last executing test programs: 11.072694566s ago: executing program 2 (id=118): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000010000000200000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000200000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x1f, &(0x7f00000005c0)={@random="e33110495bfd", @dev, @void, {@llc_tr={0x11, {@snap={0xaa, 0xaa, 'c', "9c9001", 0x6007, "14353f39c4812740ca"}}}}}, 0x0) 11.020104566s ago: executing program 2 (id=120): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0xce, &(0x7f00000007c0)=ANY=[@ANYBLOB="000000000000bbbbbbbbbbbb8847aaab9a9380fc0004d7c70cc5973743967db228560e000000fa13fc2d2811a07debaaa8bea36aa78653d458f01a06b511c860c5d6fb20f22c61580618b99d45c94339d978254c6e33e5056d0132db8cddb97f7b0528075afd421c4f8c3688000000000000000000000000000089384592159ea1be3e25af067beddcbdd38c36eba5353890c2ca0db37de5a5b3184ebd6c7ad3bfb0713695aae44b49be7b389979403071247e936b06e74d3b02e488bd8b1c70d9972fdf4911c9acad053dcd90cc"], 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000040), &(0x7f0000000180)=r5}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SNAPSHOT_UNFREEZE(0xffffffffffffffff, 0x3302) listen(r7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x7, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="0000000041e7a0645c70ec1cd321838742db72fc", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r8, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r7}, 0x20) setsockopt$sock_int(r7, 0x1, 0x20, &(0x7f0000000080)=0x80000000, 0x4) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") ftruncate(0xffffffffffffffff, 0x8979) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180000000000000004000000000000009500000000000000f447333de39c7095758218a68bc5142f0cb2229fa6c8b0d7c8126aee6d3def94cd964218564fb1d255bce6cef9bea8322326039744a98eead8c59bc75bb5b42123eef53ae4bc331b0ad09a8efc4175c484ad74df9158ff1882cdd83c97c03a35e91c30a07ed74faa4b055ad7a7fbe61c1ec6f15301156facb85a1a353c6c0d77b2ddee7f646d42ae0d8ec12b87bddd4f7df2f956a9258e526ee58bd84e68e4850fa15a89ee1e847e2e2f2f942471bed05334c8e49e45bec315c1e377592a57a878b0d7c447ec9c99016c1a63675bcbb4d9413cc886157915364d7c8e1f2c7781a2a4c311c8d905acb1017b2d3eb588114b683e3d83f262ca9b716db36750771e12f087ad15f837fd85463010cecda215bca85cda590450834d2ab467fb8b422a8eea3b44da52"], &(0x7f0000000340)='syzkaller\x00', 0x1, 0xba, &(0x7f0000000180)=""/186, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 9.868870073s ago: executing program 2 (id=121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x3, @desc3}) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'dummy0\x00'}) socket$netlink(0x10, 0x3, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r8 = dup(r7) sendmsg$netlink(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)=ANY=[], 0x1b8}, {0x0, 0x1f88}], 0x2}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) syz_emit_ethernet(0x6c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c20000000180c200000008004503005e00000000002f907800000000e00000012480655800000000100008000000000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000717cc5059a350df38cfaba5be33eeaa1b8345f890f249845d9baeeefd67d0d1e6b7661e289440171c446f2f5783f0e"], 0x0) 8.58851532s ago: executing program 2 (id=126): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x3, @desc3}) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6697d4982a83b71b7e6769e737201ac6b73bb04454156569cb03a5be811debc94ef5831b89b59d703e748c7c", 0x19}, 0x48, 0xfffffffffffffffd) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'dummy0\x00'}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r8 = dup(r7) sendmsg$netlink(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)=ANY=[], 0x1b8}, {0x0, 0x1f88}], 0x2}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) syz_emit_ethernet(0x6c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c20000000180c200000008004503005e00000000002f907800000000e00000012480655800000000100008000000000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000717cc5059a350df38cfaba5be33eeaa1b8345f890f249845d9baeeefd67d0d1e6b7661e289440171c446f2f5783f0e"], 0x0) 6.489065445s ago: executing program 2 (id=133): r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bind$inet(0xffffffffffffffff, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000a40)={0x2020}, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0x22000400) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="240617001af60100380000060000000002202000000000000000000008000100ac1414aa46e6f08744a97ccefd4687d21c657293202038e2190921b27086430bb0de14b28de233c1ddfe785cb6f736dd50d908654210ef59d34671cc2ffd6b7957926818a492f67d65e8b0f6db28b92a48996f7d2247f4c667ce2c1b54a5a73dd671b276c323f78b388285bbbb89736c47ed850499dd5ee54057e5d38107e1c124de7dd59c167ffdd6f4b06612e16e00ec7bcf6ba6e9c5cf0ad34a54e671500586d962c2933db2c8d3a9f1b6d19fb63bf7"], 0x24}}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) ftruncate(r6, 0x6000000) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de00000000000000001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r7}, 0x18) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="ff01000000200000"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) 3.927713079s ago: executing program 4 (id=140): bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) prlimit64(0x0, 0xe, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x401) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD") lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl$Q_SETQUOTA(0xffffffff80000900, &(0x7f0000000c80)=@loop={'/dev/loop', 0x0}, r3, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) 3.047821037s ago: executing program 0 (id=142): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x3, @desc3}) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6697d4982a83b71b7e6769e737201ac6b73bb04454156569cb03a5be811debc94ef5831b89b59d703e748c7c", 0x19}, 0x48, 0xfffffffffffffffd) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'dummy0\x00'}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r8 = dup(r7) sendmsg$netlink(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)=ANY=[], 0x1b8}, {0x0, 0x1f88}], 0x2}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) syz_emit_ethernet(0x6c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0180c20000000180c200000008004503005e00000000002f907800000000e00000012480655800000000100008000000000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000717cc5059a350df38cfaba5be33eeaa1b8345f890f249845d9baeeefd67d0d1e6b7661e289440171c446f2f5783f0e"], 0x0) 3.047602037s ago: executing program 2 (id=143): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0xc, &(0x7f0000000200)=0x3af, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f030e03f007120006001e0089e9aaa911d7c2290f0086dd13", 0x19, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x9182, 0x7, 0xb, 0x20, 0xffffffffffffffff, 0xc, '\x00', r4, r5, 0x4, 0x4, 0x5, 0xe, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000ffffffff000000000000"], 0x50) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x2) r8 = fsopen(&(0x7f00000001c0)='binder\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) fsmount(r8, 0x0, 0x1) 2.984018947s ago: executing program 3 (id=144): socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000ddff00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 2.649902246s ago: executing program 3 (id=145): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@tcp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fremovexattr(r2, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 2.609042037s ago: executing program 4 (id=146): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="9802"], 0x298) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES8=r0, @ANYRES32=r3, @ANYRESOCT=r3], 0x0, 0x0, 0x1e, 0x0, 0x0, 