last executing test programs: 4.34517166s ago: executing program 0 (id=12): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000"], 0x1, 0x17d, &(0x7f00000004c0)="$eJzsmD9P6lAYxp/TciH35iY6u2giCTBY2qJGBgdmB038FzeJVIIWMdBB2PwUzn4CZ+JC4sfQQZ1ccHNyqGl7gAP+HdTE+PyG9zzv6dvTc94mT5OCEPJrub15uD5LJS90AP+RRELO3+mDGk2pb489Zi4ry+cn5v1Vu7OUH11PAPD9jz8/BqBT0OHJ3PeH707KcQ1aX69DQ0bqTQgYUm9Dw4bUDgS2pN5TdC2oN4zdiusYOzW3FAgzCFYQ7CDkRvfXPRYoKfsTyvVGs7VfdF2n/oXivf51CxoWlf2p76vXG1PpnwUNltQ5CKxKvYBErzdRS5TzT8QG6+vffH4KCoqfJgb+5J8KpBR/iin+kfWqh9lGszVTqRbLTtk5sO3cvDlrmnN2NjSiKL7hf39Df/qnrP/nldq4iOOo6Hl1K4r93I7iS44bD/1PQ3o6yoWcUwm/B+NiKhjSuswJIYQQQgghhBBCCCHk05mECP+CDpF/NmWvhNVPAQAA//94vnZt") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x62802) ioctl$USBDEVFS_SETCONFIGURATION(r2, 0x80045505, 0x0) 3.881745408s ago: executing program 0 (id=15): memfd_create(0x0, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffe7b702000008000000b70300000100000085000000c800000095"], &(0x7f00000005c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.487193714s ago: executing program 0 (id=17): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000008c0)=@newlink={0x4c, 0x10, 0x409, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x4000}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PRIORITY={0x6, 0x2, 0xfff}, @IFLA_BRPORT_COST={0x8, 0x3, 0x6}]}}}]}, 0x4c}}, 0x0) 3.384320846s ago: executing program 0 (id=19): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4204, r0, 0x200, &(0x7f0000000740)={0x0}) 3.202697909s ago: executing program 0 (id=22): r0 = creat(0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mount_setattr(r0, 0x0, 0x8000, &(0x7f0000000040)={0x100006, 0x70, 0x180000, {r0}}, 0x20) 2.387502402s ago: executing program 0 (id=27): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x6c, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x48, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x3}, @broadcast, @device_a, @initial, {0x5, 0x3}, @value=@ver_80211n={0x0, 0x120, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, 0x204, 0x9, @broadcast, {}, @void, @val={0x2d, 0x1a, {0x1000, 0x0, 0x7, 0x0, {0xff, 0xaf, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x0, 0x2}}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 2.338569862s ago: executing program 32 (id=27): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x6c, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x48, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x3}, @broadcast, @device_a, @initial, {0x5, 0x3}, @value=@ver_80211n={0x0, 0x120, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, 0x204, 0x9, @broadcast, {}, @void, @val={0x2d, 0x1a, {0x1000, 0x0, 0x7, 0x0, {0xff, 0xaf, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x0, 0x2}}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.24382753s ago: executing program 3 (id=42): timer_create(0x1, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0xdd860600, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xb}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0xb0, 0x2, 0x0, 0x1, {0x9, 0x1, 0x0, 0x1, [{0xc}, {0x8}, {0x1b}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x9, 0xd}, {0x8}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0) 1.179174351s ago: executing program 3 (id=43): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000060000000b"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.052049433s ago: executing program 3 (id=44): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000380)=@framed={{0x18, 0x2, 0x0, 0x0, 0xc6, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x27}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4aa}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 976.244934ms ago: executing program 3 (id=45): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4) sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/129, 0x81}, 0x5}], 0x1, 0x2143, 0x0) 960.263945ms ago: executing program 3 (id=47): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}, 0x0, 0x0, 0x0) statfs(&(0x7f0000000080)='./file0\x00', 0x0) 921.586535ms ago: executing program 2 (id=49): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000000)=@newtaction={0x44c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x1, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x4, 0x9, 0x735152a5, 0x6, 0x2a9, 0xa7, 0x25, 0xcb8, 0x3, 0x7894, 0xffffffff, 0x7, 0x2, 0x100, 0x9, 0x1, 0x3, 0x0, 0x40000000, 0xff, 0x6, 0x7db0, 0x5, 0x3, 0x3, 0x4, 0x7, 0x3b4c, 0xc1fc, 0x4, 0x10000, 0x4, 0x5, 0x0, 0x0, 0x65530070, 0x6, 0x7, 0x0, 0x8, 0x8000003, 0x3, 0xb2a, 0x8001, 0x1, 0x7, 0xa, 0x6a8, 0x5, 0x3, 0x8000, 0x7, 0x6, 0x10000, 0x1, 0x4, 0x7, 0x1, 0x4, 0x8, 0x6, 0x9, 0xffff7fff, 0x2, 0xfffffffe, 0x38, 0x4, 0x80, 0x5, 0xc6, 0x5, 0x4e5, 0xfffff169, 0x10000, 0x9, 0x6343, 0x81, 0x7, 0x7, 0x2cc, 0x9, 0xb, 0x200, 0x8, 0x4, 0xffe00000, 0xffffff80, 0x4, 0x8, 0x0, 0x1000000, 0x3, 0x1, 0x1, 0x10000, 0x10, 0x5, 0xa10c, 0x83, 0x8001, 0x800, 0xfffffffe, 0x497, 0xffffbc00, 0x140, 0xfffffeff, 0x7c, 0x5202, 0x9, 0x3e, 0x3, 0x1, 0x8, 0x10, 0x10000, 0x2, 0x8001, 0x1, 0x2, 0x9, 0x6, 0x3, 0x999, 0xa, 0x1ad, 0x2, 0x4, 0x8001, 0x1ff, 0x1, 0x5, 0x10001, 0x6, 0x8ac, 0xcea, 0x6, 0x1, 0x1, 0x5, 0x8000004, 0x8000, 0x6, 0x8, 0xfffffff8, 0x0, 0x9, 0x80, 0x1, 0x650e, 0x1, 0xffff, 0x4, 0x5, 0x8001, 0x401b525b, 0xffff, 0x7f, 0x0, 0xf7, 0x0, 0xff, 0x7c, 0xeae1, 0x5, 0xfffffffa, 0x4, 0x7fff, 0x3, 0x9, 0xf8d, 0x9, 0x8, 0x9, 0x813c, 0x1, 0x5, 0x5, 0x8, 0xb, 0xaec, 0x0, 0x40, 0x2, 0xaec, 0x800, 0x8021, 0x8, 0x6, 0x7, 0x8e7, 0x101, 0x522b, 0x9, 0x77f, 0xffffffff, 0x8000, 0xffff, 0x7fff, 0x1, 0x5, 0x24, 0xd, 0xc, 0x1, 0x101, 0x9, 0x1, 0x6, 0xc5, 0x6, 0x3ff, 0x190, 0xd, 0xc, 0x0, 0x2, 0x10001, 0x3ff, 0x24cb, 0x8, 0x2, 0x6bed, 0x3, 0x1000, 0xfffffffe, 0x8001, 0x72, 0x5, 0x3, 0xe328, 0x9, 0x7, 0x6, 0xe, 0xb, 0x5, 0xffffffff, 0x0, 0x68ec, 0x8, 0x5, 0x1000, 0xfffffc2f, 0x4, 0x4, 0x5, 0x3, 0x8, 0x3, 0x4, 0xfffffa03, 0x1ff, 0x10, 0x8, 0x8]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x44c}}, 0x20000000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0xf8, 0xf8, 0xf8, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth0_to_team\x00', 'wlan0\x00', {}, {}, 0x73}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) 855.213106ms ago: executing program 2 (id=50): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x200, {0x60, 0x0, 0x0, r2, {0x0, 