last executing test programs: 27.302239711s ago: executing program 1 (id=33): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000800)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "ecff80", 0x18, 0x11, 0x0, @private0, @mcast2, {[], {0x0, 0x4e22, 0x18, 0x0, @wg=@data={0x3}}}}}}}, 0x0) 26.698754659s ago: executing program 1 (id=34): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = getpgrp(0x0) r2 = syz_pidfd_open(r1, 0x0) pidfd_send_signal(r2, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x80}, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000043efa168000000000000000000000000dc087fc97032b48966d235d28da25d746fe614e1c561b008a81cbc35e0ce11e54462b665c86c9079e361765ba5dd16488eb37077e6a765f37f46dd55bf02e50395a2f8d8303baad39c26867fca3b36720e4aeff3801dc10ba9c09582eb546b5d79a5bb403433a633bf09e628f0421b039ecc53d8f14c4d34bd", @ANYRES64=r4, @ANYRES32, @ANYBLOB], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getgroups(0x0, 0x0) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1e00000054b500000000", @ANYRES32=r5, @ANYBLOB="06000000000000000000000000000000000010", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="0200000001000000010000000700"/25], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) unshare(0x64000600) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000002c0)=0x1) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x2) 4.326816495s ago: executing program 0 (id=80): r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x105240, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0x2}) dup3(r0, r2, 0x0) 4.118556431s ago: executing program 0 (id=81): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000440)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) faccessat2(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x7, 0x1200) 3.792269641s ago: executing program 0 (id=82): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00'}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) setitimer(0x0, 0x0, 0x0) 3.689046324s ago: executing program 0 (id=83): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}]}}}]}, 0x3c}}, 0x0) 3.320248765s ago: executing program 0 (id=84): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000001080)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000002e00000036000000d2e057c89500000000000000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000480)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r1, 0x0, 0xffffffffffffffff}, 0x10) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) 2.865601258s ago: executing program 0 (id=85): pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2f, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socketpair(0x25, 0x5, 0x5, &(0x7f0000000340)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x10000000000002a9, 0x0, 0x0) 2.469792699s ago: executing program 1 (id=86): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x5e, &(0x7f0000003680)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60122d92002a3a"], 0x0) 2.073281641s ago: executing program 1 (id=87): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) setrlimit(0x40000000000008, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r2, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) 1.877603066s ago: executing program 1 (id=88): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) io_submit(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) read(r4, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r4, 0x80045301, &(0x7f0000000000)) tkill(r3, 0x7) 0s ago: executing program 1 (id=89): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r5}, 0x18) connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {}, 0xfe}, 0x18) sendmsg$can_j1939(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 50.090908][ T31] audit: type=1400 audit(49.990:68): avc: denied { read write } for pid=3075 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.092252][ T31] audit: type=1400 audit(49.990:69): avc: denied { open } for pid=3075 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:37373' (ED25519) to the list of known hosts. [ 63.257003][ T31] audit: type=1400 audit(63.160:70): avc: denied { name_bind } for pid=3078 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 65.163699][ T31] audit: type=1400 audit(65.060:71): avc: denied { execute } for pid=3080 comm="sh" name="syz-executor" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 65.195891][ T31] audit: type=1400 