last executing test programs: 1.110633848s ago: executing program 0 (id=1): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") mkdir(&(0x7f0000000180)='./bus\x00', 0x10c) socket$netlink(0x10, 0x3, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[], 0xe4}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8dff) openat$sysfs(0xffffffffffffff9c, 0x0, 0x101001, 0x200) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6(0xa, 0x3, 0x3) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in6=@empty, 0x0, 0x56, 0x2, 0x0, 0x2}, {0x0, 0x6c, 0x1, 0x5, 0xfffffffffffffff6, 0x1fffffc, 0xfffffffffffffffe, 0x8}, {0x2000000000000007, 0x0, 0x4}, 0x4000006, 0x0, 0x1, 0x0, 0x2}, {{@in6=@empty, 0x4d2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4, 0x0, 0x0, 0xffffffff, 0x8, 0x1}}, 0xe8) connect$inet6(r4, 0x0, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes128, 0x0, @desc1}) chdir(&(0x7f0000000400)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 1.087274488s ago: executing program 4 (id=5): bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x206, 0x20182) mkdirat(0xffffffffffffff9c, 0x0, 0x1) lseek(0xffffffffffffffff, 0x103, 0x1) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d80672e65a6a0a72e19c2b60bd6276fd8bb6366e9d1ed9a60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d10d1f600"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, &(0x7f0000000040)={0x0, 0x200000}) 1.081738028s ago: executing program 3 (id=4): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000180)=0x27b, 0x4) connect$inet6(r1, 0x0, 0x0) write(r1, &(0x7f0000000200)="89", 0xffe3) 1.076982518s ago: executing program 2 (id=3): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(r0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000300)={[{@nodelalloc}]}, 0x9, 0xbce, &(0x7f0000000c00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCp+TNOmVOiqdS0q6MJlYzIpIdMPkwgmdJHWvboQcVGQ/gmCe+vCleCiLrT+BUUsUnTTVhg585FOk5lpbCdzTPr7wZvzvuc9M8/z5Exy3gM5CeCJNZl9SSMORMTpJGK8vj+NiIFqbyhivXbc3dsXZ7OWRKXy1m9JJBFx5/bF2cZ7JfXtaH0wFBHXX03i3x9ujbu8urY4Uy6XlurjwytnLxxeXl17eeHszJnSmdK5Y9OvHJs+Pj3dxVpvXnj386d+eP3Zy1c/mnrjs33fJXEyxupzzXV0y2RMbnxPmhUiYqbbwXLSV6+nuc6kkGNCAAB0lDat4f4b49EX9xdv4/Htj7kmBwAAAHRFpS+iAgAAAOxxift/AAAA2OMafwdw5/bF2UbL9y8SeuvWqYiYqNXfeL65NlOI9ep2KPojYuT3JJofa01qL3tsk1mkr74vZS126DnkTtYvRcT/W53/pFr/RPUp7q31pxEx1YX4k5vGu6n+k12I//fqH+xCRACIuHaqdiHbev1LN9Y/0eL6V2hx7XoUeV//G+u/uw+s/yYfqL+vzfrvzW3GOHjvhevt5prXf+98/PNcFj/bPm5d23XrUsTBwub6Y2P9k9WftKn/9DZjjM7evNJuLqs/q7fRel1/5WrEoepqbmv9DUmn/090eH6hXJqqfW3x/qvHG4Far92az3/WsviNe4FeyM7/SHQ4/39W2p7/C9uMMfG/Xw+0m3t4/ekvA8nb1d5Afc8HMysrS0ciBpLXtu4/2jmXxjGN98jqf/6ZVvWnHT//2e+E9fr3Ifv0XKpvs/HlTTFHDx398tHrr2v1j6S6IKt/rvn8vxTb/vn/ZJsxvvj6ynvt5vL+/AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwO6QRMRZJWtzop2mxGDEaEf+JkbR8fnnlxfnz75+by+YiJqI/nV8ol6YiYrw2TrLxkWr//vjopvF0ROyPiE/Hh6vj4uz58lzexQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBhNCLGIkmLEZFGxB/jaVos5p0VAAAA0HUTeScAAAAA7Dj3/wAAALD3bbn/LzwwGuplLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxJ+5++diOJiPUTw9WWGajP9bd8xTdXe5gesIPS7R02stN5AL3Xl3cCQG4KTf1KpVLJMRWgx1rf4wNPkuQh80NtZwa7ngsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/1zPHbh2I4mI9RPD1ZYZqM/155oZsNPSvBMActPXaTJ56A5gFyvknQCQG/f4QG1lf69Ss3V+qO0rBx87KgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7x1i1JWkxItJqP02LxYh/RcRE9CfzC+XSVETsi4ifxvsHs/GRvJMGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg65ZX1xZnyuXSko6OThc7w9GzWMP1H+Y2xwy2n+rQyfkXEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuVheXVucKZdLS8t5ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkbXl1bXGmXC4t7WAn7xoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjPXwEAAP//q10M9A==") ioctl$KVM_RUN(r2, 0xae80, 0x0) 997.850581ms ago: executing program 4 (id=6): r0 = syz_open_dev$usbfs(0x0, 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d80672e65a6a0a72e19c2b60bd6276fd8bb6366e9d1ed9a60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d10d1f600"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, &(0x7f0000000040)={0x0, 0x200000}) 985.998641ms ago: executing program 1 (id=2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000009200)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004001}}, {{0x0, 0x0, &(0x7f0000009140)=[{&(0x7f0000006fc0)="ecbf2e058fdb0fd6058d030cc789e707c6133dd47e91c42409ff589396130c338d548b39a5688af6f3e3b9b02fbd165ad5a46b85563e74a6d74a3b1d9fc8f0234f12e9ae6987cf6d240c5a160a54dc703a20d419f8c881efe6560812a792fdedf75b4772c45634e87e8a1192e7a9a4308ecc6b3bd66f327373e932aae36d087ac79356ae02ce1ddec5ec6e4fb38238b63a0f82794c7cc873ad681a940e03447d6966d74d43d8395b84eceb2ef18abfef7bf873161c0271d5b89f8e121bb2f2988d5341d7be2f7a471e687c7b511465febb9bf5b7a06c46e97cd24522d492fbad2e25487c42e48a04bd317fe0edd909297f363cc9fd0489f0e4cad2d66c3b8d349017e4a1b4898162df38dd7ccd85cae6ac2b3cc9706284d34a648bac89e88791a40fc0a53aa3574ddaa1b13ac7c12bf862d485ffcf30230dac5decc21f124504d7f346fafb426030d60b53693e7c0ee8d047267f69fcfa54e8eac37f0befb583196bc153f94ed8a9f306c467d2b52d729a7fab6d64707df1f856dd1245032296e2128c1a0d20be95f7d8e0f1b9a67c94c1de2162e07152518bd6ebe2bcaec955845d73a30b21de1ab6aa2d2a6b27f33d64cd0b3be69c880312565e1fdc46aec35d5ecd4af69dcc10099f315fd03969908674684b3459ea837e883158585460e0a949d19a1da06e0034f2db5694d72fbe6dd80e76b7688db45fc9a2db3766678379f4c22ef4b97f492c423280ff70a88a", 0x210}], 0x1, 0x0, 0x0, 0x24000040}}], 0x2, 0x4000086) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) writev(r2, &(0x7f0000000140)=[{0x0}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 765.397377ms ago: executing program 2 (id=7): creat(&(0x7f00000004c0)='./bus\x00', 0x20) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000480)='./bus\x00', 0x4c000, 0x14c) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x200000, &(0x7f0000000140)={[{@stripe={'stripe', 0x3d, 0x4}}, {}, {@sysvgroups}, {@norecovery}, {@quota}, {@oldalloc}, {@oldalloc}, {@sysvgroups}, {@norecovery}]}, 0x3, 0x566, &(0x7f00000015c0)="$eJzs3V9rW+UfAPDvSdv9//3WwRjqhRR24WQuXVv/TBA2L0WHA72foc3KaLqMJh1rHWy7cDfeyBBEHIgvwHsvh2/AVyHoYMgoeuFN5aQnW9YkTZtlNvN8PnC25znnpN/z5DnPk+/JSUgAuTWR/lOIeDkivkoiDrdsG41s48TGfmuPbsymSxLr65/8kUSSrWvun2T/H8wqL0XEz19EnCy0x62trC6UKpXyUlafrC9enaytrJ66vFiaL8+Xr0zPzJx5a2b63XfeHlhbX7/w17cf3//gzJfH17758cGRu0mci0PZttZ2PINbrZWJmMiek7E4t2nHqQEEGyZJrx06nAPsvpFsnI9FOgccjpFs1AP/fTcjYh3IqcT4h5xq5gHNa/sBXQe/MB6+v3EB1N7+0Y33RmJf49rowFry1JVRer07PoD4aYyffr93N12ix/sQNwcQD6Dp1u2IOD062j7/Jdn817/T23jXb3OMvL3+wG66n+Y/b3TKfwqP85/okP8c7DB2+9F7/BceDCBMV2n+917H/Pfx1DU+ktX+18j5xpJLlyvl0xHx/4g4EWN703q/93Na8790SeM3c8HsOB6M7n36MXOleqnPcG0e3o545Un+m0Tb/L+vketu7v/0+biwzRjHyvde7batd/tbDT4DXv8h4rWO/f/kjlay9f3Jycb5MNk8K9r9eefYL93i76z9g5f2/4Gt2z+etN6vre08xvf7/i5329bv+b8n+bRR3pOtu16q15emIvYkH7Wvn37y2Ga9uX/a/hPHt57/Op3/+yPis222/87R7mnQMPT/3I76f+eFXz/8/Ltu8bfX/282SieyNduZ/7Z7gM/y3AEAAAAAAMCwKUTEoUgKxcflQqFY3Ph8x9E4UKhUa/WTl6rLV+ai8V3Z8RgrNO90H275PMRU9nnYZn16U30mIo5ExNcj+xv14my1MrfbjQcAAAAAAAAAAAAAAAAAAIAhcbDL9/9Tv43s9tEBz52f/Ib86jn+B/FLT8BQ8voP+WX8Q34Z/5Bfxj/kl/EP+WX8Q34Z/5Bfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAM1IXz59Nlfe3Rjdm0PndtZXmheu3UXLm2UFxcni3OVpeuFuer1flKuThbXez19yrV6tWp6Vi+Plkv1+qTtZXVi4vV5Sv1i5cXS/Pli+Wxf6VVAAAAAAAAAAAAAAAAAAAA8GKprawulCqV8pJC18LZGIrD6LuQ9Orls9nJ0FeI0d1voMJzKOzyxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALf4JAAD//5CPL9Y=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r1, 0x1000) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4083, 0xffffffdf}], 0x1, 0x0, 0x0, 0x1) 765.253317ms ago: executing program 1 (id=8): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 765.112087ms ago: executing program 3 (id=9): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x540a, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000200)="2c5d8c", 0x3}], 0x1) 580.419963ms ago: executing program 2 (id=10): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r0 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 74.635078ms ago: executing program 4 (id=11): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x4000, &(0x7f0000000600), 0xfd, 