last executing test programs: 2.658552223s ago: executing program 4 (id=41): r0 = memfd_create(&(0x7f0000000640)='#_\x94\xa8rod%v\x00\x7f\xe5\xd0ql\x86\xc9\xe6\x14\x93\xb0\x7f_,y<~\xab\x84\x00\x00\x00\x00\x00\x00\x14}\n\x81\xc7\xf9s\xd7\xe0\x9ehPK\xe0\xc2bF\'\xff`V\x85|oC\xca\v\xe3\xba]fn\xee\xde!\x94\x0f\xaf\xb7\x93\xe8\xb6\xc3N\x16&\xab\xf9{\xaf;\xcf\x8c\xa8\xb9\x06\xaf\xd0\xfb:\x90LNF\x13\x9f\xc2\xb7/1\xb9V\xf0*\xcb\xdc\x05n<\xcfi\x02*8\xda\"\xb3\xfe\xf3\x97\xd9\xa5b\xd4\x00Q$\xb2v\\\xa9\xcf*tw\x8a\n_)\x89A\x8f`R\x12zM\a\xc43\xd0d\xee\x13Q\x94\xb7\xeb\xbe\xb2\x9bG|\xa8VgU\x01|\x8aF\xbd\x8eu\xde\xbb\x97\xf9\xd3\bp\x82\xe4A\xc1\xbf\xaf\xbf\x97W\x99DXQK\xe4i\xe9\x17[B\xe2\xe1\x8b@ac\x1a\x11\x11\xcb[\xbf\xcf\xe6xk\xad\xe6\x96\xf7\xfcNg\x80_\xd5\x0f\xa0\xe6.<\xef\xd8\x13Q$\x19$', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r0, 0x0) umount2(&(0x7f0000000740)='./file0/../file0\x00', 0x0) 2.551162229s ago: executing program 4 (id=42): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0) 2.550980389s ago: executing program 4 (id=43): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000000085000008"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@cgroup, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@ifindex, 0xffffffffffffffff, 0x3, 0x0, 0x0, @link_id, r2}, 0x20) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000600)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000000fe2010000000000000000000000000a8c000000060a0b0400000000000000124402ece259444d5a9683a71eb90002000000600004802c00018008000100636d7000200002800800024000000000080001400000040d0c0003800500010005000000140001800d00010073796e70726f7879000000001c00018009040100786672ed000000000c0002800500030000000000090054bd73797a3000000000090009000000000000000000140000001100010000000000000000000000000a"], 0xb4}}, 0x0) close(0xffffffffffffffff) unshare(0x22020400) getsockname(r1, &(0x7f0000000300)=@hci, &(0x7f0000000780)=0x80) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008001c000000002018000180140002006e657464657673696d300000000000000800080000000000080009"], 0x44}}, 0x0) 2.490930588s ago: executing program 4 (id=46): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) 2.179044716s ago: executing program 1 (id=51): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00'}, 0x10) r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@getqdisc={0x38, 0x26, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}}, 0x40080) 2.161594999s ago: executing program 1 (id=52): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002802c00018014000300fe8000000000000002000000000000aa14000400fe8800000000000000cc0000000000010c000280050001000000000009000740000000001800068014000f"], 0xac}}, 0x0) 2.067601833s ago: executing program 1 (id=53): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_usb_connect(0x0, 0x24, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x72, 0xc, 0xc, 0x40, 0x5ac, 0x253, 0x655a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x4, 0x2}}]}}]}}, 0x0) 1.962438199s ago: executing program 0 (id=56): setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 1.866566884s ago: executing program 0 (id=58): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]}) write$ppp(r0, &(0x7f0000000140)="1627", 0x2) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet(0x2, 0x0, 0x84) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="869b132bd023614380db065e0361c17ea4a123b3bb9e097016930f86e5770aad078c4c277a1395029b04e6e395582175a5a51337a9cca6caa5dbca7d39f50d3c0953ced75eb50ab4bd376a823a25e25fedb026cc0bfe050a853add29e084638e80ea15d545bc95fa88627d7655fabad382915947827999877ccda8219594061cf48fe5dab16ef146649e7e028814bfaf30cab93eb504eed401a2fb150716a6846135fbe3ed3b14696dfa17f7f4e2c25287e53088614a50682c0c2fc16acefd8d9efd4fda8c9e43260fc9fdfb1c88e806ed60f2ada4838b9121780a8f84cdbf51e94b168394c9548cf4", 0xe9}, {0x0}], 0x2}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b8005002b000300"/36], 0x3c}, 0x1, 0xffffffea}, 0x0) 1.780769357s ago: executing program 4 (id=60): syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b0000000904"], 0x0) 1.728946175s ago: executing program 0 (id=62): socket$unix(0x1, 0x5, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) timerfd_create(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000001480)) socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r0], 0x3c}}, 0x0) 1.523105346s ago: executing program 0 (id=64): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) 1.523056497s ago: executing program 0 (id=65): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0xec5, &(0x7f00000008c0)={0x0, 0x0, 0x2}, &(0x7f0000000080), &(0x7f0000000340)) io_uring_enter(r0, 0x0, 0x0, 0x3, 0x0, 0x0) 1.522997046s ago: executing program 0 (id=66): syz_usb_connect(0x0, 0x24, &(0x7f0000000c40)={{0x12, 0x1, 0x0, 0x5d, 0x91, 0x37, 0x40, 0x4dd, 0x9031, 0x64a0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0xa}}]}}]}}, 0x0) 1.191139907s ago: executing program 3 (id=72): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000000)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)={0xa4, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PEERS={0x88, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}, {0x5c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "8560b2abfcff5f7fad26edbe46db38b2193196f33baad7e10cfd832dc3c8992a"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}]}, 0xa4}}, 0x0) 1.190978717s ago: executing program 3 (id=73): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) close(0xffffffffffffffff) ioctl$sock_inet_tcp_SIOCINQ(r4, 0x541b, &(0x7f00000012c0)) 563.250564ms ago: executing program 2 (id=77): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 558.705955ms ago: executing