Extracting prog: 4m39.23177893s Minimizing prog: 35m59.937998495s Simplifying prog options: 0s Extracting C: 33.48776435s Simplifying C: 26m44.283764224s extracting reproducer from 38 programs testing a last program of every proc single: executing 8 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-connect$auto-prctl$auto-mmap$auto-recvmmsg$auto-sendmmsg$auto-close_range$auto-openat$auto_kernfs_file_fops_kernfs_internal-write$auto-openat$auto_rtc_dev_fops_dev-openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-openat$auto_btrfs_ctl_fops_super-ioctl$auto_BTRFS_IOC_FORGET_DEV-preadv$auto-mmap$auto-readv$auto-setfsuid$auto-setfsgid$auto-setresgid$auto-ioctl$auto_XFS_IOC_FREESP-ioctl$auto_NS_GET_TGID_IN_PIDNS-shmctl$auto_SHM_LOCK-io_uring_setup$auto-mmap$auto-clock_adjtime$auto-syz_clone3-mmap$auto-rt_sigsuspend$auto detailed listing: executing program 0: r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x5c) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0xa, 0xe983, 0x1, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000180)='1\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6', 0x5) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/ath6kl_usb/new_id\x00', 0x80302, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000000000000002) readv$auto(0x3, 0x0, 0x1) r4 = setfsuid$auto(0xee01) r5 = setfsgid$auto(0xee01) setresgid$auto(r5, 0x0, 0x0) ioctl$auto_XFS_IOC_FREESP(r1, 0x4030580b, &(0x7f00000000c0)={0x4, 0x0, 0x7fffffff, 0x0, 0x80, 0xffffffffffffffff}) r7 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r1, 0x8004b709, &(0x7f00000001c0)=0x7) shmctl$auto_SHM_LOCK(0xea, 0xb, &(0x7f0000001240)={{0x5, r4, r5, 0x7, 0x3e8ce460, 0x3, 0x1}, 0x1, 0x4, 0x2, 0x4, @inferred=r6, @inferred=r7, 0x7, 0x0, &(0x7f0000000200)="12bad3ce3cc1e5f097b1fc4526ebf85c38c85502b654d2d8a5d92e543f048bbb13302fd1872a0bd28983217c8d8c4266c02aadc7518b5b3bb92700", &(0x7f0000000240)="576726c7c1f83ba63f28febe1bacd32fcabbb2fbe91dd53d66d2b1984a30d0ca521122ea083dd0afce71b8aa981c68bdd4af9c3286d3158828b6a16c5f961397f841436e829edd8e501c2dc2cbdf863b463ecdc82a7a2a32cb31c06ee9d2cec8d760548e945be0984268d2596bf8a475d5356129c80162528669d10ced56aa0494b957b49fcfa47ad46d2969a8350ecd5878187e678ade917fb2e7e78e5d5c02ef96e0d7b0f7a956b472e9df0f452dfa92f0d39178ad95c8428991d57ad4378543244655c4e7f1a86054ae9d9f95c4b97cb683a1b6cbc368032f1cdba52f4d3ed2148531f508cdae1f67cce9281a18463cabb1bb72be74b9ecf815034469b0eb3d48beb801cf820b89076bd5dfb9797c028a9527c3c53e0e0677d4bd5bc6be68749f436071996697d7c3cb22119a5c6a413a63c89b3545c7ac0c7ed23257321136aee4df5bfe170851a6a64d9b07a6bf471b5206da7b73909861a1bf80b03fbe8c1ef79e90fc049543f19a9d75324bbc45355bfe614198b5cb70c9cb0c691e8eb26369150ac762c7937b33defa7cacd543645b1617511dc3444340dc061ff24a2e39813821c07a69c0d18f36dc408e3b87f6e3c1afb914fe2b9ad973197a0fa9b11e2f128588ecc7b50b37407ca60dddc09d46c9c81a4b7bed6dd2b43ec664d8f2b483dab9a78c6816e26ff6f7c2bc9079adeaa5340c5ef2dc81835a6decdfc326bf0845e779c0b44cb24bc9112a7bc01793055f4cab802cab4cf18a31be8485b8144469f6ff8723ff9e28d10281b1b7c5ac67986228ed396f7d9df976509fe725546b939923605199368fa04ec0e37478f6d991a7ad8972430bcda641da56fe276ee214ff1622b2b9971fbd6c54df097a3e1ae0bc65396a67f489e4cd45fd9dce6820643c31f16627831b61e87526f33d4e96efe91f4f8b7d35e892750d14a51787d3ddb4f4df6ddf72060bbc8d5a3889fb01abb24bf2459b80407908ab08659cdb84781d8f525767fdf3446bbef0e4df1248f713e8da73308718259726aba1971851e6996c941fe916d77aea4d94bc510b33ea6598390c1afdc9fe5453c5ab265a859a9dde631364c660939f9be771b4fa5081f27c42033ddd87c59e49b0bfe55de9c9463e53e0815ae9911ff678003c3bb6fa34b9678a521c79ce0050c083cb4add5da030d60ca13c66c5148f96dc93d610dd510ddd4d49ae3ad40affab21bc36aeda612ab81379aee0ad5fba565889bc96a6da3d2529298d547a832abd54a9bd9f8c7923fd102e33169a7f29af3ed83230bc9981f89d72a5554db91a865ca1222ef1ee0027a1312382839a1bcd5cc06a8dae59288577cf813287bbfb4ce757809a91a7b7e03637351db5ab54684e9bf8dae5b9b5451dc730c800ae8a4da248482752bf75af6eef636513a143fcef06f22f6937b730d96329f2dd99dc97c2f5d24354abdf01f9deaa33a53ee28f4ca20a1b3454b1dd8ead3d397a0eae449890e30cd609df44f70e741d046cab27715d2c26b1e391b9414d530f285883ce6bb5bf1670a2c1227e6cc2127191bde03a31b6f01269fe22b38e2596d4b2f453bd9b9c1bf75712c129ff95784cfe85c0c2b4c195fb86e156645f6b38126be4400f6dcd268ca5616125c7525f57fc34e18200115501b5675c6c8ecb2d8deb1f11d59243c5c9dffad392d40146a30d9d8efe537ab3d69f77726bacfecac35df11af4caa37e8dc47bda3e0eee3e9edc9b05c625726156f7e022482ac01aebfba9f136b7bb5c1617aa1b6ca1e292b075d47e8af1de3810710e002da3d7f6da20b6e81376d9d0e45e1624104c6934af6bf41520bef77ef69f9d259d7a1e233c5046482b28278238c4a709448ca182a538fe9323abd8da1fbfe452747e279ab52b184dbe89af12c01e78b0a25724cef975ed402076e9aa7b08dbcd3c7c36c066c556690794b6508ef1cd128779eeb8366f996607b7ec1d0e749a15fe07865b1795ae44a5209d8adb39d9c2d7be49fc5708e3e57c4a23c85a460decb34140205fa7bdb8adcdde6ef5328b74fda9f591421d82fba4aba32117d7bd471d410ed550a2b9be4b3401551500578aec1a8dac2a7eb44aa3b1604958cae9a404cc6369c2c999f0af83c4ffdb79f4f1507c415b9915abe8ca69e877f69810488e12f62f4bcafb311fac20d0261199b03151255b91f6ed12a87d0487290ce48ef3917ef1f0aab7db6da1598826ad80d35cd298d4cf90b895e323030d3cee09c4d07455a1303085a0db6cd32a99946f5241d8e43a3bf8270753b1b91849774e5114cc4a0267d60daf36f3b93d555a0ad5ace7afdbff4954a30b12b0eaa540ce5bbfc5b368c7e5b431f6ebc4c227edb9912473258ac7c2bc1fa2d1474f6e6df31a102bce7255dbd74f9a3c60946b1b688b587653b2b21d88f7e963bef1d8f4553e022240c94336703f9741c79b792998e646b2b95ad4d6637b720ccafddbf656bcea5753a0180ebec3b771d7eceeb92b0e6b572bba65f6ab1cf1c1d9c6b442d661801ca9ce46b826807b0d2eb157f06ca21d90589a3de859f9849a60f66f9e83045d301be9b88210e2dc4bfb914ba4e7229de2d01ccd8cb07d01df03af8007cfc9fe1dec83d07882ef4c9f801924e70a7665b207051605ae1092baa5e49ba8959cf619cfbe5af2e03a7e2d819d77609c5f9e7e00fa6e5ceb2e6e2d72b0ddf380a74fca0aec2c469280cc3395e9af4c4913e8614858a1c578d8ddcec5e3820c402d104b0ddab6e00f7ba951e4076de61e957234f9c8e7421bf7c583e6db9c47e9a4088f37ba770886908ca0b44ce2a507dcb8f1db7639dc9c78f7835fd50f133f97eecc0dd0f0831b089c1097a636b5b82e7b3454aaa9fcf33b0ddb3a3232fca5df4fac778b6222af58e9cf2fcff840b7d40a75adecebc8b4cb2c1e2f4689143789e32c66a93df6a6a42e86ef75f6c7296f1eeadd45676dcdb4933d95545c3548ecef004b92e5677c5f01c6dfde2974f920453f7886987b614d58341776b2352f98885ce252d01136cdbdb28bccf53559c7ee1b7460b5480488b883b4aaa95bef90f01c6ff1a4253859d0c8b6985e5ec7dc7ae79fda7de5db75a4cf40d1d7b91119883d02798827665445b0f85f78f15f8105f48649d2dde7632c626a2d7ebc383261bd37619ef5f252eb7fc13c36a61c968cb76a3603ccac92a23c8a5a8cb101c7a26b59a25bee0e9264bb4686c3c9a4630b1357d593aca2bdd9e360051329d0c85949a6a986804b8e776e6fa54d9a88fe56a35e2aa8ea1a98bca7c108c44e7eb9f74a3ef0225c084b0cf3b9a87021fb7d3c9d863a7fa07219b0f883cb6c4d8314c7718bf554263084256b29840e8843b4431bbbb08991836e20db8c932100d5793cee0ebe3fbffcdc5a87e66e661ed74d28e1f6203a290bba681ea8fa6b7839b6f809042de3c52be1d4b414004f917e8c72c1393d7e55a33a38d37836a02d27c5f9676b6f5300d5281524e965b9e22f77cc8f42187e3637f80eeb9494080e8e559bd4b2e13bb2186690ae00e18e1b1bd6b062b7a5bd8a23607f5d2f9f2fb64e6b6096a4977c954c78c538253aa6d5c5e928eac4fb68d4c6eb612a9fc89303f6b4af19ee0db5a3284c0ebdebcdec31bf43fd53118eeba27810125e4a0cec373f908d8d5dd6322f7aa63871f3a3adcb2a37aad3c178cdbfd500cf6bc8c9bbafb8ea4a496e77bd9aa80e2a489eba81247cfe481b1c34f147613e5f5f9d5c80b3679360bba61dd338e96d3d50aa85d3d8d4e0eee9dbf987f38b28fa89ce6f839ea8bb798f8a3316e1ce394157939fc294e858a1d54f6c9ab07abe1e69087136987d6d8dbd531fa4fbb4a40018b1a1aa9a4e6c0571ed03ebb44d2e5d2c9a9b9ae97ab8d3afe2132ab404f5ab99b789c961d57c700f356729403bd0e94559a93c7eab0cf320545ccbf6e3f42936f68dfdf792c8530071227d580bf047060afdf3b8ef4e262a634d22ce280c9b5a8917baf285fca93562c0eb9d0754af78eb6a892464210135b4af83ddf46390d49b80b308cecb48f8c461a2dfc11de2c3cb8055af92cca204761c66db5239bc15f28c926012c3fda21f0224605782f28a4eb1e451ecd548efc5a3b43cd