pid=5827 comm="syz-executor" path="/root/syzkaller.rlbir5/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 73.725296][ T5838] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.736627][ T30] audit: type=1400 audit(1752616814.749:88): avc: denied { mount } for pid=5827 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 73.759481][ T5838] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.769180][ T30] audit: type=1400 audit(1752616814.749:89): avc: denied { mounton } for pid=5827 comm="syz-executor" path="/root/syzkaller.rlbir5/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 73.770088][ T5838] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.795732][ T30] audit: type=1400 audit(1752616814.749:90): avc: denied { mount } for pid=5827 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 73.807257][ T5838] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.827036][ T30] audit: type=1400 audit(1752616814.749:91): avc: denied { mounton } for pid=5827 comm="syz-executor" path="/root/syzkaller.rlbir5/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 73.865456][ T30] audit: type=1400 audit(1752616814.759:92): avc: denied { mounton } for pid=5827 comm="syz-executor" path="/root/syzkaller.rlbir5/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6087 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 73.899243][ T30] audit: type=1400 audit(1752616814.759:93): avc: denied { unmount } for pid=5827 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 73.922141][ T30] audit: type=1400 audit(1752616814.779:94): avc: denied { mounton } for pid=5827 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2788 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 73.952261][ T30] audit: type=1400 audit(1752616814.779:95): avc: denied { mount } for pid=5827 comm="syz-executor" name="/" dev="gadgetfs" ino=6121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 73.958771][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 73.996888][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.015154][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.025839][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.075207][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.150896][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.244269][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.482711][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.497174][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.514460][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.523625][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.562006][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.581208][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.658242][ T5951] Zero length message leads to an empty skb [ 74.710663][ T5155] Bluetooth: hci1: command tx timeout [ 74.712489][ T5834] Bluetooth: hci0: command tx timeout [ 74.792558][ T5834] Bluetooth: hci4: command tx timeout [ 74.870626][ T5834] Bluetooth: hci2: command tx timeout [ 74.872971][ T5155] Bluetooth: hci3: command tx timeout [ 75.065252][ T5963] netlink: 120 bytes leftover after parsing attributes in process `syz.1.6'. [ 75.087258][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.106056][ T3447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.132715][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.152474][ T3447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.294848][ T3531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.330434][ T3531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.460580][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.469103][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.478056][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 75.540570][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.549052][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.557601][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.566098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.574555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.748940][ T5979] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5'. [ 76.820418][ T5155] Bluetooth: hci1: command tx timeout [ 76.821752][ T5834] Bluetooth: hci0: command tx timeout [ 76.887378][ T5834] Bluetooth: hci4: command tx timeout [ 76.952910][ T5834] Bluetooth: hci2: command tx timeout [ 76.952999][ T5155] Bluetooth: hci3: command tx timeout [ 77.795822][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 77.795837][ T30] audit: type=1400 audit(1752616818.329:148): avc: denied { setopt } for pid=5980 comm="syz.1.