Warning: Permanently added '[localhost]:18232' (ED25519) to the list of known hosts.
2024/07/22 10:50:14 ignoring optional flag "sandboxArg"="0"
2024/07/22 10:50:15 parsed 1 programs
[ 106.820664][ T40] audit: type=1400 audit(1721645418.130:140): avc: denied { unlink } for pid=5464 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 107.416929][ T40] audit: type=1400 audit(1721645418.730:141): avc: denied { relabelto } for pid=5501 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 107.430308][ T40] audit: type=1400 audit(1721645418.750:142): avc: denied { write } for pid=5501 comm="mkswap" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 107.466101][ T40] audit: type=1400 audit(1721645418.780:143): avc: denied { read } for pid=5464 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 107.479528][ T40] audit: type=1400 audit(1721645418.800:144): avc: denied { open } for pid=5464 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 108.798140][ T5464] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 111.749755][ T66] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 111.756497][ T66] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 111.761299][ T66] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 111.766382][ T66] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 111.772456][ T66] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 111.777107][ T66] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 111.847573][ T40] audit: type=1400 audit(1721645423.160:145): avc: denied { mount } for pid=5513 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 113.054878][ T5545] chnl_net:caif_netlink_parms(): no params data found
[ 113.198505][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.203160][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.207323][ T5545] bridge_slave_0: entered allmulticast mode
[ 113.214764][ T5545] bridge_slave_0: entered promiscuous mode
[ 113.220621][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.223689][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.226320][ T5545] bridge_slave_1: entered allmulticast mode
[ 113.230594][ T5545] bridge_slave_1: entered promiscuous mode
[ 113.301858][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.311934][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.399663][ T5545] team0: Port device team_slave_0 added
[ 113.406768][ T5545] team0: Port device team_slave_1 added
[ 113.465530][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 113.468707][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.480647][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 113.487033][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 113.490066][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 113.501418][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.597940][ T5545] hsr_slave_0: entered promiscuous mode
[ 113.606200][ T5545] hsr_slave_1: entered promiscuous mode
[ 113.883559][ T40] audit: type=1400 audit(1721645425.190:146): avc: denied { create } for pid=5552 comm="dhcpcd-run-hook" name="resolv.conf.lapb10.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 113.893588][ T40] audit: type=1400 audit(1721645425.190:147): avc: denied { write open } for pid=5552 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.lapb10.link" dev="tmpfs" ino=1748 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 113.905437][ T40] audit: type=1400 audit(1721645425.190:148): avc: denied { append } for pid=5552 comm="dhcpcd-run-hook" name="resolv.conf.lapb10.link" dev="tmpfs" ino=1748 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 113.925673][ T40] audit: type=1400 audit(1721645425.190:149): avc: denied { getattr } for pid=5552 comm="dhcpcd-run-hook" path="/tmp/resolv.conf" dev="tmpfs" ino=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 113.936639][ T40] audit: type=1400 audit(1721645425.230:150): avc: denied { read } for pid=5554 comm="cmp" name="resolv.conf" dev="tmpfs" ino=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 113.950074][ T40] audit: type=1400 audit(1721645425.270:151): avc: denied { unlink } for pid=5555 comm="rm" name="resolv.conf.lapb10.link" dev="tmpfs" ino=1748 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 114.741468][ T5545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 114.764443][ T5545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 114.779465][ T5545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 114.788682][ T5545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 114.893092][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0