0x3}, {0xffff, 0xffff}, {0x8, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca04}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x44040) 855.084756ms ago: executing program 2 (id=51): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)={0x24, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, @random="6298d198"}]}, 0x24}, 0x1, 0x0, 0x0, 0x44005}, 0x20000010) 836.765957ms ago: executing program 2 (id=52): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@jqfmt_vfsv1}, {}, {@quota}, {@noauto_da_alloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@acl}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x5}}, {@orlov}]}, 0xfc, 0x57b, &(0x7f0000000cc0)="$eJzs3d9rU1ccAPDvTdM6f2xWENn2MAQf5nCmtt0PBwPd49hkwvbuQhuLNDXSpGI7YfowX/YyZDDGfNkfsPc9yv6B/RXCJsiQsj0NMm56U6NNmjbGJZrPB66ek3vTc84993tyTm5CAhhZR9N/chGvRcR3ScTBln35yHYe3Thu/eH1uXRLol7//K8kkuyx5vFJ9v/+LPNqRPz2TcSJ3NZyq6tri8VyubSc5adqS1emqqtrJy8tFRdKC6XLM7Ozp9+dnfng/ff61ta3zv/z42d3Pz797bH1H365f+h2EmfjQLavtR1P4UZr5mjx3yw1HmefOHC6D4UNk2TQFaAnY1mcj0c6BhyMsSzqgRff1xFRB0ZUIv5hRDXnAc21fZ/Wwc+NBx9tLIAabZ9obX9+472ReKmxNtq3njy2MkrXu5N9KD8t49c/79xOt9j+fYi9XfIAu3LjZkScyue3jv9JNv717lTjzePtPVnGqL3+wCDdTec/b7eb/+U25z/RZv6zv03s9qJ7/Ofu96GYjtL534dt57+bQ9fkWJZ7uTHnG08uXiqXTkXEKxFxPOpdb32cXr9X77Svdf6Xbmn5zblgVo/7+T2PP2e+WCtGxESPTX7Mg5sRr+fbtT/Z7P+kTf+n5+P8Dss4UrrzRqd93dv/bNV/jnizbf8/6tZk+/uTU43rYap5VWz1960jv3cqf9DtT/t/3/btn0xa79dWd1vC+LZ7e73+J5IvGulmEFwr1mrL0xETyadbH5959Nxmvnl82v7jx7Yf/9pd/+ni68sdnoFbh291PHQY+n9+V/2/+8S9T776qVP5O+v/dxqp49kj2fjXXnat7LSCT3v+AAAAAAAAYJjkIuJAJLnCZjqXKxQ2Pt9xOPblypVq7cTFysrl+Wh8V3YyxnPNO90HWz4PMZ19HraZn3kiPxsRhyLi+7G9jXxhrlKeH3TjAQAAAAAAAAAAAAAAAAAAYEjs7/D9/9QfY4OuHfDMNX7YYM+gawEMQtef/O/HLz0BQ6lr/AMvrM34t+CHkeP1H0aX+IfRJf5hdIl/GF3iH0aX+AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+On/uXLrV1x9en0vz81dXVxYrV0/Ol6qLhaWVucJcZflKYaFSWSiXCnOVpW5/r1ypXJmeiZVrU7VStTZVXV27sFRZuVy7cGmpuFC6UBr/X1oFAAAAAAAAAAAAAAAAAAAAz5fq6tpisVwuLQ9HIpdVa1jq00iciaGoRt8TN7OTvXimmejl7+SHpTkSHRLNft7dswYwGAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAB/8FAAD///uIKS0=") creat(&(0x7f00000000c0)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) stat(&(0x7f0000000100)='./file1\x00', &(0x7f00000007c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') execveat$binfmt(0xffffffffffffff9c, r1, 0x0, 0x0, 0x0) 580.072931ms ago: executing program 2 (id=59): sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, 0x0, 0x0, 0x4004c}}], 0x1, 0x4) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x9, '\x00', 0x0, r0, 0x0, 0x1, 0x2, 0x0, @void, @value, @void, @value}, 0xae) 551.364131ms ago: executing program 5 (id=60): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_int(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@multicast1, 0x0, 0xfffe, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x6c}, 0x2, @in6=@loopback, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000000}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0xe, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 460.306512ms ago: executing program 5 (id=63): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [], {0x14, 0x10}}, 0x28}}, 0x800) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="0201"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 459.374192ms ago: executing program 5 (id=66): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)={0x40, r0, 0x1, 0x10001, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x4}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008d5}, 0x8000) 443.198023ms ago: executing program 5 (id=67): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050002000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="0a0018000303030303030000100070005f953f02"], 0x38}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x0) 372.168834ms ago: executing program 5 (id=70): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) writev(r1, &(0x7f0000000240)=[{&(0x7f0000002740)="ba", 0x1}], 0x1) 364.154024ms ago: executing program 5 (id=72): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x317, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00\"(\x00\x00'], 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getxattr(0x0, 0x0, 0x0, 0x0) 300.264645ms ago: executing program 2 (id=74): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdc00, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x40080) 299.821715ms ago: executing program 33 (id=74): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdc00, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x40080) 247.229416ms ago: executing program 1 (id=79): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0d00000001000000040000000000000015"], 0x48) 187.906567ms ago: executing program 4 (id=81): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0xc010) 187.719297ms ago: executing program 1 (id=82): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newqdisc={0x138, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "0c4abfa649a627d55fa19434dd9b13af7dcf02c427b440fc607a507a449c420b0a46243b85e565c440f0dc6e3560f0b8fa5ad4dd64b7c4e949856ae8a22d24258394de62aa3fc03d48c9a9925f40afb8e4735f164fcb1b3cce845878425938896fabf8ebcea7886174751d69e1e64585165567a499613dcf6c606fadb2757471e2ce59bbdd23d89d03e597d05d0fc6585e64378efdd1f865a56c4a54de0529481159b699058fbc1fa97428db369957a1236d52cb11291dce3e9572d14deec74ea99b322d42b714d14e3479c4d46fc6f313fbf153f8e1cc5c96bbcfd89b456f837071802ebb5b6df06c55f57e3662364961acf00e0c8ec628809c5ad236665802"}]}}]}, 0x138}}, 0x0) 184.797957ms ago: executing program 4 (id=83): r0 = getpid() r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}}, 0x4000084) 164.784297ms ago: executing program 1 (id=84): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x1b, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 164.567397ms ago: executing program 4 (id=85): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x24060400) bpf$MAP_GET_NEXT_KEY(0x3, 0x0, 0x0) 140.371378ms ago: executing program 4 (id=86): r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7fffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 97.451128ms ago: executing program 1 (id=87): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b700000010000000790000000000000040020000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xb579, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 97.259408ms ago: executing