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 77.892715][ T30] audit: type=1400 audit(1752616818.419:149): avc: denied { mount } for pid=5988 comm="syz.4.13" name="/" dev="ramfs" ino=8221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 77.892745][ T30] audit: type=1400 audit(1752616818.869:150): avc: denied { write } for pid=5980 comm="syz.1.10" path="socket:[8220]" dev="sockfs" ino=8220 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 78.025647][ T30] audit: type=1400 audit(1752616819.079:151): avc: denied { append } for pid=6007 comm="syz.4.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 78.039527][ T30] audit: type=1400 audit(1752616819.089:152): avc: denied { write } for pid=6007 comm="syz.4.16" name="packet" dev="proc" ino=4026533447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 78.193841][ C0] vkms_vblank_simulate: vblank timer overrun [ 78.809741][ T30] audit: type=1400 audit(1752616819.859:153): avc: denied { read write } for pid=6019 comm="syz.3.19" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 78.838101][ T6020] veth0: entered promiscuous mode [ 78.850918][ T6020] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 78.887127][ T30] audit: type=1400 audit(1752616819.859:154): avc: denied { open } for pid=6019 comm="syz.3.19" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 79.254878][ T30] audit: type=1400 audit(1752616819.889:155): avc: denied { ioctl } for pid=6019 comm="syz.3.19" path="socket:[7676]" dev="sockfs" ino=7676 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 79.375381][ T30] audit: type=1400 audit(1752616820.059:156): avc: denied { ioctl } for pid=6019 comm="syz.3.19" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 79.559826][ T6033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21'. [ 79.630659][ T30] audit: type=1400 audit(1752616820.419:157): avc: denied { create } for pid=6028 comm="syz.4.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 79.741940][ T6032] capability: warning: `syz.4.21' uses deprecated v2 capabilities in a way that may be insecure [ 79.849504][ T6019] veth0: left promiscuous mode [ 81.256631][ T1205] cfg80211: failed to load regulatory.db [ 81.968199][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'. [ 83.568498][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 83.568511][ T30] audit: type=1400 audit(1752616824.599:178): avc: denied { create } for pid=6087 comm="syz.2.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 83.674919][ T30] audit: type=1400 audit(1752616824.729:179): avc: denied { create } for pid=6096 comm="syz.4.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 83.700455][ T6097] netlink: 'syz.4.34': attribute type 5 has an invalid length. [ 83.814536][ T30] audit: type=1400 audit(1752616824.749:180): avc: denied { write } for pid=6096 comm="syz.4.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 83.835985][ T30] audit: type=1400 audit(1752616824.779:181): avc: denied { read } for pid=6096 comm="syz.4.34" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.249838][ T30] audit: type=1400 audit(1752616824.779:182): avc: denied { open } for pid=6096 comm="syz.4.34" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.336264][ T6083] : entered promiscuous mode [ 84.427918][ T30] audit: type=1400 audit(1752616824.779:183): avc: denied { ioctl } for pid=6096 comm="syz.4.34" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 84.475620][ T6106] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.502341][ T5910] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 84.569863][ T30] audit: type=1400 audit(1752616824.849:184): avc: denied { write } for pid=6087 comm="syz.2.33" path="socket:[8472]" dev="sockfs" ino=8472 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 84.595027][ T30] audit: type=1400 audit(1752616825.039:185): avc: denied { name_bind } for pid=6096 comm="syz.4.34" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 84.616500][ T30] audit: type=1400 audit(1752616825.039:186): avc: denied { node_bind } for pid=6096 comm="syz.4.34" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 84.637495][ T30] audit: type=1400 audit(1752616825.129:187): avc: denied { create } for pid=6096 comm="syz.4.