last executing test programs: 2.869673425s ago: executing program 1 (id=43): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001500)={0x34, r2, 0x1, 0x4000, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0xa000000}]}, 0x34}}, 0x0) 2.831413756s ago: executing program 1 (id=46): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000400), &(0x7f00000003c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18) io_pgetevents(0x0, 0x8000023, 0x0, 0x0, 0x0, 0x0) 2.810482816s ago: executing program 1 (id=47): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x1c8, 0x0, 0x1acc02, 0x148, 0x0, 0x10, 0x3b8, 0x2a8, 0x2a8, 0x3b8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x40000, 0x70, 0x98, 0x0, {0x0, 0x5803}}, @common=@inet=@SET1={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x228) 2.788411516s ago: executing program 1 (id=50): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)={0x2c, r3, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}]}, 0x2c}}, 0x4000000) 2.747745827s ago: executing program 1 (id=52): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb02163c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000300)=0x9) 2.543926021s ago: executing program 2 (id=61): bpf$PROG_LOAD(0x5, &(0x7f0000004200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x7, 0xfffd, 0x9, 0x1, 0xffffffffffffffff, 0x2}, 0x50) 2.531654551s ago: executing program 2 (id=62): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TCSBRKP(r2, 0x5425, 0x0) ioctl$TCSETSW2(r2, 0x5425, 0x0) 2.531289761s ago: executing program 3 (id=63): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r2, 0x2, 0x0, 0x0, &(0x7f0000001440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 2.512476381s ago: executing program 3 (id=64): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x9d, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r1, &(0x7f0000000080), 0x0}, 0x20) 2.396988423s ago: executing program 3 (id=65): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffa1}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x50) mount$cgroup(0x0, 0x0, 0x0, 0x102000, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, r1}, 0x38) 1.964515029s ago: executing program 2 (id=67): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x5c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 1.91680684s ago: executing program 2 (id=69): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 1.887307451s ago: executing program 0 (id=70): r0 = epoll_create(0x3ff) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0000000}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000280)={0x2000000}) 1.871796011s ago: executing program 3 (id=65): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffa1}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x50) mount$cgroup(0x0, 0x0, 0x0, 0x102000, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, r1}, 0x38) 1.806684152s ago: executing program 0 (id=71): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) sched_setaffinity(0x0, 0x0, 0x0) r0 = io_uring_setup(0x25f5, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x0, 0x257}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) io_uring_enter(r0, 0x2000000, 0x2, 0xf, &(0x7f0000000000), 0x18) 1.806384812s ago: executing program 2 (id=72): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) 1.745971873s ago: executing program 2 (id=73): r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12015001020000102505a1a440000102030109025c0002010000000904000001020d00000524060001052400a2000d240f01f9fffffffdff08000006241a0000080905810300040000000904010000000000000904010102020d00000905820210000000000905030240"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x1, 0x5, 0x1004, 0xd, 0x4, 0x0, 0x8a83, 0x5, 0x33, 0x1ff, 0x0, 0xffff}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000c00)={0x14, 0x0, &(0x7f0000000bc0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.407036328s ago: executing program 0 (id=74): r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) close(r0) eventfd(0x2) r1 = signalfd(0xffffffffffffffff, &(0x7f00000006c0), 0x8) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) read$FUSE(r0, &(0x7f0000006340)={0x2020}, 0x2020) 1.038499014s ago: executing program 3 (id=65): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffa1}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x50) mount$cgroup(0x0, 0x0, 0x0, 0x102000, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, r1}, 0x38) 693.255129ms ago: executing program 1 (id=77): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000140)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x40, 0x13, 0x5e, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0}) openat$rtc(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x4008700c, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000640)={0x34, &(0x7f0000000380)=ANY=[@ANYBLOB="4d1304000000ba"], 0x0, 0x0, 0x0, 0x0, 0x0}) 561.845941ms ago: executing program 0 (id=78): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001380)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x4, 0x4}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xb, 0xf, 0x3, 0x2, 0x7ae, 0x9, 0xb11, 0x65, [{0x7fff, 0x401, 0x5, 0x6}, {0x0, 0xe1, 0x7, 0xfffffffd}, {0x3ff, 0xa, 0x76800, 0xd}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1, 0x3}}]}}]}, 0x7c}}, 0x20040054) 456.728942ms ago: executing program 0 (id=79): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xffffefc0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x6, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10) capget(&(0x7f0000000180)={0xf1504}, 0x0) 442.307133ms ago: executing program 4 (id=80): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="149e000700"/20, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='module_request\x00', r1}, 0x18) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) 425.624353ms ago: executing program 4 (id=81): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d0000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000100), &(0x7f00000001c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20) 401.521483ms ago: executing program 4 (id=82): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000300)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) close(r1) 389.966884ms ago: executing program 0 (id=83): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x4802, 0x4b) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "7738e21f"}]}}, 0x0}, 0x0) syz_open_dev$hiddev(0x0, 0x200, 0x44040) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000100)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x1, 0x10, "12292083d584a74b161779b6cfacd7ae"}, 0x0}) 331.305955ms ago: executing program 4 (id=84): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close_range(r0, r1, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 60.705439ms ago: executing program 4 (id=85): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) pidfd_send_signal(0xffffffffffffffff, 0x3b, 0x0, 0x0) 40.084089ms ago: executing program 4 (id=86): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000580)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x46, @local, @mcast1, 0x10, 0x0, 0x6, 0x3}}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000600)={'syztnl1\x00', 0x0}) 0s ago: executing program 3 (id=65): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffa1}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x50) mount$cgroup(0x0, 0x0, 0x0, 0x102000, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, r1}, 0x38) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 13.258280][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 13.258293][ T28] audit: type=1400 audit(1751986681.866:59): avc: denied { transition } for pid=225 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.262703][ T28] audit: type=1400 audit(1751986681.866:60): avc: denied { noatsecure } for pid=225 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.265482][ T28] audit: type=1400 audit(1751986681.866:61): avc: denied { write } for pid=225 comm="sh" path="pipe:[7770]" dev="pipefs" ino=7770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.268677][ T28] audit: type=1400 audit(1751986681.866:62): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.271343][ T28] audit: type=1400 audit(1751986681.866:63): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.238' (ED25519) to the list of known hosts. [ 20.370321][ T28] audit: type=1400 audit(1751986688.976:64): avc: denied { mounton } for pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.371520][ T275] cgroup: Unknown subsys name 'net' [ 20.392964][ T28] audit: type=1400 audit(1751986688.976:65): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.420209][ T28] audit: type=1400 audit(1751986689.006:66): avc: denied { unmount } for pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.420378][ T275] cgroup: Unknown subsys name 'devices' [ 20.553493][ T275] cgroup: Unknown subsys name 'hugetlb' [ 20.559104][ T275] cgroup: Unknown subsys name 'rlimit' [ 20.661701][ T28] audit: type=1400 audit(1751986689.276:67): avc: denied { setattr } for pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.684895][ T28] audit: type=1400 audit(1751986689.276:68): avc: denied { mounton } for pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.703291][ T277] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.709774][ T28] audit: type=1400 audit(1751986689.276:69): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.741275][ T28] audit: type=1400 audit(1751986689.326:70): avc: denied { relabelto } for pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.743592][ T275] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.766812][ T28] audit: type=1400 audit(1751986689.326:71): avc: denied { write } for pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.800990][ T28] audit: type=1400 audit(1751986689.356:72): avc: denied { read } for pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.826538][ T28] audit: type=1400 audit(1751986689.356:73): avc: denied { open } for pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.616965][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.624047][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.631659][ T283] device bridge_slave_0 entered promiscuous mode [ 21.638323][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.645571][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.652954][ T284] device bridge_slave_0 entered promiscuous mode [ 21.665808][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.672882][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.680147][ T283] device bridge_slave_1 entered promiscuous mode [ 21.686841][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.693949][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.701272][ T284] device bridge_slave_1 entered promiscuous mode [ 21.733367][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.740416][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.747844][ T287] device bridge_slave_0 entered promiscuous mode [ 21.755611][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.762694][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.770126][ T287] device bridge_slave_1 entered promiscuous mode [ 21.787519][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.794626][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.802016][ T285] device bridge_slave_0 entered promiscuous mode [ 21.825129][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.832285][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.839593][ T285] device bridge_slave_1 entered promiscuous mode [ 21.905358][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.912435][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.919918][ T286] device bridge_slave_0 entered promiscuous mode [ 21.939467][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.946636][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.954050][ T286] device bridge_slave_1 entered promiscuous mode [ 22.074373][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.081432][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.088687][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.095729][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.115492][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.122566][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.129833][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.136963][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.162984][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.170033][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.177318][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.184380][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.195821][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.203247][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.210526][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.217580][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.234041][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.241091][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.248403][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.255440][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.298356][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.305740][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.312913][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.320441][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.327792][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.335017][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.342409][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.349584][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.356814][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.364123][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.371834][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.387151][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.394717][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.402337][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.410442][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.417482][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.424879][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.433412][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.440423][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.456970][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.464737][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.473017][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.480030][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.487529][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.495759][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.502799][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.510327][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.518561][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.525602][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.534502][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.542798][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.549828][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.584185][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.593181][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.606157][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.614737][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.621837][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.629516][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.637748][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.645952][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.652983][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.660885][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.668895][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.676874][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.685176][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.692548][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.699871][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.708090][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.715125][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.722607][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.730526][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.738639][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.763467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.771790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.779762][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.788180][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.796597][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.804905][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.812984][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.821056][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.829342][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.837673][