last executing test programs: 1.213679425s ago: executing program 4 (id=70): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x3) ioctl$TUNSETLINK(r0, 0x401054d6, 0x0) 1.163886907s ago: executing program 4 (id=73): prctl$PR_SET_THP_DISABLE(0x44, 0x0) 1.155381127s ago: executing program 4 (id=74): getpid() socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="5a6e41dea43e63a3f70cff11c72b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.08000827s ago: executing program 4 (id=78): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/profiling', 0x22042, 0x0) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x15) 1.015638352s ago: executing program 3 (id=83): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100", @ANYRES32=r4], 0x4c}}, 0x0) 1.015560342s ago: executing program 2 (id=84): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000300)=@framed={{}, [@alu={0x4, 0x0, 0x0, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x4}, 0x90) 997.534383ms ago: executing program 2 (id=85): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x2000fe3a) 983.836783ms ago: executing program 3 (id=86): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x0) 927.872855ms ago: executing program 4 (id=87): syz_emit_ethernet(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x3f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='ext4_begin_ordered_truncate\x00', r0}, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="850000002e000000350000000000ba0085000000a000000095000000000000004cf1c09faf5d680600000000000000e0a141d524580b35d8050864d2a51f7c8f32cb447f454698165b61a3cf5fc6dd8442230e7953f91136aa1f703517ea5c8531c498d3db6e3d83516346b88351352301630509494997cbe593f90a847687a1ef1f83dd6c1023158a1086f7d0f9dce4a401e07dc735554bc34e6bdea4217ce4a98af8ad0887c697acd9a7ab696922c9e34f0aee6156c599c7b27cde0019b27de967bfb3fe241454a04080bf7f8ce021879c820f9b80fe2338a820db941135d0c5d301d02c4004be5b11cc7bf16c8a02b6f569db051357c71be1f5e8ce8db0f96ee1d8a312e9f32c7a45cf129a8d8bc9a5d905441c0785d333135a04001bb4cd5b295b9add7a02477d4b056be3a93c2b02e29f50cbe99a586aaf215307459d4b57ddd41323cbbbcd6e100000000000000000000000e106001ae539fa19e58860ad7ad9f00f84e302b661291950d2c47378049299970760c1ad0f333fc5c94da75f86aca761cf17aaa59bc42c049dd991409de8978773ec374512104e40d912f0558f91e4ace4edcd7bcd4917538469148821e7746fb813e3718a40618bb09171f346a547895afd500c46eedd6ff18290202546d7c22838fe1f6dbe00564990"], &(0x7f0000001040)='GPL\x00', 0x0, 0x6b, &(0x7f0000000000)=""/167, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffdd5}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0x0, 0xe, 0xfffffffffffffe48, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x739d, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000900)="3286efff11e7718efac7764d0e1180207dc568eb4340c845d96264f952746af49789fdc363be7125b611cc0b6df7c0b27b5eb0ffd1306e40e220866a573a1e07832b0176f101de4c681b2a8678c175fc0df4d9cfe6c549dfe51347f5d21eba5e27178dc988688570b98447b392fe5205b17ab21593c84b3c330cb0cd7f0c3479bb6b0c2a6ad506a86e4f3af19a8cffc8d6c5c57ad231434cc0e898d348bae7038b9cc97e74aaf493f13524bea2bbf5a578e658d9534ce246fdaffadae103f68542369abe5b2300c30207a13238ad5dbf04576563aa70038ba033b97f420b69bf2fa7521a74ea35b37ab3dc3a37285e5c411288f7ad3013f9ad8af2ba84c82415c08f174997b66dcfcafb826982bda868f07ed501b87d93db0a2e8056399eb52545b034482e8258fb5adbe16bb357ddde9c6705e0559d07eb169e0ea6bc9fd456445c514bf9e44f45eda5447662dd14289601f5ff3d750f4f9fce0c86f20f05a417925e99ee046bebeb6a2e1899a1b679bf661fac7792fd9da262e624c0c4921fc25ccff2db923f757b2fa5ce6588b6d9134e134282524d", 0x0, 0x0, 0x1}, 0x28) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 927.586036ms ago: executing program 3 (id=88): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r0, 0x540d, 0x0) 924.265226ms ago: executing program 3 (id=89): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x90) 911.731826ms ago: executing program 2 (id=90): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/profiling', 0x22042, 0x0) write$tun(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0, @ANYRESDEC], 0x15) 856.034538ms ago: executing program 3 (id=91): pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) read$FUSE(r0, &(0x7f0000004400)={0x2020}, 0x2020) write$FUSE_ENTRY(r1, &(0x7f00000003c0)={0x90}, 0x90) 855.852088ms ago: executing program 2 (id=92): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b2c, &(0x7f0000000040)) prlimit64(0x0, 0x2, &(0x7f0000000040)={0x9, 0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002fc0)=@newqdisc={0x60, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0xffff}, @TCA_TBF_PARMS={0x28}]}}]}, 0x60}}, 0x0) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x1, '\x00', r4, r5, 0x2, 0x3, 0x2}, 0x48) 833.314449ms ago: executing program 2 (id=93): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002fc0)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x0) 823.931299ms ago: executing program 3 (id=94): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000640)) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r1}, 0x10) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000380), 0x10) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x3e5101, 0x0) mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) socket(0x9, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0xfffffed6}}, 0x24000000) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="040025bd7000ffdbdf250300000008000400000000000c000180060002002b0000001c00028006000e004e22000008000500000000000800080009000000"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x2841) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX=r1, @ANYRES8=r2], 