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 84.695335][ T5910] usb 5-1: device descriptor read/64, error -71 [ 84.887195][ T6113] netlink: 316 bytes leftover after parsing attributes in process `syz.1.36'. [ 85.330425][ T5910] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 85.773668][ T5910] usb 5-1: device descriptor read/64, error -71 [ 85.992605][ T5910] usb usb5-port1: attempt power cycle [ 86.485928][ T5910] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 86.497714][ T6127] netlink: 'syz.2.43': attribute type 10 has an invalid length. [ 86.528395][ T6127] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.536838][ T6127] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.554905][ T5910] usb 5-1: device descriptor read/8, error -71 [ 86.574782][ T6127] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.581909][ T6127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.589714][ T6127] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.596814][ T6127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.612945][ T6127] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 86.627379][ T6134] pimreg: entered allmulticast mode [ 86.757630][ T6127] bridge_slave_1: left allmulticast mode [ 86.763549][ T6127] bridge_slave_1: left promiscuous mode [ 86.769490][ T6127] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.789475][ T6127] bridge_slave_0: left allmulticast mode [ 86.806909][ T6127] bridge_slave_0: left promiscuous mode [ 86.881295][ T6144] Bluetooth: MGMT ver 1.23 [ 87.071533][ T6127] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.612822][ T6127] bond0: (slave bridge0): Releasing backup interface [ 87.718165][ T6154] netlink: 'syz.0.50': attribute type 10 has an invalid length. [ 88.100715][ T6163] warning: `syz.0.54' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 88.505430][ T6166] netlink: 24 bytes leftover after parsing attributes in process `syz.0.54'. [ 88.914466][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.53'. [ 89.160534][ T5944] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.320970][ T5986] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.338953][ T5944] usb 1-1: Using ep0 maxpacket: 32 [ 89.357912][ T5944] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 89.379807][ T5944] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 89.432012][ T5944] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 89.448436][ T5944] usb 1-1: config 1 has no interface number 0 [ 89.472365][ T5944] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 89.485545][ T5944] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 89.502613][ T5986] usb 4-1: Using ep0 maxpacket: 32 [ 89.505020][ T5944] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 89.528804][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.597898][ T5986] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 89.653182][ T5944] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 89.679776][ T5986] usb 4-1: config 0 interface 0 has no altsetting 0 [ 89.717973][ T5986] usb 4-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 89.736091][ T5986] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.747639][ T5986] usb 4-1: config 0 descriptor?? [ 89.889234][ T5944] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 90.531827][ T6003] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 90.694341][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 90.694373][ T30] audit: type=1400 audit(1752616831.749:211): avc: denied { connect } for pid=6162 comm="syz.0.