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.861323][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.870207][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.878498][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.886129][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.893822][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.901819][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.909790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.918335][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.926751][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.934640][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.942770][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.950529][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.958079][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.965541][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.973495][ T287] device veth0_vlan entered promiscuous mode [ 22.983757][ T285] device veth0_vlan entered promiscuous mode [ 22.991293][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.999979][ T284] device veth0_vlan entered promiscuous mode [ 23.015768][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.024298][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.039270][ T286] device veth0_vlan entered promiscuous mode [ 23.049922][ T284] device veth1_macvtap entered promiscuous mode [ 23.057066][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.065573][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.073787][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.082013][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.089960][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.098137][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.107580][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.115069][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.122609][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.130001][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.137802][ T283] device veth0_vlan entered promiscuous mode [ 23.147908][ T287] device veth1_macvtap entered promiscuous mode [ 23.155973][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.168493][ T286] device veth1_macvtap entered promiscuous mode [ 23.177288][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.185741][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.194204][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.203006][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.211162][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.225689][ T285] device veth1_macvtap entered promiscuous mode [ 23.232697][ T284] request_module fs-gadgetfs succeeded, but still no fs? [ 23.259475][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.268235][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.278353][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.286920][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.295480][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.304170][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.312632][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.320952][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.329457][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.339520][ T283] device veth1_macvtap entered promiscuous mode [ 23.339538][ T288] hid-generic 0003:0000:0000.0001: unknown main item tag 0x0 [ 23.355710][ T288] hid-generic 0003:0000:0000.0001: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 23.372452][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.395913][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.402730][ T316] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.413731][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.436775][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.473746][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.484521][ T313] fido_id[313]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 23.498902][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.511573][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.520023][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.747013][ T355] loop7: detected capacity change from 0 to 16384 [ 23.847185][ T355] I/O error, dev loop7, sector 1280 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 2 [ 24.008226][ T370] kvm: pic: non byte write [ 24.132693][ T401] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=401 comm=syz.2.35 [ 24.160056][ T404] Zero length message leads to an empty skb [ 24.161464][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 24.384376][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.398999][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.408994][ T39] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 24.421439][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.430089][ T39] usb 5-1: config 0 descriptor?? [ 24.592768][ T287] syz-executor (287) used greatest stack depth: 22304 bytes left [ 24.717858][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.724965][ T457] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.733305][ T457] device bridge_slave_0 entered promiscuous mode [ 24.744607][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.751836][ T457] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.759275][ T457] device bridge_slave_1 entered promiscuous mode [ 