last executing test programs: 14.527785724s ago: executing program 1 (id=178): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new d'], 0x2a, 0xfffffffffffffff9) keyctl$instantiate(0xc, 0x0, 0x0, 0x1d, 0xfffffffffffffffd) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket(0x10, 0x3, 0x0) setitimer(0x1, &(0x7f0000000580)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r4, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x2}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 14.477672579s ago: executing program 4 (id=179): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000005c0)={0x0}) r3 = syz_kvm_add_vcpu$x86(0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r2, 0x3, r0, 0x5}) r5 = socket$inet6(0xa, 0x2, 0xfffffffe) setsockopt$sock_int(r5, 0x1, 0x1, 0x0, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140), 0x21041, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe) 12.744319632s ago: executing program 4 (id=183): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) syz_genetlink_get_family_id$batadv(0x0, r2) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff08000400000000", 0x35}], 0x1) recvmmsg(r3, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x40010000, 0x0) unshare(0x40000080) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002) socketpair$unix(0x1, 0x1, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./mnt\x00', 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0xb4, 0x516f}, &(0x7f0000000180)) openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 12.092567704s ago: executing program 0 (id=185): setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000200)={0x6, 0x0, 0x2, 0x8}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pivot_root(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00') r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r3) sendmsg$NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="6d932bbd70000000000001"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), r3) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r3) r5 = syz_io_uring_setup(0x159b, &(0x7f0000000200)={0x0, 0x9e3e, 0x2, 0x80000, 0x19b}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)=""/113, 0x71}], 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 11.017883871s ago: executing program 0 (id=187): sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x5000002, 0x200000005c831, 0xffffffffffffffff, 0x4000000) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x100, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) recvmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x12000) 10.018922015s ago: executing program 3 (id=188): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0xd) r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef) 9.343574862s ago: executing program 4 (id=189): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000480)=0x200000000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_delroute={0x44, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x80, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @rand_addr=0x64010101}, @RTA_GATEWAY={0x8, 0x5, @empty}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_ID={0xc, 0x1, 0x5}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb010018000000000000000c00d08c0c0000"], 0x0, 0x26, 0x0, 0x1}, 0x28) syz_emit_ethernet(0x0, 0x0, 0x0) getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000003c0), &(0x7f0000000440)=0x4) bind$isdn(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x401, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x1, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) ioctl$TIOCGPGRP(r2, 0x5437, 0x0) fsopen(&(0x7f0000000040)='zonefs\x00', 0x1) 8.343984358s ago: executing program 0 (id=191): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000000)='ubifs\x00', 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) process_mrelease(0xffffffffffffffff, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0d030000000000000000130000001c000980080002"], 0x30}}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) accept4$bt_l2cap(r6, 0x0, &(0x7f00000003c0), 0x180000) sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400e2c9", @ANYRES16=r5, @ANYBLOB="10002bbd7000fedbdf2513000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004081}, 0x48010) sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r2, 0x1, 0x0, 0x0, {0x54}, [{{@nsim={{0xe, 0x2}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 8.269675227s ago: executing program 2 (id=192): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sendmmsg(r2, &(0x7f0000000180), 0x4000190, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000140)={0xb6da, 0xffff4bd9, {}, {0xee01}, 0x1, 0xfffffffffffffff9}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x13, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, 0x94) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) mmap(&(0x7f0000428000/0x1000)=nil, 0x1000, 0x1000002, 0x810, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TIOCSSOFTCAR(r4, 0x541a, 0x0) 7.609407365s ago: executing program 1 (id=193): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x3, 0x7) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000000)={'\x00', 0x7fff, 0xc86, 0x2, 0x3, 0x8}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r7], 0x50}}, 0x2) syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r8}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 7.31783008s ago: executing program 3 (id=194): openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) close(0xffffffffffffffff) r0 = syz_open_procfs(0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x0, 0x2000000, @value}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0xee00, 0x4000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}]}}}]}, 0x3c}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000580), 0x7fffffff, 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a0020400000000700000a00140011007665742651e40e58a92f166964046500080017004e224e24"], 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x4048000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00'], 0x5c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r4, &(0x7f0000000040)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x12) 7.294708322s ago: executing program 4 (id=195): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x8010, 0x100, 0x20004, 0x163}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) r6 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) syz_usb_disconnect(r6) syz_open_dev$sg(0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}}) io_uring_enter(r3, 0x3517, 0x173d, 0x42, 0x0, 0x0) 6.464847103s ago: executing program 2 (id=196): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$usbfs(&(0x7f0000000440), 0x20a, 0x8401) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') timer_create(0x1, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000000010104000000000000000002000000240001801400018008000100e0000001080002"], 0x78}}, 0x8084) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000005e43bb387ffa6532000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) 6.344248282s ago: executing program 1 (id=197): r0 = socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xd}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x68) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="746172676574205043493a303a383a31662e3100811faee540d35c1db7d4d634951b838b8122b49435fbd1401a17db03aabcc23ea4cc149681153151ff9b9e2678dcf5fd3a443da152"], 0x14) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001"], 0x0) syz_usb_disconnect(r2) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x14, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}}, 0x14}}, 0x0) readv(r1, &(0x7f00000013c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000001440)=""/202, 0xca}, {&(0x7f0000001540)=""/83, 0x53}], 0x3) faccessat2(0xffffffffffffffff, &(0x7f0000001400)='\x00', 0x0, 0x1100) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r3, 0xffffffffffffffff, 0x0) 5.859288691s ago: executing program 3 (id=198): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x3) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x40) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWCHAIN={0x14}], {0x14}}, 0xa4}}, 0x0) sendmsg$nl_generic(r0, 0x0, 0xc000) 5.090349693s ago: executing program 0 (id=199): pipe(0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r3 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, 0x0, 0x0) personality(0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x70bd26, 0x25dfdbfc, {}, [@IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8001}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) 4.815438939s ago: executing program 2 (id=200): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket(0xa, 0x3, 0x87) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={@remote, 0x78, r2}) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x8936, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28) shutdown(r0, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0xffffffff004) socket$netlink(0x10, 0x3, 0x4) write$RDMA_USER_CM_CMD_REJECT(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) r5 = syz_clone(0x23802400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r5, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 4.125628624s ago: executing program 4 (id=201): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000012c0)={[0xfffffffffffffc07]}, 0x8, 0x800) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000001340)={0x2, &(0x7f0000001300)=[{0x1, 0x80, 0x85, 0x4}, {0x2, 0xd, 0x4, 0x80}]}) set_tid_address(0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x1ff, 0xffffffffffffffff, 'id0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000001100), 0xffffffffffffffff) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001240), 0xc0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000001400)=0x100) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x2, "19fde941"}]}}, 0x0}, 0x0) syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, &(0x7f00000004c0)={0x24, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000300000012033244160107cc129373fa0ac690cb049a00"], 0x0, 0x0}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="7801000010000100fcf7ff0700000000ac1414bb00000000000000000000000000000000000000000000000000000001000200004e2000500200200016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000f0ff00aafffffffc33000000ac1414aa00000000000000000000000003000000000000000400000000000000000000000000000000000000f0000000000000000000000004000000000000000000000000000000ffffffffffffffff000000805600000000000000000000000000000000000000000001000000000001040000090000000100000000000000000000000a00010090000000000000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x178}, 0x1, 0x0, 0x0, 0x20008000}, 0x24000058) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4) 3.804821148s ago: executing program 3 (id=202): ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, 0x0) open(&(0x7f0000000600)='./file0\x00', 0x8060, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000000080)}}], 0x1, 0x4048884) 3.681278108s ago: executing program 0 (id=203): r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(r2, 0x0, 0x0, 