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 90.697337][ T5986] hid-retrode 0003:0403:97C1.0001: unknown main item tag 0x0 [ 90.701091][ T6003] usb 2-1: device descriptor read/64, error -71 [ 90.791612][ T5986] hid-retrode 0003:0403:97C1.0001: unknown main item tag 0x0 [ 90.799872][ T5986] hid-retrode 0003:0403:97C1.0001: unknown main item tag 0x0 [ 90.818139][ T5986] hid-retrode 0003:0403:97C1.0001: unknown main item tag 0x0 [ 90.952021][ T5897] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 91.054321][ T6003] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 91.084574][ T5986] hid-retrode 0003:0403:97C1.0001: unknown main item tag 0x0 [ 91.114294][ T5986] hid-retrode 0003:0403:97C1.0001: hidraw0: USB HID v0.02 Device [HID 0403:97c1] on usb-dummy_hcd.3-1/input0 [ 91.190792][ T6003] usb 2-1: device descriptor read/64, error -71 [ 91.275360][ T6197] kvm: pic: non byte write [ 91.281729][ T6197] kvm: pic: non byte write [ 91.295712][ T6204] vcan0: tx drop: invalid da for name 0xffffffffffffffff [ 91.311070][ T6003] usb usb2-port1: attempt power cycle [ 91.348282][ T30] audit: type=1400 audit(1752616832.399:212): avc: denied { write } for pid=6205 comm="syz.4.65" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 91.374106][ T6206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.65'. [ 91.392001][ T30] audit: type=1400 audit(1752616832.449:213): avc: denied { read write } for pid=6205 comm="syz.4.65" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 91.424176][ T30] audit: type=1400 audit(1752616832.449:214): avc: denied { open } for pid=6205 comm="syz.4.65" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 91.456566][ T30] audit: type=1400 audit(1752616832.509:215): avc: denied { create } for pid=6205 comm="syz.4.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 91.541293][ T6207] netlink: 28 bytes leftover after parsing attributes in process `syz.4.65'. [ 91.716798][ T5897] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 91.800508][ T6003] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 91.816270][ T30] audit: type=1400 audit(1752616832.609:216): avc: denied { ioctl } for pid=6205 comm="syz.4.65" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 91.882116][ T6003] usb 2-1: device descriptor read/8, error -71 [ 91.946027][ T30] audit: type=1400 audit(1752616832.609:217): avc: denied { name_bind } for pid=6205 comm="syz.4.65" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 91.970669][ T5897] usb 3-1: Using ep0 maxpacket: 32 [ 91.992775][ T5897] usb 3-1: config 0 interface 0 has no altsetting 0 [ 92.004312][ T5897] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 92.028895][ T43] usb 1-1: USB disconnect, device number 2 [ 92.050374][ T43] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 92.057739][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.102983][ T5897] usb 3-1: config 0 descriptor?? [ 92.112588][ T5986] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 92.140495][ T6003] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 92.181082][ T6003] usb 2-1: device descriptor read/8, error -71 [ 92.280479][ T5986] usb 5-1: Using ep0 maxpacket: 8 [ 92.288911][ T5986] usb 5-1: config 51 has too many interfaces: 58, using maximum allowed: 32 [ 92.298203][ T5986] usb 5-1: config 51 has an invalid descriptor of length 1, skipping remainder of the config [ 92.300694][ T6003] usb usb2-port1: unable to enumerate USB device [ 92.314870][ T5986] usb 5-1: config 51 has 0 interfaces, different from the descriptor's value: 58 [ 92.327280][ T5986] usb 5-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa [ 92.336992][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.345224][ T5986] usb 5-1: Product: syz [ 92.349655][ T5986] usb 5-1: Manufacturer: syz [ 92.363320][ T5986] usb 5-1: SerialNumber: syz [ 92.396186][ T6212] netlink: 28 bytes leftover after parsing attributes in process `syz.0.67'. [ 92.412394][ T6212] netem: change failed [ 92.585368][ T6206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.65'. [ 92.602049][ T5986] usb 5-1: USB disconnect, device number 6 [ 92.785871][ T30] audit: type=1400 audit(1752616833.839:218): avc: denied { create } for pid=6213 comm="syz.1.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 92.891459][ T5897] corsair-cpro 0003:1B1C:0C10.0002: hidraw1: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0 [ 93.082969][ T30] audit: type=1400 audit(1752616834.129:219): avc: denied { map } for pid=6219 comm="syz.1.70" path="/dev/video4" dev="devtmpfs" ino=936 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 93.195614][ T5986] usb 4-1: USB disconnect, device number 2 [ 93.279100][ T6223] netlink: 'syz.0.71': attribute type 4 has an invalid length. [ 93.533582][ T5897] corsair-cpro 0003:1B1C:0C10.0002: probe with driver corsair-cpro failed with error -71 [ 93.585712][ T5918] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 93.697418][ T5897] usb 3-1: USB disconnect, device number 2 [ 93.850707][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 93.866471][ T5918] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 93.887374][ T30] audit: type=1400 audit(1752616834.939:220): avc: denied { create } for pid=6233 comm="syz.3.