audit(65.080:72): avc: denied { execute_no_trans } for pid=3080 comm="sh" path="/syz-executor" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 68.717106][ T31] audit: type=1400 audit(68.620:73): avc: denied { mounton } for pid=3080 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 68.719257][ T31] audit: type=1400 audit(68.620:74): avc: denied { mount } for pid=3080 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 68.731115][ T3080] cgroup: Unknown subsys name 'net' [ 68.738410][ T31] audit: type=1400 audit(68.640:75): avc: denied { unmount } for pid=3080 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 69.001859][ T3080] cgroup: Unknown subsys name 'cpuset' [ 69.027787][ T3080] cgroup: Unknown subsys name 'hugetlb' [ 69.029604][ T3080] cgroup: Unknown subsys name 'rlimit' [ 69.318067][ T31] audit: type=1400 audit(69.220:76): avc: denied { setattr } for pid=3080 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 69.320939][ T31] audit: type=1400 audit(69.220:77): avc: denied { mounton } for pid=3080 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 69.322974][ T31] audit: type=1400 audit(69.220:78): avc: denied { mount } for pid=3080 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 69.565541][ T3082] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 69.567041][ T31] audit: type=1400 audit(69.470:79): avc: denied { relabelto } for pid=3082 comm="mkswap" name="swap-file" dev="vda" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 69.570280][ T31] audit: type=1400 audit(69.470:80): avc: denied { write } for pid=3082 comm="mkswap" path="/swap-file" dev="vda" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 69.595107][ T31] audit: type=1400 audit(69.500:81): avc: denied { read } for pid=3080 comm="syz-executor" name="swap-file" dev="vda" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 69.604465][ T31] audit: type=1400 audit(69.500:82): avc: denied { open } for pid=3080 comm="syz-executor" path="/swap-file" dev="vda" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 76.549225][ T3080] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.826787][ T31] audit: type=1400 audit(78.730:83): avc: denied { execmem } for pid=3083 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 78.889406][ T31] audit: type=1400 audit(78.790:84): avc: denied { read } for pid=3085 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.890523][ T31] audit: type=1400 audit(78.790:85): avc: denied { open } for pid=3085 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.904102][ T31] audit: type=1400 audit(78.800:86): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 78.922802][ T31] audit: type=1400 audit(78.820:87): avc: denied { module_request } for pid=3085 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 79.019873][ T31] audit: type=1400 audit(78.920:88): avc: denied { sys_module } for pid=3085 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 79.762534][ T31] audit: type=1400 audit(79.660:89): avc: denied { ioctl } for pid=3085 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=677 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 81.064183][ T3086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.071126][ T3086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.175507][ T3085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.181733][ T3085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.949442][ T3086] hsr_slave_0: entered promiscuous mode [ 81.953038][ T3086] hsr_slave_1: entered promiscuous mode [ 82.150014][ T3085] hsr_slave_0: entered promiscuous mode [ 82.163717][ T3085] hsr_slave_1: entered promiscuous mode [ 82.175865][ T3085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.192344][ T3085] Cannot create hsr debugfs directory [ 82.431992][ T31] audit: type=1400 audit(82.330:90): avc: denied { create } for pid=3086 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 82.439947][ T31] audit: type=1400 audit(82.340:91): avc: denied { write } for pid=3086 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 82.441805][ T31] audit: type=1400 audit(82.340:92): avc: denied { read } for pid=3086 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 82.464737][ T3086] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.502439][ T3086] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.525159][ T3086] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.538520][ T3086] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.628469][ T3085] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.637853][ T3085] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.645070][ T3085] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.650486][ T3085] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.451661][ T3086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.475694][ T3085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.672595][ T3085] veth0_vlan: entered promiscuous mode [ 86.692643][ T3085] veth1_vlan: entered promiscuous mode [ 86.751185][ T3085] veth0_macvtap: entered promiscuous mode [ 86.769741][ T3085] veth1_macvtap: entered promiscuous mode [ 86.829445][ T3086] veth0_vlan: entered promiscuous mode [ 86.866479][ T3086] veth1_vlan: entered promiscuous mode [ 86.887475][ T3085] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.888208][ T3085] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.888573][ T3085] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.888922][ T3085] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.973091][ T3086] veth0_macvtap: entered promiscuous mode [ 86.999199][ T3086] veth1_macvtap: entered promiscuous mode [ 87.056311][ T31] audit: type=1400 audit(86.960:93): avc: denied { mount } for pid=3085 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 87.076610][ T31] audit: type=1400 audit(86.960:94): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/syzkaller.8R7ozz/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 87.077556][ T31] audit: type=1400 audit(86.970:95): avc: denied { mount } for pid=3085 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 87.078195][ T31] audit: type=1400 audit(86.970:96): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/syzkaller.8R7ozz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 87.081019][ T31] audit: type=1400 audit(86.980:97): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/syzkaller.8R7ozz/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 87.096821][ T31] audit: type=1400 audit(87.000:98): avc: denied { unmount } for pid=3085 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 87.105308][ T3086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.105985][ T3086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.106322][ T3086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.106679][ T3086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.107548][ T31] audit: type=1400 audit(87.010:99): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 87.116421][ T31] audit: type=1400 audit(87.020:100): avc: denied { mount } for pid=3085 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 87.118745][ T31] audit: type=1400 audit(87.020:101): avc: denied { mounton } for pid=3085 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 87.122628][ T31] audit: type=1400 audit(87.020:102): avc: denied { mount } for pid=3085 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 87.183021][ T3085] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.155828][ T3773] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5'. [ 88.796108][ T3782] Invalid ELF header magic: != ELF [ 90.068791][ T3801] RDS: rds_bind could not find a transport for fe88::1, load rds_tcp or rds_rdma? [ 91.994094][ T3821] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3821 comm=syz.0.20 [ 93.553191][ T31] kauditd_printk_skb: 51 callbacks suppressed [ 93.567561][ T31] audit: type=1400 audit(93.450:154): avc: denied { create } for pid=3829 comm="syz.0.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 93.576483][ T31] audit: type=1400 audit(93.480:155): avc: denied { bind } for pid=3829 comm="syz.0.23" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 93.577686][ T31] audit: type=1400 audit(93.480:156): avc: denied { node_bind } for pid=3829 comm="syz.0.23" saddr=172.20.20.4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 94.255209][ T31] audit: type=1400 audit(94.160:157): avc: denied { ioctl } for pid=3831 comm="syz.0.24" path="socket:[2402]" dev="sockfs" ino=2402 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 95.954593][ T2878] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 96.083972][ T2878] usb 1-1: device descriptor read/64, error -71 [ 96.323911][ T2878] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 96.464066][ T2878] usb 1-1: device descriptor read/64, error -71 [ 96.577857][ T2878] usb usb1-port1: attempt power cycle [ 96.924025][ T2878] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 96.946684][ T2878] usb 1-1: device descriptor read/8, error -71 [ 97.184172][ T2878] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 97.214082][ T2878] usb 1-1: device descriptor read/8, error -71 [ 97.325157][ T2878] usb usb1-port1: unable to enumerate USB device [ 104.110178][ T3842] netlink: 'syz.1.26': attribute type 21 has an invalid length. [ 104.111082][ T3842] netlink: 132 bytes leftover after parsing attributes in process `syz.1.26'. [ 105.634250][ T31] audit: type=1326 audit(105.530:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.640101][ T31] audit: type=1326 audit(105.540:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.659144][ T31] audit: type=1326 audit(105.550:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=386 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.670966][ T3848] syz.1.29[3848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.703928][ T3848] syz.1.29[3848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.717862][ T3848] syz.1.29[3848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.722822][ T31] audit: type=1326 audit(105.620:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.724848][ T31] audit: type=1326 audit(105.620:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.725496][ T31] audit: type=1326 audit(105.630:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=141 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.740147][ T31] audit: type=1326 audit(105.630:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 105.740931][ T31] audit: type=1326 audit(105.630:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.1.29" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 106.121815][ T31] audit: type=1326 audit(106.020:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3853 comm="syz.1.31" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 106.123115][ T31] audit: type=1326 audit(106.020:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3853 comm="syz.1.31" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 108.718881][ T3890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.36'. [ 108.728847][ T3890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.36'. [ 108.774433][ T3890] bond_slave_0: entered promiscuous mode [ 108.777834][ T3890] bond_slave_0: left promiscuous mode [ 109.147531][ T3897] syz.0.37 uses obsolete (PF_INET,SOCK_PACKET) [ 112.127567][ T31] kauditd_printk_skb: 17 callbacks suppressed [ 112.127674][ T31] audit: type=1326 audit(112.030:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.0.40" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 112.138815][ T31] audit: type=1326 audit(112.040:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.0.40" exe="/syz-executor" sig=0 arch=40000028 syscall=370 compat=0 ip=0x133470 code=0x7ffc0000 [ 112.141194][ T31] audit: type=1326 audit(112.040:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3910 comm="syz.0.40" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 112.505620][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 115.514801][ T3927] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.518182][ T31] audit: type=1400 audit(115.420:188): avc: denied { setopt } for pid=3926 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 115.791322][ T31] audit: type=1400 audit(115.670:189): avc: denied { ioctl } for pid=3928 comm="syz.0.47" path="socket:[1022]" dev="sockfs" ino=1022 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 116.300897][ T3932] capability: warning: `syz.0.48' uses 32-bit capabilities (legacy support in use) [ 116.308363][ T31] audit: type=1401 audit(116.210:190): op=setxattr invalid_context="" [ 118.631247][ T31] audit: type=1400 audit(118.530:191): avc: denied { create } for pid=3940 comm="syz.0.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 118.658246][ T31] audit: type=1400 audit(118.550:192): avc: denied { write } for pid=3940 comm="syz.0.50" path="socket:[3077]" dev="sockfs" ino=3077 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 118.684006][ T31] audit: type=1400 audit(118.550:193): avc: denied { nlmsg_read } for pid=3940 comm="syz.0.