0xfffffe04, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x300) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) 2.943726269s ago: executing program 2 (id=204): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) socket$inet6(0xa, 0x3, 0x4) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) getpgid(0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r3}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r4, 0x4, 0x2000) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x18c6) 2.769838564s ago: executing program 3 (id=205): ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb45, 0x100000000, 0x8, 0x0, 0x3}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0xf0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 2.71113667s ago: executing program 1 (id=206): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = fanotify_init(0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, &(0x7f00000007c0)=0x10) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2}) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) r5 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc0b02) ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000d40)={0x0, 0x1, 0x4, 0x0, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059"}) ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000140)={0x100000000, 0x800, 0xf, 0x80000001, 0xfe1c, 0x6, "72aba977db089b65fdfdc5bd97abc350", 0x74, 0x3, 0xa7, 0x7, 0x8, 0x7, 0x29}) r6 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x5, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]}) close_range(r0, 0xffffffffffffffff, 0x0) 1.835044517s ago: executing program 3 (id=207): socket$nl_audit(0x10, 0x3, 0x9) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@cgroup, 0xffffffffffffffff, 0x37, 0x2005}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000) mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil) socket$netlink(0x10, 0x3, 0x12) lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00') madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.771498417s ago: executing program 1 (id=208): syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r0 = socket$tipc(0x1e, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000010000008500000086000000850000005000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x5) bind$tipc(r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x4, 0x5}]}, @type_tag={0x7, 0x0, 0x0, 0x12, 0x5}, @func_proto, @func_proto, @fwd={0x8}]}}, 0x0, 0x5e, 0x0, 0x1, 0x7}, 0x28) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r6}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r7, r6, 0x25, 0x4, @void}, 0x10) 1.766626556s ago: executing program 2 (id=209): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r4, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) listen(r4, 0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000004c0)='./file0\x00') mount(0x0, 0x0, 0x0, 0x2200020, 0x0) accept$netrom(r4, 0x0, 0x0) 775.808677ms ago: executing program 0 (id=210): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mq_open(&(0x7f00000000c0)='ns\xbf\x12\xe1\v\xc8E\xe0\x80r\x917kj\x9cL\xceZ\x99\xf8Q%#-\xd3\xd2\x13\xe8\xdc\xe1\xfd\xde\xef\xf2\xa7\xd2\xab\x97\xc2e\'\xfc\x10\x85\x03\x00\x00\x002\xb80\x10_\\KA\x97\xb7.[O\xd56\xec^F\xdfT\xda\x9817\"\xf5h\xc0\xf8\a\x9e\xce\xa9&\xffq\xebA\x98\x96~\x17|\xc9xR\\z\x9a\x8cRJ\x85\\u\xb2\\\xedB4\xb5z\xbb\xee\xbd\x96\x19\xd1\x98\xeb\xe8\xc1u\x8b\xf8hc\x81#\r\xe8\xf8%\xd9\x7f\r\x12M\x00', 0x40, 0x9, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, &(0x7f00001e3000)=""/30, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc000) read$dsp(r2, &(0x7f00000001c0)=""/95, 0x5f) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x7101}) socket$packet(0x11, 0x3, 0x300) 770.971643ms ago: executing program 2 (id=211): r0 = syz_io_uring_setup(0x131, &(0x7f0000000340)={0x0, 0x3f3f, 0x2, 0x0, 0x7fbfbffd}, &(0x7f0000000140)=0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfe33) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r4, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000000)=0x9, 0x4) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_INITSTATE(r5, 0x113, 0x4, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) io_uring_enter(r0, 0x1e76, 0xf728, 0xd, 0x0, 0x18) 29.09541ms ago: executing program 1 (id=212): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) r3 = dup(r2) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1800000011146d7700000000000000e40700"], 0x18}}, 0x8000) ioctl$VIDIOC_G_EDID(0xffffffffffffffff, 0xc0285628, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) r5 = syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x800334e, 0x10, 0x3, 0x800}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185500, 0x12345}) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) io_uring_enter(r5, 0x7277, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r8, 0x54a0) 0s ago: executing program 4 (id=213): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) open$dir(&(0x7f00000001c0)='./file1\x00', 0x800c1, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0xc0189436, &(0x7f0000000140)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. [ 56.073717][ T30] audit: type=1400 audit(1759624498.999:62): avc: denied { mounton } for pid=5806 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 56.097304][ T30] audit: type=1400 audit(1759624499.019:63): avc: denied { mount } for pid=5806 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.099695][ T5806] cgroup: Unknown subsys name 'net' [ 56.125934][ T30] audit: type=1400 audit(1759624499.049:64): avc: denied { unmount } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.224242][ T5806] cgroup: Unknown subsys name 'cpuset' [ 56.232129][ T5806] cgroup: Unknown subsys name 'rlimit' [ 56.386310][ T30] audit: type=1400 audit(1759624499.309:65): avc: denied { setattr } for pid=5806 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=819 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 56.409749][ T30] audit: type=1400 audit(1759624499.309:66): avc: denied { create } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.439672][ T30] audit: type=1400 audit(1759624499.309:67): avc: denied { write } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.462086][ T30] audit: type=1400 audit(1759624499.309:68): avc: denied { read } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.482557][ T30] audit: type=1400 audit(1759624499.339:69): avc: denied { mounton } for pid=5806 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 56.507952][ T30] audit: type=1400 audit(1759624499.339:70): avc: denied { mount } for pid=5806 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 56.510237][ T5808] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 56.531487][ T30] audit: type=1400 audit(1759624499.359:71): avc: denied { read } for pid=5488 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 57.492088][ T5806] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.312564][ T5818] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.320561][ T5818] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.328086][ T5818] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.336231][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.343731][ T5818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.395910][ T5818] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.403608][ T5818] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.411915][ T5818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.426348][ T5818] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.433827][ T5818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.503554][ T5818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.511349][ T5818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.518790][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.527100][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.538183][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.553865][ T5144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.561728][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.569833][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.577673][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 59.585727][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 59.593371][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 59.602181][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 59.610060][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.617636][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.624993][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 59.828182][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 59.867282][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 60.003292][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.010353][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.018055][ T5816] bridge_slave_0: entered allmulticast mode [ 60.025106][ T5816] bridge_slave_0: entered promiscuous mode [ 60.048413][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.055555][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.062720][ T5816] bridge_slave_1: entered allmulticast mode [ 60.069346][ T5816] bridge_slave_1: entered promiscuous mode [ 60.095407][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.102546][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.109635][ T5819] bridge_slave_0: entered allmulticast mode [ 60.116399][ T5819] bridge_slave_0: entered promiscuous mode [ 60.138368][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.147586][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.154778][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.161923][ T5819] bridge_slave_1: entered allmulticast mode [ 60.168477][ T5819] bridge_slave_1: entered promiscuous mode [ 60.184338][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.246269][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.265347][ T5816] team0: Port device team_slave_0 added [ 60.291760][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.305702][ T5816] team0: Port device team_slave_1 added [ 60.359960][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.367490][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.393729][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.436150][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.443308][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.469661][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.487336][ T5819] team0: Port device team_slave_0 added [ 60.496286][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 60.516124][ T5819] team0: Port device team_slave_1 added [ 60.526008][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 60.579879][ T5816] hsr_slave_0: entered promiscuous mode [ 60.586000][ T5816] hsr_slave_1: entered promiscuous mode [ 60.606036][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 60.631010][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.637951][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.663838][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.689799][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.696766][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.722971][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.806045][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.813379][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.820849][ T5821] bridge_slave_0: entered allmulticast mode [ 60.827540][ T5821] bridge_slave_0: entered promiscuous mode [ 60.846570][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.853686][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.861031][ T5822] bridge_slave_0: entered allmulticast mode [ 60.867621][ T5822] bridge_slave_0: entered promiscuous mode [ 60.882372][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.889503][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.897019][ T5821] bridge_slave_1: entered allmulticast mode [ 60.904126][ T5821] bridge_slave_1: entered promiscuous mode [ 60.926542][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.933974][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.941228][ T5822] bridge_slave_1: entered allmulticast mode [ 60.947895][ T5822] bridge_slave_1: entered promiscuous mode [ 60.988712][ T5819] hsr_slave_0: entered promiscuous mode [ 60.994845][ T5819] hsr_slave_1: entered promiscuous mode [ 61.001444][ T5819] debugfs: 'hsr0' already exists in 'hsr' [ 61.007213][ T5819] Cannot create hsr debugfs directory [ 61.014396][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.043778][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.053377][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.060593][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.067686][ T5827] bridge_slave_0: entered allmulticast mode [ 61.074653][ T5827] bridge_slave_0: entered promiscuous mode [ 61.086399][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.119556][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.126870][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.134063][ T5827] bridge_slave_1: entered allmulticast mode [ 61.140762][ T5827] bridge_slave_1: entered promiscuous mode [ 61.160973][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.174589][ T5821] team0: Port device team_slave_0 added [ 61.205497][ T5821] team0: Port device team_slave_1 added [ 61.217051][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.262044][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.277823][ T5822] team0: Port device team_slave_0 added [ 61.288537][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.295634][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.321674][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.353499][ T5822] team0: Port device team_slave_1 added [ 61.362700][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.369633][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.395825][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.406986][ T52] Bluetooth: hci0: command tx timeout [ 61.417626][ T5827] team0: Port device team_slave_0 added [ 61.447399][ T5827] team0: Port device team_slave_1 added [ 61.454334][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.461743][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.471635][ T52] Bluetooth: hci1: command tx timeout [ 61.487884][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.530849][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.537777][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.564422][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.591748][ T5821] hsr_slave_0: entered promiscuous mode [ 61.597734][ T5821] hsr_slave_1: entered promiscuous mode [ 61.603812][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 61.609513][ T5821] Cannot create hsr debugfs directory [ 61.630614][ T52] Bluetooth: hci2: command tx timeout [ 61.642423][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.649352][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.675868][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.710763][ T52] Bluetooth: hci3: command tx timeout [ 61.710767][ T5818] Bluetooth: hci4: command tx timeout [ 61.722898][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.729824][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.756049][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.806630][ T5822] hsr_slave_0: entered promiscuous mode [ 61.813156][ T5822] hsr_slave_1: entered promiscuous mode [ 61.818991][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 61.824905][ T5822] Cannot create hsr debugfs directory [ 61.887545][ T5816] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.901321][ T5816] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.918840][ T5827] hsr_slave_0: entered promiscuous mode [ 61.924986][ T5827] hsr_slave_1: entered promiscuous mode [ 61.931077][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 61.936785][ T5827] Cannot create hsr debugfs directory [ 61.945828][ T5816] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.956198][ T5816] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.071998][ T5819] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.103573][ T5819] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.115424][ T5819] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.135475][ T5819] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.235456][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.245892][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.254995][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.263805][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.362977][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.372261][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.397291][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.420299][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.442194][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.458736][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.469544][ T5827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.479075][ T5827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.488458][ T5827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.497784][ T5827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.542384][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.551988][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.580174][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.587365][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.609732][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.616829][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.626771][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.633844][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.656636][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.663820][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.686311][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.725663][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.759004][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.766084][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.788975][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.828347][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.835475][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.846878][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 62.846891][ T30] audit: type=1400 audit(1759624505.769:86): avc: denied { sys_module } for pid=5816 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 62.853315][ T5819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.903129][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.967838][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.000260][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.007414][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.042814][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.051157][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.058253][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.088378][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.095504][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.153120][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.160235][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.213038][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.225045][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.288627][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.379449][ T5816] veth0_vlan: entered promiscuous mode [ 63.437900][ T5816] veth1_vlan: entered promiscuous mode [ 63.459340][ T5821] veth0_vlan: entered promiscuous mode [ 63.475048][ T5818] Bluetooth: hci0: command tx timeout [ 63.495967][ T5821] veth1_vlan: entered promiscuous mode [ 63.560291][ T5816] veth0_macvtap: entered promiscuous mode [ 63.566761][ T5818] Bluetooth: hci1: command tx timeout [ 63.575747][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.592525][ T5816] veth1_macvtap: entered promiscuous mode [ 63.634036][ T5821] veth0_macvtap: entered promiscuous mode [ 63.645946][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.669683][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.684646][ T5821] veth1_macvtap: entered promiscuous mode [ 63.693573][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.710452][ T5819] veth0_vlan: entered promiscuous mode [ 63.716107][ T5818] Bluetooth: hci2: command tx timeout [ 63.729356][ T1083] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.738837][ T1083] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.760040][ T1083] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.769410][ T1083] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.788089][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.796087][ T5818] Bluetooth: hci4: command tx timeout [ 63.800770][ T52] Bluetooth: hci3: command tx timeout [ 63.808699][ T5819] veth1_vlan: entered promiscuous mode [ 63.832203][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.850209][ T5906] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.865451][ T5906] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.893355][ T5906] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.903772][ T5906] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.915963][ T5827] veth0_vlan: entered promiscuous mode [ 63.954868][ T5827] veth1_vlan: entered promiscuous mode [ 63.962684][ T5822] veth0_vlan: entered promiscuous mode [ 63.976852][ T5906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.993747][ T5906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.017315][ T5822] veth1_vlan: entered promiscuous mode [ 64.052933][ T5827] veth0_macvtap: entered promiscuous mode [ 64.072478][ T5819] veth0_macvtap: entered promiscuous mode [ 64.079299][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.088097][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.092435][ T5819] veth1_macvtap: entered promiscuous mode [ 64.113273][ T30] audit: type=1400 audit(1759624507.039:87): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/root/syzkaller.W7G5s8/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 64.121961][ T5827] veth1_macvtap: entered promiscuous mode [ 64.152242][ T30] audit: type=1400 audit(1759624507.069:88): avc: denied { mount } for pid=5816 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 64.163743][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.183947][ T30] audit: type=1400 