24.809815][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.816923][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.824241][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.831276][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.855261][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.863029][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.870449][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.880607][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.889157][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.896323][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.906666][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.915108][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.922206][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.938008][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.947814][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.964686][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.978775][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.986995][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.994575][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.002801][ T457] device veth0_vlan entered promiscuous mode [ 25.016154][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.025612][ T457] device veth1_macvtap entered promiscuous mode [ 25.035623][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.044162][ T39] usb 5-1: language id specifier not provided by device, defaulting to English [ 25.079796][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.092718][ T8] device bridge_slave_1 left promiscuous mode [ 25.098924][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.120862][ T8] device bridge_slave_0 left promiscuous mode [ 25.129665][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.139035][ T8] device veth1_macvtap left promiscuous mode [ 25.145612][ T8] device veth0_vlan left promiscuous mode [ 25.162511][ T457] syz-executor (457) used greatest stack depth: 22016 bytes left [ 25.376800][ T28] kauditd_printk_skb: 78 callbacks suppressed [ 25.376813][ T28] audit: type=1400 audit(1751986693.986:152): avc: denied { sqpoll } for pid=476 comm="syz.0.71" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 25.402879][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.409951][ T480] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.417607][ T480] device bridge_slave_0 entered promiscuous mode [ 25.432504][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.439599][ T480] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.445316][ T39] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71 [ 25.452937][ T480] device bridge_slave_1 entered promiscuous mode [ 25.461455][ T39] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 25.469890][ T39] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71 [ 25.478442][ T39] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 25.486310][ T39] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 25.495271][ T39] usb 5-1: USB disconnect, device number 2 [ 25.591872][ T288] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 25.621201][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.629489][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.642357][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.650904][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.659432][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.666582][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.674333][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.683183][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.691582][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.698612][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.706085][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.722377][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.730474][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.738485][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.746869][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.763850][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.772929][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.781282][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.789501][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.797767][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.805519][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.812884][ T288] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 25.824048][ T288] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 25.825123][ T480] device veth0_vlan entered promiscuous mode [ 25.842301][ T288] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 25.851391][ T288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.859494][ T288] usb 3-1: Product: syz [ 25.863832][ T288] usb 3-1: Manufacturer: syz [ 25.867398][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.868424][ T288] usb 3-1: SerialNumber: syz [ 25.877717][ T480] device veth1_macvtap entered promiscuous mode [ 25.890279][ T479] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 25.900410][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.908922][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.918887][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.927585][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.997839][ T492] loop4: detected capacity change from 0 to 128 [ 26.023485][ T492] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 26.032462][ T28] audit: type=1400 audit(1751986694.646:153): avc: denied { mount } for pid=491 comm="syz.4.75" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.032488][ T492] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 26.106558][ T28] audit: type=1400 audit(1751986694.716:154): avc: denied { write } for pid=491 comm="syz.4.75" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.128817][ T28] audit: type=1400 