last executing test programs: 4.306444476s ago: executing program 4 (id=141): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004080)={0xffffffffffffffff}) write$binfmt_elf32(r0, &(0x7f0000000240)=ANY=[], 0xfffffdb6) sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="89", 0x1}], 0x1}}], 0x1, 0x0) 4.304996646s ago: executing program 3 (id=142): pipe(&(0x7f0000000180)={0xffffffffffffffff}) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, 0x0, 0x0) 4.255576764s ago: executing program 3 (id=143): r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x0, 0x800000000004, @tid=r0}, &(0x7f00000000c0)) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r2, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0xab, 0x0}, 0x0) close(r3) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() ioctl$FS_IOC_MEASURE_VERITY(r1, 0x5451, 0x0) 4.238478907s ago: executing program 3 (id=144): mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x541b, 0x0) 4.230163188s ago: executing program 3 (id=145): r0 = gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) readv(r1, 0x0, 0x0) close(r1) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0)) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004080)={0xffffffffffffffff}) write$binfmt_elf32(r2, &(0x7f0000000240)=ANY=[], 0xfffffdb6) sendmmsg$inet(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 3.903563758s ago: executing program 2 (id=156): mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)={[{@xino_off}, {@nfs_export_on}, {@index_on}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@metacopy_on}, {@nfs_export_on}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@euid_eq}, {@measure}, {@smackfstransmute={'smackfstransmute', 0x3d, '#'}}]}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000180)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000440)=0x82, 0x49) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) recvmsg(r0, &(0x7f00000033c0)={&(0x7f00000003c0)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002040)=[{&(0x7f0000000080)=""/49, 0x31}, {&(0x7f0000000f80)=""/4096, 0xffffffe1}, {0x0}, {&(0x7f0000000100)=""/102, 0x66}, {&(0x7f00000021c0)=""/4096, 0x1000}], 0x5, &(0x7f0000001f80)=""/178, 0xb2}, 0x120) shutdown(r0, 0x0) 3.769503129s ago: executing program 2 (id=159): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x3, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) gettid() 3.711473768s ago: executing program 2 (id=161): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r3, &(0x7f0000000300), 0xfdef, 0x0, 0x0, 0xfffffffffffffdfd) 3.627542791s ago: executing program 0 (id=164): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000140)={@loopback, @multicast1}}) 3.627471541s ago: executing program 0 (id=165): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) 3.593355776s ago: executing program 0 (id=166): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000100)=0x7d, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) recvmmsg(r0, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, 0x0) 3.540060094s ago: executing program 1 (id=168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x0) 3.468242995s ago: executing program 1 (id=169): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 3.468053905s ago: executing program 1 (id=170): unshare(0x40400) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000295"], &(0x7f0000000700)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r3, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780)={r4}, 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@map=0x1, r5, 0x2f, 0x0, 0xffffffffffffffff, @prog_id}, 0x20) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@map=0x1, r3, 0x2f, 0x10, 0xffffffffffffffff, @prog_fd=r5}, 0x20) 3.464871636s ago: executing program 1 (id=171): mlockall(0x1) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x5452, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) 3.464807716s ago: executing program 4 (id=172): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r0) socket$inet_tcp(0x2, 0x1, 0x0) bind$unix(r0, &(0x7f0000002dc0)=@abs, 0x6e) 3.453990857s ago: executing program 4 (id=173): socketpair(0x0, 0x0, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(0xffffffffffffffff, r0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0) mlockall(0x1) syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 3.388512358s ago: executing program 3 (id=174): mlockall(0x1) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, 0x0) close(0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) 2.795448899s ago: executing program 2 (id=175): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 2.743751517s ago: executing program 2 (id=176): mlockall(0x1) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) 2.743417117s ago: executing program 0 (id=177): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) 2.72113049s ago: executing program 0 (id=178): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000005600)=[{&(0x7f0000004080)=""/229, 0xe5}, {&(0x7f0000004240)=""/4084, 0xff4}, {&(0x7f0000005240)=""/186, 0xba}, {&(0x7f0000005300)=""/209, 0xd1}, {&(0x7f0000005400)=""/188, 0xbc}, {&(0x7f0000005540)=""/133, 0x85}], 0x6}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) r1 = syz_clone(0x20003000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt(r2, 0x0, 0x7, 0x0, &(0x7f0000000080)) fcntl$setown(r2, 0x8, r1) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x1, 0x0}, @fda}, &(0x7f0000000240)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r8, 