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 119.480706][ T31] audit: type=1400 audit(119.380:194): avc: denied { create } for pid=3946 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 119.496731][ T31] audit: type=1400 audit(119.400:195): avc: denied { ioctl } for pid=3946 comm="syz.0.52" path="socket:[2543]" dev="sockfs" ino=2543 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 120.852016][ T3957] netlink: 32 bytes leftover after parsing attributes in process `syz.0.54'. [ 121.546350][ T31] audit: type=1400 audit(121.450:196): avc: denied { bind } for pid=3962 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 121.549245][ T31] audit: type=1400 audit(121.450:197): avc: denied { connect } for pid=3962 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 121.551638][ T31] audit: type=1400 audit(121.450:198): avc: denied { write } for pid=3962 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 122.466680][ T31] audit: type=1326 audit(122.370:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3969 comm="syz.0.59" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 122.470289][ T31] audit: type=1326 audit(122.370:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3969 comm="syz.0.59" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 122.776048][ T3974] netlink: 16 bytes leftover after parsing attributes in process `syz.0.60'. [ 123.365940][ T3980] syz.0.62[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.366372][ T3980] syz.0.62[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.367363][ T3980] syz.0.62[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.669196][ T31] kauditd_printk_skb: 6 callbacks suppressed [ 123.670442][ T31] audit: type=1400 audit(123.560:207): avc: denied { create } for pid=3982 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 123.693735][ T31] audit: type=1400 audit(123.590:208): avc: denied { write } for pid=3982 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 124.802884][ T3989] syz.0.65 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 125.386805][ T31] audit: type=1326 audit(125.290:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.0.67" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 125.390801][ T31] audit: type=1326 audit(125.290:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.0.67" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 125.392460][ T31] audit: type=1326 audit(125.290:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.0.67" exe="/syz-executor" sig=0 arch=40000028 syscall=392 compat=0 ip=0x133470 code=0x7ffc0000 [ 125.405146][ T31] audit: type=1326 audit(125.290:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.0.67" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 125.412293][ T31] audit: type=1326 audit(125.290:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.0.67" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 126.095188][ T4001] block device autoloading is deprecated and will be removed. [ 126.098621][ T4001] syz.0.69: attempt to access beyond end of device [ 126.098621][ T4001] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 126.852769][ T31] audit: type=1400 audit(126.750:214): avc: denied { create } for pid=4010 comm="syz.0.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 126.869298][ T31] audit: type=1400 audit(126.770:215): avc: denied { setopt } for pid=4010 comm="syz.0.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 127.307884][ T31] audit: type=1326 audit(127.210:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4013 comm="syz.0.73" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x133470 code=0x7ffc0000 [ 131.668820][ T4053] capability: warning: `syz.1.87' uses deprecated v2 capabilities in a way that may be insecure [ 133.986310][ T4062] ------------[ cut here ]------------ [ 133.993872][ T4062] WARNING: CPU: 0 PID: 4062 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 [ 133.994993][ T4062] refcount_t: underflow; use-after-free. [ 133.995324][ T4062] Modules linked in: [ 133.996008][ T4062] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 133.997680][ T4062] CPU: 0 UID: 0 PID: 4062 Comm: syz.1.89 Not tainted 6.12.0-rc6-syzkaller #0 [ 133.999147][ T4062] Hardware name: ARM-Versatile Express [ 134.000027][ T4062] Call trace: [ 134.000479][ T4062] [<8199ca38>] (dump_backtrace) from [<8199cb34>] (show_stack+0x18/0x1c) [ 134.001174][ T4062] r7:00000000 r6:82622f44 r5:00000000 r4:8203dc0c [ 134.001588][ T4062] [<8199cb1c>] (show_stack) from [<819bafc8>] (dump_stack_lvl+0x54/0x7c) [ 134.002112][ T4062] [<819baf74>] (dump_stack_lvl) from [<819bb008>] (dump_stack+0x18/0x1c) [ 134.002606][ T4062] r5:00000000 r4:82870d18 [ 134.002842][ T4062] [<819baff0>] (dump_stack) from [<8199d660>] (panic+0x120/0x374) [ 134.003346][ T4062] [<8199d540>] (panic) from [<80242118>] (get_taint+0x0/0x1c) [ 134.004014][ T4062] r3:8260c5c4 r2:00000001 r1:82025fe0 r0:8202da48 [ 134.004772][ T4062] r7:808408b0 [ 134.005190][ T4062] [<802420a4>] (check_panic_on_warn) from [<8024227c>] (__warn+0x80/0x188) [ 134.005924][ T4062] [<802421fc>] (__warn) from [<8024256c>] (warn_slowpath_fmt+0x1e8/0x1f4) [ 134.006370][ T4062] r8:00000009 r7:8208c41c r6:dfb45d6c r5:837b6c00 r4:00000000 [ 134.006693][ T4062] [<80242388>] (warn_slowpath_fmt) from [<808408b0>] (refcount_warn_saturate+0x13c/0x174) [ 134.007260][ T4062] r10:000001b4 r9:84cd0e80 r8:0000006c r7:00000000 r6:8182a104 r5:00000002 [ 134.007665][ T4062] r4:844fbc00 [ 134.007873][ T4062] [<80840774>] (refcount_warn_saturate) from [<8149bbc0>] (sk_skb_reason_drop+0x1d8/0x248) [ 134.008404][ T4062] [<8149b9e8>] (sk_skb_reason_drop) from [<8182a104>] (j1939_session_destroy+0x78/0x200) [ 134.008952][ T4062] r9:84cd0e80 r8:0000006c r7:84cd0e84 r6:84b84050 r5:84b84000 r4:844fbc00 [ 134.009429][ T4062] [<8182a08c>] (j1939_session_destroy) from [<8182b420>] (j1939_session_put+0x54/0x58) [ 134.009949][ T4062] r6:84cd0e78 r5:84cd0e78 r4:84cd0e78 [ 134.010266][ T4062] [<8182b3cc>] (j1939_session_put) from [<818284e0>] (j1939_sk_queue_drop_all+0x7c/0xc4) [ 134.010865][ T4062] [<81828464>] (j1939_sk_queue_drop_all) from [<81828720>] (j1939_sk_release+0x1f8/0x200) [ 134.011460][ T4062] r9:837b6c00 r8:82cae610 r7:84cd0e74 r6:84640000 r5:833c7900 r4:84cd0c00 [ 134.012084][ T4062] [<81828528>] (j1939_sk_release) from [<814851ec>] (__sock_release+0x44/0xbc) [ 134.012627][ T4062] r8:82cae610 r7:00000000 r6:81c7e894 r5:833c7a00 r4:833c7900 [ 134.013006][ T4062] [<814851a8>] (__sock_release) from [<8148527c>] (sock_close+0x18/0x20) [ 134.014059][ T4062] r7:833c7980 r6:833afee0 r5:082e0003 r4:847fac00 [ 134.014517][ T4062] [<81485264>] (sock_close) from [<80518d84>] (__fput+0xdc/0x2e4) [ 134.014935][ T4062] [<80518ca8>] (__fput) from [<80519014>] (____fput+0x14/0x18) [ 134.015445][ T4062] r9:837b6c00 r8:82871694 r7:837b6c00 r6:837b7484 r5:837b7454 r4:847fa8a8 [ 134.016450][ T4062] [<80519000>] (____fput) from [<8026c67c>] (task_work_run+0x90/0xb8) [ 134.016941][ T4062] [<8026c5ec>] (task_work_run) from [<8020bde0>] (do_work_pending+0x448/0x4f8) [ 134.017540][ T4062] r9:837b6c00 r8:8020029c r7:000001b4 r6:8020029c r5:dfb45fb0 r4:837b6c00 [ 134.017972][ T4062] [<8020b998>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24) [ 134.018569][ T4062] Exception stack(0xdfb45fb0 to 0xdfb45ff8) [ 134.023517][ T4062] 5fa0: 00000000 ffffffff 00000000 00000000 [ 134.024099][ T4062] 5fc0: 00000000 00000000 002862f0 000001b4 00000000 00006364 003d0f00 76b1f0bc [ 134.024563][ T4062] 5fe0: 76b1eec0 76b1eeb0 00018b10 00133470 60000010 00000007 [ 134.025039][ T4062] r10:000001b4 r9:837b6c00 r8:8020029c r7:000001b4 r6:002862f0 r5:00000000 [ 134.025520][ T4062] r4:00000000 [ 134.028927][ T4062] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:59:42 Registers: info registers vcpu 0 CPU#0 R00=3fffe3af R01=bfffe3af R02=3fffe3af R03=80000093 R04=dfb45b74 R05=0000004a R06=dddc53d5 R07=00000000 R08=00000000 R09=00000000 R10=8262a1a8 R11=dfb45b1c R12=00000000 R13=dfb45b08 R14=0000000c R15=802c36bc PSR=60000093 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=deffd6e0 R01=80219a58 R02=90f00000 R03=00000000 R04=ffedc000 R05=84418c00 R06=00000001 R07=828704e8 R08=00000001 R09=83fb0600 R10=e06a9da0 R11=e06a9ce4 R12=e06a9c88 R13=e06a9c48 R14=804f22e8 R15=804f22f4 PSR=a0000013 N-C- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=005727e9 s17=00000000 d08=00000000005727e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=d00303ff s33=00080004 d16=00080004d00303ff s34=0004d803 s35=e0030008 d17=e00300080004d803 s36=00080004 s37=0004e803 d18=0004e80300080004 s38=f0030008 s39=ffff0404 d19=ffff0404f0030008 s40=0303ffff s41=ff040580 d20=ff0405800303ffff s42=03ffffff s43=00059003 d21=0005900303ffffff s44=98030008 s45=00080005 d22=0008000598030008 s46=0005a003 s47=01fc0008 d23=01fc00080005a003 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=a928d6de s53=73c2fbb1 d26=73c2fbb1a928d6de s54=f8319f2d s55=97df3fe4 d27=97df3fe4f8319f2d s56=4110ae1b s57=bf741956 d28=bf7419564110ae1b s58=c606e0f3 s59=786086be d29=786086bec606e0f3 s60=b335421d s61=f47b08f9 d30=f47b08f9b335421d s62=54365f5b s63=7355a26a d31=7355a26a54365f5b FPSCR: 00000000