audit(1751986694.716:155): avc: denied { add_name } for pid=491 comm="syz.4.75" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.128831][ T286] EXT4-fs (loop4): unmounting filesystem. [ 26.156977][ T28] audit: type=1400 audit(1751986694.716:156): avc: denied { create } for pid=491 comm="syz.4.75" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.178341][ T8] device bridge_slave_1 left promiscuous mode [ 26.180007][ T28] audit: type=1400 audit(1751986694.716:157): avc: denied { read append open } for pid=491 comm="syz.4.75" path="/4/mnt/cgroup.controllers" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.184812][ T497] syz.4.76[497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.209072][ T28] audit: type=1400 audit(1751986694.726:158): avc: denied { map } for pid=491 comm="syz.4.75" path="/4/mnt/cgroup.controllers" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.210420][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.220687][ T497] syz.4.76[497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.252373][ T28] audit: type=1400 audit(1751986694.726:159): avc: denied { write } for pid=491 comm="syz.4.75" path="/4/mnt/cgroup.controllers" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.287105][ T8] device bridge_slave_0 left promiscuous mode [ 26.293305][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.301329][ T8] device veth1_macvtap left promiscuous mode [ 26.308103][ T8] device veth0_vlan left promiscuous mode [ 26.317528][ T497] loop4: detected capacity change from 0 to 256 [ 26.331440][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.341547][ T497] FAT-fs (loop4): bogus number of FAT sectors [ 26.358678][ T497] FAT-fs (loop4): Can't find a valid FAT filesystem [ 26.460009][ T498] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.467385][ T498] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.475745][ T498] device bridge_slave_0 entered promiscuous mode [ 26.483842][ T498] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.491015][ T498] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.499200][ T498] device bridge_slave_1 entered promiscuous mode [ 26.633657][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.646454][ T487] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.663733][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.665261][ T28] audit: type=1400 audit(1751986695.276:160): avc: denied { bind } for pid=513 comm="syz.4.82" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.682605][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.698762][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.707989][ T318] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.715078][ T318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.723167][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.732902][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.741166][ T318] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.748243][ T318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.753727][ T518] KVM: debugfs: duplicate directory 518-4 [ 26.755789][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.770090][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.783124][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.791212][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.799333][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 26.815804][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.824475][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.835754][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.844296][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.852113][ T487] usb 2-1: Using ep0 maxpacket: 8 [ 26.855492][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.862555][ T487] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 26.873697][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.880983][ T487] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.889671][ T487] usb 2-1: config 0 descriptor?? [ 26.897363][ T498] device veth0_vlan entered promiscuous mode [ 26.908211][ T288] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 26.911135][ T498] device veth1_macvtap entered promiscuous mode [ 26.921186][ T288] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 26.927101][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.935153][ T19] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.935680][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.951829][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.965368][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.974132][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.110504][ T288] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 27.121457][ T19] usb 1-1: Using ep0 maxpacket: 16 [ 27.128266][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.143324][ T288] usb 3-1: USB disconnect, device number 2 [ 27.149257][ T28] audit: type=1400 audit(1751986695.756:161): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 27.170406][ T288] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 27.179610][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.193123][ T19] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 27.202730][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.221820][ T310] ================================================================== [ 27.229912][ T310] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 27.238119][ T310] Read of size 8 at addr ffff88811dcbacf0 by task kworker/0:4/310 [ 27.245937][ T310] [ 27.248266][ T310] CPU: 0 PID: 310 Comm: kworker/0:4 Not tainted 6.1.141-syzkaller-00037-gfa7e0538663e #0 [ 27.258071][ T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 