0x0, 0x0}, 0x10) 2.673722958s ago: executing program 0 (id=179): mlockall(0x1) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x46) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f00000000c0)={0x33, 0x6, 0x0, 0x0, 0x0, [@empty, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, 0x38) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) fcntl$setown(r1, 0x8, 0x0) r2 = accept(r1, &(0x7f0000001280)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = getgid() getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f00000063c0)) syz_fuse_handle_req(r3, 0x0, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)={{}, {0x1, 0x4}, [{0x2, 0x5}], {}, [{}, {}, {}, {}, {0x8, 0x2, r4}], {0x10, 0xc}, {0x20, 0x6}}, 0x54, 0x5) syz_clone(0x0, 0x0, 0x29, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x1) 1.979454785s ago: executing program 4 (id=180): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x800) read$FUSE(r0, 0x0, 0x0) 1.979357075s ago: executing program 4 (id=181): r0 = signalfd4(0xffffffffffffffff, &(0x7f00000020c0), 0x8, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0) 1.960309128s ago: executing program 4 (id=182): socket$inet_tcp(0x2, 0x1, 0x0) mlockall(0x1) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5452, 0x0) 1.824148869s ago: executing program 3 (id=183): mlockall(0x1) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x5411, 0x0) listen(0xffffffffffffffff, 0x0) 1.695490099s ago: executing program 1 (id=184): mlockall(0x3) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, 0x0) 720.159379ms ago: executing program 2 (id=185): mlockall(0x1) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) syz_open_pts(r0, 0x2080) 0s ago: executing program 1 (id=186): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r3, &(0x7f0000000300), 0xfdef, 0x0, 0x0, 0xfffffffffffffdfd) kernel console output (not intermixed with test programs): hd_t tclass=fifo_file permissive=1 [ 14.299169][ T23] audit: type=1400 audit(1719601334.100:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.301591][ T23] audit: type=1400 audit(1719601334.100:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. [ 20.520184][ T23] audit: type=1400 audit(1719601340.330:66): avc: denied { mounton } for pid=341 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.521604][ T341] cgroup1: Unknown subsys name 'net' [ 20.542709][ T23] audit: type=1400 audit(1719601340.330:67): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.547921][ T341] cgroup1: Unknown subsys name 'net_prio' [ 20.575294][ T341] cgroup1: Unknown subsys name 'devices' [ 20.582265][ T23] audit: type=1400 audit(1719601340.400:68): avc: denied { unmount } for pid=341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.748888][ T341] cgroup1: Unknown subsys name 'hugetlb' [ 20.754705][ T341] cgroup1: Unknown subsys name 'rlimit' [ 20.947082][ T23] audit: type=1400 audit(1719601340.760:69): avc: denied { setattr } for pid=341 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.970291][ T23] audit: type=1400 audit(1719601340.760:70): avc: denied { mounton } for pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.975800][ T343] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.995455][ T23] audit: type=1400 audit(1719601340.760:71): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.027382][ T23] audit: type=1400 audit(1719601340.840:72): avc: denied { relabelto } for pid=343 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.052891][ T23] audit: type=1400 audit(1719601340.840:73): avc: denied { write } for pid=343 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 21.129839][ T23] audit: type=1400 audit(1719601340.940:74): avc: denied { read } for pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.155198][ T23] audit: type=1400 audit(1719601340.940:75): avc: denied { open } for pid=341 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.181124][ T341] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.428174][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.435005][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.442358][ T350] device bridge_slave_0 entered promiscuous mode [ 21.450768][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.457675][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.464796][ T350] device bridge_slave_1 entered promiscuous mode [ 21.526734][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.533552][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.540863][ T352] device bridge_slave_0 entered promiscuous mode [ 21.583070][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.590067][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.597316][ T352] device bridge_slave_1 entered promiscuous mode [ 21.637231][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.644058][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.651474][ T355] device bridge_slave_0 entered promiscuous mode [ 21.661816][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.668786][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.676212][ T355] device bridge_slave_1 entered promiscuous mode [ 21.701555][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.708413][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.715742][ T354] device bridge_slave_0 entered promiscuous mode [ 21.748897][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.755723][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.763079][ T354] device bridge_slave_1 entered promiscuous mode [ 