program 2 (id=78): r0 = socket(0x2a, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000004080)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x1, 0x0) 543.596557ms ago: executing program 2 (id=79): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1c, 0x0, 0x3, 0x0, {0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x1}, {}, {0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x0) 483.116656ms ago: executing program 2 (id=80): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) 482.954736ms ago: executing program 2 (id=81): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}]}]}, 0x28}}, 0x0) 482.828426ms ago: executing program 1 (id=82): syz_emit_ethernet(0xe, &(0x7f0000000440)={@dev, @broadcast, @void, {@mpls_uc}}, &(0x7f00000004c0)={0x0, 0x0, [0x0, 0x0, 0x1a7, 0xa87]}) 469.437598ms ago: executing program 1 (id=83): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8931, &(0x7f0000000080)) 459.2288ms ago: executing program 2 (id=84): mlockall(0x3) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) munlockall() socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 415.105817ms ago: executing program 1 (id=85): io_submit(0x0, 0x1, &(0x7f00000006c0)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="9f7ba446dedc18551232544c676b351a95aa2234ca389d6de4406af74994", 0x1e}]) memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 340.639148ms ago: executing program 3 (id=86): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="8b330000000000ffff001500000008000300", @ANYRES32=0x0, @ANYBLOB="05002a"], 0x2c}}, 0x0) 327.55538ms ago: executing program 3 (id=87): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000030001c0"]) 219.175247ms ago: executing program 3 (id=88): syz_emit_ethernet(0x46, &(0x7f0000000600)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 219.009347ms ago: executing program 3 (id=89): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x11, 0x0, 0x0) r5 = io_uring_setup(0x2922, &(0x7f00000000c0)) syz_io_uring_setup(0x247a, &(0x7f0000000140)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r5}, &(0x7f00000001c0), &(0x7f0000000200)) 0s ago: executing program 4 (id=90): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x3, 0x1004, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000e8000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x87, 0x6}, 0x14) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_clone(0x8020000, 0x0, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts. [ 19.458003][ T23] audit: type=1400 audit(1719600414.150:66): avc: denied { mounton } for pid=340 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.459533][ T340] cgroup1: Unknown subsys name 'net' [ 19.480422][ T23] audit: type=1400 audit(1719600414.150:67): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.485747][ T340] cgroup1: Unknown subsys name 'net_prio' [ 19.513182][ T340] cgroup1: Unknown subsys name 'devices' [ 19.519466][ T23] audit: type=1400 audit(1719600414.210:68): avc: denied { unmount } for pid=340 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.659439][ T340] cgroup1: Unknown subsys name 'hugetlb' [ 19.665052][ T340] cgroup1: Unknown subsys name 'rlimit' [ 19.857885][ T23] audit: type=1400 audit(1719600414.550:69): avc: denied { setattr } for pid=340 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.881019][ T23] audit: type=1400 audit(1719600414.550:70): avc: denied { mounton } for pid=340 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.898237][ T342] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.906149][ T23] audit: type=1400 audit(1719600414.550:71): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.937524][ T23] audit: type=1400 audit(1719600414.610:72): avc: denied { relabelto } for pid=342 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.962968][ T23] audit: type=1400 audit(1719600414.610:73): avc: denied { write } for pid=342 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.963169][ T340] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.988466][ T23] audit: type=1400 audit(1719600414.620:74): avc: denied { read } for pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.022275][ T23] audit: type=1400 audit(1719600414.620:75): avc: denied { open } for pid=340 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.293943][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.301183][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.308733][ T349] device bridge_slave_0 entered promiscuous mode [ 20.323418][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.330401][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.337783][ T349] device bridge_slave_1 entered promiscuous mode [ 20.412715][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.419624][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.426748][ T350] device bridge_slave_0 entered promiscuous mode [ 20.433240][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.440104][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.447385][ T351] device bridge_slave_0 entered promiscuous mode [ 20.457539][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.464536][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.472123][ T351] device bridge_slave_1 entered promiscuous mode [ 20.480560][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.487822][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.495237][ T350] device bridge_slave_1 entered promiscuous mode [ 20.566263][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.573198][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.580557][ T352] device bridge_slave_0 entered promiscuous mode [ 