audit(1759624507.069:89): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/root/syzkaller.W7G5s8/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 64.187553][ T5822] veth0_macvtap: entered promiscuous mode [ 64.210992][ T30] audit: type=1400 audit(1759624507.069:90): avc: denied { mount } for pid=5816 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 64.239028][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.248651][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.251406][ T5816] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 64.272356][ T30] audit: type=1400 audit(1759624507.069:91): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/root/syzkaller.W7G5s8/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 64.285747][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.306571][ T30] audit: type=1400 audit(1759624507.069:92): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/root/syzkaller.W7G5s8/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7317 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 64.338752][ T30] audit: type=1400 audit(1759624507.079:93): avc: denied { unmount } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 64.338941][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.362021][ T30] audit: type=1400 audit(1759624507.109:94): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 64.401325][ T30] audit: type=1400 audit(1759624507.109:95): avc: denied { mount } for pid=5816 comm="syz-executor" name="/" dev="gadgetfs" ino=7318 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 64.415375][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.429826][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.442445][ T5822] veth1_macvtap: entered promiscuous mode [ 64.486368][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.495532][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.663152][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.671724][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.672121][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.709042][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.729637][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.738717][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.751511][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.325599][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.340578][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.394778][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.409373][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.423721][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.485889][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.502617][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.512887][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.610512][ T52] Bluetooth: hci0: command tx timeout [ 65.617642][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.625789][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.635241][ T52] Bluetooth: hci1: command tx timeout [ 65.679544][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.693403][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.702438][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.795496][ T52] Bluetooth: hci2: command tx timeout [ 65.870527][ T52] Bluetooth: hci4: command tx timeout [ 65.880711][ T52] Bluetooth: hci3: command tx timeout [ 66.129758][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.208853][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.228903][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.278155][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.288261][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.465725][ T2148] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 66.743831][ T2148] usb 2-1: Using ep0 maxpacket: 32 [ 66.894474][ T2148] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 66.903200][ T2148] usb 2-1: config 0 has no interface number 0 [ 66.909368][ T2148] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 66.923713][ T2148] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 66.933931][ T2148] usb 2-1: config 0 interface 85 has no altsetting 0 [ 66.943479][ T2148] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 66.952948][ T2148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.961192][ T2148] usb 2-1: Product: syz [ 66.965788][ T2148] usb 2-1: Manufacturer: syz [ 66.970703][ T2148] usb 2-1: SerialNumber: syz [ 67.056329][ T2148] usb 2-1: config 0 descriptor?? [ 67.632997][ T52] Bluetooth: hci0: command tx timeout [ 67.651864][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 67.661132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 67.669378][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 67.681250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 67.690446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.711152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.749816][ T52] Bluetooth: hci1: command tx timeout [ 67.860700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.890452][ T52] Bluetooth: hci2: command tx timeout [ 67.960632][ T52] Bluetooth: hci3: command tx timeout [ 67.962898][ T5818] Bluetooth: hci4: command tx timeout [ 68.027695][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 68.027711][ T30] audit: type=1400 audit(1759624510.949:137): avc: denied { read write } for pid=5957 comm="syz.3.9" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 68.236285][ T5960] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.265529][ T30] audit: type=1400 audit(1759624510.949:138): avc: denied { open } for pid=5957 comm="syz.3.9" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 68.319510][ T5966] netlink: 277 bytes leftover after parsing attributes in process `syz.3.9'. [ 68.390721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.430879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 68.450435][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 68.673550][ T30] audit: type=1400 audit(1759624510.959:139): avc: denied { getopt } for pid=5957 comm="syz.3.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 68.751866][ T2148] appletouch 2-1:0.85: Failed to read mode from device. [ 68.761660][ T30] audit: type=1400 audit(1759624510.999:140): avc: denied { read } for pid=5959 comm="syz.0.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 68.961454][ T2148] appletouch 2-1:0.85: probe with driver appletouch failed with error -5 [ 69.062487][ T5973] NILFS (loop2): device size too small [ 69.420076][ T30] audit: type=1400 audit(1759624510.999:141): avc: denied { open } for pid=5959 comm="syz.0.10" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 69.447217][ T2148] usb 2-1: USB disconnect, device number 2 [ 69.490517][ T30] audit: type=1400 audit(1759624511.009:142): avc: denied { ioctl } for pid=5959 comm="syz.0.10" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 69.869942][ T30] audit: type=1400 audit(1759624511.159:143): avc: denied { read } for pid=5959 comm="syz.0.10" name="card1" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 69.925904][ T30] audit: type=1400 audit(1759624511.159:144): avc: denied { open } for pid=5959 comm="syz.0.10" path="/dev/dri/card1" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 69.953598][ T30] audit: type=1400 audit(1759624511.159:145): avc: denied { create } for pid=5959 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 69.973675][ T30] audit: type=1400 audit(1759624511.239:146): avc: denied { create } for pid=5957 comm="syz.3.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 70.298582][ T5984] netlink: 260 bytes leftover after parsing attributes in process `syz.1.13'. [ 70.307632][ T5984] netlink: 260 bytes leftover after parsing attributes in process `syz.1.13'. [ 70.399295][ T5985] kernel profiling enabled (shift: 17) [ 70.922432][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.928832][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.169575][ T5994] netlink: 'syz.4.16': attribute type 9 has an invalid length. [ 71.179799][ T5995] netlink: 'syz.0.14': attribute type 4 has an invalid length. [ 71.196556][ T5995] netlink: 17 bytes leftover after parsing attributes in process `syz.0.14'. [ 71.218134][ T5994] warning: `syz.4.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 72.206472][ T5999] pimreg: entered allmulticast mode [ 73.301417][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 73.557089][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 73.601443][ T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 73.609526][ T9] usb 4-1: config 0 has no interface number 0 [ 74.062765][ T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 74.072104][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.080359][ T9] usb 4-1: Product: syz [ 74.086110][ T9] usb 4-1: Manufacturer: syz [ 74.091847][ T9] usb 4-1: SerialNumber: syz [ 74.102647][ T9] usb 4-1: config 0 descriptor?? [ 74.112492][ T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 74.153708][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 74.153722][ T30] audit: type=1400 audit(1759624517.079:164): avc: denied { write } for pid=6020 comm="syz.2.22" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.191867][ T30] audit: type=1400 audit(1759624517.109:165): avc: denied { append } for pid=6020 comm="syz.2.22" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.536261][ T30] audit: type=1400 audit(1759624517.459:166): avc: denied { ioctl } for pid=6030 comm="syz.4.25" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 74.614639][ T6031] binder: 6030:6031 ioctl c0306201 0 returned -14 [ 74.633650][ T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 74.646289][ T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 74.659746][ T30] audit: type=1400 audit(1759624517.459:167): avc: denied { set_context_mgr } for pid=6030 comm="syz.4.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 74.725380][ T30] audit: type=1400 audit(1759624517.539:168): avc: denied { map } for pid=6030 comm="syz.4.25" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 74.889317][ T6038] binder: 6030:6038 ioctl c0306201 0 returned -14 [ 74.910570][ T30] audit: type=1400 audit(1759624517.609:169): avc: denied { setopt } for pid=6030 comm="syz.4.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 75.093033][ T5895] IPVS: starting estimator thread 0... [ 75.419101][ T30] audit: type=1400 audit(1759624517.799:170): avc: denied { setopt } for pid=6035 comm="syz.2.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 75.438515][ T30] audit: type=1400 audit(1759624517.909:171): avc: denied { setopt } for pid=6035 comm="syz.2.