0x53, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fspick(r4, &(0x7f0000000180)='./file0\x00', 0x0) 2.158868575s ago: executing program 1 (id=147): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x58, 0x10, 0x1, 0x70bd26, 0x40, {0x0, 0x0, 0x0, 0x0, 0x2142}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_LINKMODE={0x5, 0x11, 0x72}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x8, 0x5}}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x6004004}, 0x0) 1.406400574s ago: executing program 1 (id=148): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) writev(r0, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88) 1.405322294s ago: executing program 4 (id=149): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084040000000000000002"], 0x0, 0x3e, 0x0, 0x0, 0x9, 0x10000, @value}, 0x28) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r0, 0x404c4701, 0x20000000) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0xf9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xf) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000005c0)=0x3f) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0xff) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0x5) 1.371613293s ago: executing program 0 (id=150): setuid(0xee00) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = getpid() sendmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@cred={{0x1c, 0x1, 0x2, {r1, 0xee01}}}], 0x20}, 0x0) 1.371300953s ago: executing program 3 (id=151): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r3, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8) 1.301778803s ago: executing program 4 (id=152): prlimit64(0x0, 0xe, &(0x7f0000000280)={0xa, 0x20000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setpriority(0x2, 0xff, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/43, 0x7ffff000}, {&(0x7f0000000480)=""/165, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x2aa, 0x0) 1.278257773s ago: executing program 1 (id=153): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x7eec, 0x4, 0x0, 0x81, 0xffffffff}) 1.256104433s ago: executing program 0 (id=154): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x38, 0x2, [@TCA_MATCHALL_ACT={0x34, 0x2, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.209583033s ago: executing program 1 (id=155): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000003a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b80)="ead1", 0x2}], 0x1}}], 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000740)='p', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000700)="d2", 0x1}], 0x1}}], 0x2, 0x4008440) 185.800631ms ago: executing program 3 (id=156): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="be9cc3bf22459c294dce080c47b6f2c5cc37e7b99582fabb0171307f86e7e9d787372ff433f6d6fe3f4c7d1d154519761e0bc3e4678a8af0910b90fca4563fba860f149a4ace8e2273ae0d28bd6dde503d791033ea6f9c0566adb0329db2b042a01cd7660a9c593a5a98f9d15dda3fa32039a43071ae2d3abf152724d2b597"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x90}, [@ldst={0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xcab5, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 175.73818ms ago: executing program 1 (id=157): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000002400)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp6}]}}}]}, 0x38}}, 0x0) 117.785661ms ago: executing program 3 (id=158): r0 = syz_open_procfs(0x0, &(0x7f0000000500)='net/dev_mcast\x00') read$FUSE(r0, &(0x7f00000025c0)={0x2020}, 0x2020) 117.552121ms ago: executing program 0 (id=159): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x26}}) 112.550331ms ago: executing program 1 (id=160): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x9c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x68, 0x2, [@TCA_MATCHALL_ACT={0x64, 0x2, [@m_gact={0x60, 0x1, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x3e505f89, 0x5, 0x20000000, 0x2, 0x2}}, @TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x5, 0x1, 0x8005, 0x401}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 94.178901ms ago: executing program 4 (id=161): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x7, 0x6, 0x201, 0x4, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 29.83814ms ago: executing program 4 (id=162): openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000400)={'gre0\x00', &(0x7f0000000840)={'syztnl0\x00', 0x0, 0x700, 0x40, 0x7fffffff, 0xfffffff5, {{0x10, 0x4, 0x1, 0x8, 0x40, 0x68, 0x0, 0x44, 0x2f, 0x0, @remote, @private=0xa010100, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x14, 0x71, 0x3, 0xd, [{@remote, 0xdf1}, {@multicast1, 0x2}]}, @lsrr={0x83, 0x13, 0x8, [@broadcast, @rand_addr=0x64010101, @private=0xa010100, @multicast1]}]}}}}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x13, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@jmp={0x5, 0x0, 0xb, 0xb, 0x2, 0xfffffffffffffff0, 0x4}, @generic={0x5, 0xb, 0xc, 0x9}, @generic={0x5, 0x2, 0xd, 0xfff, 0xcbc7}, @jmp={0x5, 0x1, 0xd, 0xd, 0x1, 0xfffffffffffffff8}], {{}, {}, {0x85, 0x0, 0x0, 0x10a}}}, &(0x7f0000000240)='GPL\x00', 0xb, 0xfd, &(0x7f0000000740)=""/253, 0x40f00, 0x2, '\x00', r3, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f00000005c0)=[{0x1, 0x5, 0x9, 0xa}, {0x4, 0x1, 0x10, 0x9}, {0x1, 0x3, 0x10, 0x3}, {0x1, 0x4, 0xa, 0x9}], 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) r5 = socket(0x1, 0x1, 0x0) ioctl$SIOCGETSGCNT(r5, 0x89a0, 0x0) 29.68701ms ago: executing program 0 (id=163): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a3000000000090001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000090}, 0x0) 141.13µs ago: executing program 3 (id=164): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) 0s ago: executing program 0 (id=165): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.78' (ED25519) to the list of known hosts. [ 19.481888][ T30] audit: type=1400 audit(1736849688.064:66): avc: denied { integrity } for pid=279 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 19.486317][ T30] audit: type=1400 audit(1736849688.064:67): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.487915][ T279] cgroup: Unknown subsys name 'net' [ 19.489852][ T30] audit: type=1400 audit(1736849688.074:68): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.493513][ T30] audit: type=1400 audit(1736849688.074:69): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.493664][ T279] cgroup: Unknown subsys name 'devices' [ 19.588086][ T279] cgroup: Unknown subsys name 'hugetlb' [ 19.593570][ T279] cgroup: Unknown subsys name 'rlimit' [ 19.760748][ T30] audit: type=1400 audit(1736849688.344:70): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.783712][ T30] audit: type=1400 audit(1736849688.344:71): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.808229][ T30] audit: type=1400 audit(1736849688.344:72): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.814127][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 19.839725][ T30] audit: type=1400 audit(1736849688.424:73): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.864936][ T30] audit: type=1400 audit(1736849688.424:74): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.896805][ T30] audit: type=1400 audit(1736849688.484:75): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.897250][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.701897][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.708788][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.716032][ T288] device bridge_slave_0 entered promiscuous mode [ 20.738534][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.745388][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.752983][ T288] device bridge_slave_1 entered promiscuous mode [ 20.829747][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.836649][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.843733][ T290] device bridge_slave_0 entered promiscuous mode [ 20.851795][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.858813][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.865873][ T290] device bridge_slave_1 entered promiscuous mode [ 20.900809][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.907676][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.914909][ T289] device bridge_slave_0 entered promiscuous mode [ 20.929656][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.936555][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.943628][ T289] device bridge_slave_1 entered promiscuous mode [ 20.985059][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.991952][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.999139][ T291] device bridge_slave_0 entered promiscuous mode [ 21.015645][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.022549][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.029699][ T291] device bridge_slave_1 entered promiscuous mode [ 21.045454][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.052329][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.059505][ T293] device bridge_slave_0 entered promiscuous mode [ 21.066075][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.072955][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.080039][ T293] device bridge_slave_1 entered promiscuous mode [ 21.137810][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.144728][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.151875][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.158629][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.244330][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.251199][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.258295][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.265065][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.277597][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.284446][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.291566][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.298365][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.314086][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.320951][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.328032][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.334808][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.352695][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.359741][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.366847][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.373833][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.381693][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.388836][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.395786][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.403058][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.410172][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.437024][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.444320][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.451826][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.460386][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.467456][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.474640][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.482792][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.489637][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.517592][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.525161][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.533308][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.540176][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.547720][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.555622][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.562398][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.569613][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.577625][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.584444][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.591844][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.620483][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.629492][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.637615][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.644449][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.651804][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.660166][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.667006][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.674229][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.681980][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.689783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.697953][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.704861][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.712108][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.719316][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.727268][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.735040][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.743249][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.757475][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.765474][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.773305][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.781688][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.789574][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.797808][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.805726][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.812571][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.822810][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.831125][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.840934][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.849322][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.859223][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.867748][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.875720][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.882574][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.899890][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.908196][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.917355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.925036][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.938162][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.945448][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.952829][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.960955][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.969104][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.976896][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.984579][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.992347][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.000292][ T290] device veth0_vlan entered promiscuous mode [ 22.008843][ T288] device veth0_vlan entered promiscuous mode [ 22.015146][ T289] device veth0_vlan entered promiscuous mode [ 22.021176][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.028458][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.035792][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.043165][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.050450][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.058085][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.067292][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.074554][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.082045][ T293] device veth0_vlan entered promiscuous mode [ 22.094779][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.102933][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.119057][ T288] device veth1_macvtap entered promiscuous mode [ 22.125761][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.133833][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.141801][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.149963][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.158039][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.165361][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.173393][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.183128][ T290] device veth1_macvtap entered promiscuous mode [ 22.193057][ T289] device veth1_macvtap entered promiscuous mode [ 22.202909][ T293] device veth1_macvtap entered promiscuous mode [ 22.209576][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.217093][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.224934][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.233537][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.240890][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.248840][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.262567][ T291] device veth0_vlan entered promiscuous mode [ 22.268742][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.276938][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.285051][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.293129][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.301350][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.309587][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.317865][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.325476][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.345544][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.352862][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.360341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.368595][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.376915][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.384859][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.393770][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.401884][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.409921][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.418065][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.426111][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.434220][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.451652][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.459732][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.468107][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.476059][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.494252][ T291] device veth1_macvtap entered promiscuous mode [ 22.502341][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 22.550774][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.601925][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.653825][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.074406][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.082627][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.251645][ T334] loop0: detected capacity change from 0 to 512 [ 23.269430][ T339] fuse: Invalid rootmode [ 23.313679][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 23.326009][ T334] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 23.383663][ T328] syz.1.2 (328) used greatest stack depth: 19632 bytes left [ 23.518341][ T350] loop2: detected capacity change from 0 to 128 [ 23.768657][ T350] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.779390][ T350] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.279024][ T30] kauditd_printk_skb: 53 callbacks suppressed [ 25.279195][ T30] audit: type=1400 audit(1736849693.864:129): avc: denied { write } for pid=342 comm="syz.2.10" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.553451][ T350] syz.2.10 (pid 350) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 26.027439][ T334] Quota error (device loop0): find_block_dqentry: Quota for id 62708 referenced but not present [ 26.046595][ T334] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 62708 [ 26.076753][ T334] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.6: Failed to acquire dquot type 0 [ 26.113690][ T30] audit: type=1400 audit(1736849693.864:130): avc: denied { add_name } for pid=342 comm="syz.2.10" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.199547][ T30] audit: type=1400 audit(1736849693.864:131): avc: denied { create } for pid=342 comm="syz.2.10" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 26.292167][ T369] loop4: detected capacity change from 0 to 16 [ 26.369500][ T369] erofs: (device loop4): mounted with root inode @ nid 36. [ 26.587407][ T30] audit: type=1400 audit(1736849694.594:132): avc: denied { create } for pid=342 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.608720][ T30] audit: type=1400 audit(1736849694.594:133): avc: denied { ioctl } for pid=342 comm="syz.2.10" path="socket:[15675]" dev="sockfs" ino=15675 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.741108][ T30] audit: type=1400 audit(1736849694.594:134): avc: denied { write } for pid=342 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.840024][ T30] audit: type=1326 audit(1736849694.624:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=362 comm="syz.1.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ce4fd29 code=0x7ffc0000 [ 26.944993][ T384] loop4: detected capacity change from 0 to 512 [ 26.981609][ T384] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 27.003362][ T384] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 27.037631][ T30] audit: type=1326 audit(1736849694.624:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=362 comm="syz.1.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0ce4fd29 code=0x7ffc0000 [ 27.037987][ T384] EXT4-fs error (device loop4): ext4_acquire_dquot:6188: comm syz.4.19: Failed to acquire dquot type 0 [ 27.197266][ T391] loop0: detected capacity change from 0 to 1024 [ 27.560186][ T391] EXT4-fs (loop0): Test dummy encryption mode enabled [ 27.573742][ T391] EXT4-fs (loop0): Test dummy encryption mode enabled [ 27.610198][ T391] EXT4-fs (loop0): Ignoring removed orlov option [ 27.616595][ T391] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.646973][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,dioread_lock,test_dummy_encryption,commit=0x0000000000000005,orlov,noinit_itable,max_batch_time=0x0000000000000000,dioread_nolock,,errors=continue. Quota mode: writeback. [ 27.741231][ T400] syz.4.22 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 28.034363][ T414] process 'syz.4.29' launched './file1' with NULL argv: empty string added [ 28.056446][ T311] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 28.123551][ T416] loop0: detected capacity change from 0 to 512 [ 28.233922][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 28.358490][ T416] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.483488][ T416] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.27: Failed to acquire dquot type 0 [ 28.506525][ T311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 28.534421][ T311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 28.826901][ T311] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 28.855712][ T311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.127928][ T434] loop2: detected capacity change from 0 to 16 [ 29.140888][ T311] usb 2-1: Product: syz [ 29.145035][ T311] usb 2-1: Manufacturer: syz [ 29.149521][ T311] usb 2-1: SerialNumber: syz [ 29.170089][ T434] erofs: (device loop2): mounted with root inode @ nid 36. [ 29.305653][ T447] capability: warning: `syz.4.37' uses 32-bit capabilities (legacy support in use) [ 29.596965][ T311] usb 2-1: 0:2 : does not exist [ 29.641976][ T464] loop4: detected capacity change