21.820375][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.827320][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.834590][ T353] device bridge_slave_0 entered promiscuous mode [ 21.857734][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.864563][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.872198][ T353] device bridge_slave_1 entered promiscuous mode [ 21.938560][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.945386][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.952549][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.959284][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.978108][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.984924][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.992068][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.998831][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.060748][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.067593][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.074705][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.081477][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.093217][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.100640][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.107811][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.114709][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.121810][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.129141][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.136153][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.157386][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.165490][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.172331][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.179826][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.188006][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.194811][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.219453][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.226959][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.234128][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.242124][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.248953][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.256736][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.264652][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.271514][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.297496][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.305273][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.313176][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.322878][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.349959][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.369101][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.377373][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.385285][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.392112][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.399638][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.407457][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.414839][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.429531][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.437889][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.445791][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.452554][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.459834][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.468094][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.496307][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.504529][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.513524][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.521872][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.529665][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.537550][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.545214][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.553052][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.560714][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.569031][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.577015][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.583819][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.591025][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.598642][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.606369][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.614412][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.622520][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.629439][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.650180][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.658202][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.666368][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.674157][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.683999][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.691863][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.706073][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.713478][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.720999][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.729287][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.737372][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.744185][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.751402][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.759526][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.767694][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.774503][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.782032][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.801458][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.809269][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.817791][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.825821][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.837214][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.845341][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.866251][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.874289][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.883077][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.891398][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.899655][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.907724][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.915784][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.923916][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.947724][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.955836][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.965092][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.990738][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.998632][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.007051][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.014666][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.022421][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.030940][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.038889][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.046959][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.054973][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.063178][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.071296][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.079551][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.112752][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.124538][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.132975][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.145674][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.176888][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.190892][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.226057][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.234128][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.269428][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.269708][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.286438][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.299972][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.308320][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.316565][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.515803][ T410] cgroup: syz.1.11 (410) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future. [ 23.531708][ T410] cgroup: "memory" requires setting use_hierarchy to 1 on the root [ 23.646862][ T421] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.937035][ T438] netlink: 'syz.2.24': attribute type 6 has an invalid length. [ 24.304629][ T441] syz.4.22 (441) used greatest stack depth: 21304 bytes left [ 25.268561][ T484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.39'. [ 25.346065][ T373] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.586120][ T373] usb 4-1: Using ep0 maxpacket: 8 [ 25.742508][ T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.766172][ T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.775741][ T373] usb 4-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 25.796062][ T373] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.814170][ T373] usb 4-1: config 0 descriptor?? [ 27.101627][ T23] kauditd_printk_skb: 48 callbacks suppressed [ 27.101636][ T23] audit: type=1400 audit(1719601346.910:124): avc: denied { read write } for pid=548 comm="syz.2.59" name="fuse" dev="devtmpfs" ino=9171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 27.131422][ T550] netlink: 12 bytes leftover after parsing attributes in process `syz.2.59'. [ 27.185195][ T23] audit: type=1400 audit(1719601346.910:125): avc: denied { open } for pid=548 comm="syz.2.59" path="/dev/fuse" dev="devtmpfs" ino=9171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.036102][ T373] usbhid 4-1:0.0: can't add hid device: -71 [ 28.041921][ T373] usbhid: probe of 4-1:0.0 failed with error -71 [ 28.066420][ T373] usb 4-1: USB disconnect, device number 2 [ 28.148632][ T23] audit: type=1400 audit(1719601347.960:126): avc: denied { getopt } for pid=573 comm="syz.3.67" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 28.746341][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 28.763439][ T23] audit: type=1400 audit(1719601348.570:127): avc: denied { read } for pid=592 comm="syz.4.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 28.962123][ T599] netlink: 12 bytes leftover after parsing attributes in process `syz.4.75'. [ 29.043751][ T23] audit: type=1400 audit(1719601348.850:128): avc: denied { mounton } for pid=603 comm="syz.0.77" path="/root/syzkaller.kTkB2a/12/file0" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=fifo_file permissive=1 [ 29.043949][ T604] 9pnet: Insufficient options for proto=fd [ 29.098766][ T23] audit: type=1400 audit(1719601348.910:129): avc: denied { bind } for pid=606 comm="syz.1.78" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.123981][ T23] audit: type=1400 audit(1719601348.910:130): avc: denied { node_bind } for pid=606 comm="syz.1.78" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 29.205804][ T617] kernel profiling enabled (shift: 2) [ 29.250733][ T23] audit: type=1400 audit(1719601349.060:131): avc: denied { create } for pid=620 comm="syz.0.