20.591043][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.597984][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.605499][ T352] device bridge_slave_1 entered promiscuous mode [ 20.632815][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.639674][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.647037][ T353] device bridge_slave_0 entered promiscuous mode [ 20.678910][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.685738][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.693090][ T353] device bridge_slave_1 entered promiscuous mode [ 20.798868][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.805696][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.812886][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.819715][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.838454][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.845282][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.852429][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.859187][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.871888][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.878731][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.885872][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.892853][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.939544][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.946373][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.953539][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.960448][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.976413][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.983258][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.990376][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.997151][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.044033][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.051864][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.058951][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.066254][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.073471][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.080875][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.088090][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.095222][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.102156][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.109304][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.116277][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.123532][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.142103][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.149457][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.156614][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.164786][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.171620][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.179271][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.187429][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.194244][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.201497][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.209484][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.216289][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.223538][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.231487][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.238314][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.272410][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.281244][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.289081][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.297706][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.304514][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.312079][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.320073][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.327252][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.334461][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.342524][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.356879][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.364929][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.372980][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.381144][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.389298][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.397323][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.407038][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.414338][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.437271][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.445423][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.453840][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.460685][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.468943][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.477177][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.485088][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.491827][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.509014][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.517258][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.525349][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.532368][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.540318][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.548929][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.556888][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.563698][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.570922][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.578772][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.586451][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.594774][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.606979][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.614875][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.628513][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.636848][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.645140][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.652860][ T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.672244][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.681074][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.690222][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.698997][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.709356][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.717758][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.737175][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.745789][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.754170][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.762456][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.770185][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.778254][ T369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.789170][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.797720][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.818364][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.826416][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.845861][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.853802][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.861798][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.869831][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.878130][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.886060][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.916968][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.925083][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.933821][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.942488][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.951034][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.959213][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.967452][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.975062][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.982852][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.990883][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.023491][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.031997][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.040765][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.049433][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.057677][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.065560][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.081232][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.089968][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.098849][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.107715][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.135473][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.143830][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.152087][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.162964][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.171243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.180217][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.373198][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 23.971037][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 24.482502][ T23] kauditd_printk_skb: 26 callbacks suppressed [ 24.482512][ T23] audit: type=1400 audit(1719600419.170:102): avc: denied { mounton } for pid=464 comm="syz.4.33" path="/root/syzkaller.zPmSTV/4/file0" dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.579205][ T23] audit: type=1400 audit(1719600419.270:103): avc: denied { mount } for pid=464 comm="syz.4.33" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 24.642195][ T23] audit: type=1400 audit(1719600419.310:104): avc: denied { unmount } for pid=352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 24.736037][ T23] audit: type=1400 audit(1719600419.420:105): avc: denied { create } for pid=469 comm="syz.4.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 24.785750][ T23] audit: type=1400 audit(1719600419.420:106): avc: denied { write } for pid=469 comm="syz.4.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 24.822724][ T23] audit: type=1400 audit(1719600419.510:107): avc: denied { map_read map_write } for pid=474 comm="syz.3.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 24.845024][ T475] [ 24.849033][ T475] ********************************************************** [ 24.869213][ T475] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 24.886541][ T475] ** ** [ 24.896639][ T23] audit: type=1400 audit(1719600419.540:108): avc: denied { create } for pid=476 comm="syz.4.