program 1 (id=88): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r1, 0x5, 0x6, 0x800000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xc9}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40810}, 0x40040c2) 97.020148ms ago: executing program 4 (id=89): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newtfilter={0x484, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0x9}, {0x0, 0x9}, {0xd, 0xe}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x454, 0x2, [@TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x0, 0x9, 0x5}}}]}]}, @TCA_CGROUP_ACT={0x34, 0x1, [@m_skbedit={0x30, 0x11, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_CGROUP_POLICE={0x408, 0x2, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8000, 0xa1a, 0x2, 0x8001, 0xfffff800, 0xffffffff, 0x6, 0x7, 0x4861, 0x831, 0x9, 0x3, 0x6, 0x6, 0x4, 0x8, 0xf, 0x8, 0x4, 0x2, 0x9, 0x0, 0x0, 0x3, 0x2, 0x7, 0x5, 0x7, 0x3ff, 0xe65d, 0x6, 0x1000, 0x401, 0x5, 0x6, 0x6, 0x9, 0x0, 0x7fff, 0x2b, 0x1, 0x7, 0x2, 0x7, 0x1, 0x7, 0x8, 0x80000001, 0x5, 0x5f2cc059, 0x9, 0x6dff, 0x7, 0x7, 0x3ff, 0x4a65, 0x40, 0xfffffffc, 0x5, 0x9469, 0x4, 0x1, 0x0, 0x68c, 0x3, 0x1ae7, 0xe48, 0x2, 0x2, 0x4, 0xfffffffc, 0x7, 0xf5, 0x98d, 0xffff, 0xc0, 0x1, 0x2, 0x8, 0x1, 0xb9c, 0x9, 0x7fffffff, 0x5dc4, 0x2, 0x100000, 0x68e, 0xc, 0x0, 0x994f, 0x4, 0x0, 0xfff, 0x8c8, 0x401, 0x3, 0x1, 0x2, 0x7, 0x80000001, 0x0, 0x9, 0x7f, 0x6, 0xeb6a, 0x7fff, 0x2, 0x976, 0x3, 0x7f, 0x9, 0x65d, 0x7, 0x5, 0x7, 0xc, 0xfa, 0x0, 0x1, 0x7, 0x3, 0x2, 0x0, 0xf, 0xe, 0xfffffff9, 0x0, 0x400, 0xf5, 0xa, 0xfffffffe, 0xfffffffb, 0xd, 0x9, 0xff, 0x3, 0x5dce04bf, 0x9, 0x4, 0x5, 0xd, 0x8, 0x7, 0xfffffff8, 0x0, 0x2, 0x10, 0x0, 0x1, 0x28, 0x3, 0x80000000, 0x4784, 0x7, 0x7, 0x4, 0x5, 0x6, 0x7, 0x9, 0x1714, 0x5, 0x4, 0x7, 0x1, 0xffffffff, 0xeaec4000, 0x7cf, 0x5, 0x100, 0x7, 0x0, 0x1, 0x0, 0xaec, 0x3596, 0xfffff511, 0xffffffff, 0x0, 0x3, 0x1, 0x1, 0x7, 0xb3, 0x80000001, 0x0, 0x5, 0x7, 0x6, 0x6, 0x2871, 0x0, 0x80000000, 0x8001, 0x5, 0x4, 0x2, 0x6, 0x8, 0x0, 0x3, 0x1, 0x981, 0xfff, 0xc, 0x4, 0x401, 0x4, 0x8, 0xbb1, 0x1, 0x0, 0xc, 0x40, 0x80000000, 0x6, 0xbe, 0x0, 0x9, 0x10000, 0x6, 0x33, 0x4, 0x400, 0x5c, 0x2, 0x1ff, 0x533, 0x2, 0x3, 0x5, 0x100, 0x7, 0x0, 0x3, 0xfffffffb, 0x6, 0x6, 0x2, 0x2, 0x1, 0x6, 0x416, 0xfc, 0x10001, 0x0, 0x80000000, 0x6, 0x9, 0xffffffc7, 0x9, 0x9816, 0x1, 0x4, 0x101, 0x6]}]}]}}]}, 0x484}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 90.991198ms ago: executing program 3 (id=90): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac13000100000000000000000000000000000000000000000a0042"], 0xb8}}, 0x0) 229.66µs ago: executing program 1 (id=91): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x40, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x4}, @broadcast, @device_a, @initial, {0x5, 0xff}}, 0x2021, 0x5c, @default, @void, @void}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 0s ago: executing program 4 (id=92): socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000280)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r0, 0x1000) unshare(0x20000400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000000000000000000000001836000005000000000000000600000095"], &(0x7f0000000540)='GPL\x00', 0x8, 0xdb, &(0x7f0000003e40)=""/219, 0x41100, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts. [ 19.868570][ T30] audit: type=1400 audit(1745209888.927:66): avc: denied { integrity } for pid=279 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 19.875563][ T30] audit: type=1400 audit(1745209888.927:67): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.877056][ T279] cgroup: Unknown subsys name 'net' [ 19.879879][ T30] audit: type=1400 audit(1745209888.927:68): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.883961][ T30] audit: type=1400 audit(1745209888.937:69): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.884141][ T279] cgroup: Unknown subsys name 'devices' [ 20.038985][ T279] cgroup: Unknown subsys name 'hugetlb' [ 20.044404][ T279] cgroup: Unknown subsys name 'rlimit' [ 20.244942][ T30] audit: type=1400 audit(1745209889.297:70): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.268003][ T30] audit: type=1400 audit(1745209889.297:71): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.275074][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.293080][ T30] audit: type=1400 audit(1745209889.297:72): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.323932][ T30] audit: type=1400 audit(1745209889.357:73): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.349374][ T30] audit: type=1400 audit(1745209889.357:74): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.378520][ T30] audit: type=1400 audit(1745209889.437:75): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.379053][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.579222][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.586081][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.593536][ T291] device bridge_slave_0 entered promiscuous mode [ 21.611836][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.618716][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.625879][ T291] device bridge_slave_1 entered promiscuous mode [ 21.658087][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.664947][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.672564][ T290] device bridge_slave_0 entered promiscuous mode [ 21.680570][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.687463][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.695071][ T290] device bridge_slave_1 entered promiscuous mode [ 21.814021][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.820948][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.828231][ T294] device bridge_slave_0 entered promiscuous mode [ 21.836397][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.843275][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.850634][ T294] device bridge_slave_1 entered promiscuous mode [ 21.895640][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.902600][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.909900][ T293] device bridge_slave_0 entered promiscuous mode [ 21.916593][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.923576][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.930852][ T293] device bridge_slave_1 entered promiscuous mode [ 