6d9accf05ebf708b2be36bfe54f08eed1a614ff586ed35291cc2a2dd9fd568f3f981cb3323e917f1ce45800c90ad388fa7f32c523ffed46a8b0ca2ccaa392cb359f2a48ed16f97a4cc089486edcb02869d5808dabd2a280148a5b13302dc3e790a8b6439b01ba7136a39ac9cf1d3d356f6c13539422020318cd86753d192d54211084fd46a83abb0b1dcd2c5dd2b16e301cc7a16c97bb24bc8c30be6fc42252812015306bc3df232fbcdd6943e1845ac737f730ee9225484720d15c169e7303039703af5a7a85a5fb1584b8da7239a73e73c1bf73ca3701742e62ec9041f6ef57875508fe71561b98bab76700def12dc7b3635bde858f8815c1ddebb0d5a54cac6640dd583ae3a494ea28597db0452d4de937f7dbf1233699404c9395187e83940a1708a3063afe8a3c9feba6a7bd2c900e03e57deded4969662ec77787a47b9725c7d07fa4246945f1cce660bcebf30995ffc7a46eca610dad7b2f6642159a95a6252a127faa76600374360db7204e108a3284b31fa0622caf3224fde6fe0b6fb1c4a7f357b7eb5bb9a3d6e1d8c9a81340798c6f7c41b82998db204b02cd66133134784317310a91c2fe1ec25a787080de4db0cc05ac5adb036bc07d6d96894f72d1aeb9b8f3fbc5b83006c440dfafd4ecdd5c5896f830b1ee35d815a6681d9b67a9b74d70c2cacac72fd30e0d9a02e09f8d5f06f1294569bfe41ab422ad1939630ded7399781485bef740ac9b72aca15bdf2c47e25e47c5951fdd09018e3991ddbdd2778efaf102e13910f438f740a077cee289f8b5cccb2c4115080c820f654c24f6710f4e000d67094dc99be7fcfe89af158263f5113f8de0918915f9c2ccb66405b29b777c1f446d607f6e30e640aaa67e99e6d23c428b304e34644760e72c3e64c2449ebc4685affc2fd06ef98ba176e8a7e19e609b25e66e7a74a3fe483e8867a368f68d78b2e149fdfc2a363c93bee04be5984595edd52f4b854208183622e8b28777e2fe75cd3bddbaa306f562c666d1bbbb0cc94c2e6d1ff19501bf58ea23059351034e7e1b93abc71499396308164e09957e56fa859e97315f1b23f5d0f923e5145901462828fb387c74513193fc7f99e2c035561a0ddf209f7644a40b39a6cd875a5c4a4efa4f43a9ccad529d309dae906f2064cec952eb274ec7f680cc54df134e87829441f3f93a4ac2c8a7037c009863c2eb53b9236fe894623e67085065088afb68e75d42cf4346ab04ad40f7d6d210bd6bd80279fdf1c5f057b34985d3e55c79e276d7f5f190d76eea11bb51b08e0823754c2784d34c061e5372f58ccb4ae351670c472a6668ac9347052dd56dc9043bf4e2488c1396c0dd62bed15ff65cf8480923e3e66cd452934abad50752e9a491309aca21dbc613b7ba09babd89a617c56d221045e99aa94139e559a0464c7a9c2a9f6795782d27ca6edc4c2e80132641551848f910a1e0f970a59cffcf40f05c6d07a59592c1cce722e04db57394a778655dde4ebecf7362210164cf9ffe3848922264a0b8604534570aeaa15f795a364f38ddd6ecee07ed555686bd7e257c0d6c9d4863a11374aed0b61b9cf4151d22b92bff55951b8af0416aafeaaeadcd201b45f05fd008d52369d725cef2c7d4f2f67ccd3b703d923cbf3a3c423aa0b189baf77fe47800f52493e1"}) io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clock_adjtime$auto(0x354d, 0x0) syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) rt_sigsuspend$auto(0x0, 0x8) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range$auto-socket$nl_generic-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kvm_chardev_ops_kvm_main-close_range$auto-socketcall$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto_KVM_GET_MSRS-recvmmsg$auto-mmap$auto-socket-socket-sendmsg$auto_NL80211_CMD_GET_REG-recvmmsg$auto-mmap$auto-close_range$auto-socket$nl_generic-openat$auto_seq_oss_f_ops_seq_oss-mmap$auto-close_range$auto-socket-openat$auto_tracing_pipe_fops_trace-syz_genetlink_get_family_id$auto_taskstats-epoll_create$auto-epoll_ctl$auto-socket-openat$auto_tty_fops_tty_io-socketpair$auto detailed listing: executing program 0: close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/bus/pci/drivers/ath9k/bind\x00', 0x0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa0801, 0x0) close_range$auto(0x2, r1, 0x9) r2 = socketcall$auto(0x8000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000380)={0xdd, 0x0, [{0x40000000, 0x9, 0x3b0}]}) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x25, 0x80000, 0x1200000) r4 = socket(0x10, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x1, 0x5) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_pipe\x00', 0x40b00, 0x0) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000100), r0) r6 = epoll_create$auto(0x8800001) epoll_ctl$auto(r6, 