27.268136][ T310] Workqueue: rcu_gp srcu_invoke_callbacks [ 27.273903][ T310] Call Trace: [ 27.277194][ T310] [ 27.280135][ T310] __dump_stack+0x21/0x24 [ 27.284480][ T310] dump_stack_lvl+0xee/0x150 [ 27.289087][ T310] ? __cfi_dump_stack_lvl+0x8/0x8 [ 27.294126][ T310] ? __list_del_entry_valid+0xa6/0x130 [ 27.299607][ T310] print_address_description+0x71/0x210 [ 27.305188][ T310] print_report+0x4a/0x60 [ 27.309620][ T310] kasan_report+0x122/0x150 [ 27.314139][ T310] ? __list_del_entry_valid+0xa6/0x130 [ 27.319616][ T310] __asan_report_load8_noabort+0x14/0x20 [ 27.325265][ T310] __list_del_entry_valid+0xa6/0x130 [ 27.330569][ T310] process_one_work+0x4b9/0xc40 [ 27.335434][ T310] worker_thread+0xa29/0x11f0 [ 27.340124][ T310] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 27.345605][ T310] ? __kthread_parkme+0x142/0x180 [ 27.350652][ T310] kthread+0x281/0x320 [ 27.354814][ T310] ? __cfi_worker_thread+0x10/0x10 [ 27.359936][ T310] ? __cfi_kthread+0x10/0x10 [ 27.364537][ T310] ret_from_fork+0x1f/0x30 [ 27.368973][ T310] [ 27.371998][ T310] [ 27.374325][ T310] Allocated by task 288: [ 27.378653][ T310] kasan_set_track+0x4b/0x70 [ 27.383253][ T310] kasan_save_alloc_info+0x25/0x30 [ 27.388357][ T310] __kasan_kmalloc+0x95/0xb0 [ 27.393013][ T310] __kmalloc_node+0xb2/0x1e0 [ 27.397587][ T310] kvmalloc_node+0x294/0x480 [ 27.402181][ T310] alloc_netdev_mqs+0x8d/0xf90 [ 27.406937][ T310] alloc_etherdev_mqs+0x37/0x40 [ 27.411767][ T310] usbnet_probe+0x20c/0x2780 [ 27.416340][ T310] usb_probe_interface+0x610/0xaf0 [ 27.421431][ T310] really_probe+0x2cb/0x960 [ 27.426089][ T310] __driver_probe_device+0x198/0x280 [ 27.431536][ T310] driver_probe_device+0x54/0x3e0 [ 27.436580][ T310] __device_attach_driver+0x2e9/0x4a0 [ 27.441963][ T310] bus_for_each_drv+0x183/0x210 [ 27.446814][ T310] __device_attach+0x2a2/0x400 [ 27.451566][ T310] device_initial_probe+0x1a/0x20 [ 27.456581][ T310] bus_probe_device+0xc0/0x1f0 [ 27.461348][ T310] device_add+0xb4d/0xef0 [ 27.467621][ T310] usb_set_configuration+0x19c2/0x1f10 [ 27.473172][ T310] usb_generic_driver_probe+0x91/0x150 [ 27.478621][ T310] usb_probe_device+0x159/0x270 [ 27.483549][ T310] really_probe+0x2cb/0x960 [ 27.488060][ T310] __driver_probe_device+0x198/0x280 [ 27.493352][ T310] driver_probe_device+0x54/0x3e0 [ 27.498371][ T310] __device_attach_driver+0x2e9/0x4a0 [ 27.503726][ T310] bus_for_each_drv+0x183/0x210 [ 27.508563][ T310] __device_attach+0x2a2/0x400 [ 27.513309][ T310] device_initial_probe+0x1a/0x20 [ 27.518312][ T310] bus_probe_device+0xc0/0x1f0 [ 27.523135][ T310] device_add+0xb4d/0xef0 [ 27.527460][ T310] usb_new_device+0xa70/0x1520 [ 27.532200][ T310] hub_event+0x2a5d/0x4680 [ 27.536593][ T310] process_one_work+0x71f/0xc40 [ 27.541416][ T310] worker_thread+0xa29/0x11f0 [ 27.546078][ T310] kthread+0x281/0x320 [ 27.550124][ T310] ret_from_fork+0x1f/0x30 [ 27.554520][ T310] [ 27.556837][ T310] Freed by task 288: [ 27.560717][ T310] kasan_set_track+0x4b/0x70 [ 27.565291][ T310] kasan_save_free_info+0x31/0x50 [ 27.570295][ T310] ____kasan_slab_free+0x132/0x180 [ 27.575379][ T310] __kasan_slab_free+0x11/0x20 [ 27.580338][ T310] slab_free_freelist_hook+0xc2/0x190 [ 27.585719][ T310] __kmem_cache_free+0xb7/0x1b0 [ 27.590560][ T310] kfree+0x6f/0xf0 [ 27.594261][ T310] kvfree+0x35/0x40 [ 27.598044][ T310] netdev_freemem+0x3f/0x60 [ 27.602523][ T310] netdev_release+0x7f/0xb0 [ 27.607006][ T310] device_release+0xa4/0x1d0 [ 27.611571][ T310] kobject_put+0x19d/0x280 [ 27.615963][ T310] put_device+0x1f/0x30 [ 27.620091][ T310] free_netdev+0x392/0x490 [ 27.624484][ T310] usbnet_disconnect+0x25a/0x3b0 [ 27.629408][ T310] usb_unbind_interface+0x223/0x8d0 [ 27.634695][ T310] device_release_driver_internal+0x508/0x820 [ 27.640772][ T310] device_release_driver+0x19/0x20 [ 27.645863][ T310] bus_remove_device+0x2ee/0x350 [ 27.650780][ T310] device_del+0x6a4/0xeb0 [ 27.655113][ T310] usb_disable_device+0x3a8/0x750 [ 27.660137][ T310] usb_disconnect+0x31e/0x860 [ 27.664809][ T310] hub_event+0x1bd5/0x4680 [ 27.669201][ T310] process_one_work+0x71f/0xc40 [ 27.674027][ T310] worker_thread+0xd2e/0x11f0 [ 27.678676][ T310] kthread+0x281/0x320 [ 27.682721][ T310] ret_from_fork+0x1f/0x30 [ 27.687112][ T310] [ 27.689409][ T310] Last potentially related work creation: [ 27.695099][ T310] kasan_save_stack+0x3a/0x60 [ 27.700276][ T310] __kasan_record_aux_stack+0xb6/0xc0 [ 27.705833][ T310] kasan_record_aux_stack_noalloc+0xb/0x10 [ 27.711706][ T310] insert_work+0x51/0x300 [ 27.716127][ T310] __queue_work+0x9b1/0xd30 [ 27.720625][ T310] queue_work_on+0xd2/0x140 [ 27.725120][ T310] usbnet_link_change+0x176/0x1a0 [ 27.730125][ T310] usbnet_probe+0x1d55/0x2780 [ 27.735039][ T310] usb_probe_interface+0x610/0xaf0 [ 27.740128][ T310] really_probe+0x2cb/0x960 [ 27.744609][ T310] __driver_probe_device+0x198/0x280 [ 27.749874][ T310] driver_probe_device+0x54/0x3e0 [ 27.754958][ T310] __device_attach_driver+0x2e9/0x4a0 [ 27.760394][ T310] bus_for_each_drv+0x183/0x210 [ 27.765224][ T310] __device_attach+0x2a2/0x400 [ 27.770055][ T310] device_initial_probe+0x1a/0x20 [ 27.775055][ T310] bus_probe_device+0xc0/0x1f0 [ 27.779800][ T310] device_add+0xb4d/0xef0 [ 27.784109][ T310] usb_set_configuration+0x19c2/0x1f10 [ 27.789636][ T310] usb_generic_driver_probe+0x91/0x150 [ 27.795072][ T310] usb_probe_device+0x159/0x270 [ 27.799991][ T310] really_probe+0x2cb/0x960 [ 27.804488][ T310] __driver_probe_device+0x198/0x280 [ 27.809783][ T310] driver_probe_device+0x54/0x3e0 [ 27.814786][ T310] __device_attach_driver+0x2e9/0x4a0 [ 27.820139][ T310] bus_for_each_drv+0x183/0x210 [ 27.825065][ T310] __device_attach+0x2a2/0x400 [ 27.829807][ T310] device_initial_probe+0x1a/0x20 [ 27.834924][ T310] bus_probe_device+0xc0/0x1f0 [ 27.839676][ T310] device_add+0xb4d/0xef0 [ 27.844014][ T310] usb_new_device+0xa70/0x1520 [ 27.848780][ T310] hub_event+0x2a5d/0x4680 [ 27.853182][ T310] process_one_work+0x71f/0xc40 [ 27.858007][ T310] worker_thread+0xa29/0x11f0 [ 27.862681][ T310] kthread+0x281/0x320 [ 27.866729][ T310] ret_from_fork+0x1f/0x30 [ 27.871123][ T310] [ 27.873426][ T310] The buggy address belongs to the object at ffff88811dcba000 [ 27.873426][ T310] which belongs to the cache kmalloc-4k of size 4096 [ 27.887454][ T310] The buggy address is located 3312 bytes inside of [ 27.887454][ T310] 4096-byte region [ffff88811dcba000, ffff88811dcbb000) [ 27.900881][ T310] [ 27.903201][ T310] The buggy address belongs to the physical page: [ 27.909604][ T310] page:ffffea0004772e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11dcb8 [ 27.919838][ T310] head:ffffea0004772e00 order:3 compound_mapcount:0 compound_pincount:0 [ 27.928141][ T310] flags: 0x4000000000010200(slab|head|zone=1) [ 27.934211][ T310] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043380 [ 27.942805][ T310] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 27.951387][ T310] page dumped because: kasan: bad access detected [ 27.957771][ T310] page_owner tracks the page as allocated [ 27.963456][ T310] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 107, tgid 107 (udevd), ts 5061305810, free_ts 0 [ 27.983068][ T310] post_alloc_hook+0x1f5/0x210 [ 27.987825][ T310] prep_new_page+0x1c/0x110 [ 27.992301][ T310] get_page_from_freelist+0x2c7b/0x2cf0 [ 27.997822][ T310] __alloc_pages+0x19e/0x3a0 [ 28.002388][ T310] alloc_slab_page+0x6e/0xf0 [ 28.006956][ T310] new_slab+0x98/0x3d0 [ 28.011089][ T310] ___slab_alloc+0x6f6/0xb50 [ 28.015667][ T310] __slab_alloc+0x5e/0xa0 [ 28.019974][ T310] __kmem_cache_alloc_node+0x203/0x2c0 [ 28.025466][ T310] __kmalloc_node+0xa1/0x1e0 [ 28.030033][ T310] kvmalloc_node+0x294/0x480 [ 28.034605][ T310] seq_read_iter+0x1fc/0xdd0 [ 28.039174][ T310] kernfs_fop_read_iter+0x147/0x480 [ 28.044441][ T310] vfs_read+0x41e/0x8c0 [ 28.048591][ T310] ksys_read+0x140/0x240 [ 28.052823][ T310] __x64_sys_read+0x7b/0x90 [ 28.057310][ T310] page_owner free stack trace missing [ 28.062650][ T310] [ 28.064950][ T310] Memory state around the buggy address: [ 28.070550][ T310] ffff88811dcbab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.078585][ T310] ffff88811dcbac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.086619][ T310] >ffff88811dcbac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.094652][ T310] ^ [ 28.102432][ T310] ffff88811dcbad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.110522][ T310] ffff88811dcbad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.118562][ T310] ================================================================== [ 28.126855][ T310] Disabling lock debugging due to kernel taint [ 28.139676][ T19] usb 1-1: config 0 descriptor?? [ 28.414057][ T487] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 28.424599][ T487] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 28.424867][ T19] usbhid 1-1:0.0: can't add hid device: -71 [ 28.441262][ T19] usbhid: probe of 1-1:0.0 failed with error -71 [ 28.445603][ T284] syz-executor (284) used greatest stack depth: 20928 bytes left [ 28.458311][ T19] usb 1-1: USB disconnect, device number 2 [ 28.471538][ T487] asix: probe of 2-1:0.0 failed with error -71 [ 28.484480][ T487] usb 2-1: USB disconnect, device number 2 [ 28.631998][ T8] device bridge_slave_1 left promiscuous mode [ 28.638169][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.645661][ T8] device bridge_slave_0 left promiscuous mode [ 28.652359][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.660402][ T8] device veth1_macvtap left promiscuous mode [ 28.666637][ T8] device veth0_vlan left promiscuous mode [ 29.562367][ T8] device bridge_slave_1 left promiscuous mode [ 29.568482][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.576396][ T8] device bridge_slave_0 left promiscuous mode [ 29.582726][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.590974][ T8] device bridge_slave_1 left promiscuous mode [ 29.597181][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.604601][ T8] device bridge_slave_0 left promiscuous mode [ 29.610705][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.618585][ T8] device bridge_slave_1 left promiscuous mode [ 29.624780][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.632266][ T8] device bridge_slave_0 left promiscuous mode [ 29.638400][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.646484][ T8] device bridge_slave_1 left promiscuous mode [ 29.652826][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.660236][ T8] device bridge_slave_0 left promiscuous mode [ 29.666585][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.674376][ T8] device bridge_slave_1 left promiscuous mode [ 29.680463][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.688105][ T8] device bridge_slave_0 left promiscuous mode [ 29.694308][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.702664][ T8] device veth1_macvtap left promiscuous mode [ 29.708744][ T8] device veth0_vlan left promiscuous mode [ 29.714746][ T8] device veth1_macvtap left promiscuous mode [ 29.720730][ T8] device veth0_vlan left promiscuous mode [ 29.726750][ T8] device veth1_macvtap left promiscuous mode [ 29.732777][ T8] device veth0_vlan left promiscuous mode [ 29.738632][ T8] device veth1_macvtap left promiscuous mode [ 29.744819][ T8] device veth0_vlan left promiscuous mode [ 29.750691][ T8] device veth1_macvtap left promiscuous mode [ 29.756843][ T8] device veth0_vlan left promiscuous mode