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 93.930434][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.448238][ T5918] usb 5-1: Product: syz [ 94.477645][ T5918] usb 5-1: Manufacturer: syz [ 94.529111][ T5918] usb 5-1: SerialNumber: syz [ 94.550301][ T6242] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 94.651940][ T5918] usb 5-1: config 0 descriptor?? [ 94.674774][ T5918] as10x_usb: device has been detected [ 94.848303][ T5918] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 94.892196][ T6225] random: crng reseeded on system resumption [ 94.911781][ T5918] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 95.002525][ T5918] as10x_usb: error during firmware upload part1 [ 95.026191][ T5918] Registered device Sky IT Digital Key (green led) [ 95.053862][ T5918] usb 5-1: USB disconnect, device number 7 [ 95.126518][ T6254] syz.1.83 uses obsolete (PF_INET,SOCK_PACKET) [ 95.143361][ T5918] Unregistered device Sky IT Digital Key (green led) [ 95.155437][ T5918] as10x_usb: device has been disconnected [ 95.175844][ T6254] syzkaller1: entered promiscuous mode [ 95.186314][ T6254] syzkaller1: entered allmulticast mode [ 96.008494][ T6273] comedi comedi0: Minor 14 could not be opened [ 96.134741][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 96.134756][ T30] audit: type=1400 audit(1752616837.189:228): avc: denied { create } for pid=6278 comm="syz.1.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 96.548796][ T30] audit: type=1400 audit(1752616837.549:229): avc: denied { ioctl } for pid=6286 comm="syz.1.94" path="socket:[9050]" dev="sockfs" ino=9050 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 97.783272][ T6271] 9pnet_fd: Insufficient options for proto=fd [ 97.909913][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 97.919030][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 97.931581][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 97.943615][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 97.953635][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 98.310094][ T30] audit: type=1400 audit(1752616839.279:230): avc: denied { ioctl } for pid=6302 comm="syz.2.100" path="/dev/ptyq9" dev="devtmpfs" ino=128 ioctlcmd=0x4b67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 98.351250][ T5918] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 98.801278][ T30] audit: type=1400 audit(1752616839.489:231): avc: denied { create } for pid=6308 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 99.036945][ T5918] usb 1-1: Using ep0 maxpacket: 16 [ 99.050691][ T5918] usb 1-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 99.061145][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.099454][ T6312] syz.3.102 (6312) used greatest stack depth: 18880 bytes left [ 99.253244][ T5918] usb 1-1: Product: syz [ 99.257863][ T5918] usb 1-1: Manufacturer: syz [ 99.296659][ T5918] usb 1-1: SerialNumber: syz [ 99.311037][ T5918] usb 1-1: config 0 descriptor?? [ 99.327185][ T5918] as10x_usb: device has been detected [ 99.343145][ T5918] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 99.392086][ T30] audit: type=1400 audit(1752616840.449:232): avc: denied { write } for pid=6316 comm="syz.3.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 99.461640][ T5918] usb 1-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 99.526808][ T5918] as10x_usb: error during firmware upload part1 [ 99.560904][ T6301] random: crng reseeded on system resumption [ 99.572466][ T5918] Registered device Sky IT Digital Key (green led) [ 99.641121][ T6325] capability: warning: `syz.4.106' uses 32-bit capabilities (legacy support in use) [ 99.753700][ T6324] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 99.765582][ T43] usb 1-1: USB disconnect, device number 3 [ 99.775335][ T30] audit: type=1400 audit(1752616840.829:233): avc: denied { getopt } for pid=6323 comm="syz.1.