[ 114.909442][ T5545] 8021q: adding VLAN 0 to HW filter on device team0
[ 114.920925][ T1399] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.924928][ T1399] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 114.941699][ T25] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.945306][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.016640][ T40] audit: type=1400 audit(1721645426.330:152): avc: denied { sys_module } for pid=5545 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 115.125746][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.175242][ T5545] veth0_vlan: entered promiscuous mode
[ 115.187474][ T5545] veth1_vlan: entered promiscuous mode
[ 115.233164][ T5545] veth0_macvtap: entered promiscuous mode
[ 115.241014][ T5545] veth1_macvtap: entered promiscuous mode
[ 115.286156][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 115.299403][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 115.311393][ T5545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.316265][ T5545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.321360][ T5545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.325543][ T5545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.475631][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.584568][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.588265][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.646058][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.674032][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 115.677609][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 115.753137][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.913171][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 116.819894][ T40] audit: type=1401 audit(1721645428.130:153): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2024/07/22 10:50:28 executed programs: 0
[ 116.913341][ T4644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 116.918771][ T4644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 116.923711][ T4644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 116.929616][ T4644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 116.941821][ T4644] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 116.945349][ T4644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 117.133446][ T5663] chnl_net:caif_netlink_parms(): no params data found
[ 117.277413][ T5663] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.283607][ T5663] bridge0: port 1(bridge_slave_0) entered disabled state
[ 117.286766][ T5663] bridge_slave_0: entered allmulticast mode
[ 117.290764][ T5663] bridge_slave_0: entered promiscuous mode
[ 117.296611][ T5663] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.299948][ T5663] bridge0: port 2(bridge_slave_1) entered disabled state
[ 117.304798][ T5663] bridge_slave_1: entered allmulticast mode
[ 117.308116][ T5663] bridge_slave_1: entered promiscuous mode
[ 117.367187][ T5663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 117.375933][ T5663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 117.430003][ T5663] team0: Port device team_slave_0 added
[ 117.434176][ T5663] team0: Port device team_slave_1 added
[ 117.502354][ T5663] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 117.505574][ T5663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.519592][ T5663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 117.529069][ T5663] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 117.532578][ T5663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.544326][ T5663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 117.642256][ T5663] hsr_slave_0: entered promiscuous mode