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.457786][ T30] audit: type=1400 audit(1759624517.929:172): avc: denied { mount } for pid=6035 comm="syz.2.26" name="/" dev="ramfs" ino=9268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 75.680487][ T6041] IPVS: using max 42 ests per chain, 100800 per kthread [ 75.703454][ T6039] evm: overlay not supported [ 75.730111][ T30] audit: type=1400 audit(1759624518.559:173): avc: denied { unmount } for pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 76.111623][ T6013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.141730][ T6013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.437753][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 76.470929][ T5894] usb 4-1: USB disconnect, device number 2 [ 76.506495][ T5894] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 76.629725][ T5894] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 76.689855][ T5894] quatech2 4-1:0.51: device disconnected [ 77.057269][ T6056] /dev/sg0: Can't lookup blockdev [ 77.086139][ T6056] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[6056] [ 79.348051][ T5818] Bluetooth: hci3: command 0x0406 tx timeout [ 79.701162][ T6083] netlink: 24 bytes leftover after parsing attributes in process `syz.1.35'. [ 79.830486][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 79.830525][ T30] audit: type=1400 audit(1759624522.689:188): avc: denied { write } for pid=6079 comm="syz.3.34" name="001" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 80.248013][ T6097] netlink: 32 bytes leftover after parsing attributes in process `syz.1.35'. [ 81.211841][ T5881] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 81.224417][ T42] cfg80211: failed to load regulatory.db [ 81.542775][ T5881] usb 2-1: device descriptor read/64, error -71 [ 81.827929][ T30] audit: type=1400 audit(1759624524.739:189): avc: denied { open } for pid=6135 comm="syz.4.41" path="/dev/ptyqc" dev="devtmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 81.860522][ T5881] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 81.892006][ T6125] Bluetooth: MGMT ver 1.23 [ 82.039489][ T30] audit: type=1400 audit(1759624524.799:190): avc: denied { create } for pid=6104 comm="syz.3.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.059259][ T30] audit: type=1400 audit(1759624524.799:191): avc: denied { bind } for pid=6123 comm="syz.0.39" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 82.200877][ T6143] netlink: 'syz.2.40': attribute type 4 has an invalid length. [ 82.526902][ T30] audit: type=1400 audit(1759624524.799:192): avc: denied { connect } for pid=6104 comm="syz.3.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.579901][ T30] audit: type=1400 audit(1759624524.819:193): avc: denied { write } for pid=6123 comm="syz.0.39" path="socket:[8848]" dev="sockfs" ino=8848 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 82.604324][ T5881] usb 2-1: device descriptor read/64, error -71 [ 82.782772][ T5881] usb usb2-port1: attempt power cycle [ 82.899219][ T30] audit: type=1400 audit(1759624525.119:194): avc: denied { ioctl } for pid=6122 comm="syz.2.40" path="socket:[9402]" dev="sockfs" ino=9402 ioctlcmd=0x8955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 83.018875][ T30] audit: type=1400 audit(1759624525.489:195): avc: denied { ioctl } for pid=6135 comm="syz.4.41" path="/dev/ptyqc" dev="devtmpfs" ino=130 ioctlcmd=0x5420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 83.812353][ T30] audit: type=1400 audit(1759624526.719:196): avc: denied { create } for pid=6144 comm="syz.0.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 83.857736][ T30] audit: type=1400 audit(1759624526.719:197): avc: denied { write } for pid=6144 comm="syz.0.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 84.387361][ T6172] vxcan1: entered allmulticast mode [ 85.670858][ T6174] netlink: 'syz.1.47': attribute type 9 has an invalid length. [ 86.524902][ T6187] netlink: 'syz.4.49': attribute type 1 has an invalid length. [ 88.442063][ T6197] Driver unsupported XDP return value 0 on prog (id 12) dev N/A, expect packet loss! [ 90.900450][ T6221] [U] 1WT`8H$09\ [ 90.911176][ T6221] [U] ;2}UGVĥ#O9ե>-ߴSݢP [ 90.931388][ T6221] [U] 4XZ^Y)MC. OȞPOW [ 90.937641][ T6221] [U] ä%Z [ 91.240421][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 91.240436][ T30] audit: type=1400 audit(1759624534.109:202): avc: denied { wake_alarm } for pid=6217 comm="syz.0.57" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 91.901024][ T6231] Zero length message leads to an empty skb [ 92.477740][ T6224] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 92.484545][ T6224] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 92.600747][ T6214] [U] 8`}[TJ#Z~3µݥI~D [ 92.625272][ T6224] vhci_hcd vhci_hcd.0: Device attached [ 92.698082][ T6230] vhci_hcd: connection closed [ 92.699437][ T6117] vhci_hcd: stop threads [ 92.765862][ T6117] vhci_hcd: release socket [ 92.771305][ T6117] vhci_hcd: disconnect device [ 92.792782][ T6237] capability: warning: `syz.0.61' uses 32-bit capabilities (legacy support in use) [ 92.830144][ T5881] vhci_hcd: vhci_device speed not set [ 92.850178][ T30] audit: type=1400 audit(1759624535.769:203): avc: denied { create } for pid=6239 comm="syz.4.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 93.188865][ T6246] netlink: 48 bytes leftover after parsing attributes in process `syz.1.62'. [ 93.219029][ T6240] tipc: Started in network mode [ 93.224078][ T6240] tipc: Node identity 4, cluster identity 4711 [ 93.230235][ T6240] tipc: Node number set to 4 [ 94.079719][ T30] audit: type=1400 audit(1759624536.139:204): avc: denied { setopt } for pid=6239 comm="syz.4.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 94.101662][ T30] audit: type=1400 audit(1759624536.169:205): avc: denied { write } for pid=6239 comm="syz.4.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 95.247298][ T30] audit: type=1400 audit(1759624537.999:206): avc: denied { mounton } for pid=6250 comm="syz.4.66" path="/14/file0" dev="tmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 95.621023][ T30] audit: type=1400 audit(1759624538.519:207): avc: denied { create } for pid=6251 comm="syz.1.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 95.960283][ T6257] batman_adv: batadv0: Adding interface: gretap1 [ 95.966760][ T6257] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.104966][ T6267] PKCS8: Unsupported PKCS#8 version [ 96.643411][ T6257] batman_adv: batadv0: Interface activated: gretap1 [ 98.123096][ T6316] mmap: syz.2.72 (6316) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 98.401279][ T6321] tipc: Can't bind to reserved service type 0 [ 98.443967][ T30] audit: type=1400 audit(1759624541.329:208): avc: denied { bind } for pid=6319 comm="syz.3.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 99.260625][ T30] audit: type=1400 audit(1759624542.179:209): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 99.437987][ T30] audit: type=1326 audit(1759624542.339:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.473203][ T30] audit: type=1326 audit(1759624542.339:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.551081][ T30] audit: type=1326 audit(1759624542.369:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.675481][ T30] audit: type=1326 audit(1759624542.369:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.698756][ T30] audit: type=1326 audit(1759624542.369:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.730508][ T30] audit: type=1326 audit(1759624542.469:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.754002][ T30] audit: type=1326 audit(1759624542.469:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5c658eec9 code=0x7ffc0000 [ 100.853543][ T6335] audit: audit_backlog=65 > audit_backlog_limit=64 [ 101.860458][ T42] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 103.124364][ T42] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.161962][ T42] usb 2-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16 [ 103.240930][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.349789][ T42] usb 2-1: Product: syz [ 103.358613][ T42] usb 2-1: Manufacturer: syz [ 103.391653][ T42] usb 2-1: SerialNumber: syz [ 103.398264][ T42] usb 2-1: config 0 descriptor?? [ 103.460722][ T42] mvusb_mdio 2-1:0.0: probe with driver mvusb_mdio failed with error -5 [ 103.469114][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 103.469123][ T30] audit: type=1400 audit(1759624546.389:286): avc: denied { write } for pid=6355 comm="syz.2.80" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 103.690687][ T30] audit: type=1400 audit(1759624546.389:287): avc: denied { open } for pid=6355 comm="syz.2.80" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 103.842586][ T30] audit: type=1400 audit(1759624546.589:288): avc: denied { setopt } for pid=6336 comm="syz.1.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 104.028621][ T30] audit: type=1400 audit(1759624546.609:289): avc: denied { write } for pid=6355 comm="syz.2.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 104.777294][ T5937] usb 2-1: USB disconnect, device number 6 [ 106.295706][ T30] audit: type=1400 audit(1759624549.139:290): avc: denied { getopt } for pid=6379 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 106.519007][ T30] audit: type=1400 audit(1759624549.349:291): avc: denied { bind } for pid=6384 comm="syz.2.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 106.978765][ T30] audit: type=1400 audit(1759624549.599:292): avc: denied { bind } for pid=6380 comm="syz.1.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 107.183751][ T30] audit: type=1400 audit(1759624549.599:293): avc: denied { name_bind } for pid=6380 comm="syz.1.86" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 107.245997][ T30] audit: type=1400 audit(1759624549.599:294): avc: denied { node_bind } for pid=6380 comm="syz.1.86" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 107.722738][ T30] audit: type=1400 audit(1759624549.599:295): avc: denied { write } for pid=6380 comm="syz.1.86" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 109.232458][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 109.232474][ T30] audit: type=1400 audit(1759624551.759:299): avc: denied { read } for pid=6401 comm="syz.2.92" name="ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 109.267372][ T30] audit: type=1400 audit(1759624551.759:300): avc: denied { open } for pid=6401 comm="syz.2.92" path="/dev/ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 109.290236][ C1] vkms_vblank_simulate: vblank timer overrun [ 109.962554][ T30] audit: type=1400 audit(1759624551.769:301): avc: denied { setopt } for pid=6401 comm="syz.2.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 110.373528][ T6419] netlink: 136 bytes leftover after parsing attributes in process `syz.2.94'. [ 110.382991][ T6419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.94'. [ 110.762751][ T30] audit: type=1400 audit(1759624553.279:302): avc: denied { mount } for pid=6411 comm="syz.2.94" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 110.888593][ T30] audit: type=1400 audit(1759624553.809:303): avc: denied { read } for pid=6408 comm="syz.0.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 110.889073][ T6417] sit1: entered allmulticast mode [ 110.978595][ T30] audit: type=1400 audit(1759624553.899:304): avc: denied { unmount } for pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 111.555661][ T30] audit: type=1400 audit(1759624554.459:305): avc: denied { load_policy } for pid=6413 comm="syz.1.95" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 111.599191][ T6427] netlink: 80 bytes leftover after parsing attributes in process `syz.1.95'. [ 111.662387][ T6429] netlink: 32 bytes leftover after parsing attributes in process `syz.2.97'. [ 112.086953][ T30] audit: type=1400 audit(1759624555.009:306): avc: denied { bind } for pid=6413 comm="syz.1.