0xb0}, 0x1, 0x0, 0x0, 0xc104}, 0x4008851) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000001080)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r6, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000c40)='\x00', 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r6, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x182, 0x0, 0x27) r8 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r8, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 760.029092ms ago: executing program 2 (id=95): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x800700, &(0x7f0000000a40)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x745f}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40000000000005c}}, {@nomblk_io_submit}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@usrjquota}], [{@subj_role={'subj_role', 0x3d, '-'}}, {@seclabel}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r6, &(0x7f0000000180)=""/59, 0x3b) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x0}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newnexthop={0x2c, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_GROUP={0xc, 0x2, [{}]}, @NHA_GROUP_TYPE={0x6}]}, 0x2c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0xfffffffd}}]}]}]}, 0x38}}, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 250.05897ms ago: executing program 1 (id=108): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x3, 0x1, 0x201, 0x0, 0x0, {0x5}, [@CTA_STATUS_MASK={0x8}]}, 0x1c}}, 0x0) 250.0241ms ago: executing program 0 (id=109): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000011c0)={'ip6tnl0\x00', &(0x7f0000001140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @empty}}) 212.744822ms ago: executing program 0 (id=110): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @multicast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @random="2899e1eda939", @empty, @link_local, @empty}}}}, 0x0) 184.220483ms ago: executing program 1 (id=111): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448d4, &(0x7f0000000600)) 128.101475ms ago: executing program 0 (id=112): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan3\x00'}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wpan3\x00'}) 128.015915ms ago: executing program 0 (id=113): syz_clone(0x28280000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 107.946226ms ago: executing program 0 (id=114): r0 = epoll_create1(0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = dup3(r1, r0, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$cgroup_pressure(r2, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r2, 0x0, 0x0) write$tcp_mem(r2, 0x0, 0x0) recvfrom$packet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 97.838316ms ago: executing program 4 (id=115): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000080)) 97.419996ms ago: executing program 1 (id=116): timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10) write$cgroup_int(r1, 0x0, 0x0) shutdown(r0, 0x0) 25.341059ms ago: executing program 0 (id=117): ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x5452, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000200)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o8\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x903lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb%u3\xec\xde%\x00\xb1\x9aF\xe2\xba[\xc7%\x88 \xeeQR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11)W\x9c\x82\x91\x17\xd8\xda@4\x9f\xc5\xe3\x8d.\xd1=\xcf\xbf\x81\x14\xc9\xb6\xcb\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D\x82`\xea\x16\xc6\xcef\xab\x05\x19\x96\xb9_6*-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xfb\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad#\xd8b\x90\xeb\x05\x9f\t5\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\x1b\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17\x13\xa7:3m\x11\x95\xf6\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94 2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[\xc5\xeb\xb1ux\x94\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdem\xe3+q:3\xfa*\x98o\'f\xbcY\x8e?\xf9\x84y\x89Y\x1c]\xad$\x7fp\xf1\xa3\x99[\xff\x1f\x94\xc2\xdb\xbaG\xa6UD\x88Y6\x11Y\xd4\xd1\xde\x9a{]\xe2\x98W\xb9\x13\x17<\x8b!?\x8e\xbc\xae\xf9\xcc\b\x90n\x15\x7f\xd5WS\xfbN\xec)B\xe7R\xa5\xd7O\x83\x80}\xcc5\x99\xdb\xd6\xbd\x9c\x05l\xfc.\xf4\xbbeF\xa3\xea}\xf1\x86z\xca\xad\x82\xd9IRV5\xa77\'\x1a\x1c\x89\xef:\xee\x10\xb2\xd6\xc8\xf4\xb5\xdd\xd8c!@JRY\xa3,\x1c*s\xdc\xa5d\xc2\xecn\xc9X\xfc\xd4D\x13\"\xb2\x06\xbd&\xf86\xddXv\xc9\x1322L\xd6\x99\xf6\t\x9d\xbeQ\x02\xc0\xa41\xf9sNG\x02\x83\xe6Bl\xd2\x02\xfb[\x82\xc0I\xb7\xf6\xe5Z\xa1}\xee}\x8b\x89\x04\x8a\'\xc7J\xca\xdf:\x8ft\xe0\xf8\a\x00'/635, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x11, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x800000b) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$TIOCSIG(r1, 0x8910, 0x20000000) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x5450, 0x0) 25.233929ms ago: executing program 1 (id=118): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x0, 0x0) read$watch_queue(r0, 0x0, 0x0) 24.087509ms ago: executing program 1 (id=119): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/custom0\x00', 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x5450) 0s ago: executing program 1 (id=120): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) mlockall(0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x286821, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x109014, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2300000, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 