[ 117.645757][ T5663] hsr_slave_1: entered promiscuous mode
[ 117.649278][ T5663] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 117.654423][ T5663] Cannot create hsr debugfs directory
[ 119.001058][ T66] Bluetooth: hci0: command tx timeout
[ 120.680276][ T11] bridge_slave_1: left allmulticast mode
[ 120.682811][ T11] bridge_slave_1: left promiscuous mode
[ 120.685984][ T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 120.693862][ T11] bridge_slave_0: left allmulticast mode
[ 120.697059][ T11] bridge_slave_0: left promiscuous mode
[ 120.701039][ T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.083641][ T66] Bluetooth: hci0: command tx timeout
[ 121.135867][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 121.142747][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 121.148391][ T11] bond0 (unregistering): Released all slaves
[ 121.374272][ T11] hsr_slave_0: left promiscuous mode
[ 121.377311][ T11] hsr_slave_1: left promiscuous mode
[ 121.380320][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 121.383095][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 121.386143][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 121.389116][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 121.416205][ T11] veth1_macvtap: left promiscuous mode
[ 121.418382][ T11] veth0_macvtap: left promiscuous mode
[ 121.421354][ T11] veth1_vlan: left promiscuous mode
[ 121.423444][ T11] veth0_vlan: left promiscuous mode
[ 122.075136][ T11] team0 (unregistering): Port device team_slave_1 removed
[ 122.131296][ T11] team0 (unregistering): Port device team_slave_0 removed
[ 122.825263][ T5663] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 122.831979][ T5663] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 122.839555][ T5663] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 122.846420][ T5663] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 122.931659][ T5663] 8021q: adding VLAN 0 to HW filter on device bond0
[ 122.959946][ T5663] 8021q: adding VLAN 0 to HW filter on device team0
[ 122.968662][ T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.972777][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 123.006382][ T56] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.009563][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 123.170667][ T66] Bluetooth: hci0: command tx timeout
[ 123.351565][ T5663] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 123.395811][ T5663] veth0_vlan: entered promiscuous mode
[ 123.411074][ T5663] veth1_vlan: entered promiscuous mode
[ 123.446827][ T5663] veth0_macvtap: entered promiscuous mode
[ 123.453590][ T5663] veth1_macvtap: entered promiscuous mode
[ 123.478714][ T5663] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 123.492900][ T5663] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 123.504928][ T5663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.508655][ T5663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.513174][ T5663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.516450][ T5663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 123.571769][ T621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.575680][ T621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.597999][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.601986][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/07/22 10:50:34 executed programs: 2