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 112.106090][ C1] vkms_vblank_simulate: vblank timer overrun [ 112.160132][ T6420] SELinux: failed to load policy [ 112.228468][ T30] audit: type=1400 audit(1759624555.009:307): avc: denied { name_bind } for pid=6413 comm="syz.1.95" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 112.258129][ T30] audit: type=1400 audit(1759624555.009:308): avc: denied { node_bind } for pid=6413 comm="syz.1.95" saddr=ff01::1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 112.836398][ T6435] tmpfs: Unknown parameter 'usrquota [ 112.836398][ T6435] lo' [ 114.064223][ T6450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.103'. [ 114.610642][ T6449] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 115.013418][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 115.013434][ T30] audit: type=1400 audit(1759624557.939:319): avc: denied { read } for pid=6456 comm="syz.2.105" name="loop-control" dev="devtmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 115.111069][ T30] audit: type=1400 audit(1759624557.939:320): avc: denied { open } for pid=6456 comm="syz.2.105" path="/dev/loop-control" dev="devtmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 115.328815][ T6461] netlink: 132 bytes leftover after parsing attributes in process `syz.2.105'. [ 116.646972][ T30] audit: type=1400 audit(1759624558.259:321): avc: denied { ioctl } for pid=6456 comm="syz.2.105" path="/dev/loop-control" dev="devtmpfs" ino=645 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 118.620504][ T9] Process accounting resumed [ 118.635024][ T30] audit: type=1400 audit(1759624561.529:322): avc: denied { setopt } for pid=6466 comm="syz.2.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 119.090988][ T6489] input: syz0 as /devices/virtual/input/input7 [ 119.147412][ T30] audit: type=1400 audit(1759624562.049:323): avc: denied { read } for pid=5178 comm="acpid" name="event4" dev="devtmpfs" ino=2810 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 119.780664][ T30] audit: type=1400 audit(1759624562.049:324): avc: denied { open } for pid=5178 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2810 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.634714][ T30] audit: type=1400 audit(1759624562.049:325): avc: denied { ioctl } for pid=5178 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2810 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.770487][ T30] audit: type=1400 audit(1759624562.759:326): avc: denied { search } for pid=6490 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 120.796151][ T30] audit: type=1400 audit(1759624562.759:327): avc: denied { search } for pid=6490 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1830 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.011273][ T30] audit: type=1400 audit(1759624562.759:328): avc: denied { search } for pid=6490 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1834 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.114313][ T30] audit: type=1400 audit(1759624562.759:329): avc: denied { search } for pid=6490 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.260414][ T30] audit: type=1400 audit(1759624562.789:330): avc: denied { read open } for pid=6496 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.302179][ T6519] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 121.630596][ T30] audit: type=1400 audit(1759624562.789:331): avc: denied { getattr } for pid=6496 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 121.806518][ T30] audit: type=1400 audit(1759624562.789:332): avc: denied { getattr } for pid=6496 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1873 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 122.199173][ T30] audit: type=1400 audit(1759624563.799:333): avc: denied { read } for pid=6505 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1873 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 122.608983][ T30] audit: type=1400 audit(1759624563.799:334): avc: denied { open } for pid=6505 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1873 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 122.752441][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 123.135943][ T5950] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 123.204560][ T5950] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 123.435165][ T6537] netlink: 116 bytes leftover after parsing attributes in process `syz.0.119'. [ 123.814868][ T6547] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 125.752192][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.807259][ T5950] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 125.826638][ T5950] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 125.843940][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 125.843954][ T30] audit: type=1400 audit(1759624568.769:350): avc: denied { create } for pid=6558 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.060708][ T30] audit: type=1400 audit(1759624568.829:351): avc: denied { read } for pid=6558 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.306165][ T30] audit: type=1400 audit(1759624568.929:352): avc: denied { connect } for pid=6563 comm="syz.0.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 126.797175][ T30] audit: type=1400 audit(1759624568.989:353): avc: denied { read } for pid=6563 comm="syz.0.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 127.281104][ T30] audit: type=1400 audit(1759624569.269:354): avc: denied { write } for pid=6565 comm="syz.1.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 127.301123][ T30] audit: type=1400 audit(1759624569.279:355): avc: denied { bind } for pid=6565 comm="syz.1.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 128.300286][ T6585] 9pnet_fd: Insufficient options for proto=fd [ 128.308060][ T5950] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 128.308122][ T5950] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 128.320648][ T5818] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.407999][ T6588] netlink: 'syz.0.129': attribute type 10 has an invalid length. [ 128.505190][ T6587] tty tty2: ldisc open failed (-12), clearing slot 1 [ 129.500520][ T6604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.130'. [ 129.821650][ T6604] syz.1.130 (6604) used greatest stack depth: 17928 bytes left [ 129.834445][ T30] audit: type=1400 audit(1759624572.389:356): avc: denied { read } for pid=6594 comm="syz.1.130" name="dlm-monitor" dev="devtmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 130.311090][ T30] audit: type=1400 audit(1759624572.389:357): avc: denied { open } for pid=6594 comm="syz.1.130" path="/dev/dlm-monitor" dev="devtmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 130.399898][ T30] audit: type=1400 audit(1759624572.469:358): avc: denied { firmware_load } for pid=6594 comm="syz.1.130" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 130.424522][ C1] vkms_vblank_simulate: vblank timer overrun [ 130.662686][ T6602] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 131.060389][ T5950] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 131.066493][ T5950] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 131.075888][ T5818] Bluetooth: hci3: command 0x0406 tx timeout [ 131.783029][ T30] audit: type=1400 audit(1759624574.169:359): avc: denied { write } for pid=6610 comm="syz.1.134" name="dlm_plock" dev="devtmpfs" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 131.856913][ T30] audit: type=1400 audit(1759624574.239:360): avc: denied { accept } for pid=6614 comm="syz.2.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 131.877739][ T30] audit: type=1400 audit(1759624574.239:361): avc: denied { write } for pid=6614 comm="syz.2.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 131.923989][ T30] audit: type=1400 audit(1759624574.239:362): avc: denied { read } for pid=6614 comm="syz.2.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 131.948117][ T30] audit: type=1400 audit(1759624574.869:363): avc: denied { create } for pid=6621 comm="syz.4.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 132.012495][ T30] audit: type=1400 audit(1759624574.929:364): avc: denied { ioctl } for pid=6625 comm="syz.0.137" path="socket:[10183]" dev="sockfs" ino=10183 ioctlcmd=0x8b2c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 132.358932][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.381362][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.394721][ T30] audit: type=1400 audit(1759624574.959:365): avc: denied { sys_module } for pid=6625 comm="syz.0.137" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 132.441445][ T6638] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.139'. [ 132.467557][ T30] audit: type=1400 audit(1759624575.359:366): avc: denied { ioctl } for pid=6636 comm="syz.4.139" path="socket:[10623]" dev="sockfs" ino=10623 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 133.790515][ T5950] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 133.796675][ T5818] Bluetooth: hci4: command 0x0c1a tx timeout [ 134.062520][ T5950] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 136.695690][ T6667] ======================================================= [ 136.695690][ T6667] WARNING: The mand mount option has been deprecated and [ 136.695690][ T6667] and is ignored by this kernel. Remove the mand [ 136.695690][ T6667] option from the mount to silence this warning. [ 136.695690][ T6667] ======================================================= [ 136.772706][ T30] audit: type=1400 audit(1759624579.659:367): avc: denied { mount } for pid=6664 comm="syz.1.147" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 137.013812][ T30] audit: type=1400 audit(1759624579.669:368): avc: denied { mounton } for pid=6664 comm="syz.1.147" path="/30/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 137.256239][ T6672] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 137.262778][ T6672] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 137.277786][ T6672] vhci_hcd vhci_hcd.0: Device attached [ 137.473457][ T30] audit: type=1400 audit(1759624580.389:369): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 137.580537][ T5881] usb 42-1: SetAddress Request (2) to port 0 [ 137.590516][ T5881] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 138.301580][ T6685] mkiss: ax0: crc mode is auto. [ 138.432673][ T6673] vhci_hcd: connection reset by peer [ 138.438933][ T60] vhci_hcd: stop threads [ 138.443708][ T60] vhci_hcd: release socket [ 138.454002][ T60] vhci_hcd: disconnect device [ 138.655744][ T30] audit: type=1400 audit(1759624581.579:370): avc: denied { ioctl } for pid=6691 comm="syz.1.151" path="socket:[10908]" dev="sockfs" ino=10908 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 138.836846][ T30] audit: type=1400 audit(1759624581.609:371): avc: denied { ioctl } for pid=6686 comm="syz.2.150" path="/dev/iommu" dev="devtmpfs" ino=623 ioctlcmd=0x3ba0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 139.015358][ T30] audit: type=1400 audit(1759624581.929:372): avc: denied { bind } for pid=6691 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 140.293346][ T30] audit: type=1400 audit(1759624583.219:373): avc: denied { create } for pid=6701 comm="syz.0.