7.389386][ T23] audit: type=1400 audit(1719700431.740:59): avc: denied { search } for pid=243 comm="ssh-keygen" name="/" dev="tmpfs" ino=960 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.430969][ T23] audit: type=1400 audit(1719700431.790:60): avc: denied { use } for pid=246 comm="sshd" path="/dev/null" dev="devtmpfs" ino=36 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 15.257280][ T23] audit: type=1400 audit(1719700439.610:61): avc: denied { transition } for pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.264169][ T23] audit: type=1400 audit(1719700439.610:62): avc: denied { noatsecure } for pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.271074][ T23] audit: type=1400 audit(1719700439.610:63): avc: denied { write } for pid=287 comm="sh" path="pipe:[9702]" dev="pipefs" ino=9702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.276777][ T23] audit: type=1400 audit(1719700439.610:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.293995][ T23] audit: type=1400 audit(1719700439.610:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts. [ 21.626659][ T23] audit: type=1400 audit(1719700445.980:66): avc: denied { mounton } for pid=342 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.628600][ T342] cgroup1: Unknown subsys name 'net' [ 21.649168][ T23] audit: type=1400 audit(1719700445.980:67): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.656155][ T23] audit: type=1400 audit(1719700446.010:68): avc: denied { read } for pid=144 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 21.677705][ T342] cgroup1: Unknown subsys name 'net_prio' [ 21.703361][ T342] cgroup1: Unknown subsys name 'devices' [ 21.709804][ T23] audit: type=1400 audit(1719700446.070:69): avc: denied { unmount } for pid=342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.878426][ T342] cgroup1: Unknown subsys name 'hugetlb' [ 21.884146][ T342] cgroup1: Unknown subsys name 'rlimit' [ 22.020496][ T23] audit: type=1400 audit(1719700446.370:70): avc: denied { setattr } for pid=342 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.043490][ T23] audit: type=1400 audit(1719700446.370:71): avc: denied { mounton } for pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.061407][ T344] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.067934][ T23] audit: type=1400 audit(1719700446.370:72): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.099235][ T23] audit: type=1400 audit(1719700446.430:73): avc: denied { relabelto } for pid=344 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.124436][ T23] audit: type=1400 audit(1719700446.430:74): avc: denied { write } for pid=344 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.149785][ T23] audit: type=1400 audit(1719700446.470:75): avc: denied { read } for pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.175244][ T342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.527544][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.534471][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.542876][ T351] device bridge_slave_0 entered promiscuous mode [ 22.560570][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.567520][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.574753][ T352] device bridge_slave_0 entered promiscuous mode [ 22.581424][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.588276][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.595852][ T351] device bridge_slave_1 entered promiscuous mode [ 22.615870][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.622814][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.630187][ T352] device bridge_slave_1 entered promiscuous mode [ 22.647090][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.653915][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.661378][ T355] device bridge_slave_0 entered promiscuous mode [ 22.671628][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.678478][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.685831][ T355] device bridge_slave_1 entered promiscuous mode [ 22.765495][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.772349][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.780053][ T353] device bridge_slave_0 entered promiscuous mode [ 22.786725][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.793551][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.800995][ T354] device bridge_slave_0 entered promiscuous mode [ 22.818682][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.825593][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.832929][ T353] device bridge_slave_1 entered promiscuous mode [ 22.839589][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.846463][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.853708][ T354] device bridge_slave_1 entered promiscuous mode [ 