[ 123.657169][ T40] audit: type=1400 audit(1721645434.970:154): avc: denied { prog_load } for pid=5756 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 123.666557][ T40] audit: type=1400 audit(1721645434.970:155): avc: denied { bpf } for pid=5756 comm="syz.0.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 123.675259][ T40] audit: type=1400 audit(1721645434.970:156): avc: denied { perfmon } for pid=5756 comm="syz.0.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 123.687262][ T40] audit: type=1400 audit(1721645435.000:157): avc: denied { prog_run } for pid=5756 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 123.696306][ T40] audit: type=1400 audit(1721645435.010:158): avc: denied { create } for pid=5756 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 123.705192][ T40] audit: type=1400 audit(1721645435.010:159): avc: denied { ioctl } for pid=5756 comm="syz.0.15" path="socket:[11792]" dev="sockfs" ino=11792 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 125.241693][ T66] Bluetooth: hci0: command tx timeout
[ 127.372918][ C0] ==================================================================
[ 127.376425][ C0] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x355/0x3f0
[ 127.379683][ C0] Read of size 4 at addr ffffc90003387a50 by task syz.0.105/5938
[ 127.399391][ C0]
[ 127.400242][ C0] CPU: 0 UID: 0 PID: 5938 Comm: syz.0.105 Not tainted 6.10.0-syzkaller-g933069701c1b-dirty #0
[ 127.403875][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 127.407418][ C0] Call Trace:
[ 127.408555][ C0]
[ 127.409537][ C0] dump_stack_lvl+0x116/0x1f0
[ 127.426402][ C0] print_report+0xc3/0x620
[ 127.428646][ C0] ? __virt_addr_valid+0x5e/0x590
[ 127.431163][ C0] kasan_report+0xd9/0x110
[ 127.433252][ C0] ? xdp_do_check_flushed+0x355/0x3f0
[ 127.435152][ C0] ? xdp_do_check_flushed+0x355/0x3f0
[ 127.437278][ C0] xdp_do_check_flushed+0x355/0x3f0
[ 127.439335][ C0] __napi_poll.constprop.0+0xd1/0x550
[ 127.445923][ C0] net_rx_action+0xa92/0x1010
[ 127.448128][ C0] ? __pfx_net_rx_action+0x10/0x10
[ 127.449995][ C0] ? rcu_qs+0x80/0xe0
[ 127.467764][ C0] ? trace_rcu_utilization+0x100/0x160
[ 127.469936][ C0] handle_softirqs+0x216/0x8f0
[ 127.472093][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 127.474877][ C0] irq_exit_rcu+0xbb/0x120
[ 127.477130][ C0] sysvec_apic_timer_interrupt+0x95/0xb0
[ 127.479570][ C0]
[ 127.495244][ C0]
[ 127.496844][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 127.499654][ C0] RIP: 0010:__schedule+0xe3f/0x5490
[ 127.502023][ C0] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 3f 00 00 48 8b bd 10 ff ff ff 4d 89 77 10 4c 89 f6 e8 c9 a5 0f f6 48 89 c7 e8 61 54 6a f6 <48> 8b 8d a0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 01 c1 48 c7
[ 127.510480][ C0] RSP: 0018:ffffc90003387980 EFLAGS: 00000206
[ 127.512856][ C0] RAX: 00000000000001a9 RBX: ffff888043a40000 RCX: 1ffffffff1fce089
[ 127.516079][ C0] RDX: 0000000000000000 RSI: ffffffff8b2cc580 RDI: ffffffff8b90c740
[ 127.518936][ C0] RBP: ffffc90003387b10 R08: 0000000000000001 R09: 0000000000000001
[ 127.521599][ C0] R10: ffffffff8fe7489f R11: 0000000000000001 R12: ffff88806b03f908
[ 127.524558][ C0] R13: 0000000000000000 R14: ffff888043a40000 R15: ffff88806b03ee00
[ 127.527950][ C0] ? select_task_rq_fair+0x4af/0x44b0
[ 127.530517][ C0] ? __pfx_lock_release+0x10/0x10
[ 127.533072][ C0] ? __pfx___schedule+0x10/0x10
[ 127.535073][ C0] ? irqentry_exit+0x3b/0x90
[ 127.537044][ C0] ? lockdep_hardirqs_on+0x7c/0x110
[ 127.539114][ C0] ? preempt_schedule_thunk+0x1a/0x30
[ 127.541437][ C0] preempt_schedule_common+0x44/0xc0
[ 127.543528][ C0] preempt_schedule_thunk+0x1a/0x30
[ 127.545612][ C0] ? select_task_rq_fair+0x360/0x44b0
[ 127.547711][ C0] try_to_wake_up+0xc08/0x13e0
[ 127.549689][ C0] ? __pfx_try_to_wake_up+0x10/0x10
[ 127.552051][ C0] ? __pfx_lock_release+0x10/0x10
[ 127.554273][ C0] ? plist_check_head+0xa3/0x150
[ 127.555951][ C0] wake_up_q+0x91/0x140
[ 127.557367][ C0] ? do_raw_spin_unlock+0x172/0x230
[ 127.559640][ C0] futex_wake+0x43e/0x4e0
[ 127.561933][ C0] ? __pfx_futex_wake+0x10/0x10
[ 127.564531][ C0] ? vfs_write+0x917/0x1140
[ 127.566955][ C0] ? vfs_write+0x14d/0x1140
[ 127.569342][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 127.572116][ C0] do_futex+0x1e5/0x350
[ 127.574087][ C0] ? __pfx_do_futex+0x10/0x10
[ 127.576301][ C0] ? __fget_files+0x256/0x400
[ 127.578523][ C0] __x64_sys_futex+0x1e1/0x4c0
[ 127.580518][ C0] ? fput+0x32/0x390