21.975011][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.981954][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.989292][ T292] device bridge_slave_0 entered promiscuous mode [ 21.996303][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.003284][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.010557][ T292] device bridge_slave_1 entered promiscuous mode [ 22.108471][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.115333][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.122471][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.129233][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.137467][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.144326][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.151449][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.158224][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.182649][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.189520][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.196623][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.203500][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.238071][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.245070][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.252214][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.258988][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.272066][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.278938][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.286020][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.292874][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.318314][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.325440][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.332665][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.340169][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.347962][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.355197][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.362456][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.369484][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.376452][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.383599][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.391037][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.398437][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.420117][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.428067][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.436074][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.442942][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.450575][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.458792][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.465638][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.508762][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.517058][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.524365][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.532722][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.539600][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.547180][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.555153][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.562014][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.569255][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.577272][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.584108][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.591476][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.599505][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.606333][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.613583][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.621422][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.629499][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.636330][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.643895][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.651984][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.658848][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.666024][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.673960][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.683510][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.691483][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.714737][ T294] device veth0_vlan entered promiscuous mode [ 22.723670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.731733][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.739768][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.748910][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.756625][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.764771][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.772616][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.780628][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.788509][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.796589][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.805018][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.812426][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.819765][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.827897][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.835867][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.842724][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.849984][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.857818][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.865609][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.873986][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.882193][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.889147][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.896593][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.904006][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.920535][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.928564][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.936308][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.944448][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.963677][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.972078][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.982807][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.991244][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.005098][ T291] device veth0_vlan entered promiscuous mode [ 23.018960][ T292] device veth0_vlan entered promiscuous mode [ 23.025227][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.033285][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.041473][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.049907][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.058295][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.065965][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.074036][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.082303][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.090515][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.098577][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.106469][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.114026][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.121536][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.129130][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.136455][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.143950][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.153255][ T294] device veth1_macvtap entered promiscuous mode [ 23.160043][ T290] device veth0_vlan entered promiscuous mode [ 23.172686][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.180340][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.188749][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.199210][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.207404][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.222091][ T291] device veth1_macvtap entered promiscuous mode [ 23.232336][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.240561][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.248768][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.257452][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.267997][ T293] device veth0_vlan entered promiscuous mode [ 23.278010][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.285851][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.294225][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.302419][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.311130][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.319653][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.329174][ T292] device veth1_macvtap entered promiscuous mode [ 23.338441][ T290] device veth1_macvtap entered promiscuous mode [ 23.347031][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.354403][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.361765][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.369437][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.377807][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.386009][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.394402][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.414612][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.422940][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.431419][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.439786][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.447984][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.455984][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.472333][ T294] request_module fs-gadgetfs succeeded, but still no fs? [ 23.490011][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.498360][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.507574][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.558979][ T320] loop1: detected capacity change from 0 to 512 [ 23.568657][ T293] device veth1_macvtap entered promiscuous mode [ 23.580068][ T319] loop2: detected capacity change from 0 to 1024 [ 23.587390][ T320] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 23.601620][ T320] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 23.609430][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.614834][ T320] EXT4-fs (loop1): 1 truncate cleaned up [ 23.619591][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.624901][ T320] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,nodelalloc,commit=0x0000000000000000,errors=remount-ro,min_batch_time=0x0000000000000007,. Quota mode: none. [ 23.667372][ T319] ======================================================= [ 23.667372][ T319] WARNING: The mand mount option has been deprecated and [ 23.667372][ T319] and is ignored by this kernel. Remove the mand [ 23.667372][ T319] option from the mount to silence this warning. [ 23.667372][ T319] ======================================================= [ 23.706697][ T320] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.2: corrupted in-inode xattr [ 23.719002][ T332] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.725897][ T320] EXT4-fs (loop1): Remounting filesystem read-only [ 23.747028][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.748848][ T320] EXT4-fs warning (device loop1): ext4_xattr_set_entry:1751: inode #15: comm syz.1.2: unable to update i_inline_off [ 23.757455][ T319] EXT4-fs (loop2): Ignoring removed nobh option [ 23.767896][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.773860][ T319] EXT4-fs (loop2): Ignoring removed bh option [ 23.787150][ T319] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.799773][ T320] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 23.813151][ T320] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.2: corrupted in-inode xattr [ 23.832393][ T319] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.3: bad orphan inode 32767 [ 23.845704][ T320] EXT4-fs (loop1): Remounting filesystem read-only [ 23.852550][ T319] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,noload,dioread_lock,data_err=ignore,resgid=0x0000000000000000,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 23.880648][ T343] loop3: detected capacity change from 0 to 512 [ 23.949351][ T346] loop4: detected capacity change from 0 to 512 [ 23.956186][ T348] loop0: detected capacity change from 0 to 16 [ 23.984129][ T351] loop1: detected capacity change from 0 to 512 [ 23.994185][ T343] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,max_dir_size_kb=0x0000000000000005,. Quota mode: writeback. [ 24.008983][ T343] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.021439][ T348] erofs: (device loop0): mounted with root inode @ nid 36. [ 24.030325][ T346] EXT4-fs (loop4): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 24.083253][ T343] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.4: Unrecognised inode hash code 20 [ 24.088163][ T346] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.175283][ T351] EXT4-fs error (device loop1): ext4_acquire_dquot:6195: comm syz.1.10: Failed to acquire dquot type 1 [ 24.231533][ T351] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.10: corrupted inode contents [ 24.249768][ T343] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.4: Corrupt directory, running e2fsck is recommended [ 24.296240][ T351] EXT4-fs error (device loop1): ext4_dirty_inode:6041: inode #16: comm syz.1.10: mark_inode_dirty error [ 24.325712][ T343] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.4: Unrecognised inode hash code 20 [ 24.338295][ T343] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.4: Corrupt directory, running e2fsck is recommended [ 24.340703][ T351] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.10: corrupted inode contents [ 24.351002][ T343] EXT4-fs error (device loop3): __ext4_get_inode_loc:4351: comm syz.3.4: Invalid inode table block 0 in block_group 0 [ 24.379892][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 24.387044][ T343] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 24.391939][ T351] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.10: mark_inode_dirty error [ 24.405401][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 24.407860][ T351] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.10: corrupted inode contents [ 24.413934][ T343] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #2: comm syz.3.4: mark_inode_dirty error [ 24.425907][ T351] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 24.444650][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 24.451633][ T351] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.10: corrupted inode contents [ 24.472178][ T351] EXT4-fs error (device loop1): ext4_truncate:4303: inode #16: comm syz.1.10: mark_inode_dirty error [ 24.484556][ T351] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 24.494057][ T351] EXT4-fs (loop1): 1 truncate cleaned up [ 24.510272][ T351] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 24.573887][ T351] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.800061][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4351: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 24.823787][ T351] syz.1.10 (351) used greatest stack depth: 20912 bytes left [ 24.861986][ T45] EXT4-fs (loop3): Remounting filesystem read-only [ 24.903424][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4351: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 24.921446][ T381] loop0: detected capacity change from 0 to 512 [ 24.932142][ T383] loop2: detected capacity change from 0 to 512 [ 24.957875][ T45] EXT4-fs (loop3): Remounting filesystem read-only [ 25.009429][ T381] EXT4-fs (loop0): 1 orphan inode deleted [ 25.015105][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.028961][ T381] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.040726][ T383] EXT4-fs error (device loop2): ext4_get_branch:178: inode #13: block 2: comm syz.2.20: invalid block [ 25.051942][ T383] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.20: invalid indirect mapped block 10 (level 1) [ 25.085629][ T292] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.107867][ T383] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.20: invalid indirect mapped block 8 (level 1) [ 25.121370][ T383] EXT4-fs (loop2): 1 truncate cleaned up [ 25.127363][ T383] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.138494][ T30] kauditd_printk_skb: 68 callbacks suppressed [ 25.138508][ T30] audit: type=1400 audit(1745209894.197:142): avc: denied { rmdir } for pid=292 comm="syz-executor" name="lost+found" dev="loop0" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.167595][ T292] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.205944][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.217921][ T30] audit: type=1400 audit(1745209894.247:143): avc: denied { create } for pid=382 comm="syz.2.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 25.237736][ T292] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.260456][ T30] audit: type=1400 audit(1745209894.247:144): avc: denied { bind } for pid=382 comm="syz.2.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 25.279920][ T292] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.298627][ T30] audit: type=1400 audit(1745209894.247:145): avc: denied { name_bind } for pid=382 comm="syz.2.20" src=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 25.319331][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.330827][ T30] audit: type=1400 audit(1745209894.247:146): avc: denied { node_bind } for pid=382 comm="syz.2.20" src=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 25.352114][ T292] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.373481][ T292] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.392106][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.403750][ T292] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.425529][ T292] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.444594][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.456407][ T292] EXT4-fs error (device loop0): ext4_readdir:263: inode #11: block 4: comm syz-executor: path /5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.478848][ T292] EXT4-fs error (device loop0): ext4_empty_dir:3145: inode #11: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=7947, rec_len=12, size=4096 fake=1 [ 25.497646][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.509544][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.528506][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.531078][ T30] audit: type=1400 audit(1745209894.587:147): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 25.539924][ T310] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.575401][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.599238][ T395] loop1: detected capacity change from 0 to 512 [ 25.606198][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.617049][ T30] audit: type=1400 audit(1745209894.627:148): avc: denied { create } for pid=389 comm="syz.1.