0x571, &(0x7f0000000bc0)="$eJzs3U9sHFcZAPBvdh0ndU1dm1pqysGBRLh/FNvtSk4NB8IBDhT1UiRUqRysZGMHr2Nju6I2F/fGiQoJBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHggBjGZ3NtnYs2bBjhcyv5+02TdvnvO9t5vvafe9iSeAwjqR/pFE9EfE1YgYaBze2uBE4+kblY3ZK5WN2SS2t5/6U1Jvd7myMdts2vy5uyNiPSLuj4jvX4g4d2R33OXVtbnpWq26lB2Pr8wvji+vrp2+OD89U52pXqpUHp+anJw6MznxH4wm2fPsRxffGPrF7JMzL4/8/ekz81/5YxJn6+OOHeM4SHk96kkizt6OYF1QTscTEX0dth+uvvDKbe4SHfrc0OZ4+t7dFxGn6vk/EOX6uxnxvpee+ctAvPd6u5+9uvnS7w6zrwDAwdlOHd37NHBnKkX63T8pjUVEo1wqjY01vsPfF32l2sLyyiMXFp69dL6xRnBvHClduFirTmRrBffGkSQ9frRevnn82I7jSkQMRsSny3fVj8fOLdTOH+pMBzT1R7z+zU+c6717R/7/ttzIf+DOleb/z37w7e+m5bfK3e4NcJjS/P/aW/NPhPyHwpH/UFzyH4pjZ4rLfygu+Q/FJf+huOQ/FJf8h+KS/1Bc8h+KqzX/pT8U0+DIq5tJRKy/5676I9Wbncv5tT3AHWR7O/Gf/KGgfPaH4urpdgeArvEdH9j7N2dHHGt3YvHg+wIcjlK3OwB0zehx+39QVNb/obis/0Nx+YwPWP+H4rH+D8XV3+b+X29ruXfXRETcExE/Kh852rzXF/D/qz/i9RevfuuZiNLvk+zz/+jAqf7pN177Xmu73uSv9S2C3oj45ItPfeG56ZWVpUfT+j/fqF/5Ylb/WLdGA3SimafNPAaKa3l1bW66VqsuKSgoFK7QnAcuVzZmm4/DmnteeDjizfc3LkJI417JHo2zPdna5LH6HmXfVnLLtQrJAexdfuZ0xPrzEXF/3viT7H7njZ2Pvq3yrvhvz57Tx/Fs/SRtM9xh/PI9+4v/QEv8kZb47+gw/uZHOmx4mwx+vbvxX/5l9vpP9PTkvf77vTZm6N+cf+Kr+wywT7/5dXfjnxrpbvzPL0S8ms4/E3n5V0rT8sbO5875p7/lOun/1qdGb85/V3bNf6Ub81+5zfx3osM4P3y6+rG8+vKPI958PuKB3PjNeMfqsfq2Srvin2yZfx7cI/4fPvzTubz6s69FbF+OGI38+K2xxlfmF8eXV9dOX5yfnqnOVC9VKo9PTU5OnZmcGK+vUY83V6p3e/L68Afy6k9+uTH+vjbxm+Nv9/pv7zHmVmtf+nj/O3Pqf3K8Ef/Bk/nv/1AWv/H69+yK/67sOf138o/sWt60zbWIOJrVPxQR33ll8OG8fn3oeiP++TbjL90Sf/f4H+lw/J/91T+fzat/7oMd/gUAwIFqvzTQ7Z4BAAAH7TB2Grs9RiBf31ZvtG4DJ+st+wrrN/cV0vpr2f5CeT3ib9keQ1r/ULZLlpZzNxqA/znDa+/+ebf7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFB0y6trc9O1WnVpuds9AQ7bvwIAAP//zFYBIA==") timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200060000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"]) 74.140388ms ago: executing program 0 (id=12): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001740), 0x80000, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000100)={0x32, 0x29, 0xf, 0x19, 0x2, 0x5eca, 0x0, 0x21}) 0s ago: executing program 0 (id=13): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. [ 18.391680][ T28] audit: type=1400 audit(1781400908.517:64): avc: denied { mounton } for pid=264 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.392793][ T264] cgroup: Unknown subsys name 'net' [ 18.414523][ T28] audit: type=1400 audit(1781400908.517:65): avc: denied { mount } for pid=264 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.441795][ T28] audit: type=1400 audit(1781400908.537:66): avc: denied { unmount } for pid=264 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.441963][ T264] cgroup: Unknown subsys name 'devices' [ 18.583412][ T264] cgroup: Unknown subsys name 'hugetlb' [ 18.589021][ T264] cgroup: Unknown subsys name 'rlimit' [ 18.720849][ T28] audit: type=1400 audit(1781400908.837:67): avc: denied { setattr } for pid=264 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 18.744265][ T28] audit: type=1400 audit(1781400908.837:68): avc: denied { mounton } for pid=264 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 18.769094][ T28] audit: type=1400 audit(1781400908.837:69): avc: denied { mount } for pid=264 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 18.777669][ T280] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 18.801012][ T28] audit: type=1400 audit(1781400908.917:70): avc: denied { relabelto } for pid=280 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.823604][ T264] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 18.827525][ T28] audit: type=1400 audit(1781400908.917:71): avc: denied { write } for pid=280 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.860684][ T28] audit: type=1400 audit(1781400908.947:72): avc: denied { read } for pid=264 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.886260][ T28] audit: type=1400 audit(1781400908.947:73): avc: denied { open } for pid=264 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.623316][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.630378][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.637996][ T286] device bridge_slave_0 entered promiscuous mode [ 19.644994][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.652117][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.659553][ T286] device bridge_slave_1 entered promiscuous mode [ 