last executing test programs: 175.324614ms ago: executing program 0 (id=1): openat$vcsa(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) io_setup(0xb0, &(0x7f0000000200)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b34316d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ffa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a506767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d3747f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 150.299825ms ago: executing program 3 (id=4): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d096471908"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0xd01c4813, &(0x7f0000000080)={0x2}) 136.934485ms ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000380)={0xc4a, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e96626f068881e50f5098a98721a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472b02549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb437bb192c9d06ea6ed04983fe5ca033dfce0a82575ef14eee686be0fc58e384a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600000000000000000000008000"}) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) chdir(0x0) fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x1009, 0x0) 90.205367ms ago: executing program 2 (id=3): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f0000000040)) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) 19.5046ms ago: executing program 0 (id=6): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioprio_set$pid(0x3, 0x0, 0x0) ioprio_get$pid(0x3, 0x0) 19.30044ms ago: executing program 0 (id=7): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) syz_usb_control_io(r0, &(0x7f0000000680)={0x2c, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00036a0000006a034f516cc2aaabf967874f6b"], 0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 4 (id=5): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x22042, 0x0) r1 = creat(0x0, 0x0) ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000440)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000840)=0x5) recvmmsg(r1, 0x0, 0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x15) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts. [ 21.749257][ T23] audit: type=1400 audit(1719759959.280:66): avc: denied { mounton } for pid=342 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.750708][ T342] cgroup1: Unknown subsys name 'net' [ 21.771718][ T23] audit: type=1400 audit(1719759959.280:67): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.776953][ T342] cgroup1: Unknown subsys name 'net_prio' [ 21.804570][ T342] cgroup1: Unknown subsys name 'devices' [ 21.810784][ T23] audit: type=1400 audit(1719759959.350:68): avc: denied { unmount } for pid=342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.952667][ T342] cgroup1: Unknown subsys name 'hugetlb' [ 21.958268][ T342] cgroup1: Unknown subsys name 'rlimit' [ 22.151100][ T23] audit: type=1400 audit(1719759959.690:69): avc: denied { setattr } for pid=342 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9850 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.174230][ T23] audit: type=1400 audit(1719759959.690:70): avc: denied { mounton } for pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.189175][ T345] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.198747][ T23] audit: type=1400 audit(1719759959.690:71): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.230213][ T23] audit: type=1400 audit(1719759959.750:72): avc: denied { relabelto } for pid=345 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.255542][ T23] audit: type=1400 audit(1719759959.750:73): avc: denied { write } for pid=345 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.280907][ T23] audit: type=1400 audit(1719759959.770:74): avc: denied { read } for pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.281117][ T342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.306228][ T23] audit: type=1400 audit(1719759959.770:75): avc: denied { open } for pid=342 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.865282][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.872238][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.879420][ T352] device bridge_slave_0 entered promiscuous mode [ 22.895770][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.902629][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.909762][ T353] device bridge_slave_0 entered promiscuous mode [ 22.916349][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.923213][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.930536][ T352] device bridge_slave_1 entered promiscuous mode [ 22.944130][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.950968][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.958164][ T353] device bridge_slave_1 entered promiscuous mode [ 22.986922][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.993793][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.001084][ T354] device bridge_slave_0 entered promiscuous mode [ 23.031972][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.038794][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.046219][ T354] device bridge_slave_1 entered promiscuous mode [ 23.070898][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.077715][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.085014][ T356] device bridge_slave_0 entered promiscuous mode [ 23.109305][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.116413][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.123791][ T356] device bridge_slave_1 entered promiscuous mode [ 23.171267][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.178101][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.185447][ T355] device bridge_slave_0 entered promiscuous mode [ 23.209485][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.216486][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.223757][ T355] device bridge_slave_1 entered promiscuous mode [ 23.335673][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.342518][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.349657][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.356440][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.388807][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.395654][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.402794][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.409522][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.423509][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.430349][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.437454][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.444253][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.466395][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.473231][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.480360][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.487105][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.518224][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.525068][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.532196][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.538937][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.560795][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.570091][