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 29.306078][ T23] audit: type=1400 audit(1719601349.060:132): avc: denied { write } for pid=620 comm="syz.0.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 29.329988][ T630] 9pnet: Insufficient options for proto=fd [ 29.356542][ T23] audit: type=1400 audit(1719601349.060:133): avc: denied { setopt } for pid=622 comm="syz.0.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 29.482334][ T646] request_module fs-cramfs succeeded, but still no fs? [ 29.706131][ T74] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 29.928275][ T691] 9pnet: Insufficient options for proto=fd [ 30.144893][ T74] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 30.225583][ T74] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 30.256684][ T74] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 30.266352][ T74] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.356636][ T74] usb 1-1: config 0 descriptor?? [ 30.376117][ T638] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 30.402597][ T74] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 30.410831][ T702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.117'. [ 30.480086][ T707] Alternate GPT is invalid, using primary GPT. [ 30.486334][ T707] loop1: p1 p2 p3 [ 30.560292][ T491] udevd[491]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 30.571397][ T713] udevd[713]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 30.599309][ T351] udevd[351]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 31.138047][ T723] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 31.446106][ T74] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.866222][ T74] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 31.876452][ T74] usb 3-1: config 253 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 31.886602][ T74] usb 3-1: config 253 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 31.897099][ T74] usb 3-1: config 253 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 31.909925][ T74] usb 3-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=80.51 [ 31.918709][ T74] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.123132][ T23] kauditd_printk_skb: 9 callbacks suppressed [ 32.123141][ T23] audit: type=1400 audit(1719601351.930:143): avc: denied { unmount } for pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 32.167367][ T13] usb 3-1: USB disconnect, device number 2 [ 32.449076][ T13] usb 1-1: USB disconnect, device number 2 [ 32.483911][ T788] 9pnet_virtio: no channels available for device syz [ 32.505721][ T23] audit: type=1400 audit(1719601352.310:144): avc: denied { set_context_mgr } for pid=789 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 32.525694][ T23] audit: type=1400 audit(1719601352.330:145): avc: denied { map } for pid=789 comm="syz.0.150" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 32.551828][ T23] audit: type=1400 audit(1719601352.330:146): avc: denied { call } for pid=789 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 32.618048][ T799] 9pnet_virtio: no channels available for device syz [ 32.682806][ T23] audit: type=1400 audit(1719601352.490:147): avc: denied { unmount } for pid=355 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 32.969343][ T23] audit: type=1400 audit(1719601352.780:148): avc: denied { mount } for pid=821 comm="syz.0.165" name="/" dev="ramfs" ino=14532 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 33.104602][ T23] audit: type=1400 audit(1719601352.910:149): avc: denied { create } for pid=833 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 33.136773][ T23] audit: type=1400 audit(1719601352.940:150): avc: denied { write } for pid=833 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 34.156519][ T23] audit: type=1400 audit(1719601353.970:151): avc: denied { setopt } for pid=861 comm="syz.0.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 34.205861][ T23] audit: type=1400 audit(1719601353.970:152): avc: denied { accept } for pid=861 comm="syz.0.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 36.726018][ C1] ================================================================== [ 36.733921][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 36.740841][ C1] Read of size 8 at addr ffff8881dc407900 by task syz-executor/354 [ 36.748560][ C1] [ 36.750743][ C1] CPU: 1 PID: 354 Comm: syz-executor Not tainted 5.4.274-syzkaller-00003-g51e9abf68baf #0 [ 36.760461][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 36.770347][ C1] Call Trace: [ 36.773468][ C1] [ 36.776166][ C1] dump_stack+0x1d8/0x241 [ 36.780332][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 36.785971][ C1] ? printk+0xd1/0x111 [ 36.789878][ C1] ? profile_pc+0xa4/0xe0 [ 36.794047][ C1] ? wake_up_klogd+0xb2/0xf0 [ 36.798484][ C1] ? profile_pc+0xa4/0xe0 [ 36.802639][ C1] print_address_description+0x8c/0x600 [ 36.808019][ C1] ? panic+0x89d/0x89d [ 36.811926][ C1] ? profile_pc+0xa4/0xe0 [ 36.816088][ C1] __kasan_report+0xf3/0x120 [ 36.820519][ C1] ? profile_pc+0xa4/0xe0 [ 36.824683][ C1] ? _raw_write_lock+0xbc/0x170 [ 36.829367][ C1] kasan_report+0x30/0x60 [ 36.833537][ C1] profile_pc+0xa4/0xe0 [ 36.837530][ C1] profile_tick+0xb9/0x100 [ 36.841779][ C1] tick_sched_timer+0x237/0x3c0 [ 36.846470][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 