19.739099][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.746234][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.753653][ T287] device bridge_slave_0 entered promiscuous mode [ 19.777530][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.784601][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.792097][ T287] device bridge_slave_1 entered promiscuous mode [ 19.813040][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.820092][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.827488][ T288] device bridge_slave_0 entered promiscuous mode [ 19.834326][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.841429][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.848752][ T290] device bridge_slave_0 entered promiscuous mode [ 19.858819][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.865966][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.873492][ T290] device bridge_slave_1 entered promiscuous mode [ 19.883129][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.890175][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.897563][ T288] device bridge_slave_1 entered promiscuous mode [ 19.938307][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.945386][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.952992][ T289] device bridge_slave_0 entered promiscuous mode [ 19.971796][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.978846][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.986310][ T289] device bridge_slave_1 entered promiscuous mode [ 20.019725][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.026789][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.034105][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.041125][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.159092][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.166157][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.173437][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.180456][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.194325][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.201397][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.208627][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.215665][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.234312][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.241407][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.248689][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.255750][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.270964][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.278042][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.285416][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.292459][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.301992][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.309200][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.316665][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.324071][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.331545][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.338765][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.346093][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.353329][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.360541][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.367842][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.375552][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.383075][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.415888][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.424228][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.431240][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.438626][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.446843][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.453907][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.471690][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.479211][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.487497][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.494539][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.502082