[ 127.582317][ C0] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.584448][ C0] ? ksys_write+0x1ab/0x260
[ 127.586685][ C0] ? __pfx_ksys_write+0x10/0x10
[ 127.589258][ C0] do_syscall_64+0xcd/0x250
[ 127.591465][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.593869][ C0] RIP: 0033:0x7faaa0975b59
[ 127.595878][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.603716][ C0] RSP: 002b:00007faaa16670f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 127.606639][ C0] RAX: ffffffffffffffda RBX: 00007faaa0b05f68 RCX: 00007faaa0975b59
[ 127.609345][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faaa0b05f6c
[ 127.612043][ C0] RBP: 00007faaa0b05f60 R08: 00007faaa1668080 R09: 00007faaa16676c0
[ 127.614789][ C0] R10: 0000000000000e80 R11: 0000000000000246 R12: 00007faaa0b05f6c
[ 127.617737][ C0] R13: 000000000000000b R14: 00007fff8e045980 R15: 00007fff8e045a68
[ 127.620751][ C0]
[ 127.622078][ C0]
[ 127.623158][ C0] The buggy address belongs to stack of task syz.0.105/5938
[ 127.626117][ C0] and is located at offset 40 in frame:
[ 127.628620][ C0] __schedule+0x0/0x5490
[ 127.630431][ C0]
[ 127.631466][ C0] This frame has 3 objects:
[ 127.633673][ C0] [48, 52) 'cid'
[ 127.633685][ C0] [64, 80) 'rf'
[ 127.635310][ C0] [96, 120) 'ac'
[ 127.636878][ C0]
[ 127.639294][ C0] The buggy address belongs to the virtual mapping at
[ 127.639294][ C0] [ffffc90003380000, ffffc90003389000) created by:
[ 127.639294][ C0] kernel_clone+0xfd/0x980
[ 127.645896][ C0]
[ 127.646732][ C0] The buggy address belongs to the physical page:
[ 127.648825][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801f49d0f0 pfn:0x1f49d
[ 127.653650][ C0] memcg:ffff88802787e902
[ 127.655626][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 127.658731][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 127.662393][ C0] raw: ffff88801f49d0f0 0000000000000000 00000001ffffffff ffff88802787e902
[ 127.666578][ C0] page dumped because: kasan: bad access detected
[ 127.669152][ C0] page_owner tracks the page as allocated
[ 127.671334][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5663, tgid 5663 (syz-executor), ts 127270798487, free_ts 127240380476
[ 127.678059][ C0] post_alloc_hook+0x2d1/0x350
[ 127.679732][ C0] get_page_from_freelist+0x1351/0x2e50
[ 127.681601][ C0] __alloc_pages_noprof+0x22b/0x2460
[ 127.683602][ C0] alloc_pages_mpol_noprof+0x275/0x610
[ 127.685734][ C0] __vmalloc_node_range_noprof+0xa6a/0x1520
[ 127.688278][ C0] copy_process+0x2f3b/0x8de0
[ 127.690108][ C0] kernel_clone+0xfd/0x980
[ 127.691862][ C0] __do_sys_clone+0xba/0x100
[ 127.693651][ C0] do_syscall_64+0xcd/0x250
[ 127.695776][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.699118][ C0] page last free pid 5663 tgid 5663 stack trace:
[ 127.702816][ C0] free_unref_page+0x64a/0xe40
[ 127.705131][ C0] __folio_put+0x31c/0x3e0
[ 127.723194][ C0] free_page_and_swap_cache+0x249/0x2c0
[ 127.725341][ C0] tlb_remove_table_rcu+0x89/0xe0
[ 127.727503][ C0] rcu_core+0x828/0x16b0
[ 127.729175][ C0] handle_softirqs+0x216/0x8f0
[ 127.731096][ C0] irq_exit_rcu+0xbb/0x120
[ 127.732919][ C0] sysvec_apic_timer_interrupt+0x95/0xb0
[ 127.735646][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 127.738095][ C0]
[ 127.754485][ C0] Memory state around the buggy address:
[ 127.756639][ C0] ffffc90003387900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.759504][ C0] ffffc90003387980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.763143][ C0] >ffffc90003387a00: 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 00 f2
[ 127.766118][ C0] ^
[ 127.769253][ C0] ffffc90003387a80: f2 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00
[ 127.788107][ C0] ffffc90003387b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 127.790815][ C0] ==================================================================
[ 127.793547][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 127.796403][ C0] CPU: 0 UID: 0 PID: 5938 Comm: syz.0.105 Not tainted 6.10.0-syzkaller-g933069701c1b-dirty #0
[ 127.800082][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 127.803991][ C0] Call Trace:
[ 127.805218][ C0]
[ 127.819387][ C0] dump_stack_lvl+0x3d/0x1f0
[ 127.821612][ C0] panic+0x6f5/0x7a0
[ 127.823829][ C0] ? __pfx_panic+0x10/0x10
[ 127.825868][ C0] ? check_panic_on_warn+0x1f/0xb0
[ 127.828234][ C0] check_panic_on_warn+0xab/0xb0
[ 127.830707][ C0] end_report+0x117/0x180
[ 127.832497][ C0] kasan_report+0xe9/0x110
[ 127.834474][ C0] ? xdp_do_check_flushed+0x355/0x3f0
[ 127.836516][ C0] ? xdp_do_check_flushed+0x355/0x3f0
[ 127.838643][ C0] xdp_do_check_flushed+0x355/0x3f0
[ 127.840635][ C0] __napi_poll.constprop.0+0xd1/0x550
[ 127.842675][ C0] net_rx_action+0xa92/0x1010
[ 127.844476][ C0] ? __pfx_net_rx_action+0x10/0x10
[ 127.846435][ C0] ? rcu_qs+0x80/0xe0
[ 127.848052][ C0] ? trace_rcu_utilization+0x100/0x160
[ 127.850486][ C0] handle_softirqs+0x216/0x8f0
[ 127.852709][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 127.855208][ C0] irq_exit_rcu+0xbb/0x120
[ 127.856909][ C0] sysvec_apic_timer_interrupt+0x95/0xb0
[ 127.858850][ C0]
[ 127.860068][ C0]
[ 127.861139][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 127.863682][ C0] RIP: 0010:__schedule+0xe3f/0x5490
[ 127.865747][ C0] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 3f 00 00 48 8b bd 10 ff ff ff 4d 89 77 10 4c 89 f6 e8 c9 a5 0f f6 48 89 c7 e8 61 54 6a f6 <48> 8b 8d a0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 01 c1 48 c7
[ 127.873386][ C0] RSP: 0018:ffffc90003387980 EFLAGS: 00000206
[ 127.875977][ C0] RAX: 00000000000001a9 RBX: ffff888043a40000 RCX: 1ffffffff1fce089
[ 127.878869][ C0] RDX: 0000000000000000 RSI: ffffffff8b2cc580 RDI: ffffffff8b90c740
[ 127.881427][ C0] RBP: ffffc90003387b10 R08: 0000000000000001 R09: 0000000000000001
[ 127.883973][ C0] R10: ffffffff8fe7489f R11: 0000000000000001 R12: ffff88806b03f908
[ 127.886521][ C0] R13: 0000000000000000 R14: ffff888043a40000 R15: ffff88806b03ee00
[ 127.889169][ C0] ? select_task_rq_fair+0x4af/0x44b0
[ 127.891494][ C0] ? __pfx_lock_release+0x10/0x10
[ 127.893207][ C0] ? __pfx___schedule+0x10/0x10
[ 127.895172][ C0] ? irqentry_exit+0x3b/0x90
[ 127.896878][ C0] ? lockdep_hardirqs_on+0x7c/0x110
[ 127.898790][ C0] ? preempt_schedule_thunk+0x1a/0x30
[ 127.900735][ C0] preempt_schedule_common+0x44/0xc0
[ 127.902297][ C0] preempt_schedule_thunk+0x1a/0x30
[ 127.904012][ C0] ? select_task_rq_fair+0x360/0x44b0
[ 127.905776][ C0] try_to_wake_up+0xc08/0x13e0
[ 127.907746][ C0] ? __pfx_try_to_wake_up+0x10/0x10
[ 127.909753][ C0] ? __pfx_lock_release+0x10/0x10
[ 127.911704][ C0] ? plist_check_head+0xa3/0x150
[ 127.913652][ C0] wake_up_q+0x91/0x140
[ 127.915281][ C0] ? do_raw_spin_unlock+0x172/0x230
[ 127.917682][ C0] futex_wake+0x43e/0x4e0
[ 127.919427][ C0] ? __pfx_futex_wake+0x10/0x10
[ 127.921368][ C0] ? vfs_write+0x917/0x1140
[ 127.923078][ C0] ? vfs_write+0x14d/0x1140
[ 127.924493][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 127.926382][ C0] do_futex+0x1e5/0x350
[ 127.927604][ C0] ? __pfx_do_futex+0x10/0x10
[ 127.929006][ C0] ? __fget_files+0x256/0x400
[ 127.930392][ C0] __x64_sys_futex+0x1e1/0x4c0
[ 127.932034][ C0] ? fput+0x32/0x390
[ 127.933342][ C0] ? __pfx___x64_sys_futex+0x10/0x10
[ 127.935438][ C0] ? ksys_write+0x1ab/0x260
[ 127.937381][ C0] ? __pfx_ksys_write+0x10/0x10
[ 127.939666][ C0] do_syscall_64+0xcd/0x250
[ 127.941899][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 127.945112][ C0] RIP: 0033:0x7faaa0975b59
[ 127.946989][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 127.954435][ C0] RSP: 002b:00007faaa16670f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 127.957550][ C0] RAX: ffffffffffffffda RBX: 00007faaa0b05f68 RCX: 00007faaa0975b59
[ 127.960409][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faaa0b05f6c
[ 127.963222][ C0] RBP: 00007faaa0b05f60 R08: 00007faaa1668080 R09: 00007faaa16676c0
[ 127.967275][ C0] R10: 0000000000000e80 R11: 0000000000000246 R12: 00007faaa0b05f6c
[ 127.970279][ C0] R13: 000000000000000b R14: 00007fff8e045980 R15: 00007fff8e045a68
[ 127.973196][ C0]
[ 127.974994][ C0] Kernel Offset: disabled
[ 127.976431][ C0] Rebooting in 86400 seconds..