23.032703][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.039553][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.046792][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.053609][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.075715][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.082637][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.089777][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.096540][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.115944][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.122865][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.130016][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.136762][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.149443][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.156400][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.163506][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.170420][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.205483][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.212328][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.219479][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.226219][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.246401][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.253543][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.260620][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.267981][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.274910][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.281947][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.288922][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.296228][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.303159][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.310175][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.317907][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.325131][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.341583][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.349738][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.356572][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.406525][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.414546][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.422335][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.430635][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.437467][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.444596][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.453065][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.459911][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.467043][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.474930][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.481761][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.488925][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.497048][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.503857][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.538529][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.546803][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.554630][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.563473][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.571559][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.579409][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.587180][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.595003][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.602803][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.610166][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.617541][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.625712][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.633628][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.640466][ T343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.647691][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.654936][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.675891][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.684082][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.692560][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.699416][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.708578][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.716832][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.724803][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.731646][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.738806][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.747260][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.755200][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.762044][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.769203][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.777426][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.785548][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.792371][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.809001][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.817038][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.824761][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.833056][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.850369][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.858819][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.867427][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.875054][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.884166][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.892037][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.905753][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.913688][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.921676][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.929656][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.937676][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.945750][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.974970][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.983432][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.992281][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.000521][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.008627][