][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.510233][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.517277][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.524733][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.545464][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.553136][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.560948][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.569186][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.576258][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.584425][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.592581][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.599588][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.606992][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.615145][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.622199][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.629556][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.637892][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.644928][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.652408][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.671436][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.679612][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.687888][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.696035][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.704084][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.712144][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.720031][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 20.728435][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.736616][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.743656][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.751089][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.759709][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.767865][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.774905][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.801693][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.809885][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.817848][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.826116][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.834837][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.843389][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.852008][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.860020][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.868018][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.876171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.890648][ T289] device veth0_vlan entered promiscuous mode [ 20.904129][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.912546][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.920843][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.928992][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.937217][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.945693][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.954184][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.961851][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.971636][ T286] device veth0_vlan entered promiscuous mode [ 20.983166][ T290] device veth0_vlan entered promiscuous mode [ 20.993124][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.001262][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.009446][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.017717][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.025938][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.034267][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.042382][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.050194][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.058378][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.066159][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.073812][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.081219][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.089666][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.098209][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.116809][ T289] device veth1_macvtap entered promiscuous mode [ 21.126987][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.135055][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.142720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.150168][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.158690][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.167241][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.175766][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.185442][ T287] device veth0_vlan entered promiscuous mode [ 21.197243][ T286] device veth1_macvtap entered promiscuous mode [ 21.204876][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.213350][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.221236][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.229544][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.237875][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.246245][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.254044][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.261826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.270153][ T288] device veth0_vlan entered promiscuous mode [ 21.280318][ T290] device veth1_macvtap entered promiscuous mode [ 21.289669][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.298269][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.306746][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.315691][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.328737][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.337001][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.345351][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.353954][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.362379][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.378482][ T287] device veth1_macvtap entered promiscuous mode [ 21.387022][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.395465][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.404457][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.413192][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.434985][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.443396][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.443606][ T286] request_module fs-gadgetfs succeeded, but still no fs? [ 21.452142][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.467017][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.475759][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.498748][ T288] device veth1_macvtap entered promiscuous mode [ 21.529424][ T316] loop0: detected capacity change from 0 to 128 [ 21.552178][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.561583][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.565452][ T320] loop2: detected capacity change from 0 to 4096 [ 21.591553][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.606929][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.622979][ T316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 21.639255][ T328] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.658248][ T316] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 21.704886][ T320] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 21.785388][ T287] EXT4-fs (loop2): unmounting filesystem. [ 21.814194][ T336] loop2: detected capacity change from 0 to 1024 [ 21.821139][ T336] EXT4-fs: Ignoring removed oldalloc option [ 21.830444][ T336] EXT4-fs: Ignoring removed oldalloc option [ 21.852668][ T336] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 21.934218][ T344] syz.0.1 (pid 344) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 22.030291][ T287] EXT4-fs (loop2): unmounting filesystem. [ 22.510153][ T348] loop4: detected capacity change from 0 to 512 [ 22.531424][ T286] EXT4-fs (loop0): unmounting filesystem. [ 22.540731][ T348] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 22.551959][ T348] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 23.681386][ C1] ================================================================== [ 