0x1, r5, 0x0) socket(0x1e, 0x4, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-read$auto-writev$auto-sendmsg$auto_NL802154_CMD_SET_PAN_ID-writev$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(r4, &(0x7f0000000380)={&(0x7f0000000300), 0x6}, 0x4) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1058}, 0x1, 0x0, 0x0, 0x40050}, 0x20004004) writev$auto(0x3, &(0x7f00000001c0)={0x0, 0x3}, 0x7) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state single: successfully extracted reproducer found reproducer with 19 syscalls minimizing guilty program testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-read$auto-writev$auto-sendmsg$auto_NL802154_CMD_SET_PAN_ID-writev$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(r4, &(0x7f0000000380)={&(0x7f0000000300), 0x6}, 0x4) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1058}, 0x1, 0x0, 0x0, 0x40050}, 0x20004004) writev$auto(0x3, &(0x7f00000001c0)={0x0, 0x3}, 0x7) program did not crash testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-read$auto-writev$auto-sendmsg$auto_NL802154_CMD_SET_PAN_ID-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(r4, &(0x7f0000000380)={&(0x7f0000000300), 0x6}, 0x4) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1058}, 0x1, 0x0, 0x0, 0x40050}, 0x20004004) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-read$auto-writev$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) writev$auto(r4, &(0x7f0000000380)={&(0x7f0000000300), 0x6}, 0x4) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-read$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-openat$auto_proc_reg_file_ops_compat_inode-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/5/smp_affinity\x00', 0x129542, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-openat$auto_proc_loginuid_operations_base-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/loginuid\x00', 0x101000, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-close_range$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-mmap$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: BUG: Bad rss-counter state testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendfile$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-setsockopt$auto-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x0, 0x28, 0x0, 0xc) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-socket-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) socket(0x2b, 0x1, 0x1) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: WARNING in __mmdrop testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x9}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, 0x2}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40820}, 0x24008000) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-syz_genetlink_get_family_id$auto_l2tp-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), 0xffffffffffffffff) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-ioctl$auto_XFS_IOC_ERROR_CLEARALL-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, &(0x7f0000000000)={r0, 0x10000}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-getsockopt$auto_SO_TIMESTAMP_NEW-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) getsockopt$auto_SO_TIMESTAMP_NEW(r0, 0x4, 0x3f, &(0x7f0000000280)='&@\'\x00', &(0x7f00000002c0)=0x4) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: WARNING in __mmdrop testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-clone$auto detailed listing: executing program 0: openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program did not crash testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program did not crash testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program did not crash testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, 0x0) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program did not crash