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.016531][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.031880][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.039986][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.058351][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.066933][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.096120][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.104421][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.112335][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.120669][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.130065][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.138567][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.146860][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.154966][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.163319][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.171192][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.230400][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.239535][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.256698][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.266458][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.274666][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.284105][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.315545][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.323607][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.332260][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.342052][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.350979][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.359577][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.367817][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.403951][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.411896][ T386] request_module fs-autofs succeeded, but still no fs? [ 24.437738][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.451102][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.460281][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.468992][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.478849][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.495677][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.503800][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.585901][ T399] syz.2.3 (399) used greatest stack depth: 22648 bytes left [ 24.708648][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 24.971890][ T424] syz.1.19 (424) used greatest stack depth: 22488 bytes left [ 25.129592][ T464] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.920184][ T580] kernel profiling enabled (shift: 3) [ 26.017487][ T595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.83'. [ 26.164009][ T613] mmap: syz.2.92 (613): VmData 29085696 exceed data ulimit 9. Update limits or use boot option ignore_rlimit_data. [ 26.177680][ T613] sch_tbf: burst 65535 is lower than device lo mtu (65550) ! [ 26.683565][ T23] kauditd_printk_skb: 62 callbacks suppressed [ 26.683576][ T23] audit: type=1400 audit(1719700451.030:138): avc: denied { setopt } for pid=644 comm="syz.1.103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.726471][ T23] audit: type=1400 audit(1719700451.070:139): avc: denied { create } for pid=646 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 26.748833][ T23] audit: type=1400 audit(1719700451.080:140): avc: denied { ioctl } for pid=648 comm="syz.0.105" path="/dev/ppp" dev="devtmpfs" ino=9261 ioctlcmd=0x743d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 26.774193][ T23] audit: type=1400 audit(1719700451.130:141): avc: denied { create } for pid=650 comm="syz.1.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 26.811890][ T23] audit: type=1400 audit(1719700451.150:142): avc: denied { write } for pid=650 comm="syz.1.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 26.864936][ T23] audit: type=1400 audit(1719700451.210:143): avc: denied { create } for pid=658 comm="syz.1.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.887081][ T23] audit: type=1400 audit(1719700451.230:144): avc: denied { ioctl } for pid=660 comm="syz.0.112" path="socket:[12076]" dev="sockfs" ino=12076 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.972725][ T23] audit: type=1400 audit(1719700451.240:145): avc: denied { ioctl } for pid=658 comm="syz.1.111" path="socket:[13155]" dev="sockfs" ino=13155 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 27.034354][ T23] audit: type=1400 audit(1719700451.310:146): avc: denied { execute } for pid=669 comm="syz.0.117" path=2F6D656D66643AC0873A2A18C16BA7875BA06F38AA4BA5D30B86CA3C7FFD368D7DD8F247B8EA652990336C6D38A537C9202864656C6574656429 dev="tmpfs" ino=12103 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 27.145405][ C1] ================================================================== [ 27.153304][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 27.160230][ C1] Read of size 8 at addr ffff8881e734f960 by task syz.1.120/679 [ 27.167691][ C1] [ 27.169870][ C1] CPU: 1 PID: 679 Comm: syz.1.120 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 27.179324][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 27.189217][ C1] Call Trace: [ 27.192343][ C1] [ 27.195041][ C1] dump_stack+0x1d8/0x241 [ 27.199208][ C1] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 27.204844][ C1] ? printk+0xd1/0x111 [ 27.208760][ C1] ? profile_pc+0xa4/0xe0 [ 27.212927][ C1] ? wake_up_klogd+0xb2/0xf0 [ 27.217345][ C1] ? profile_pc+0xa4/0xe0 [ 27.221511][ C1] print_address_description+0x8c/0x600 [ 27.226891][ C1] ? panic+0x89d/0x89d [ 27.230809][ C1] ? profile_pc+0xa4/0xe0 [ 27.234961][ C1] __kasan_report+0xf3/0x120 [ 27.239390][ C1] ? profile_pc+0xa4/0xe0 [ 27.243554][ C1] ? _raw_spin_lock+0xc0/0x1b0 [ 27.248156][ C1] kasan_report+0x30/0x60 [ 27.252328][ C1] profile_pc+0xa4/0xe0 [ 27.256316][ C1] profile_tick+0xb9/0x100 [ 27.260570][ C1] tick_sched_timer+0x237/0x3c0 [ 27.265255][ C1] ? tick_setup_sched_timer+0x460/0x460 [ 27.270640][ C1] __hrtimer_run_queues+0x3e9/0xb90 [ 27.275675][ C1] ? hrtimer_interrupt+0x890/0x890 [ 27.280617][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 27.285649][ C1] ? sched_clock+0x36/0x40 [ 27.289909][ C1] ? ktime_get+0xf9/0x130 [ 27.294088][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 27.299974][ C1] hrtimer_interrupt+0x38a/0x890 [ 27.304752][ C1] smp_apic_timer_interrupt+0x110/0x460 [ 27.310132][ C1] apic_timer_interrupt+0xf/0x20 [ 27.315078][ C1] [ 27.317860][ C1] RIP: 0010:_raw_spin_lock+0xc0/0x1b0 [ 27.323060][ C1] Code: fd 4c 89 ff be 04 00 00 00 e8 2c dc 42 fd 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04 [ 27.342502][ C1] RSP: 0018:ffff8881e734f960 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 27.350745][ C1] RAX: 0000000000000000 RBX: 1ffff1103ce69f2c RCX: 0000000000000001 [ 27.358555][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881e734f980 [ 27.366367][ C1] RBP: ffff8881e734f9f0 R08: dffffc0000000000 R09: 0000000000000003 [ 27.374185][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 27.381992][ C1] R13: ffffea000757d0e8 R14: 1ffff1103ce69f30 R15: ffff8881e734f980 [ 27.389815][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 27.395014][ C1] handle_mm_fault+0x39a2/0x4990 [ 27.399795][ C1] ? finish_fault+0x230/0x230 [ 27.404302][ C1] ? check_preemption_disabled+0x9f/0x320 [ 27.409871][ C1] ? lru_cache_add_active_or_unevictable+0x1b0/0x1b0 [ 27.416373][ C1] ? _raw_spin_unlock+0x49/0x60 [ 27.421070][ C1] ? follow_page_pte+0x711/0xcc0 [ 27.425835][ C1] __get_user_pages+0xc0b/0x13b0 [ 27.430605][ C1] ? populate_vma_page_range+0xf0/0xf0 [ 27.435902][ C1] ? __init_rwsem+0x210/0x210 [ 27.440412][ C1] ? vmacache_update+0x9f/0xf0 [ 27.445009][ C1] __mm_populate+0x369/0x510 [ 27.449441][ C1] ? __get_user_pages+0x13b0/0x13b0 [ 27.454470][ C1] ? security_capable+0x86/0xb0 [ 27.459156][ C1] __se_sys_mlockall+0x315/0x360 [ 27.463930][ C1] do_syscall_64+0xca/0x1c0 [ 27.468270][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.473998][ C1] RIP: 0033:0x7f6b25398b99 [ 27.478255][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 27.497689][ C1] RSP: 002b:00007f6b2461a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 27.505937][ C1] RAX: ffffffffffffffda RBX: 00007f6b25526fa0 RCX: 00007f6b25398b99 [ 27.513744][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 27.521562][ C1] RBP: 00007f6b2541977e R08: 0000000000000000 R09: 0000000000000000 [ 27.529369][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 27.537179][ C1] R13: 000000000000000b R14: 00007f6b25526fa0 R15: 00007ffda4a87968 [ 27.544997][ C1] [ 27.547158][ C1] The buggy address belongs to the page: [ 27.552659][ C1] page:ffffea00079cd3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 27.561572][ C1] flags: 0x8000000000000000() [ 27.566095][ C1] raw: 8000000000000000 0000000000000000 ffffea00079cd3c8 0000000000000000 [ 27.574507][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.582928][ C1] page dumped because: kasan: bad access detected [ 27.589177][ C1] page_owner tracks the page as allocated [ 27.594728][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 27.606278][ C1] prep_new_page+0x18f/0x370 [ 27.610700][ C1] get_page_from_freelist+0x2d13/0x2d90 [ 27.616092][ C1] __alloc_pages_nodemask+0x393/0x840 [ 27.621305][ C1] dup_task_struct+0x85/0x600 [ 27.625803][ C1] copy_process+0x56d/0x3230 [ 27.630229][ C1] _do_fork+0x197/0x900 [ 27.634219][ C1] __x64_sys_clone3+0x2da/0x300 [ 27.638906][ C1] do_syscall_64+0xca/0x1c0 [ 27.643246][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.648970][ C1] page last free stack trace: [ 27.653488][ C1] __free_pages_ok+0x847/0x950 [ 27.658092][ C1] __free_pages+0x91/0x140 [ 27.662346][ C1] __free_slab+0x221/0x2e0 [ 27.666600][ C1] unfreeze_partials+0x14e/0x180 [ 27.671368][ C1] put_cpu_partial+0x44/0x180 [ 27.675886][ C1] __slab_free+0x297/0x360 [ 27.680134][ C1] qlist_free_all+0x43/0xb0 [ 27.684471][ C1] quarantine_reduce+0x1d9/0x210 [ 27.689240][ C1] __kasan_kmalloc+0x41/0x210 [ 27.693766][ C1] kmem_cache_alloc+0xd9/0x250 [ 27.698366][ C1] getname_flags+0xb8/0x4e0 [ 27.702702][ C1] do_sys_open+0x357/0x810 [ 27.706956][ C1] do_syscall_64+0xca/0x1c0 [ 27.711296][ C1] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.717014][ C1] [ 27.719203][ C1] addr ffff8881e734f960 is located in stack of task syz.1.120/679 at offset 0 in frame: [ 27.728744][ C1] _raw_spin_lock+0x0/0x1b0 [ 27.733073][ C1] [ 27.735245][ C1] this frame has 1 object: [ 27.739496][ C1] [32, 36) 'val.i.i.i' [ 27.739499][ C1] [ 27.745666][ C1] Memory state around the buggy address: [ 27.751134][ C1] ffff8881e734f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.759030][ C1] ffff8881e734f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.766929][ C1] >ffff8881e734f900: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 27.774819][ C1] ^ [ 27.781863][ C1] ffff8881e734f980: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.789758][ C1] ffff8881e734fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SYZFAIL: failed to send rpc fd=3 want=200 sent=0 n=-1 (errno 32: Broken pipe) [ 27.797