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.577116][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.584341][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.592515][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.599421][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.606844][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.613791][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.621119][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.628059][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.635528][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.642734][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.671401][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.680915][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.688861][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.695701][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.703916][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.711969][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.741077][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.749128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.757579][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.764422][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.772099][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.780232][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.787045][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.794281][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.802264][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.809089][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.841439][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.848760][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.857718][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.865634][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.874721][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.882889][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.889697][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.896985][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.904192][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.912088][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.919872][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.927705][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.935766][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.943939][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.950774][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.958001][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.966030][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.973813][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.981858][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.989760][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.996497][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.015937][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.024011][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.033467][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.041582][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.049511][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.056343][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.070169][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.078442][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.100057][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.108254][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.117136][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.125723][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.133856][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.141863][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.149580][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.157319][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.180742][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.188679][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.197572][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.205931][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.214175][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.222302][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.230573][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.238209][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.246174][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.254237][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.272413][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.280510][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.323480][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.332634][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.340994][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.349064][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.358939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.367080][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.375179][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.383453][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.391667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.399255][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.407229][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.415477][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.423629][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.431898][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.439946][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.447781][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.455759][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.463959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.472234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.480916][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.500134][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.508354][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.516553][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.524811][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.533295][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.541905][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.549922][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.558196][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.603702][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.621270][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.629591][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.706658][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.715089][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.725778][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.737189][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.041581][ T344] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.081073][ T395] kernel profiling enabled (shift: 3) [ 25.180018][ C0] ================================================================== [ 25.188007][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 25.194937][ C0] Read of size 8 at addr ffff8881d7e57640 by task syz.4.5/393 [ 25.202218][ C0] [ 25.204659][ C0] CPU: 0 PID: 393 Comm: syz.4.5 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 