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 24.923829][ T475] ** trace_printk() being used. Allocating extra memory. ** [ 24.956018][ T475] ** ** [ 24.979528][ T475] ** This means that this is a DEBUG kernel and it is ** [ 25.000690][ T475] ** unsafe for production use. ** [ 25.036855][ T475] ** ** [ 25.072891][ T475] ** If you see this message and you are not debugging ** [ 25.110563][ T475] ** the kernel, report this immediately to your vendor! ** [ 25.133934][ T475] ** ** [ 25.147206][ T475] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 25.155454][ T23] audit: type=1400 audit(1719600419.840:109): avc: denied { ioctl } for pid=485 comm="syz.4.40" path="socket:[11775]" dev="sockfs" ino=11775 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 25.190209][ T475] ********************************************************** [ 25.220697][ T23] audit: type=1400 audit(1719600419.910:110): avc: denied { execute } for pid=488 comm="syz.4.41" path=2F6D656D66643A235F94A8726F642576202864656C6574656429 dev="tmpfs" ino=11778 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 25.305800][ T23] audit: type=1400 audit(1719600419.980:111): avc: denied { ioctl } for pid=492 comm="syz.3.44" path="socket:[11785]" dev="sockfs" ino=11785 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 25.698605][ T515] netlink: 'syz.1.52': attribute type 7 has an invalid length. [ 25.724555][ T515] netlink: 16 bytes leftover after parsing attributes in process `syz.1.52'. [ 25.980281][ T528] netlink: 36 bytes leftover after parsing attributes in process `syz.2.55'. [ 26.017834][ T528] netlink: 192 bytes leftover after parsing attributes in process `syz.2.55'. [ 26.036395][ T532] netlink: 12 bytes leftover after parsing attributes in process `syz.0.58'. [ 26.046374][ T532] Zero length message leads to an empty skb [ 26.052769][ T532] netlink: 4 bytes leftover after parsing attributes in process `syz.0.58'. [ 26.062426][ T532] netlink: 24 bytes leftover after parsing attributes in process `syz.0.58'. [ 26.126854][ T371] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.420367][ T554] EXT4-fs (loop3): orphan cleanup on readonly fs [ 26.427618][ T554] EXT4-fs error (device loop3): ext4_quota_enable:6056: inode #31: comm syz.3.69: iget: special inode unallocated [ 26.440152][ T554] EXT4-fs error (device loop3): ext4_quota_enable:6059: comm syz.3.69: Bad quota inode: 31, type: 2 [ 26.451384][ T554] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=2, err=-117, ino=31). Please run e2fsck to fix. [ 26.466176][ T554] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 26.473051][ T554] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 26.488951][ T371] usb 2-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 26.507074][ T371] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.515995][ T371] usb 2-1: config 0 descriptor?? [ 26.536929][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 26.560331][ T371] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 26.577079][ T121] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.787753][ T124] usb 2-1: USB disconnect, device number 2 [ 27.066915][ T5] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 27.077790][ T5] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 27.086618][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.129553][ T5] snd-usb-audio: probe of 5-1:27.0 failed with error -2 [ 27.155662][ T573] kernel profiling enabled (shift: 2) [ 27.246937][ T121] usb 1-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=64.a0 [ 27.255940][ T121] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.258078][ T577] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 27.264207][ T121] usb 1-1: Product: syz [ 27.278959][ T121] usb 1-1: Manufacturer: syz [ 27.283883][ T121] usb 1-1: SerialNumber: syz [ 27.290797][ T121] usb 1-1: config 0 descriptor?? [ 27.305265][ T581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.79'. [ 27.328568][ T121] usb 1-1: bad CDC descriptors [ 27.329929][ T369] usb 5-1: USB disconnect, device number 2 [ 27.340076][ T121] usb 1-1: unsupported MDLM descriptors [ 27.355491][ T587] tipc: Started in network mode [ 27.363133][ T587] tipc: Own node identity be7d158d7472, cluster identity 4711 [ 27.373649][ T587] tipc: Enabled bearer , priority 10 [ 27.532567][ T372] usb 1-1: USB disconnect, device number 2 [ 27.543760][ T600] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.656834][ T121] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.896881][ T121] usb 2-1: Using ep0 maxpacket: 16 [ 28.016944][ T121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 28.026790][ C1] ================================================================== [ 28.035866][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 28.042783][ C1] Read of size 8 at addr ffff8881e6367640 by task syz.3.89/605 [ 28.048125][ T121] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 28.050159][ C1] [ 28.061193][ C1] CPU: 1 PID: 605 Comm: syz.3.89 Not tainted 5.4.274-syzkaller-00003-g51e9abf68baf #0 [ 28.070557][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 28.076823][ T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.080447][ C1] Call Trace: [ 28.080451][ C1] [ 28.080464][ C1] dump_stack+0x1d8/0x241 [ 28.080480][ C1] ? debug_smp_processor_id+0x20/0x20 [ 28.103457][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 28.109105][ C1] ? printk+0xd1/0x111 [ 28.113002][ C1] ? profile_pc+0xa4/0xe0 [ 28.117168][ C1] ? wake_up_klogd+0xb2/0xf0 [ 28.121593][ C1] ? profile_pc+0xa4/0xe0 [ 28.125757][ C1] print_address_description+0x8c/0x600 [ 28.131143][ C1] ? panic+0x89d/0x89d [ 28.135052][ C1] ? profile_pc+0xa4/0xe0 [ 28.139216][ C1] __kasan_report+0xf3/0x120 [ 28.143636][ C1] ? profile_pc+0xa4/0xe0 [ 28.147802][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 28.152404][ C1] kasan_report+0x30/0x60 [ 28.156568][ C1] profile_pc+0xa4/0xe0 [ 28.160564][ C1] profile_tick+0xb9/0x100 [ 28.164813][ C1] tick_sched_timer+0x237/0x3c0 [ 28.169502][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 28.174890][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 28.179923][ C1] ? hrtimer_interrupt+0x890/0x890 [ 28.184865][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 28.189898][ C1] ? sched_clock+0x36/0x40 [ 28.194151][ C1] ? ktime_get+0xf9/0x130 [ 28.197823][ T121] usb 2-1: config 0 descriptor?? [ 28.198319][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 28.198332][ C1] hrtimer_interrupt+0x38a/0x890 [ 28.213776][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 