from 0 to 16 [ 29.688926][ T464] erofs: (device loop4): mounted with root inode @ nid 36. [ 29.766582][ T382] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 29.807553][ T311] usb 2-1: USB disconnect, device number 2 [ 30.017261][ T364] udevd[364]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 30.116535][ T20] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 30.156518][ T382] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 30.166654][ T382] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 30.245569][ T471] loop1: detected capacity change from 0 to 128 [ 30.339927][ T377] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 30.436661][ T382] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 30.617267][ T471] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.628324][ T471] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 30.852200][ T477] loop4: detected capacity change from 0 to 16 [ 31.986556][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 31.986672][ T30] audit: type=1400 audit(1736849700.564:184): avc: denied { create } for pid=467 comm="syz.1.44" name="blkio.bfq.io_service_bytes_recursive" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.020020][ T382] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.036496][ T477] erofs: (device loop4): mounted with root inode @ nid 36. [ 32.096511][ T20] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 32.116943][ T20] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 32.129929][ T382] usb 1-1: Product: syz [ 32.139499][ T382] usb 1-1: Manufacturer: syz [ 32.146726][ T382] usb 1-1: SerialNumber: syz [ 32.161368][ T30] audit: type=1400 audit(1736849700.634:185): avc: denied { read append open } for pid=467 comm="syz.1.44" path="/6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/blkio.bfq.io_service_bytes_recursive" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.242367][ T30] audit: type=1400 audit(1736849700.824:186): avc: denied { setopt } for pid=480 comm="syz.0.46" laddr=::1 lport=38 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.269211][ T382] usb 1-1: can't set config #1, error -71 [ 32.287437][ T377] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 32.298461][ T30] audit: type=1400 audit(1736849700.824:187): avc: denied { write } for pid=480 comm="syz.0.46" laddr=::1 lport=38 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.300001][ T382] usb 1-1: USB disconnect, device number 2 [ 32.325618][ T377] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 32.400979][ T484] loop4: detected capacity change from 0 to 512 [ 32.410690][ T30] audit: type=1326 audit(1736849700.944:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.451137][ T30] audit: type=1326 audit(1736849700.944:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.494310][ T30] audit: type=1326 audit(1736849700.974:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.541681][ T30] audit: type=1326 audit(1736849700.974:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.602678][ T489] loop1: detected capacity change from 0 to 16 [ 32.638712][ T489] erofs: (device loop1): mounted with root inode @ nid 36. [ 32.737538][ T20] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 32.746597][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.754410][ T20] usb 4-1: Product: syz [ 32.758481][ T20] usb 4-1: Manufacturer: syz [ 32.763844][ T30] audit: type=1326 audit(1736849700.974:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.786838][ T20] usb 4-1: can't set config #1, error -71 [ 32.799375][ T20] usb 4-1: USB disconnect, device number 2 [ 32.812058][ T30] audit: type=1326 audit(1736849700.974:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=483 comm="syz.4.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 32.840913][ T484] EXT4-fs error (device loop4): mb_free_blocks:1865: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt. [ 32.856786][ T377] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 32.866894][ T377] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.874805][ T377] usb 3-1: Product: syz [ 32.879227][ T377] usb 3-1: Manufacturer: syz [ 32.896609][ T377] usb 3-1: can't set config #1, error -71 [ 32.903664][ T377] usb 3-1: USB disconnect, device number 2 [ 32.934008][ T499] loop3: detected capacity change from 0 to 128 [ 32.965929][ T484] EXT4-fs (loop4): Remounting filesystem read-only [ 32.976086][ T484] EXT4-fs (loop4): 1 orphan inode deleted [ 33.039174][ T484] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback. [ 33.065311][ T499] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.076094][ T499] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.175781][ T484] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.026387][ C1] sched: RT throttling activated [ 34.051554][ T507] loop0: detected capacity change from 0 to 512 [ 34.120943][ T507] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 34.143335][ T507] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.169415][ T484] loop4: detected capacity change from 0 to 16 [ 34.188767][ T507] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.53: Failed to acquire dquot type 0 [ 34.210159][ T484] erofs: (device loop4): mounted with root inode @ nid 36. [ 35.027341][ T521] loop3: detected capacity change from 0 to 128 [ 35.509648][ T522] loop1: detected capacity change from 0 to 128 [ 35.626728][ T521] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.637563][ T521] ext4 filesystem being mounted at /8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 35.975824][ T522] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.986999][ T522] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 37.029627][ T353] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 37.858124][ T545] loop3: detected capacity change from 0 to 128 [ 37.873008][ T30] kauditd_printk_skb: 92 callbacks suppressed [ 37.887018][ T30] audit: type=1400 audit(1736849705.694:284): avc: denied { mount } for pid=536 comm="syz.4.60" name="/" dev="pstore" ino=14705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 38.071102][ T545] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 38.081889][ T545] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 38.140373][ T382] Bluetooth: hci0: command 0x1003 tx timeout [ 38.205473][ T532] Bluetooth: hci0: sending frame failed (-49) [ 39.122241][ T30] audit: type=1400 audit(1736849706.534:285): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 39.232703][ T560] loop4: detected capacity change from 0 to 128 [ 39.395804][ T560] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 39.406611][ T560] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 42.255443][ T571] fuse: Bad value for 'fd' [ 42.846545][ T573] loop2: detected capacity change from 0 to 128 [ 43.018520][ T360] Bluetooth: hci0: command 0x1001 tx timeout [ 43.024367][ T532] Bluetooth: hci0: sending frame failed (-49) [ 43.031323][ T573] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 43.042162][ T573] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.063328][ T30] audit: type=1326 audit(1736849711.644:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.140051][ T576] loop1: detected capacity change from 0 to 512 [ 43.185863][ T30] audit: type=1326 audit(1736849711.664:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.215723][ T576] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 43.228785][ T576] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 43.453981][ T30] audit: type=1326 audit(1736849711.764:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.490525][ T30] audit: type=1326 audit(1736849711.764:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.513485][ T30] audit: type=1326 audit(1736849711.764:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.537286][ T30] audit: type=1326 audit(1736849711.764:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.561960][ T576] EXT4-fs (loop1): 1 truncate cleaned up [ 43.567476][ T576] EXT4-fs (loop1): mounted filesystem without journal. Opts: data=journal,jqfmt=vfsv0,errors=continue,nodelalloc,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 43.690520][ T30] audit: type=1326 audit(1736849711.764:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 43.713825][ T30] audit: type=1326 audit(1736849711.764:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=579 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 44.138686][ T597] fuse: Unknown parameter 'fd00000000000000000003' [ 44.164815][ T593] loop3: detected capacity change from 0 to 512 [ 44.241819][ T603] loop4: detected capacity change from 0 to 128 [ 44.462269][ T607] loop2: detected capacity change from 0 to 16 [ 44.576398][ T607] erofs: (device loop2): mounted with root inode @ nid 36. [ 45.162503][ T353] Bluetooth: hci0: command 0x1009 tx timeout [ 45.223925][ T603] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 45.234841][ T603] ext4 filesystem being mounted at /21/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 45.385864][ T593] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 45.811484][ T600] loop1: detected capacity change from 0 to 512 [ 45.821280][ T593] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.851773][ T613] loop2: detected capacity change from 0 to 512 [ 45.917669][ T600] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 45.935757][ T600] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.970166][ T600] Quota error (device loop1): find_block_dqentry: Quota for id 62708 referenced but not present [ 45.984749][ T600] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 62708 [ 45.990977][ T613] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 45.995355][ T600] EXT4-fs error (device loop1): ext4_acquire_dquot:6188: comm syz.1.76: Failed to acquire dquot type 0 [ 46.006413][ T613] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.264349][ T628] loop4: detected capacity change from 0 to 512 [ 50.304293][ T629] loop0: detected capacity change from 0 to 128 [ 50.497788][ T629] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 50.508756][ T629] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 50.542646][ T636] loop4: detected capacity change from 0 to 512 [ 50.565059][ T30] audit: type=1326 audit(1736849719.144:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 50.592962][ T30] audit: type=1326 audit(1736849719.174:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 50.597706][ T636] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 50.635494][ T30] audit: type=1326 audit(1736849719.214:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 50.638322][ T636] EXT4-fs (loop4): 1 truncate cleaned up [ 50.663793][ T636] EXT4-fs (loop4): mounted filesystem without journal. Opts: data=journal,jqfmt=vfsv0,errors=continue,nodelalloc,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 50.681885][ T30] audit: type=1326 audit(1736849719.214:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 50.873433][ T648] loop3: detected capacity change from 0 to 128 [ 50.903505][ T30] audit: type=1326 audit(1736849719.214:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 51.906263][ T648] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 51.916779][ T648] ext4 filesystem being mounted at /14/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 52.074797][ T30] audit: type=1326 audit(1736849719.214:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=637 comm="syz.2.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 52.779752][ T660] loop2: detected capacity change from 0 to 16 [ 52.807297][ T659] loop4: detected capacity change from 0 to 128 [ 52.850744][ T660] erofs: (device loop2): mounted with root inode @ nid 36. [ 52.956870][ T659] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 52.967446][ T659] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 53.166341][ T670] loop3: detected capacity change from 0 to 128 [ 53.919072][ T670] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 53.929731][ T670] ext4 filesystem being mounted at /15/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 55.122161][ T684] loop0: detected capacity change from 0 to 128 [ 55.219576][ T683] loop2: detected capacity change from 0 to 16 [ 55.365850][ T683] erofs: (device loop2): mounted with root inode @ nid 36. [ 56.158793][ T684] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 56.169608][ T684] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.095130][ T697] loop4: detected capacity change from 0 to 128 [ 57.400613][ T697] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 57.411964][ T697] ext4 filesystem being mounted at /27/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 58.078050][ T702] loop3: detected capacity change from 0 to 128 [ 58.209200][ T30] audit: type=1326 audit(1736849726.794:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 58.366453][ T702] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 58.377215][ T702] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.028959][ T30] audit: type=1326 audit(1736849726.814:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 59.051923][ T30] audit: type=1326 audit(1736849726.814:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 59.136421][ T711] loop0: detected capacity change from 0 to 128 [ 59.146565][ T30] audit: type=1326 audit(1736849726.824:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 59.220941][ T30] audit: type=1326 audit(1736849726.824:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 59.300032][ T711] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 59.310698][ T711] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 59.965638][ T30] audit: type=1326 audit(1736849726.824:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 60.027106][ T30] audit: type=1326 audit(1736849726.824:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 60.060578][ T30] audit: type=1326 audit(1736849726.824:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 60.122340][ T722] loop1: detected capacity change from 0 to 128 [ 60.286822][ T722] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.297578][ T722] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.571799][ T730] loop3: detected capacity change from 0 to 1024 [ 60.716501][ T631] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 60.729440][ T30] audit: type=1326 audit(1736849726.824:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 61.047759][ T30] audit: type=1326 audit(1736849726.924:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=704 comm="syz.2.