extracting C reproducer testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: WARNING in __mmdrop simplifying C reproducer testing compiled C program (duration=45.01735624s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program did not crash testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program did not crash testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: kernel BUG in __mmput a never seen crash title: kernel BUG in __mmput, ignore testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in futex_unqueue a never seen crash title: KASAN: slab-use-after-free Read in futex_unqueue, ignore testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: KASAN: slab-use-after-free Read in __schedule testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: WARNING in __mmdrop testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: WARNING in __mmdrop testing compiled C program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto program crashed: WARNING in __mmdrop testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: WARNING in __mmdrop validation run: crashed=true testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule validation run: crashed=true testing program (duration=45.01735624s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule validation run: crashed=true reproducing took 1h13m24.60849835s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in membarrier_switch_mm kernel/sched/sched.h:3666 [inline] BUG: KASAN: slab-use-after-free in context_switch kernel/sched/core.c:5230 [inline] BUG: KASAN: slab-use-after-free in __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867 Read of size 4 at addr ffff88807e37a580 by task kworker/u8:7/3479 CPU: 1 UID: 0 PID: 3479 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: 0x0 (gid-cache-wq) Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x156/0x4c9 mm/kasan/report.c:482 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:186 [inline] kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] membarrier_switch_mm kernel/sched/sched.h:3666 [inline] context_switch kernel/sched/core.c:5230 [inline] __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xdd/0x390 kernel/sched/core.c:6964 worker_thread+0x526/0xe40 kernel/workqueue.c:3436 kthread+0x3b3/0x730 kernel/kthread.c:463 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Allocated by task 5947: kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270 dup_mm kernel/fork.c:1519 [inline] copy_mm kernel/fork.c:1581 [inline] copy_process+0x73df/0x7890 kernel/fork.c:2221 kernel_clone+0xfc/0x930 kernel/fork.c:2651 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5952: kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6674 [inline] kmem_cache_free+0x143/0x720 mm/slub.c:6789 mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143 context_switch kernel/sched/core.c:5263 [inline] __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 __local_bh_enable_ip+0xff/0x120 kernel/softirq.c:457 spin_unlock_bh include/linux/spinlock.h:396 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4874 [inline] dev_uc_add+0xd4/0x110 net/core/dev_addr_lists.c:694 vlan_dev_set_mac_address+0x2d4/0x440 net/8021q/vlan_dev.c:324 netif_set_mac_address+0x304/0x4a0 net/core/dev.c:9985 do_setlink.isra.0+0x75f/0x3e50 net/core/rtnetlink.c:3110 rtnl_changelink net/core/rtnetlink.c:3776 [inline] __rtnl_newlink net/core/rtnetlink.c:3935 [inline] rtnl_newlink+0x11bd/0x2380 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x4aa/0x520 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff88807e37a4c0 which belongs to the cache mm_struct of size 2968 The buggy address is located 192 bytes inside of freed 2968-byte region [ffff88807e37a4c0, ffff88807e37b058) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e378 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888033218c01 