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 141.231114][ T30] audit: type=1400 audit(1759624583.489:374): avc: denied { write } for pid=6701 comm="syz.0.152" path="socket:[10925]" dev="sockfs" ino=10925 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 141.294939][ T6707] netlink: 28 bytes leftover after parsing attributes in process `syz.2.153'. [ 141.304032][ T6707] netlink: 16 bytes leftover after parsing attributes in process `syz.2.153'. [ 143.068559][ T6728] program syz.4.158 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 143.447300][ T30] audit: type=1400 audit(1759624585.979:375): avc: denied { read } for pid=6725 comm="syz.4.158" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 143.520867][ T5881] usb 42-1: device descriptor read/8, error -110 [ 143.948437][ T5881] usb usb42-port1: attempt power cycle [ 144.892847][ T5881] usb usb42-port1: unable to enumerate USB device [ 145.274105][ T6747] netlink: 'syz.3.163': attribute type 4 has an invalid length. [ 145.281813][ T6747] netlink: 17 bytes leftover after parsing attributes in process `syz.3.163'. [ 145.700065][ T30] audit: type=1400 audit(1759624588.388:376): avc: denied { mount } for pid=6742 comm="syz.3.163" name="/" dev="configfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 145.722597][ C1] vkms_vblank_simulate: vblank timer overrun [ 145.794133][ T30] audit: type=1400 audit(1759624588.668:377): avc: denied { name_bind } for pid=6736 comm="syz.2.161" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 145.947648][ T30] audit: type=1400 audit(1759624588.768:378): avc: denied { listen } for pid=6749 comm="syz.4.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.145863][ T30] audit: type=1400 audit(1759624588.768:379): avc: denied { accept } for pid=6749 comm="syz.4.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.633227][ T30] audit: type=1400 audit(1759624589.158:380): avc: denied { write } for pid=6754 comm="syz.0.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 146.679072][ T6764] netlink: 220 bytes leftover after parsing attributes in process `syz.3.166'. [ 146.689141][ T6764] netlink: 220 bytes leftover after parsing attributes in process `syz.3.166'. [ 147.280053][ T6770] netlink: 32 bytes leftover after parsing attributes in process `syz.0.168'. [ 150.163992][ T30] audit: type=1400 audit(1759624593.048:381): avc: denied { shutdown } for pid=6791 comm="syz.4.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 152.299288][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.362436][ T30] audit: type=1400 audit(1759624594.268:382): avc: denied { relabelfrom } for pid=6793 comm="syz.2.174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 152.388517][ T30] audit: type=1400 audit(1759624594.278:383): avc: denied { relabelto } for pid=6793 comm="syz.2.174" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 153.319013][ T6809] vivid-007: ================= START STATUS ================= [ 153.327413][ T6809] vivid-007: Enable Output Cropping: true [ 153.333552][ T6809] vivid-007: Enable Output Composing: true [ 153.339493][ T6809] vivid-007: Enable Output Scaler: true [ 153.345305][ T6809] vivid-007: Tx RGB Quantization Range: Automatic [ 153.351957][ T6809] vivid-007: Transmit Mode: HDMI [ 153.357015][ T6809] vivid-007: Hotplug Present: 0x00000000 [ 153.362809][ T6809] vivid-007: RxSense Present: 0x00000000 [ 153.368597][ T6809] vivid-007: EDID Present: 0x00000000 [ 153.374190][ T6809] vivid-007: ================== END STATUS ================== [ 154.183000][ T30] audit: type=1400 audit(1759624596.748:384): avc: denied { sqpoll } for pid=6806 comm="syz.3.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 154.871726][ T30] audit: type=1400 audit(1759624597.438:385): avc: denied { read } for pid=6813 comm="syz.3.181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 155.237600][ T30] audit: type=1400 audit(1759624598.078:386): avc: denied { getopt } for pid=6823 comm="syz.2.182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 155.363126][ T30] audit: type=1400 audit(1759624598.258:387): avc: denied { write } for pid=6825 comm="syz.4.183" path="socket:[12328]" dev="sockfs" ino=12328 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 155.935383][ T6846] netlink: 16 bytes leftover after parsing attributes in process `syz.0.185'. [ 156.341763][ T30] audit: type=1400 audit(1759624598.268:388): avc: denied { read } for pid=6825 comm="syz.4.183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 159.020479][ T30] audit: type=1400 audit(1759624601.608:389): avc: denied { connect } for pid=6866 comm="syz.2.190" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 159.237993][ T30] audit: type=1400 audit(1759624601.608:390): avc: denied { write } for pid=6866 comm="syz.2.190" laddr=172.20.20.18 lport=4 faddr=10.1.1.0 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 159.858418][ T6879] No source specified [ 159.956604][ T6880] netlink: 16 bytes leftover after parsing attributes in process `syz.0.191'. [ 160.153708][ T6883] vlan2: entered promiscuous mode [ 160.165019][ T6883] vlan2: entered allmulticast mode [ 160.250631][ T6883] hsr_slave_1: entered allmulticast mode [ 160.500196][ T6884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.193'. [ 160.535000][ T30] audit: type=1400 audit(1759624603.458:391): avc: denied { read write } for pid=6888 comm="syz.3.194" name="uhid" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 160.560963][ T30] audit: type=1400 audit(1759624603.458:392): avc: denied { open } for pid=6888 comm="syz.3.194" path="/dev/uhid" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 160.804820][ T6891] netlink: 20 bytes leftover after parsing attributes in process `syz.3.194'. [ 160.984574][ T30] audit: type=1400 audit(1759624603.748:393): avc: denied { create } for pid=6888 comm="syz.3.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 161.071921][ T30] audit: type=1400 audit(1759624603.748:394): avc: denied { connect } for pid=6888 comm="syz.3.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 161.244993][ T30] audit: type=1400 audit(1759624604.148:395): avc: denied { read } for pid=6893 comm="syz.2.196" dev="sockfs" ino=11619 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 161.286008][ T6895] netlink: 64 bytes leftover after parsing attributes in process `syz.2.196'. [ 161.295897][ T6895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.196'. [ 161.663738][ T30] audit: type=1400 audit(1759624604.568:396): avc: denied { read } for pid=6885 comm="syz.4.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 161.901068][ T5881] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 162.093551][ T5881] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 162.261005][ T5881] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 162.304155][ T5881] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 162.447841][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.591046][ T6897] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 162.704126][ T5881] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 163.140926][ T30] audit: type=1326 audit(1759624605.968:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6904 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62c058eec9 code=0x7ffc0000 [ 163.352207][ T6897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.363861][ T6897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.560500][ T30] audit: type=1326 audit(1759624605.968:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6904 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62c058eec9 code=0x7ffc0000 [ 163.632196][ T30] audit: type=1326 audit(1759624605.968:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6904 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62c058eec9 code=0x7ffc0000 [ 163.662902][ T30] audit: type=1326 audit(1759624605.978:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6904 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f62c058eec9 code=0x7ffc0000 [ 163.880718][ T42] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 163.888281][ T5946] usb 2-1: USB disconnect, device number 7 [ 164.609240][ T42] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.620187][ T42] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.651296][ T6928] lo: entered allmulticast mode [ 164.662378][ T42] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 164.671989][ T42] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 164.680266][ T42] usb 5-1: Manufacturer: syz [ 164.693765][ T42] usb 5-1: config 0 descriptor?? [ 165.163494][ T6932] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.179468][ T6932] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.205050][ T6936] netlink: 'syz.1.206': attribute type 16 has an invalid length. [ 165.222550][ T6936] netlink: 'syz.1.206': attribute type 17 has an invalid length. [ 165.549508][ T30] kauditd_printk_skb: 112 callbacks suppressed [ 165.549518][ T30] audit: type=1326 audit(1759624608.468:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdc44d8eacb code=0x7ffc0000 [ 165.598712][ T30] audit: type=1326 audit(1759624608.468:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdc44d8eacb code=0x7ffc0000 [ 165.661251][ T6936] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 165.683806][ T30] audit: type=1326 audit(1759624608.518:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc44dc1785 code=0x7ffc0000 [ 165.810858][ T30] audit: type=1326 audit(1759624608.718:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc44d8eec9 code=0x7ffc0000 [ 165.913332][ T30] audit: type=1326 audit(1759624608.718:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc44d8eec9 code=0x7ffc0000 [ 165.967892][ T30] audit: type=1326 audit(1759624608.718:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdc44d8eacb code=0x7ffc0000 [ 166.002564][ T6917] netlink: 36 bytes leftover after parsing attributes in process `syz.4.201'. [ 166.120864][ T30] audit: type=1326 audit(1759624608.718:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdc44d8eacb code=0x7ffc0000 [ 166.147986][ T30] audit: type=1326 audit(1759624608.718:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc44dc1785 code=0x7ffc0000 [ 166.676252][ T30] audit: type=1326 audit(1759624608.918:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc44d8eec9 code=0x7ffc0000 [ 166.699708][ T30] audit: type=1326 audit(1759624608.928:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc44d8eec9 code=0x7ffc0000 [ 166.754817][ T6956] mkiss: ax0: crc mode is auto. [ 166.853840][ T42] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #100: -71 [ 166.862820][ T42] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 166.923994][ T42] uclogic 0003:256C:006D.0001: failed probing pen v1 parameters: -71 [ 166.956592][ T42] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 167.052795][ T42] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71 [ 167.083664][ T42] usb 5-1: USB disconnect, device number 2 [ 168.013647][ T6948] ================================================================== [ 168.021732][ T6948] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 168.029455][ T6948] Read of size 8 at addr ffff888034a9bd88 by task syz.3.207/6948 [ 168.037157][ T6948] [ 168.039498][ T6948] CPU: 0 UID: 0 PID: 