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fa6a2ffad29 code=0x7ffc0000 [ 61.088216][ T730] EXT4-fs (loop3): Test dummy encryption mode enabled [ 61.094912][ T730] EXT4-fs (loop3): Test dummy encryption mode enabled [ 61.101692][ T730] EXT4-fs (loop3): Ignoring removed orlov option [ 61.108697][ T730] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.122936][ T730] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,dioread_lock,test_dummy_encryption,commit=0x0000000000000005,orlov,noinit_itable,max_batch_time=0x0000000000000000,dioread_nolock,,errors=continue. Quota mode: writeback. [ 61.158777][ T730] EXT4-fs (loop3): shut down requested (2) [ 61.177254][ T733] loop2: detected capacity change from 0 to 512 [ 61.190888][ T737] fuse: Invalid rootmode [ 61.255758][ T738] loop1: detected capacity change from 0 to 512 [ 61.923812][ T733] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 61.936657][ T738] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 61.948596][ T631] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 61.964311][ T631] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 61.966560][ T738] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.014433][ T733] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.380702][ T631] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 62.389630][ T631] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.397413][ T631] usb 5-1: Product: syz [ 62.401368][ T631] usb 5-1: Manufacturer: syz [ 62.405808][ T631] usb 5-1: SerialNumber: syz [ 62.430589][ T765] fuse: Bad value for 'rootmode' [ 62.436517][ T631] usb 5-1: can't set config #1, error -71 [ 62.456881][ T631] usb 5-1: USB disconnect, device number 2 [ 62.724309][ T775] loop2: detected capacity change from 0 to 16 [ 62.754319][ T776] loop4: detected capacity change from 0 to 16 [ 62.916972][ T776] erofs: (device loop4): mounted with root inode @ nid 36. [ 62.933742][ T775] erofs: (device loop2): mounted with root inode @ nid 36. [ 63.118113][ T785] loop1: detected capacity change from 0 to 16 [ 63.206952][ T785] erofs: (device loop1): mounted with root inode @ nid 36. [ 63.559507][ T791] loop4: detected capacity change from 0 to 512 [ 63.694210][ T801] loop2: detected capacity change from 0 to 128 [ 63.855180][ T801] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 63.866053][ T801] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 64.004252][ T791] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 64.103783][ T791] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.679052][ T811] loop4: detected capacity change from 0 to 512 [ 64.771146][ T818] loop2: detected capacity change from 0 to 128 [ 64.910706][ T818] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 64.921378][ T818] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.046135][ T811] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 65.141150][ T811] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.052481][ T834] loop2: detected capacity change from 0 to 128 [ 66.059290][ T824] loop1: detected capacity change from 0 to 16 [ 66.857899][ T836] loop4: detected capacity change from 0 to 128 [ 67.300991][ T824] erofs: (device loop1): mounted with root inode @ nid 36. [ 67.394274][ T836] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.405003][ T836] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.428208][ T834] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.438796][ T834] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.359306][ T857] loop0: detected capacity change from 0 to 128 [ 68.483844][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 68.483867][ T30] audit: type=1326 audit(1736849737.064:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 68.551368][ T857] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 68.562171][ T857] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 69.128401][ T30] audit: type=1326 audit(1736849737.094:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.151424][ T30] audit: type=1326 audit(1736849737.124:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.175947][ T30] audit: type=1326 audit(1736849737.214:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.215882][ T30] audit: type=1326 audit(1736849737.224:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.240727][ T30] audit: type=1326 audit(1736849737.284:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.264074][ T30] audit: type=1326 audit(1736849737.294:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.287306][ T30] audit: type=1326 audit(1736849737.294:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=852 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898d3e9d29 code=0x7ffc0000 [ 69.349304][ T861] loop3: detected capacity change from 0 to 512 [ 70.440486][ T876] loop0: detected capacity change from 0 to 128 [ 70.640913][ T883] fuse: Bad value for 'rootmode' [ 70.672979][ T876] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 70.683719][ T876] ext4 filesystem being mounted at /21/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 70.753586][ T861] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 71.276553][ T861] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.304955][ T882] loop4: detected capacity change from 0 to 512 [ 71.484708][ T882] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 71.496778][ T882] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.583508][ T896] loop1: detected capacity change from 0 to 16 [ 71.658726][ T896] erofs: (device loop1): mounted with root inode @ nid 36. [ 71.784018][ T30] audit: type=1326 audit(1736849740.364:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=898 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138097dd29 code=0x7ffc0000 [ 71.831081][ T30] audit: type=1326 audit(1736849740.364:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=898 comm="syz.3.144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138097dd29 code=0x7ffc0000 [ 71.907981][ T906] loop0: detected capacity change from 0 to 128 [ 72.044684][ T906] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 72.055574][ T906] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.366600][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 74.366615][ T30] audit: type=1400 audit(1736849742.944:382): avc: denied { write } for pid=941 comm="syz.3.158" name="dev_mcast" dev="proc" ino=4026532654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 74.396032][ T30] audit: type=1400 audit(1736849742.954:383): avc: denied { write } for pid=945 comm="syz.4.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 74.420767][ T948] ================================================================== [ 74.428655][ T948] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xb9d/0x3430 [ 74.436637][ T948] Read of size 8 at addr ffff8881124a6fc0 by task syz.1.160/948 [ 74.444191][ T948] [ 74.446379][ T948] CPU: 0 PID: 948 Comm: syz.1.160 Not tainted 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 74.455908][ T948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 74.465821][ T948] Call Trace: [ 74.468926][ T948] [ 74.471715][ T948] dump_stack_lvl+0x151/0x1c0 [ 74.476217][ T948] ? io_uring_drop_tctx_refs+0x190/0x190 [ 74.481688][ T948] ? panic+0x760/0x760 [ 74.485588][ T948] print_address_description+0x87/0x3b0 [ 74.486040][ T30] audit: type=1400 audit(1736849743.054:384): avc: denied { sys_module } for pid=955 comm="syz.0.165" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 74.490966][ T948] kasan_report+0x179/0x1c0 [ 74.490985][ T948] ? tc_setup_flow_action+0xb9d/0x3430 [ 74.491004][ T948] ? tc_setup_flow_action+0xb9d/0x3430 [ 74.526474][ T948] __asan_report_load8_noabort+0x14/0x20 [ 74.531941][ T948] tc_setup_flow_action+0xb9d/0x3430 [ 74.537061][ T948] mall_replace_hw_filter+0x394/0xc20 [ 74.542263][ T948] ? mall_set_parms+0x4b0/0x4b0 [ 74.546947][ T948] ? tcf_exts_destroy+0xb0/0xb0 [ 74.551634][ T948] ? pcpu_memcg_post_alloc_hook+0x1b1/0x260 [ 74.557365][ T948] ? pcpu_alloc+0xda0/0x13e0 [ 74.561798][ T948] ? mall_set_parms+0x1c3/0x4b0 [ 74.566480][ T948] mall_change+0x56e/0x780 [ 74.570733][ T948] ? mall_get+0xb0/0xb0 [ 74.574724][ T948] ? tcf_chain_tp_insert_unique+0xa90/0xbb0 [ 74.580453][ T948] ? nla_strcmp+0xed/0x120 [ 74.584705][ T948] ? mall_get+0xb0/0xb0 [ 74.588696][ T948] tc_new_tfilter+0x151a/0x1c00 [ 74.593385][ T948] ? tcf_gate_entry_destructor+0x20/0x20 [ 74.598853][ T948] ? security_capable+0x87/0xb0 [ 74.603538][ T948] ? ns_capable+0x89/0xe0 [ 74.607704][ T948] ? netlink_net_capable+0x125/0x160 [ 74.612822][ T948] ? tcf_gate_entry_destructor+0x20/0x20 [ 74.618290][ T948] rtnetlink_rcv_msg+0x776/0xc40 [ 74.623069][ T948] ? rtnetlink_bind+0x80/0x80 [ 74.627590][ T948] ? stack_trace_save+0x1c0/0x1c0 [ 74.632443][ T948] ? __kernel_text_address+0x9b/0x110 [ 74.637648][ T948] ? unwind_get_return_address+0x4d/0x90 [ 74.643114][ T948] ? avc_has_perm_noaudit+0x348/0x430 [ 74.648323][ T948] ? memcpy+0x56/0x70 [ 74.652141][ T948] ? avc_has_perm_noaudit+0x2dd/0x430 [ 74.657349][ T948] ? avc_denied+0x1b0/0x1b0 [ 74.661690][ T948] ? avc_has_perm+0x16f/0x260 [ 74.666202][ T948] ? ____kasan_kmalloc+0xed/0x110 [ 74.671062][ T948] ? avc_has_perm_noaudit+0x430/0x430 [ 74.676268][ T948] ? x64_sys_call+0x16a/0x9a0 [ 74.680785][ T948] netlink_rcv_skb+0x1cf/0x410 [ 74.685385][ T948] ? rtnetlink_bind+0x80/0x80 [ 74.689895][ T948] ? netlink_ack+0xb10/0xb10 [ 74.694323][ T948] ? __netlink_lookup+0x37b/0x3a0 [ 74.699184][ T948] rtnetlink_rcv+0x1c/0x20 [ 74.703437][ T948] netlink_unicast+0x8df/0xac0 [ 74.708046][ T948] ? netlink_detachskb+0x90/0x90 [ 74.712810][ T948] ? security_netlink_send+0x7b/0xa0 [ 74.717934][ T948] netlink_sendmsg+0xa0a/0xd20 [ 74.722534][ T948] ? netlink_getsockopt+0x560/0x560 [ 74.727568][ T948] ? security_socket_sendmsg+0x82/0xb0 [ 74.732860][ T948] ? netlink_getsockopt+0x560/0x560 [ 74.737892][ T948] ____sys_sendmsg+0x59e/0x8f0 [ 74.742496][ T948] ? __sys_sendmsg_sock+0x40/0x40 [ 74.747352][ T948] ? import_iovec+0xe5/0x120 [ 74.751785][ T948] ___sys_sendmsg+0x252/0x2e0 [ 74.756294][ T948] ? __sys_sendmsg+0x260/0x260 [ 74.760896][ T948] ? check_stack_object+0xf4/0x130 [ 74.765844][ T948] ? __fdget+0x1bc/0x240 [ 74.769926][ T948] __se_sys_sendmsg+0x19a/0x260 [ 74.774612][ T948] ? __x64_sys_sendmsg+0x90/0x90 [ 74.779383][ T948] ? __kasan_check_write+0x14/0x20 [ 74.784327][ T948] ? switch_fpu_return+0x15f/0x2e0 [ 74.789275][ T948] __x64_sys_sendmsg+0x7b/0x90 [ 74.793874][ T948] x64_sys_call+0x16a/0x9a0 [ 74.798215][ T948] do_syscall_64+0x3b/0xb0 [ 74.802467][ T948] ? clear_bhb_loop+0x35/0x90 [ 74.806982][ T948] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.812721][ T948] RIP: 0033:0x7f0a0ce4fd29 [ 74.816963][ T948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.836407][ T948] RSP: 002b:00007f0a0b4c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.844650][ T948] RAX: ffffffffffffffda RBX: 00007f0a0d03ffa0 RCX: 00007f0a0ce4fd29 [ 74.852461][ T948] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004 [ 74.860271][ T948] RBP: 00007f0a0cecbb08 R08: 0000000000000000 R09: 0000000000000000 [ 74.868082][ T948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.875893][ T948] R13: 0000000000000000 R14: 00007f0a0d03ffa0 R15: 00007fff6043fbf8 [ 74.883708][ T948] [ 74.886569][ T948] [ 74.888742][ T948] Allocated by task 948: [ 74.892820][ T948] ____kasan_kmalloc+0xdb/0x110 [ 74.897508][ T948] __kasan_kmalloc+0x9/0x10 [ 74.901878][ T948] __kmalloc+0x13f/0x2c0 [ 74.905923][ T948] tcf_idr_create+0x5f/0x780 [ 74.910351][ T948] tcf_idr_create_from_flags+0x5f/0x70 [ 74.915733][ T948] tcf_gact_init+0x3cd/0x6e0 [ 74.920159][ T948] tcf_action_init_1+0x50f/0x7f0 [ 74.924933][ T948] tcf_action_init+0x306/0x840 [ 74.929533][ T948] tcf_exts_validate+0x236/0x520 [ 74.934306][ T948] mall_set_parms+0x44/0x4b0 [ 74.938732][ T948] mall_change+0x495/0x780 [ 74.942986][ T948] tc_new_tfilter+0x151a/0x1c00 [ 74.947671][ T948] rtnetlink_rcv_msg+0x776/0xc40 [ 74.952448][ T948] netlink_rcv_skb+0x1cf/0x410 [ 74.957046][ T948] rtnetlink_rcv+0x1c/0x20 [ 74.961318][ T948] netlink_unicast+0x8df/0xac0 [ 74.965898][ T948] netlink_sendmsg+0xa0a/0xd20 [ 74.970501][ T948] ____sys_sendmsg+0x59e/0x8f0 [ 74.975099][ T948] ___sys_sendmsg+0x252/0x2e0 [ 74.979611][ T948] __se_sys_sendmsg+0x19a/0x260 [ 74.984299][ T948] __x64_sys_sendmsg+0x7b/0x90 [ 74.988898][ T948] x64_sys_call+0x16a/0x9a0 [ 74.993240][ T948] do_syscall_64+0x3b/0xb0 [ 74.997577][ T948] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.003308][ T948] [ 75.005490][ T948] The buggy address belongs to the object at ffff8881124a6f00 [ 75.005490][ T948] which belongs to the cache kmalloc-192 of size 192 [ 75.019364][ T948] The buggy address is located 0 bytes to the right of [ 75.019364][ T948] 192-byte region [ffff8881124a6f00, ffff8881124a6fc0) [ 75.032819][ T948] The buggy address belongs to the page: [ 75.038289][ T948] page:ffffea0004492980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1124a6 [ 75.048354][ T948] flags: 0x4000000000000200(slab|zone=1) [ 75.053828][ T948] raw: 4000000000000200 ffffea0004493080 0000000700000007 ffff888100042c00 [ 75.062250][ T948] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.070661][ T948] page dumped because: kasan: bad access detected [ 75.076919][ T948] page_owner tracks the page as allocated [ 75.082465][ T948] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 111, ts 4358088812, free_ts 4358042647 [ 75.098085][ T948] post_alloc_hook+0x1a3/0x1b0 [ 75.102687][ T948] prep_new_page+0x1b/0x110 [ 75.107025][ T948] get_page_from_freelist+0x3550/0x35d0 [ 75.112410][ T948] __alloc_pages+0x27e/0x8f0 [ 75.116832][ T948] new_slab+0x9a/0x4e0 [ 75.120738][ T948] ___slab_alloc+0x39e/0x830 [ 75.125165][ T948] __slab_alloc+0x4a/0x90 [ 75.129332][ T948] kmem_cache_alloc_trace+0x147/0x270 [ 75.134537][ T948] kernfs_fop_open+0x324/0xab0 [ 75.139138][ T948] do_dentry_open+0x81c/0xfd0 [ 75.143654][ T948] vfs_open+0x73/0x80 [ 75.147472][ T948] path_openat+0x26f0/0x2f40 [ 75.151914][ T948] do_filp_open+0x21c/0x460 [ 75.156237][ T948] do_sys_openat2+0x13f/0x820 [ 75.160752][ T948] __x64_sys_openat+0x243/0x290 [ 75.165438][ T948] x64_sys_call+0x6bf/0x9a0 [ 75.169886][ T948] page last free stack trace: [ 75.174389][ T948] free_unref_page_prepare+0x7c8/0x7d0 [ 75.179683][ T948] free_unref_page+0xe8/0x750 [ 75.184194][ T948] __free_pages+0x61/0xf0 [ 75.188362][ T948] free_pages+0x7c/0x90 [ 75.192354][ T948] selinux_genfs_get_sid+0x24d/0x2a0 [ 75.197473][ T948] inode_doinit_with_dentry+0x8d2/0x1070 [ 75.202944][ T948] selinux_d_instantiate+0x27/0x40 [ 75.207890][ T948] security_d_instantiate+0x9f/0x100 [ 75.213014][ T948] d_splice_alias+0x6d/0x390 [ 75.217437][ T948] kernfs_iop_lookup+0x29e/0x2f0 [ 75.222211][ T948] __lookup_slow+0x2b9/0x400 [ 75.226642][ T948] lookup_slow+0x5a/0x80 [ 75.230720][ T948] walk_component+0x48c/0x610 [ 75.235242][ T948] path_lookupat+0x16d/0x450 [ 75.239657][ T948] filename_lookup+0x230/0x5c0 [ 75.251902][ T948] user_path_at_empty+0x43/0x1a0 [ 75.256676][ T948] [ 75.258851][ T948] Memory state around the buggy address: [ 75.264315][ T948] ffff8881124a6e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.272210][ T948] ffff8881124a6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.280107][ T948] >ffff8881124a6f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 75.288000][ T948] ^ [ 75.293991][ T948] ffff8881124a7000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.301891][ T948] ffff8881124a7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 75.309906][ T948] ================================================================== [ 75.317795][ T948] Disabling lock debugging due to kernel taint [ 75.325250][ T951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.164'. [ 75.359356][ T30] audit: type=1400 audit(1736849743.054:385): avc: denied { write } for pid=955 comm="syz.0.165" name="ppp" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 75.381972][ T30] audit: type=1400 audit(1736849743.054:386): avc: denied { open } for pid=955 comm="syz.0.165" path="/dev/ppp" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 75.405205][ T30] audit: type=1400 audit(1736849743.054:387): avc: denied { ioctl } for pid=955 comm="syz.0.165" path="/dev/ppp" dev="devtmpfs" ino=150 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 75.429428][ T30] audit: type=1400 audit(1736849743.924:388): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 75.451847][ T30] audit: type=1400 audit(1736849743.924:389): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 75.473716][ T30] audit: type=1400 audit(1736849743.924:390): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1