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 99.853522][ T43] Unregistered device Sky IT Digital Key (green led) [ 99.866863][ T43] as10x_usb: device has been disconnected [ 99.980399][ T5986] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 100.250396][ T5986] usb 5-1: Using ep0 maxpacket: 16 [ 100.262159][ T5986] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.280395][ T5986] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 100.300513][ T5986] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.312159][ T5986] usb 5-1: config 0 descriptor?? [ 100.741541][ T5986] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 100.770525][ T5918] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 100.925801][ C0] ================================================================== [ 100.933921][ C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0xf94/0x1030 [ 100.941893][ C0] Read of size 1 at addr ffff888056ffffff by task swapper/0/0 [ 100.949359][ C0] [ 100.951691][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 100.951718][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.951731][ C0] Call Trace: [ 100.951738][ C0] [ 100.951746][ C0] dump_stack_lvl+0x116/0x1f0 [ 100.951782][ C0] print_report+0xcd/0x610 [ 100.951809][ C0] ? __virt_addr_valid+0x81/0x610 [ 100.951834][ C0] ? __phys_addr+0xe8/0x180 [ 100.951858][ C0] ? mcp2221_raw_event+0xf94/0x1030 [ 100.951889][ C0] kasan_report+0xe0/0x110 [ 100.951917][ C0] ? mcp2221_raw_event+0xf94/0x1030 [ 100.951956][ C0] mcp2221_raw_event+0xf94/0x1030 [ 100.951986][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 100.952014][ C0] __hid_input_report.constprop.0+0x311/0x450 [ 100.952040][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 100.952072][ C0] hid_irq_in+0x35e/0x870 [ 100.952105][ C0] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 100.952135][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 100.952164][ C0] dummy_timer+0x180e/0x3a20 [ 100.952196][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 100.952215][ C0] ? rcu_is_watching+0x12/0xc0 [ 100.952241][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 100.952268][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 100.952285][ C0] __hrtimer_run_queues+0x1ff/0xad0 [ 100.952313][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 100.952336][ C0] ? read_tsc+0x9/0x20 [ 100.952363][ C0] hrtimer_run_softirq+0x17d/0x350 [ 100.952388][ C0] handle_softirqs+0x219/0x8e0 [ 100.952416][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 100.952443][ C0] __irq_exit_rcu+0x109/0x170 [ 100.952467][ C0] irq_exit_rcu+0x9/0x30 [ 100.952490][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 100.952517][ C0] [ 100.952524][ C0] [ 100.952531][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 100.952553][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 100.952581][ C0] Code: cb 6b 02 e9 83 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 b9 21 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 100.952600][ C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6 [ 100.952617][ C0] RAX: 000000000042cfb9 RBX: 0000000000000000 RCX: ffffffff8b885c99 [ 100.952630][ C0] RDX: 0000000000000000 RSI: ffffffff8de32e47 RDI: ffffffff8c158f60 [ 100.952643][ C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645 [ 100.952656][ C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000 [ 100.952668][ C0] R13: ffffffff8e297780 R14: ffffffff90a98750 R15: 0000000000000000 [ 100.952685][ C0] ? ct_kernel_exit+0x139/0x190 [ 100.952713][ C0] default_idle+0x13/0x20 [ 100.952742][ C0] default_idle_call+0x6d/0xb0 [ 100.952761][ C0] do_idle+0x391/0x510 [ 100.952787][ C0] ? __pfx_do_idle+0x10/0x10 [ 100.952812][ C0] ? trace_sched_exit_tp+0x31/0x130 [ 100.952843][ C0] cpu_startup_entry+0x4f/0x60 [ 100.952870][ C0] rest_init+0x16b/0x2b0 [ 100.952887][ C0] ? acpi_subsystem_init+0x133/0x180 [ 100.952914][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 100.952945][ C0] start_kernel+0x3ee/0x4d0 [ 100.952983][ C0] x86_64_start_reservations+0x18/0x30 [ 100.953014][ C0] x86_64_start_kernel+0x130/0x190 [ 100.953044][ C0] common_startup_64+0x13e/0x148 [ 100.953070][ C0] [ 100.953078][ C0] [ 101.275671][ C0] Allocated by task 5846: [ 101.279999][ C0] kasan_save_stack+0x33/0x60 [ 101.284673][ C0] kasan_save_track+0x14/0x30 [ 101.289339][ C0] __kasan_kmalloc+0xaa/0xb0 [ 101.293916][ C0] __kmalloc_noprof+0x223/0x510 [ 101.298754][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 101.304295][ C0] tomoyo_check_open_permission+0x2ab/0x3c0 [ 101.310174][ C0] tomoyo_file_open+0x6b/0x90 [ 101.314835][ C0] security_file_open+0x84/0x1e0 [ 101.319766][ C0] do_dentry_open+0x596/0x1c10 [ 101.324519][ C0] vfs_open+0x82/0x3f0 [ 101.328569][ C0] path_openat+0x1de4/0x2cb0 [ 101.333149][ C0] do_filp_open+0x20b/0x470 [ 101.337638][ C0] do_sys_openat2+0x11b/0x1d0 [ 101.342298][ C0] __x64_sys_openat+0x174/0x210 [ 101.347130][ C0] do_syscall_64+0xcd/0x4c0 [ 101.351622][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.357498][ C0] [ 101.359803][ C0] Freed by task 5846: [ 101.363764][ C0] kasan_save_stack+0x33/0x60 [ 101.368428][ C0] kasan_save_track+0x14/0x30 [ 101.373091][ C0] kasan_save_free_info+0x3b/0x60 [ 101.378100][ C0] __kasan_slab_free+0x51/0x70 [ 101.382851][ C0] kfree+0x2b4/0x4d0 [ 101.386732][ C0] tomoyo_realpath_from_path+0x19f/0x6e0 [ 101.392355][ C0] tomoyo_check_open_permission+0x2ab/0x3c0 [ 101.398235][ C0] tomoyo_file_open+0x6b/0x90 [ 101.402897][ C0] security_file_open+0x84/0x1e0 [ 101.407827][ C0] do_dentry_open+0x596/0x1c10 [ 101.412581][ C0] vfs_open+0x82/0x3f0 [ 101.416644][ C0] path_openat+0x1de4/0x2cb0 [ 101.421236][ C0] do_filp_open+0x20b/0x470 [ 101.425728][ C0] do_sys_openat2+0x11b/0x1d0 [ 101.430390][ C0] __x64_sys_openat+0x174/0x210 [ 101.435234][ C0] do_syscall_64+0xcd/0x4c0 [ 101.439728][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.445604][ C0] [ 101.447913][ C0] The buggy address belongs to the object at ffff888056ffe000 [ 101.447913][ C0] which belongs to the cache kmalloc-4k of size 4096 [ 101.461965][ C0] The buggy address is located 4095 bytes to the right of [ 101.461965][ C0] allocated 4096-byte region [ffff888056ffe000, ffff888056fff000) [ 101.476787][ C0] [ 101.479103][ C0] The buggy address belongs to the physical page: [ 101.485494][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56ff8 [ 101.494236][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 101.502715][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 101.510254][ C0] page_type: f5(slab) [ 101.514221][ C0] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 101.522787][ C0] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 101.531354][ C0] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 101.540006][ C0] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 101.548658][ C0] head: 00fff00000000003 ffffea00015bfe01 00000000ffffffff 00000000ffffffff [ 101.557311][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 101.565957][ C0] page dumped because: kasan: bad access detected [ 101.572350][ C0] page_owner tracks the page as allocated [ 101.578062][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5846, tgid 5846 (udevd), ts 89656223051, free_ts 89632889553 [ 101.598026][ C0] post_alloc_hook+0x1c0/0x230 [ 101.602783][ C0] get_page_from_freelist+0x1321/0x3890 [ 101.608317][ C0] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 101.614198][ C0] alloc_pages_mpol+0x1fb/0x550 [ 101.619039][ C0] new_slab+0x23b/0x330 [ 101.623201][ C0] ___slab_alloc+0xd9c/0x1940 [ 101.627865][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 101.633345][ C0] __kmalloc_noprof+0x2f2/0x510 [ 101.638199][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 101.643761][ C0] tomoyo_path_perm+0x274/0x460 [ 101.648602][ C0] security_inode_getattr+0x116/0x290 [ 101.653978][ C0] vfs_statx+0x121/0x3e0 [ 101.658224][ C0] vfs_fstatat+0x7b/0xf0 [ 101.662462][ C0] __do_sys_newfstatat+0x97/0x120 [ 101.667473][ C0] do_syscall_64+0xcd/0x4c0 [ 101.671998][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.677896][ C0] page last free pid 5204 tgid 5204 stack trace: [ 101.684210][ C0] __free_frozen_pages+0x7fe/0x1180 [ 101.689399][ C0] __put_partials+0x16d/0x1c0 [ 101.694066][ C0] qlist_free_all+0x4d/0x120 [ 101.698647][ C0] kasan_quarantine_reduce+0x195/0x1e0 [ 101.704094][ C0] __kasan_slab_alloc+0x69/0x90 [ 101.708935][ C0] __kmalloc_noprof+0x1d4/0x510 [ 101.713777][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 101.719317][ C0] tomoyo_path_perm+0x274/0x460 [ 101.724152][ C0] security_inode_getattr+0x116/0x290 [ 101.729514][ C0] vfs_fstat+0x4b/0xe0 [ 101.733566][ C0] __do_sys_newfstat+0x87/0x100 [ 101.738399][ C0] do_syscall_64+0xcd/0x4c0 [ 101.742906][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.748786][ C0] [ 101.751093][ C0] Memory state around the buggy address: [ 101.756708][ C0] ffff888056fffe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.764752][ C0] ffff888056ffff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.772796][ C0] >ffff888056ffff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.780837][ C0] ^ [ 101.788809][ C0] ffff888057000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.796861][ C0] ffff888057000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 101.804919][ C0] ================================================================== [ 101.812962][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 101.820139][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 101.831752][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.841793][ C0] Call Trace: [ 101.845060][ C0] [ 101.847891][ C0] dump_stack_lvl+0x3d/0x1f0 [ 101.852477][ C0] panic+0x71c/0x800 [ 101.856366][ C0] ? __pfx_panic+0x10/0x10 [ 101.860777][ C0] ? __pfx__printk+0x10/0x10 [ 101.865352][ C0] ? end_report+0x4c/0x170 [ 101.869763][ C0] ? mcp2221_raw_event+0xf94/0x1030 [ 101.874956][ C0] check_panic_on_warn+0xab/0xb0 [ 101.879876][ C0] end_report+0x107/0x170 [ 101.884196][ C0] kasan_report+0xee/0x110 [ 101.888604][ C0] ? mcp2221_raw_event+0xf94/0x1030 [ 101.893798][ C0] mcp2221_raw_event+0xf94/0x1030 [ 101.898836][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 101.904655][ C0] __hid_input_report.constprop.0+0x311/0x450 [ 101.910726][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 101.916183][ C0] hid_irq_in+0x35e/0x870 [ 101.920508][ C0] __usb_hcd_giveback_urb+0x38d/0x6e0 [ 101.925874][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 101.931063][ C0] dummy_timer+0x180e/0x3a20 [ 101.935654][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 101.940590][ C0] ? rcu_is_watching+0x12/0xc0 [ 101.945342][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 101.951140][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 101.956069][ C0] __hrtimer_run_queues+0x1ff/0xad0 [ 101.961286][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 101.967010][ C0] ? read_tsc+0x9/0x20 [ 101.971121][ C0] hrtimer_run_softirq+0x17d/0x350 [ 101.976255][ C0] handle_softirqs+0x219/0x8e0 [ 101.981030][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 101.986324][ C0] __irq_exit_rcu+0x109/0x170 [ 101.991003][ C0] irq_exit_rcu+0x9/0x30 [ 101.995263][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 102.000997][ C0] [ 102.003931][ C0] [ 102.006853][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 102.012845][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 102.018492][ C0] Code: cb 6b 02 e9 83 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 b9 21 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 102.038091][ C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6 [ 102.044234][ C0] RAX: 000000000042cfb9 RBX: 0000000000000000 RCX: ffffffff8b885c99 [ 102.052208][ C0] RDX: 0000000000000000 RSI: ffffffff8de32e47 RDI: ffffffff8c158f60 [ 102.060166][ C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645 [ 102.068123][ C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000 [ 102.076076][ C0] R13: ffffffff8e297780 R14: ffffffff90a98750 R15: 0000000000000000 [ 102.084038][ C0] ? ct_kernel_exit+0x139/0x190 [ 102.088890][ C0] default_idle+0x13/0x20 [ 102.093224][ C0] default_idle_call+0x6d/0xb0 [ 102.097983][ C0] do_idle+0x391/0x510 [ 102.102060][ C0] ? __pfx_do_idle+0x10/0x10 [ 102.106727][ C0] ? trace_sched_exit_tp+0x31/0x130 [ 102.111928][ C0] cpu_startup_entry+0x4f/0x60 [ 102.116683][ C0] rest_init+0x16b/0x2b0 [ 102.120927][ C0] ? acpi_subsystem_init+0x133/0x180 [ 102.126218][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 102.131763][ C0] start_kernel+0x3ee/0x4d0 [ 102.136264][ C0] x86_64_start_reservations+0x18/0x30 [ 102.141717][ C0] x86_64_start_kernel+0x130/0x190 [ 102.146820][ C0] common_startup_64+0x13e/0x148 [ 102.151749][ C0] [ 102.154979][ C0] Kernel Offset: disabled [ 102.159302][ C0] Rebooting in 86400 seconds..