23.689515][ C1] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 [ 23.696932][ C1] Read of size 8 at addr ffff888113c0f990 by task syz.2.10/350 [ 23.704476][ C1] [ 23.706799][ C1] CPU: 1 PID: 350 Comm: syz.2.10 Not tainted syzkaller #0 [ 23.713906][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 23.724585][ C1] Call Trace: [ 23.727860][ C1] [ 23.730789][ C1] __dump_stack+0x21/0x24 [ 23.735131][ C1] dump_stack_lvl+0x110/0x170 [ 23.739904][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 23.744938][ C1] ? debug_smp_processor_id+0x17/0x20 [ 23.750333][ C1] ? rcu_cblist_dequeue+0x6c/0xb0 [ 23.755385][ C1] print_address_description+0x71/0x200 [ 23.760955][ C1] print_report+0x4a/0x60 [ 23.765310][ C1] kasan_report+0x122/0x150 [ 23.769844][ C1] ? rcu_cblist_dequeue+0x6c/0xb0 [ 23.774892][ C1] __asan_report_load8_noabort+0x14/0x20 [ 23.780543][ C1] rcu_cblist_dequeue+0x6c/0xb0 [ 23.785409][ C1] rcu_do_batch+0x4bc/0xc30 [ 23.789994][ C1] ? rcu_core+0xf00/0xf00 [ 23.794341][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 23.800170][ C1] ? note_gp_changes+0x140/0x220 [ 23.805125][ C1] ? _raw_spin_unlock+0x4c/0x70 [ 23.809990][ C1] rcu_core+0x486/0xf00 [ 23.814167][ C1] ? rcu_cpu_kthread_park+0x90/0x90 [ 23.819378][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 23.824593][ C1] ? run_rebalance_domains+0xf7/0x1c0 [ 23.829978][ C1] rcu_core_si+0x9/0x10 [ 23.834160][ C1] handle_softirqs+0x1d7/0x600 [ 23.838949][ C1] __irq_exit_rcu+0x52/0xf0 [ 23.843562][ C1] irq_exit_rcu+0x9/0x10 [ 23.847822][ C1] sysvec_apic_timer_interrupt+0x58/0xc0 [ 23.853500][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 23.859511][ C1] RIP: 0033:0x7fd014a6d33f [ 23.863965][ C1] Code: 48 39 f2 73 13 66 0f 1f 44 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 48 89 c6 48 83 c3 08 48 89 08 <48> 8b 0b 48 8b 55 00 eb c0 48 39 f2 72 a4 48 39 f0 0f 83 c0 00 00 [ 23.866911][ T362] loop3: detected capacity change from 0 to 4096 [ 23.883668][ C1] RSP: 002b:00007ffe6b8fa910 EFLAGS: 00000202 [ 23.883706][ C1] RAX: 00007fd0147d1aa0 RBX: 00007fd0146f8708 RCX: ffffffff83ec0655 [ 23.883719][ C1] RDX: ffffffff81815359 RSI: 00007fd0147d1aa0 RDI: 00007fd0147ff000 [ 23.883731][ C1] RBP: 00007fd0145ff008 R08: 00007fd014e00000 R09: 00007fd014e16038 [ 23.920200][ C1] R10: 0000000000000001 R11: 0000000000000008 R12: 00007fd0149ff000 [ 23.928188][ C1] R13: 0000000000000023 R14: 000000000007ffff R15: 0000000000000001 [ 23.936174][ C1] ? skb_release_data+0x635/0x8a0 [ 23.941213][ C1] ? __sys_bpf+0xa9/0x850 [ 23.945567][ C1] [ 23.948606][ C1] [ 23.950938][ C1] Allocated by task 355: [ 23.955186][ C1] kasan_set_track+0x4b/0x70 [ 23.959778][ C1] kasan_save_alloc_info+0x1f/0x30 [ 23.964894][ C1] __kasan_kmalloc+0x95/0xb0 [ 23.969491][ C1] __kmalloc+0xb4/0x1e0 [ 23.973647][ C1] l2tp_session_create+0x38/0xbd0 [ 23.978658][ C1] pppol2tp_connect+0xbf5/0x1640 [ 23.983584][ C1] __sys_connect+0x3da/0x460 [ 23.988165][ C1] __x64_sys_connect+0x7a/0x90 [ 23.992913][ C1] x64_sys_call+0x88d/0x9a0 [ 23.997404][ C1] do_syscall_64+0x4c/0xa0 [ 24.001809][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.007693][ C1] [ 24.009997][ C1] Freed by task 8: [ 24.013698][ C1] kasan_set_track+0x4b/0x70 [ 24.018455][ C1] kasan_save_free_info+0x2b/0x40 [ 24.023467][ C1] ____kasan_slab_free+0x132/0x180 [ 24.028564][ C1] __kasan_slab_free+0x11/0x20 [ 24.033328][ C1] slab_free_freelist_hook+0xc2/0x190 [ 24.038696][ C1] __kmem_cache_free+0xb7/0x1b0 [ 24.043557][ C1] kfree+0x6f/0xf0 [ 24.047626][ C1] l2tp_session_put+0xaf/0x1a0 [ 24.052397][ C1] l2tp_session_delete+0x3df/0x4d0 [ 24.057601][ C1] l2tp_tunnel_del_work+0x199/0x410 [ 24.062814][ C1] process_one_work+0x717/0xc30 [ 24.067756][ C1] worker_thread+0xa4d/0x11d0 [ 24.072426][ C1] kthread+0x281/0x320 [ 24.076481][ C1] ret_from_fork+0x1f/0x30 [ 24.080882][ C1] [ 24.083204][ C1] Last potentially related work creation: [ 24.088910][ C1] kasan_save_stack+0x3a/0x60 [ 24.093577][ C1] __kasan_record_aux_stack+0xb6/0xc0 [ 24.098939][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 24.104730][ C1] call_rcu+0xcf/0xf50 [ 24.108789][ C1] pppol2tp_release+0x1e3/0x2b0 [ 24.113626][ C1] sock_close+0xc9/0x220 [ 24.117866][ C1] __fput+0x1fd/0x8f0 [ 24.121834][ C1] ____fput+0x15/0x20 [ 24.125803][ C1] task_work_run+0x1e1/0x250 [ 24.130491][ C1] exit_to_user_mode_loop+0x9b/0xb0 [ 24.135696][ C1] exit_to_user_mode_prepare+0x87/0xd0 [ 24.141415][ C1] syscall_exit_to_user_mode+0x1a/0x30 [ 24.146874][ C1] do_syscall_64+0x58/0xa0 [ 24.151287][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 24.157180][ C1] [ 24.159486][ C1] The buggy address belongs to the object at ffff888113c0f800 [ 24.159486][ C1] which belongs to the cache kmalloc-512 of size 512 [ 24.173520][ C1] The buggy address is located 400 bytes inside of [ 24.173520][ C1] 512-byte region [ffff888113c0f800, ffff888113c0fa00) [ 24.186775][ C1] [ 24.189096][ C1] The buggy address belongs to the physical page: [ 24.195515][ C1] page:ffffea00044f0300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113c0c [ 24.205749][ C1] head:ffffea00044f0300 order:2 compound_mapcount:0 compound_pincount:0 [ 24.214055][ C1] flags: 0x4000000000010200(slab|head|zone=1) [ 24.220127][ C1] raw: 4000000000010200 ffffea0004493800 dead000000000002 ffff888100042f00 [ 24.228696][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 24.237256][ C1] page dumped because: kasan: bad access detected [ 24.243653][ C1] page_owner tracks the page as allocated [ 24.249389][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 104, tgid 104 (udevd), ts 4309275470, free_ts 0 [ 24.269022][ C1] post_alloc_hook+0x1f5/0x210 [ 24.273781][ C1] prep_new_page+0x1c/0x110 [ 24.278272][ C1] get_page_from_freelist+0x2ca9/0x2d20 [ 24.283805][ C1] __alloc_pages+0x1fa/0x610 [ 24.288389][ C1] alloc_slab_page+0x6e/0xf0 [ 24.292958][ C1] new_slab+0x98/0x3e0 [ 24.297019][ C1] ___slab_alloc+0x70f/0xb70 [ 24.301619][ C1] __slab_alloc+0x5e/0xa0 [ 24.305965][ C1] __kmem_cache_alloc_node+0x204/0x2d0 [ 24.311415][ C1] __kmalloc_node_track_caller+0xa1/0x1e0 [ 24.317142][ C1] __alloc_skb+0x226/0x4a0 [ 24.321542][ C1] alloc_skb_with_frags+0xa8/0x620 [ 24.326640][ C1] sock_alloc_send_pskb+0x87f/0x9a0 [ 24.331825][ C1] unix_dgram_sendmsg+0x5c1/0x1710 [ 24.336928][ C1] sock_write_iter+0x2ea/0x3f0 [ 24.341684][ C1] vfs_write+0x5ef/0xd00 [ 24.345911][ C1] page_owner free stack trace missing [ 24.351259][ C1] [ 24.353571][ C1] Memory state around the buggy address: [ 24.359182][ C1] ffff888113c0f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.367225][ C1] ffff888113c0f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.375356][ C1] >ffff888113c0f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.383396][ C1] ^ [ 24.387973][ C1] ffff888113c0fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.396015][ C1] ffff888113c0fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.404056][ C1] ================================================================== [ 24.412163][ C1] Disabling lock debugging due to kernel taint [ 24.481359][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 24.481378][ T28] audit: type=1400 audit(1781400914.577:133): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 24.608608][ T28] audit: type=1400 audit(1781400914.577:134): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 24.665788][ T28] audit: type=1400 audit(1781400914.577:135): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 24.739557][ T28] audit: type=1400 audit(1781400914.577:136): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 24.793774][ T28] audit: type=1400 audit(1781400914.577:137): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 24.842575][ T362] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 24.851875][ T28] audit: type=1400 audit(1781400914.577:138): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 24.923387][ T28] audit: type=1400 audit(1781400914.577:139): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 24.981864][ T28] audit: type=1400 audit(1781400914.657:140): avc: denied { write } for pid=367 comm="syz.1.19" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 25.222208][ T289] EXT4-fs (loop3): unmounting filesystem. [ 25.514287][ T290] EXT4-fs (loop4): unmounting filesystem.