36.851851][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 36.856979][ C1] ? _raw_spin_unlock_irq+0x4a/0x60 [ 36.862021][ C1] ? hrtimer_interrupt+0x890/0x890 [ 36.866958][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 36.871990][ C1] ? sched_clock+0x36/0x40 [ 36.876247][ C1] ? sched_clock_cpu+0x18/0x3a0 [ 36.880933][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 36.886838][ C1] hrtimer_interrupt+0x38a/0x890 [ 36.891613][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 36.896991][ C1] apic_timer_interrupt+0xf/0x20 [ 36.901756][ C1] [ 36.904552][ C1] RIP: 0010:_raw_write_lock+0xbc/0x170 [ 36.909835][ C1] Code: e8 c9 df 42 fd 4c 89 ff be 04 00 00 00 e8 bc df 42 fd 43 0f b6 04 26 84 c0 75 7d 8b 44 24 20 b9 ff 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04 [ 36.929274][ C1] RSP: 0018:ffff8881dc407900 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 36.937528][ C1] RAX: 0000000000000000 RBX: 1ffff1103b880f20 RCX: 00000000000000ff [ 36.945329][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881dc407920 [ 36.953143][ C1] RBP: ffff8881dc407990 R08: dffffc0000000000 R09: 0000000000000003 [ 36.960951][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 36.968769][ C1] R13: ffff8881c66a43e0 R14: 1ffff1103b880f24 R15: ffff8881dc407920 [ 36.976588][ C1] ? _raw_write_trylock+0x1a0/0x1a0 [ 36.981611][ C1] ? memset+0x1f/0x40 [ 36.985433][ C1] ? ext4_discard_preallocations+0x522/0xb90 [ 36.991247][ C1] ? __dquot_initialize+0x212/0xd50 [ 36.996281][ C1] ext4_es_remove_extent+0x127/0x420 [ 37.001403][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 37.006805][ C1] ? ext4_es_lookup_extent+0x9d0/0x9d0 [ 37.012078][ C1] ? _raw_spin_unlock_irq+0x4a/0x60 [ 37.017115][ C1] ext4_clear_inode+0x44/0x170 [ 37.021710][ C1] ext4_free_inode+0x2d7/0xe80 [ 37.026309][ C1] ? ext4_blocks_for_truncate+0x210/0x210 [ 37.031860][ C1] ? ext4_orphan_add+0x8e0/0x8e0 [ 37.036638][ C1] ? ext4_end_bitmap_read+0xb0/0xb0 [ 37.041670][ C1] ? kmem_cache_alloc+0xd9/0x250 [ 37.046460][ C1] ? jbd2__journal_start+0x341/0x6c0 [ 37.051568][ C1] ext4_evict_inode+0x1431/0x1ac0 [ 37.056517][ C1] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 37.062153][ C1] ? asan.module_dtor+0x20/0x20 [ 37.066839][ C1] ? up_write+0xa6/0x270 [ 37.070920][ C1] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 37.076561][ C1] evict+0x29b/0x6a0 [ 37.080296][ C1] do_unlinkat+0x48e/0x8b0 [ 37.084549][ C1] ? fsnotify_link_count+0x80/0x80 [ 37.089494][ C1] ? getname_flags+0x1ec/0x4e0 [ 37.094092][ C1] do_syscall_64+0xca/0x1c0 [ 37.098471][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 37.104156][ C1] RIP: 0033:0x7fdcc9a491e7 [ 37.108406][ C1] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 37.127857][ C1] RSP: 002b:00007ffe09696578 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 37.136096][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdcc9a491e7 [ 37.143902][ C1] RDX: 00007ffe096965a0 RSI: 00007ffe09696630 RDI: 00007ffe09696630 [ 37.151797][ C1] RBP: 00007ffe09696630 R08: 0000000000000000 R09: 0000000000000000 [ 37.159616][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe096976e0 [ 37.167456][ C1] R13: 00007fdcc9ab764a R14: 0000000000008770 R15: 00007ffe09697720 [ 37.175233][ C1] [ 37.177400][ C1] The buggy address belongs to the page: [ 37.182879][ C1] page:ffffea00077101c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.191808][ C1] flags: 0x8000000000000000() [ 37.196325][ C1] raw: 8000000000000000 ffffea00077101c8 ffffea00077101c8 0000000000000000 [ 37.204746][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.213156][ C1] page dumped because: kasan: bad access detected [ 37.219452][ C1] page_owner tracks the page as allocated [ 37.224963][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO) [ 37.236173][ C1] prep_new_page+0x18f/0x370 [ 37.240586][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 37.245986][ C1] __alloc_pages_nodemask+0x393/0x840 [ 37.251178][ C1] dup_task_struct+0x85/0x600 [ 37.255691][ C1] copy_process+0x56d/0x3230 [ 37.260116][ C1] _do_fork+0x197/0x900 [ 37.264111][ C1] __x64_sys_clone+0x26b/0x2c0 [ 37.268710][ C1] do_syscall_64+0xca/0x1c0 [ 37.273050][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 37.278772][ C1] page_owner free stack trace missing [ 37.283978][ C1] [ 37.286151][ C1] addr ffff8881dc407900 is located in stack of task syz-executor/354 at offset 0 in frame: [ 37.295958][ C1] _raw_write_lock+0x0/0x170 [ 37.300555][ C1] [ 37.302731][ C1] this frame has 1 object: [ 37.306979][ C1] [32, 36) 'cnts.i.i' [ 37.306980][ C1] [ 37.313053][ C1] Memory state around the buggy address: [ 37.318525][ C1] ffff8881dc407800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.326423][ C1] ffff8881dc407880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.334318][ C1] >ffff8881dc407900: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 [ 37.342224][ C1] ^ [ 37.346125][ C1] ffff8881dc407980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 37.354021][ C1] ffff8881dc407a00: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.361917][ C1] ================================================================== [ 37.369816][ C1] Disabling lock debugging due to kernel taint [ 38.386841][ T352] syz-executor (352) used greatest stack depth: 21080 bytes left [ 39.016347][ T391] device bridge_slave_1 left promiscuous mode [ 39.022396][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.029958][ T391] device bridge_slave_0 left promiscuous mode [ 39.035881][ T391] bridge0: port 1(bridge_slave_0) entered disabled state