25.213937][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 25.223829][ C0] Call Trace: [ 25.226956][ C0] [ 25.229651][ C0] dump_stack+0x1d8/0x241 [ 25.233815][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 25.239456][ C0] ? printk+0xd1/0x111 [ 25.243358][ C0] ? profile_pc+0xa4/0xe0 [ 25.247526][ C0] ? wake_up_klogd+0xb2/0xf0 [ 25.251952][ C0] ? profile_pc+0xa4/0xe0 [ 25.256117][ C0] print_address_description+0x8c/0x600 [ 25.261497][ C0] ? panic+0x89d/0x89d [ 25.265405][ C0] ? profile_pc+0xa4/0xe0 [ 25.269571][ C0] __kasan_report+0xf3/0x120 [ 25.273997][ C0] ? profile_pc+0xa4/0xe0 [ 25.278161][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 25.282762][ C0] kasan_report+0x30/0x60 [ 25.286932][ C0] profile_pc+0xa4/0xe0 [ 25.290923][ C0] profile_tick+0xb9/0x100 [ 25.295175][ C0] tick_sched_timer+0x237/0x3c0 [ 25.299863][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 25.305255][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 25.310279][ C0] ? hrtimer_interrupt+0x890/0x890 [ 25.315223][ C0] ? cpumask_next+0xc/0x20 [ 25.319483][ C0] ? _raw_spin_unlock+0x49/0x60 [ 25.324254][ C0] ? rto_push_irq_work_func+0x32b/0x3c0 [ 25.329636][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 25.335556][ C0] hrtimer_interrupt+0x38a/0x890 [ 25.340329][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 25.345696][ C0] apic_timer_interrupt+0xf/0x20 [ 25.350466][ C0] [ 25.353254][ C0] RIP: 0010:_raw_spin_lock+0xc0/0x1b0 [ 25.358452][ C0] Code: fd 4c 89 ff be 04 00 00 00 e8 2c dc 42 fd 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04 [ 25.378159][ C0] RSP: 0018:ffff8881d7e57640 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 25.386397][ C0] RAX: 0000000000000000 RBX: 1ffff1103afcaec8 RCX: 0000000000000001 [ 25.394210][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881d7e57660 [ 25.402108][ C0] RBP: ffff8881d7e576d0 R08: dffffc0000000000 R09: 0000000000000003 [ 25.409918][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 25.417816][ C0] R13: ffff8881d97cd7c0 R14: 1ffff1103afcaecc R15: ffff8881d7e57660 [ 25.425640][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 25.430842][ C0] unix_dgram_sendmsg+0xd81/0x1ff0 [ 25.435786][ C0] ? unix_dgram_poll+0x670/0x670 [ 25.440561][ C0] ? security_socket_sendmsg+0x7d/0xa0 [ 25.445849][ C0] ? unix_dgram_poll+0x670/0x670 [ 25.450710][ C0] ____sys_sendmsg+0x5ac/0x8f0 [ 25.455314][ C0] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 25.460345][ C0] ? __sys_sendmmsg+0x3e6/0x700 [ 25.465039][ C0] __sys_sendmmsg+0x3c3/0x700 [ 25.469564][ C0] ? __ia32_sys_sendmsg+0x90/0x90 [ 25.474414][ C0] ? __wake_up+0x120/0x1c0 [ 25.478664][ C0] ? remove_wait_queue+0x120/0x120 [ 25.483607][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 25.488814][ C0] ? __fget+0x407/0x490 [ 25.492833][ C0] ? futex_exit_release+0x1e0/0x1e0 [ 25.497860][ C0] ? unix_dgram_connect+0xaec/0xcd0 [ 25.502880][ C0] ? fput_many+0x15e/0x1b0 [ 25.507126][ C0] ? check_preemption_disabled+0x153/0x320 [ 25.512786][ C0] ? switch_fpu_return+0x1d4/0x410 [ 25.517718][ C0] ? fpu__clear+0x3c0/0x3c0 [ 25.522160][ C0] __x64_sys_sendmmsg+0x9c/0xb0 [ 25.526846][ C0] do_syscall_64+0xca/0x1c0 [ 25.531193][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.536917][ C0] RIP: 0033:0x7f69686b5b99 [ 25.541161][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.560774][ C0] RSP: 002b:00007f6967937048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 25.569019][ C0] RAX: ffffffffffffffda RBX: 00007f6968843fa0 RCX: 00007f69686b5b99 [ 25.576835][ C0] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000005 [ 25.584638][ C0] RBP: 00007f696873677e R08: 0000000000000000 R09: 0000000000000000 [ 25.592793][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 25.600611][ C0] R13: 000000000000000b R14: 00007f6968843fa0 R15: 00007ffdb13b6ba8 [ 25.608419][ C0] [ 25.610586][ C0] The buggy address belongs to the page: [ 25.616067][ C0] page:ffffea00075f95c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.625138][ C0] flags: 0x8000000000000000() [ 25.629645][ C0] raw: 8000000000000000 ffffea00075f95c8 ffffea00075f95c8 0000000000000000 [ 25.638070][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.646572][ C0] page dumped because: kasan: bad access detected [ 25.652827][ C0] page_owner tracks the page as allocated [ 25.658375][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 25.669930][ C0] prep_new_page+0x18f/0x370 [ 25.674345][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 25.679721][ C0] __alloc_pages_nodemask+0x393/0x840 [ 25.684928][ C0] dup_task_struct+0x85/0x600 [ 25.689441][ C0] copy_process+0x56d/0x3230 [ 25.693872][ C0] _do_fork+0x197/0x900 [ 25.697858][ C0] __x64_sys_clone3+0x2da/0x300 [ 25.702554][ C0] do_syscall_64+0xca/0x1c0 [ 25.706893][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.712611][ C0] page_owner free stack trace missing [ 25.717826][ C0] [ 25.719992][ C0] addr ffff8881d7e57640 is located in stack of task syz.4.5/393 at offset 0 in frame: [ 25.729365][ C0] _raw_spin_lock+0x0/0x1b0 [ 25.733700][ C0] [ 25.735873][ C0] this frame has 1 object: [ 25.740123][ C0] [32, 36) 'val.i.i.i' [ 25.740125][ C0] [ 25.746283][ C0] Memory state around the buggy address: [ 25.751775][ C0] ffff8881d7e57500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.759652][ C0] ffff8881d7e57580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.767551][ C0] >ffff8881d7e57600: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 25.775457][ C0] ^ [ 25.781458][ C0] ffff8881d7e57680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.789335][ C0] ffff8881d7e57700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.797230][ C0] ================================================================== [ 25.805220][ C0] Disabling lock debugging due to kernel taint [ 25.811221][ C0] sched: RT throttling activated [ 25.870759][ T374] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.230169][ T374] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 26.230176][ T344] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 26.230192][ T344] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 26.241168][ T374] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.251353][ T344] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 26.264196][ T374] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.274595][ T344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.275676][ T344] usb 4-1: config 0 descriptor?? [ 26.286168][ T374] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 26.310151][ T379] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 26.330672][ T344] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 26.390356][ T374] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 26.399205][ T374] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 26.407354][ T374] usb 1-1: Manufacturer: syz [ 26.412596][ T374] usb 1-1: config 0 descriptor?? [ 26.891138][ T374] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 26.898328][ T374] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 26.907798][ T374] appleir 0003:05AC:8243.0001: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 27.423149][ T344] usb 1-1: USB disconnect, device number 2 [ 28.250128][ T74] usb 4-1: USB disconnect, device number 2