28.219153][ C1] apic_timer_interrupt+0xf/0x20 [ 28.223915][ C1] [ 28.226709][ C1] RIP: 0010:_raw_spin_lock+0xc0/0x1b0 [ 28.231907][ C1] Code: fd 4c 89 ff be 04 00 00 00 e8 9c ed 42 fd 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04 [ 28.251348][ C1] RSP: 0018:ffff8881e6367640 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 28.259596][ C1] RAX: 0000000000000000 RBX: 1ffff1103cc6cec8 RCX: 0000000000000001 [ 28.267405][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881e6367660 [ 28.275212][ C1] RBP: ffff8881e63676d0 R08: dffffc0000000000 R09: 0000000000000003 [ 28.283116][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 28.291005][ C1] R13: ffff8881ecfd9cc0 R14: 1ffff1103cc6cecc R15: ffff8881e6367660 [ 28.298828][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 28.304118][ C1] ? unix_dgram_sendmsg+0xe7a/0x1ff0 [ 28.309236][ C1] unix_dgram_sendmsg+0xd81/0x1ff0 [ 28.314185][ C1] ? unix_dgram_poll+0x670/0x670 [ 28.318960][ C1] ? security_socket_sendmsg+0x7d/0xa0 [ 28.324253][ C1] ? unix_dgram_poll+0x670/0x670 [ 28.329024][ C1] ____sys_sendmsg+0x5ac/0x8f0 [ 28.333627][ C1] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 28.338658][ C1] ? __sys_sendmmsg+0x3e6/0x700 [ 28.343344][ C1] __sys_sendmmsg+0x3c3/0x700 [ 28.347862][ C1] ? __ia32_sys_sendmsg+0x90/0x90 [ 28.352723][ C1] ? __wake_up+0x120/0x1c0 [ 28.356973][ C1] ? remove_wait_queue+0x120/0x120 [ 28.361919][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 28.367221][ C1] ? __fget+0x407/0x490 [ 28.371304][ C1] ? futex_exit_release+0x1e0/0x1e0 [ 28.376332][ C1] ? unix_dgram_connect+0xaec/0xcd0 [ 28.381363][ C1] ? fput_many+0x15e/0x1b0 [ 28.385613][ C1] ? check_preemption_disabled+0x153/0x320 [ 28.391262][ C1] ? switch_fpu_return+0x1d4/0x410 [ 28.396202][ C1] ? fpu__clear+0x3c0/0x3c0 [ 28.400575][ C1] __x64_sys_sendmmsg+0x9c/0xb0 [ 28.405261][ C1] do_syscall_64+0xca/0x1c0 [ 28.409570][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.415310][ C1] RIP: 0033:0x7ff2df528b99 [ 28.419556][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 28.438996][ C1] RSP: 002b:00007ff2de7aa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 28.447239][ C1] RAX: ffffffffffffffda RBX: 00007ff2df6b6fa0 RCX: 00007ff2df528b99 [ 28.455057][ C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000005 [ 28.462867][ C1] RBP: 00007ff2df5a977e R08: 0000000000000000 R09: 0000000000000000 [ 28.470675][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.478488][ C1] R13: 000000000000000b R14: 00007ff2df6b6fa0 R15: 00007ffda8539b58 [ 28.486298][ C1] [ 28.488463][ C1] The buggy address belongs to the page: [ 28.494132][ C1] page:ffffea000798d9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 28.503271][ C1] flags: 0x8000000000000000() [ 28.507743][ C1] raw: 8000000000000000 0000000000000000 ffffea000798d9c8 0000000000000000 [ 28.516158][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.524571][ C1] page dumped because: kasan: bad access detected [ 28.530824][ C1] page_owner tracks the page as allocated [ 28.536378][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 28.547930][ C1] prep_new_page+0x18f/0x370 [ 28.552345][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 28.557732][ C1] __alloc_pages_nodemask+0x393/0x840 [ 28.562935][ C1] dup_task_struct+0x85/0x600 [ 28.567452][ C1] copy_process+0x56d/0x3230 [ 28.571880][ C1] _do_fork+0x197/0x900 [ 28.575885][ C1] __x64_sys_clone3+0x2da/0x300 [ 28.580561][ C1] do_syscall_64+0xca/0x1c0 [ 28.584892][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.590618][ C1] page last free stack trace: [ 28.595160][ C1] __free_pages_ok+0x847/0x950 [ 28.599735][ C1] __free_pages+0x91/0x140 [ 28.603990][ C1] __free_slab+0x221/0x2e0 [ 28.608250][ C1] unfreeze_partials+0x14e/0x180 [ 28.613017][ C1] put_cpu_partial+0x44/0x180 [ 28.617527][ C1] __slab_free+0x297/0x360 [ 28.621784][ C1] qlist_free_all+0x43/0xb0 [ 28.626123][ C1] quarantine_reduce+0x1d9/0x210 [ 28.630890][ C1] __kasan_kmalloc+0x41/0x210 [ 28.635412][ C1] kmem_cache_alloc+0xd9/0x250 [ 28.640005][ C1] getname_flags+0xb8/0x4e0 [ 28.644342][ C1] user_path_at_empty+0x28/0x50 [ 28.649031][ C1] do_readlinkat+0x114/0x3a0 [ 28.653465][ C1] __x64_sys_readlink+0x7b/0x90 [ 28.658144][ C1] do_syscall_64+0xca/0x1c0 [ 28.662487][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.668212][ C1] [ 28.670381][ C1] addr ffff8881e6367640 is located in stack of task syz.3.89/605 at offset 0 in frame: [ 28.679844][ C1] _raw_spin_lock+0x0/0x1b0 [ 28.684187][ C1] [ 28.686349][ C1] this frame has 1 object: [ 28.690602][ C1] [32, 36) 'val.i.i.i' [ 28.690603][ C1] [ 28.696765][ C1] Memory state around the buggy address: [ 28.702245][ C1] ffff8881e6367500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.710136][ C1] ffff8881e6367580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.718030][ C1] >ffff8881e6367600: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 28.725935][ C1] ^ [ 28.727374][ T595] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 28.732012][ C1] ffff8881e6367680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.747203][ C1] ffff8881e6367700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.752687][ T121] hid-generic 0003:0158:0100.0001: unknown main item tag 0x1 [ 28.755264][ C1] ================================================================== [ 28.755267][ C1] Disabling lock debugging due to kernel taint [ 28.767542][ T372] tipc: 32-bit node address hash set to 8d150fca [ 28.783377][ T121] hid-generic 0003:0158:0100.0001: unexpected long global item [ 28.804891][ T121] hid-generic: probe of 0003:0158:0100.0001 failed with error -22 [ 28.987164][ T372] usb 2-1: USB disconnect, device number 3