6948 Comm: syz.3.207 Not tainted syzkaller #0 PREEMPT(full) [ 168.039523][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 168.039535][ T6948] Call Trace: [ 168.039542][ T6948] [ 168.039551][ T6948] dump_stack_lvl+0x116/0x1f0 [ 168.039578][ T6948] print_report+0xcd/0x630 [ 168.039601][ T6948] ? __virt_addr_valid+0x81/0x610 [ 168.039631][ T6948] ? __phys_addr+0xe8/0x180 [ 168.039661][ T6948] ? __cpa_addr+0x1d3/0x220 [ 168.039680][ T6948] kasan_report+0xe0/0x110 [ 168.039702][ T6948] ? __cpa_addr+0x1d3/0x220 [ 168.039725][ T6948] __cpa_addr+0x1d3/0x220 [ 168.039747][ T6948] cpa_flush+0x28b/0x8a0 [ 168.039779][ T6948] ? __pfx_cpa_flush+0x10/0x10 [ 168.039801][ T6948] ? pgprot2cachemode+0x9a/0x130 [ 168.039830][ T6948] ? __pfx_pgprot2cachemode+0x10/0x10 [ 168.039858][ T6948] ? drm_gem_get_pages+0x6a0/0xa10 [ 168.039886][ T6948] change_page_attr_set_clr+0x34e/0x4a0 [ 168.039912][ T6948] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 168.039947][ T6948] _set_pages_array+0x1ab/0x2c0 [ 168.039971][ T6948] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 168.039992][ T6948] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 168.040010][ T6948] ? __pfx___might_resched+0x10/0x10 [ 168.040040][ T6948] drm_gem_shmem_mmap+0xc9/0x550 [ 168.040058][ T6948] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 168.040079][ T6948] drm_gem_mmap_obj+0x1b5/0x560 [ 168.040101][ T6948] drm_gem_mmap+0x40b/0x620 [ 168.040123][ T6948] ? __pfx_drm_gem_mmap+0x10/0x10 [ 168.040144][ T6948] ? vm_area_alloc+0x1f/0x160 [ 168.040172][ T6948] ? lockdep_init_map_type+0x5c/0x280 [ 168.040195][ T6948] __mmap_region+0x1306/0x27a0 [ 168.040213][ T6948] ? __pfx___mmap_region+0x10/0x10 [ 168.040231][ T6948] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 168.040258][ T6948] ? audit_log_end+0x1f/0x30 [ 168.040277][ T6948] ? audit_log_end+0x1f/0x30 [ 168.040296][ T6948] ? common_lsm_audit+0x260/0x300 [ 168.040340][ T6948] ? __lock_acquire+0xb97/0x1ce0 [ 168.040360][ T6948] mmap_region+0x1ab/0x3f0 [ 168.040377][ T6948] ? __get_unmapped_area+0x267/0x440 [ 168.040400][ T6948] do_mmap+0xa3e/0x1210 [ 168.040423][ T6948] ? __pfx_do_mmap+0x10/0x10 [ 168.040444][ T6948] ? __pfx_down_write_killable+0x10/0x10 [ 168.040470][ T6948] vm_mmap_pgoff+0x29e/0x470 [ 168.040492][ T6948] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 168.040516][ T6948] ? __fget_files+0x20e/0x3c0 [ 168.040538][ T6948] ksys_mmap_pgoff+0x32c/0x5c0 [ 168.040563][ T6948] __x64_sys_mmap+0x125/0x190 [ 168.040584][ T6948] do_syscall_64+0xcd/0x4e0 [ 168.040608][ T6948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.040627][ T6948] RIP: 0033:0x7fe7d138eec9 [ 168.040643][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.040661][ T6948] RSP: 002b:00007fe7d2242038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 168.040679][ T6948] RAX: ffffffffffffffda RBX: 00007fe7d15e6180 RCX: 00007fe7d138eec9 [ 168.040692][ T6948] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 168.040703][ T6948] RBP: 00007fe7d1411f91 R08: 0000000000000007 R09: 0000000100000000 [ 168.040715][ T6948] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 168.040726][ T6948] R13: 00007fe7d15e6218 R14: 00007fe7d15e6180 R15: 00007ffe5df63288 [ 168.040744][ T6948] [ 168.040751][ T6948] [ 168.366078][ T6948] Allocated by task 6948: [ 168.370382][ T6948] kasan_save_stack+0x33/0x60 [ 168.375050][ T6948] kasan_save_track+0x14/0x30 [ 168.379703][ T6948] __kasan_kmalloc+0xaa/0xb0 [ 168.384269][ T6948] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 168.389628][ T6948] drm_gem_get_pages+0x144/0xa10 [ 168.394539][ T6948] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 168.400583][ T6948] drm_gem_shmem_mmap+0xc9/0x550 [ 168.405506][ T6948] drm_gem_mmap_obj+0x1b5/0x560 [ 168.410332][ T6948] drm_gem_mmap+0x40b/0x620 [ 168.414822][ T6948] __mmap_region+0x1306/0x27a0 [ 168.419557][ T6948] mmap_region+0x1ab/0x3f0 [ 168.423946][ T6948] do_mmap+0xa3e/0x1210 [ 168.428080][ T6948] vm_mmap_pgoff+0x29e/0x470 [ 168.432646][ T6948] ksys_mmap_pgoff+0x32c/0x5c0 [ 168.437385][ T6948] __x64_sys_mmap+0x125/0x190 [ 168.442035][ T6948] do_syscall_64+0xcd/0x4e0 [ 168.446514][ T6948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.452379][ T6948] [ 168.454687][ T6948] The buggy address belongs to the object at ffff888034a9bd00 [ 168.454687][ T6948] which belongs to the cache kmalloc-192 of size 192 [ 168.468707][ T6948] The buggy address is located 0 bytes to the right of [ 168.468707][ T6948] allocated 136-byte region [ffff888034a9bd00, ffff888034a9bd88) [ 168.483177][ T6948] [ 168.485480][ T6948] The buggy address belongs to the physical page: [ 168.491866][ T6948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34a9b [ 168.500619][ T6948] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 168.508049][ T6948] page_type: f5(slab) [ 168.512005][ T6948] raw: 00fff00000000000 ffff88801b0263c0 ffffea0000c621c0 dead000000000007 [ 168.520579][ T6948] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 168.529148][ T6948] page dumped because: kasan: bad access detected [ 168.535528][ T6948] page_owner tracks the page as allocated [ 168.541226][ T6948] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6343, tgid 6336 (syz.1.78), ts 102461159751, free_ts 99225345863 [ 168.560222][ T6948] post_alloc_hook+0x1c0/0x230 [ 168.564966][ T6948] get_page_from_freelist+0x10a3/0x3a30 [ 168.570491][ T6948] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 168.576382][ T6948] alloc_pages_mpol+0x1fb/0x550 [ 168.581210][ T6948] new_slab+0x24a/0x360 [ 168.585341][ T6948] ___slab_alloc+0xdc4/0x1ae0 [ 168.589993][ T6948] __slab_alloc.constprop.0+0x63/0x110 [ 168.595428][ T6948] __kmalloc_noprof+0x501/0x880 [ 168.600699][ T6948] hash_netport6_resize+0x108f/0x1e20 [ 168.606046][ T6948] call_ad.constprop.0+0x36d/0x940 [ 168.611132][ T6948] ip_set_ad.constprop.0.isra.0+0x3ce/0x870 [ 168.616998][ T6948] nfnetlink_rcv_msg+0x9f9/0x1200 [ 168.621993][ T6948] netlink_rcv_skb+0x155/0x420 [ 168.626734][ T6948] nfnetlink_rcv+0x1b3/0x430 [ 168.631298][ T6948] netlink_unicast+0x5aa/0x870 [ 168.636040][ T6948] netlink_sendmsg+0x8c8/0xdd0 [ 168.640780][ T6948] page last free pid 6260 tgid 6260 stack trace: [ 168.647079][ T6948] __free_frozen_pages+0x7df/0x1160 [ 168.652267][ T6948] vfree+0x1fd/0xb50 [ 168.656146][ T6948] vb2_vmalloc_put+0x7b/0xc0 [ 168.660712][ T6948] __vb2_buf_mem_free+0x15d/0x2d0 [ 168.665717][ T6948] __vb2_queue_free+0x7ee/0xa30 [ 168.670542][ T6948] vb2_core_queue_release+0x70/0x190 [ 168.675814][ T6948] v4l2_m2m_ctx_release+0x1e/0x40 [ 168.680814][ T6948] vicodec_release+0xa0/0x160 [ 168.685468][ T6948] v4l2_release+0x1cf/0x430 [ 168.689945][ T6948] __fput+0x3ff/0xb70 [ 168.693901][ T6948] task_work_run+0x150/0x240 [ 168.698462][ T6948] do_exit+0x86f/0x2bf0 [ 168.702601][ T6948] do_group_exit+0xd3/0x2a0 [ 168.707076][ T6948] get_signal+0x2671/0x26d0 [ 168.711630][ T6948] arch_do_signal_or_restart+0x8f/0x7c0 [ 168.717161][ T6948] exit_to_user_mode_loop+0x85/0x130 [ 168.722430][ T6948] [ 168.724730][ T6948] Memory state around the buggy address: [ 168.730335][ T6948] ffff888034a9bc80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 168.738380][ T6948] ffff888034a9bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 168.746415][ T6948] >ffff888034a9bd80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 168.754446][ T6948] ^ [ 168.758744][ T6948] ffff888034a9be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 168.766773][ T6948] ffff888034a9be80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 168.774809][ T6948] ================================================================== [ 169.933001][ T6948] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 169.940233][ T6948] CPU: 0 UID: 0 PID: 6948 Comm: syz.3.207 Not tainted syzkaller #0 PREEMPT(full) [ 169.949431][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 169.959477][ T6948] Call Trace: [ 169.962735][ T6948] [ 169.965654][ T6948] dump_stack_lvl+0x3d/0x1f0 [ 169.970222][ T6948] vpanic+0x640/0x6f0 [ 169.974184][ T6948] panic+0xca/0xd0 [ 169.977900][ T6948] ? __pfx_panic+0x10/0x10 [ 169.982310][ T6948] ? __cpa_addr+0x1d3/0x220 [ 169.986813][ T6948] ? preempt_schedule_common+0x44/0xc0 [ 169.992268][ T6948] ? preempt_schedule_thunk+0x16/0x30 [ 169.997653][ T6948] check_panic_on_warn+0xab/0xb0 [ 170.002588][ T6948] end_report+0x107/0x170 [ 170.006915][ T6948] kasan_report+0xee/0x110 [ 170.011327][ T6948] ? __cpa_addr+0x1d3/0x220 [ 170.015829][ T6948] __cpa_addr+0x1d3/0x220 [ 170.020157][ T6948] cpa_flush+0x28b/0x8a0 [ 170.024404][ T6948] ? __pfx_cpa_flush+0x10/0x10 [ 170.029163][ T6948] ? pgprot2cachemode+0x9a/0x130 [ 170.034099][ T6948] ? __pfx_pgprot2cachemode+0x10/0x10 [ 170.039476][ T6948] ? drm_gem_get_pages+0x6a0/0xa10 [ 170.044589][ T6948] change_page_attr_set_clr+0x34e/0x4a0 [ 170.050133][ T6948] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 170.056205][ T6948] _set_pages_array+0x1ab/0x2c0 [ 170.061141][ T6948] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 170.067203][ T6948] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 170.073785][ T6948] ? __pfx___might_resched+0x10/0x10 [ 170.079070][ T6948] drm_gem_shmem_mmap+0xc9/0x550 [ 170.084005][ T6948] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 170.090149][ T6948] drm_gem_mmap_obj+0x1b5/0x560 [ 170.094998][ T6948] drm_gem_mmap+0x40b/0x620 [ 170.099587][ T6948] ? __pfx_drm_gem_mmap+0x10/0x10 [ 170.104603][ T6948] ? vm_area_alloc+0x1f/0x160 [ 170.109280][ T6948] ? lockdep_init_map_type+0x5c/0x280 [ 170.114648][ T6948] __mmap_region+0x1306/0x27a0 [ 170.119403][ T6948] ? __pfx___mmap_region+0x10/0x10 [ 170.124512][ T6948] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 170.130495][ T6948] ? audit_log_end+0x1f/0x30 [ 170.135079][ T6948] ? audit_log_end+0x1f/0x30 [ 170.139661][ T6948] ? common_lsm_audit+0x260/0x300 [ 170.144704][ T6948] ? __lock_acquire+0xb97/0x1ce0 [ 170.149639][ T6948] mmap_region+0x1ab/0x3f0 [ 170.154046][ T6948] ? __get_unmapped_area+0x267/0x440 [ 170.159342][ T6948] do_mmap+0xa3e/0x1210 [ 170.163497][ T6948] ? __pfx_do_mmap+0x10/0x10 [ 170.168087][ T6948] ? __pfx_down_write_killable+0x10/0x10 [ 170.173721][ T6948] vm_mmap_pgoff+0x29e/0x470 [ 170.178316][ T6948] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 170.183419][ T6948] ? __fget_files+0x20e/0x3c0 [ 170.188092][ T6948] ksys_mmap_pgoff+0x32c/0x5c0 [ 170.192851][ T6948] __x64_sys_mmap+0x125/0x190 [ 170.197519][ T6948] do_syscall_64+0xcd/0x4e0 [ 170.202020][ T6948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.207901][ T6948] RIP: 0033:0x7fe7d138eec9 [ 170.212302][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.231897][ T6948] RSP: 002b:00007fe7d2242038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 170.240301][ T6948] RAX: ffffffffffffffda RBX: 00007fe7d15e6180 RCX: 00007fe7d138eec9 [ 170.248258][ T6948] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 170.256215][ T6948] RBP: 00007fe7d1411f91 R08: 0000000000000007 R09: 0000000100000000 [ 170.264172][ T6948] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 170.272128][ T6948] R13: 00007fe7d15e6218 R14: 00007fe7d15e6180 R15: 00007ffe5df63288 [ 170.280095][ T6948] [ 170.283305][ T6948] Kernel Offset: disabled [ 170.287602][ T6948] Rebooting in 86400 seconds..