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122 raw: 0000000000000000 00000000800a000a 00000000f5000000 ffff888033218c01 head: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122 head: 0000000000000000 00000000800a000a 00000000f5000000 ffff888033218c01 head: 00fff00000000003 ffffea0001f8de01 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5573, tgid 5573 (dhcpcd-run-hook), ts 54892168157, free_ts 54822253634 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1884 prep_new_page mm/page_alloc.c:1892 [inline] get_page_from_freelist+0xe3d/0x2e10 mm/page_alloc.c:3945 __alloc_frozen_pages_noprof+0x26c/0x2410 mm/page_alloc.c:5240 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486 alloc_slab_page mm/slub.c:3075 [inline] allocate_slab mm/slub.c:3248 [inline] new_slab+0x2c4/0x440 mm/slub.c:3302 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779 __slab_alloc_node mm/slub.c:4855 [inline] slab_alloc_node mm/slub.c:5251 [inline] kmem_cache_alloc_noprof+0x4ec/0x780 mm/slub.c:5270 dup_mm kernel/fork.c:1519 [inline] copy_mm kernel/fork.c:1581 [inline] copy_process+0x73df/0x7890 kernel/fork.c:2221 kernel_clone+0xfc/0x930 kernel/fork.c:2651 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5571 tgid 5571 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1433 [inline] __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973 discard_slab mm/slub.c:3346 [inline] __put_partials+0x127/0x160 mm/slub.c:3886 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] __kmalloc_cache_noprof+0x2e1/0x810 mm/slub.c:5775 kmalloc_noprof include/linux/slab.h:957 [inline] tomoyo_print_header security/tomoyo/audit.c:156 [inline] tomoyo_init_log+0x1a0/0x20c0 security/tomoyo/audit.c:255 tomoyo_supervisor+0x506/0x1340 security/tomoyo/common.c:2198 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline] tomoyo_path_permission security/tomoyo/file.c:587 [inline] tomoyo_path_permission+0x270/0x3b0 security/tomoyo/file.c:573 tomoyo_path_perm+0x364/0x460 security/tomoyo/file.c:838 security_inode_getattr+0x116/0x280 security/security.c:1869 vfs_getattr fs/stat.c:259 [inline] vfs_statx_path fs/stat.c:299 [inline] vfs_statx+0x11f/0x3f0 fs/stat.c:356 vfs_fstatat+0x7b/0xf0 fs/stat.c:375 __do_sys_newfstatat+0x9d/0x120 fs/stat.c:542 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff88807e37a480: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff88807e37a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88807e37a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88807e37a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88807e37a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in membarrier_switch_mm kernel/sched/sched.h:3666 [inline] BUG: KASAN: slab-use-after-free in context_switch kernel/sched/core.c:5230 [inline] BUG: KASAN: slab-use-after-free in __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867 Read of size 4 at addr ffff88807e37a580 by task kworker/u8:7/3479 CPU: 1 UID: 0 PID: 3479 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: 0x0 (gid-cache-wq) Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x156/0x4c9 mm/kasan/report.c:482 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:186 [inline] kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] membarrier_switch_mm kernel/sched/sched.h:3666 [inline] context_switch kernel/sched/core.c:5230 [inline] __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xdd/0x390 kernel/sched/core.c:6964 worker_thread+0x526/0xe40 kernel/workqueue.c:3436 kthread+0x3b3/0x730 kernel/kthread.c:463 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Allocated by task 5947: kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270 dup_mm kernel/fork.c:1519 [inline] copy_mm kernel/fork.c:1581 [inline] copy_process+0x73df/0x7890 kernel/fork.c:2221 kernel_clone+0xfc/0x930 kernel/fork.c:2651 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5952: kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6674 [inline] kmem_cache_free+0x143/0x720 mm/slub.c:6789 mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143 context_switch kernel/sched/core.c:5263 [inline] __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 __local_bh_enable_ip+0xff/0x120 kernel/softirq.c:457 spin_unlock_bh include/linux/spinlock.h:396 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4874 [inline] dev_uc_add+0xd4/0x110 net/core/dev_addr_lists.c:694 vlan_dev_set_mac_address+0x2d4/0x440 net/8021q/vlan_dev.c:324 netif_set_mac_address+0x304/0x4a0 net/core/dev.c:9985 do_setlink.isra.0+0x75f/0x3e50 net/core/rtnetlink.c:3110 rtnl_changelink net/core/rtnetlink.c:3776 [inline] __rtnl_newlink net/core/rtnetlink.c:3935 [inline] rtnl_newlink+0x11bd/0x2380 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x4aa/0x520 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff88807e37a4c0 which belongs to the cache mm_struct of size 2968 The buggy address is located 192 bytes inside of freed 2968-byte region [ffff88807e37a4c0, ffff88807e37b058) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e378 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888033218c01 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122 raw: 0000000000000000 00000000800a000a 00000000f5000000 ffff888033218c01 head: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122 head: 0000000000000000 00000000800a000a 00000000f5000000 ffff888033218c01 head: 00fff00000000003 ffffea0001f8de01 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5573, tgid 5573 (dhcpcd-run-hook), ts 54892168157, free_ts 54822253634 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1884 prep_new_page mm/page_alloc.c:1892 [inline] get_page_from_freelist+0xe3d/0x2e10 mm/page_alloc.c:3945 __alloc_frozen_pages_noprof+0x26c/0x2410 mm/page_alloc.c:5240 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486 alloc_slab_page mm/slub.c:3075 [inline] allocate_slab mm/slub.c:3248 [inline] new_slab+0x2c4/0x440 mm/slub.c:3302 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779 __slab_alloc_node mm/slub.c:4855 [inline] slab_alloc_node mm/slub.c:5251 [inline] kmem_cache_alloc_noprof+0x4ec/0x780 mm/slub.c:5270 dup_mm kernel/fork.c:1519 [inline] copy_mm kernel/fork.c:1581 [inline] copy_process+0x73df/0x7890 kernel/fork.c:2221 kernel_clone+0xfc/0x930 kernel/fork.c:2651 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5571 tgid 5571 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1433 [inline] __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973 discard_slab mm/slub.c:3346 [inline] __put_partials+0x127/0x160 mm/slub.c:3886 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] __kmalloc_cache_noprof+0x2e1/0x810 mm/slub.c:5775 kmalloc_noprof include/linux/slab.h:957 [inline] tomoyo_print_header security/tomoyo/audit.c:156 [inline] tomoyo_init_log+0x1a0/0x20c0 security/tomoyo/audit.c:255 tomoyo_supervisor+0x506/0x1340 security/tomoyo/common.c:2198 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline] tomoyo_path_permission security/tomoyo/file.c:587 [inline] tomoyo_path_permission+0x270/0x3b0 security/tomoyo/file.c:573 tomoyo_path_perm+0x364/0x460 security/tomoyo/file.c:838 security_inode_getattr+0x116/0x280 security/security.c:1869 vfs_getattr fs/stat.c:259 [inline] vfs_statx_path fs/stat.c:299 [inline] vfs_statx+0x11f/0x3f0 fs/stat.c:356 vfs_fstatat+0x7b/0xf0 fs/stat.c:375 __do_sys_newfstatat+0x9d/0x120 fs/stat.c:542 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff88807e37a480: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff88807e37a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88807e37a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88807e37a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88807e37a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================