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 25.626876][ T292] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.' [ 25.649883][ T30] audit: type=1400 audit(1745209894.707:149): avc: denied { name_bind } for pid=390 comm="syz.3.18" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 25.718288][ T395] EXT4-fs (loop1): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 25.733573][ T399] loop3: detected capacity change from 0 to 8192 [ 25.750904][ T395] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.806050][ T30] audit: type=1400 audit(1745209894.857:150): avc: denied { mount } for pid=398 comm="syz.3.25" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 25.840929][ T30] audit: type=1400 audit(1745209894.887:151): avc: denied { mounton } for pid=398 comm="syz.3.25" path="/2/file0/bus" dev="loop3" ino=1048595 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 25.866682][ T310] usb 5-1: Using ep0 maxpacket: 16 [ 25.874830][ T292] syz-executor (292) used greatest stack depth: 20688 bytes left [ 25.924832][ T407] loop2: detected capacity change from 0 to 256 [ 25.987855][ T410] loop3: detected capacity change from 0 to 1024 [ 25.996875][ T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.036843][ T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.047840][ T310] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 26.060881][ T310] usb 5-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 26.070261][ T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.081872][ T310] usb 5-1: config 0 descriptor?? [ 26.220737][ T410] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,nodioread_nolock,block_validity,max_batch_time=0x0000000000000002,,errors=continue. Quota mode: none. [ 26.324041][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.362406][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.394648][ T410] EXT4-fs error (device loop3): mb_free_blocks:1865: group 0, inode 15: block 161:freeing already freed block (bit 10); block bitmap corrupt. [ 26.411962][ T424] input: syz0 as /devices/virtual/input/input4 [ 26.428723][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.469766][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.489980][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.527642][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.547262][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.573248][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.591893][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.621485][ T422] netlink: 7 bytes leftover after parsing attributes in process `syz.1.33'. [ 26.769615][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.793956][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.829146][ T419] device bridge_slave_0 entered promiscuous mode [ 26.847726][ T326] device bridge_slave_1 left promiscuous mode [ 26.854000][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.876925][ T326] device bridge_slave_0 left promiscuous mode [ 26.887858][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.899829][ T326] device veth1_macvtap left promiscuous mode [ 26.905759][ T326] device veth0_vlan left promiscuous mode [ 26.978551][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 26.985274][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.016405][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.028939][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.035666][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.050970][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.055242][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.062306][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.064909][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.078614][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.082255][ T419] device bridge_slave_1 entered promiscuous mode [ 27.085388][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.111673][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.123009][ T310] wacom 0003:056A:0317.0001: unknown main item tag 0x0 [ 27.131078][ T310] wacom 0003:056A:0317.0001: Unknown device_type for 'HID 056a:0317'. Assuming pen. [ 27.149491][ T310] wacom 0003:056A:0317.0001: hidraw0: USB HID v0.00 Device [HID 056a:0317] on usb-dummy_hcd.4-1/input0 [ 27.161851][ T310] input: Wacom Intuos Pro L Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0317.0001/input/input5 [ 27.202805][ T310] usb 5-1: USB disconnect, device number 2 [ 27.256609][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.267394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.307176][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.318728][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.327094][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.333956][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.352591][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.377706][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.392509][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.400874][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.407742][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.423801][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.436100][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.454845][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.467636][ T419] device veth0_vlan entered promiscuous mode [ 27.473979][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.482126][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.489536][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.492056][ T468] loop2: detected capacity change from 0 to 1024 [ 27.504105][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.513955][ T419] device veth1_macvtap entered promiscuous mode [ 27.524901][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.535313][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.570649][ T468] EXT4-fs (loop2): Ignoring removed orlov option [ 27.592338][ T468] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,quota,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,acl,noauto_da_alloc,stripe=0x0000000000000005,orlov,,errors=continue. Quota mode: writeback. [ 27.625891][ T468] process 'syz.2.52' launched './file1' with NULL argv: empty string added [ 27.634972][ T468] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm syz.2.52: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.649272][ T468] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm syz.2.52: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.667299][ T468] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 27.677109][ T468] EXT4-fs error (device loop2): ext4_dirty_inode:6041: inode #15: comm syz.2.52: mark_inode_dirty error [ 27.702719][ T294] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm syz-executor: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.717213][ T294] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 27.731791][ T294] EXT4-fs error (device loop2): ext4_dirty_inode:6041: inode #2: comm syz-executor: mark_inode_dirty error [ 27.747976][ T294] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm syz-executor: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.764255][ T294] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm syz-executor: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.804486][ T492] loop1: detected capacity change from 0 to 512 [ 27.851876][ T492] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.864675][ T326] EXT4-fs error (device loop2): __ext4_get_inode_loc:4351: comm kworker/u4:4: Invalid inode table block 7168870734515466739 in block_group 0 [ 27.885132][ T492] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.114766][ T523] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.136261][ T523] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.160690][ T523] device bridge_slave_0 entered promiscuous mode [ 28.188783][ T523] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.196066][ T523] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.203035][ T20] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 28.214002][ T553] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8192 sclass=netlink_xfrm_socket pid=553 comm=syz.3.90 [ 28.215033][ T523] device bridge_slave_1 entered promiscuous mode [ 28.228332][ T553] ================================================================== [ 28.240481][ T553] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 28.249513][ T553] Read of size 1 at addr ffff888119504bf8 by task syz.3.90/553 [ 28.256884][ T553] [ 28.259051][ T553] CPU: 0 PID: 553 Comm: syz.3.90 Not tainted 5.15.180-syzkaller-android13-5.15.180_r00 #0 [ 28.268774][ T553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 28.278687][ T553] Call Trace: [ 28.281796][ T553] [ 28.284580][ T553] dump_stack_lvl+0x151/0x1c0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.289086][ T553] ? io_uring_drop_tctx_refs+0x190/0x190 [ 28.294555][ T553] ? panic+0x760/0x760 [ 28.298727][ T553] print_address_description+0x87/0x3b0 [ 28.304203][ T553] ? stack_trace_save+0x113/0x1c0 [ 28.309086][ T553] ? ___sys_sendmsg+0x252/0x2e0 [ 28.313761][ T553] kasan_report+0x179/0x1c0 [ 28.318102][ T553] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 28.324438][ T553] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 28.330779][ T553] __asan_report_load1_noabort+0x14/0x20 [ 28.336244][ T553] xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 28.342403][ T553] ? ____kasan_kmalloc+0xed/0x110 [ 28.347267][ T553] ? ____kasan_kmalloc+0xdb/0x110 [ 28.352124][ T553] ? xfrm_policy_addr_delta+0x24c/0x370 [ 28.357505][ T553] xfrm_policy_inexact_insert_node+0x917/0xb00 [ 28.363491][ T553] ? xfrm_policy_inexact_alloc_bin+0x651/0x1520 [ 28.369575][ T553] xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0 [ 28.375554][ T553] xfrm_policy_inexact_insert+0x6a/0x1160 [ 28.381108][ T553] ? __kasan_check_write+0x14/0x20 [ 28.386051][ T553] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 28.390912][ T553] ? policy_hash_bysel+0x137/0x700 [ 28.395860][ T553] xfrm_policy_insert+0xe7/0x940 [ 28.400637][ T553] xfrm_add_policy+0x4f2/0x980 [ 28.405234][ T553] ? cap_capable+0x1d2/0x270 [ 28.409659][ T553] ? xfrm_dump_sa_done+0xc0/0xc0 [ 28.414434][ T553] xfrm_user_rcv_msg+0x4f3/0x7d0 [ 28.419209][ T553] ? xfrm_netlink_rcv+0x90/0x90 [ 28.423899][ T553] ? avc_has_perm+0x16f/0x260 [ 28.428417][ T553] ? ____kasan_kmalloc+0xed/0x110 [ 28.433278][ T553] ? avc_has_perm_noaudit+0x430/0x430 [ 28.438479][ T553] ? x64_sys_call+0x16a/0x9a0 [ 28.442996][ T553] netlink_rcv_skb+0x1cf/0x410 [ 28.447590][ T553] ? xfrm_netlink_rcv+0x90/0x90 [ 28.452424][ T553] ? netlink_ack+0xb10/0xb10 [ 28.456814][ T553] ? mutex_lock+0xb6/0x1e0 [ 28.461086][ T553] ? wait_for_completion_killable_timeout+0x10/0x10 [ 28.467488][ T553] ? netlink_autobind+0x1a0/0x1a0 [ 28.472346][ T553] ? selinux_vm_enough_memory+0x170/0x170 [ 28.477897][ T553] xfrm_netlink_rcv+0x72/0x90 [ 28.482411][ T553] netlink_unicast+0x8df/0xac0 [ 28.487013][ T553] ? netlink_detachskb+0x90/0x90 [ 28.491787][ T553] ? security_netlink_send+0x7b/0xa0 [ 28.496906][ T553] netlink_sendmsg+0xa0a/0xd20 [ 28.501505][ T553] ? netlink_getsockopt+0x560/0x560 [ 28.506539][ T553] ? x64_sys_call+0x147/0x9a0 [ 28.511055][ T553] ? check_stack_object+0x114/0x130 [ 28.516086][ T553] ? security_socket_sendmsg+0x82/0xb0 [ 28.521381][ T553] ? netlink_getsockopt+0x560/0x560 [ 28.526414][ T553] ____sys_sendmsg+0x59e/0x8f0 [ 28.531013][ T553] ? iovec_from_user+0x2d9/0x330 [ 28.535801][ T553] ? __import_iovec+0x25e/0x420 [ 28.540655][ T553] ? __sys_sendmsg_sock+0x40/0x40 [ 28.545518][ T553] ___sys_sendmsg+0x252/0x2e0 [ 28.550033][ T553] ? __sys_sendmsg+0x260/0x260 [ 28.554637][ T553] ? percpu_counter_add_batch+0x13d/0x160 [ 28.560191][ T553] ? __fdget+0x1bc/0x240 [ 28.564262][ T553] __se_sys_sendmsg+0x19a/0x260 [ 28.568949][ T553] ? __x64_sys_sendmsg+0x90/0x90 [ 28.573721][ T553] ? __kasan_check_write+0x14/0x20 [ 28.578676][ T553] ? switch_fpu_return+0x15f/0x2e0 [ 28.583744][ T553] __x64_sys_sendmsg+0x7b/0x90 [ 28.588301][ T553] x64_sys_call+0x16a/0x9a0 [ 28.592641][ T553] do_syscall_64+0x3b/0x80 [ 28.596891][ T553] ? clear_bhb_loop+0x35/0x90 [ 28.601406][ T553] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.607136][ T553] RIP: 0033:0x7f12ff843169 [ 28.611391][ T553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 28.630828][ T553] RSP: 002b:00007f12fdeac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 28.639078][ T553] RAX: ffffffffffffffda RBX: 00007f12ffa6afa0 RCX: 00007f12ff843169 [ 28.646887][ T553] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007 [ 28.654699][ T553] RBP: 00007f12ff8c5a68 R08: 0000000000000000 R09: 0000000000000000 [ 28.662507][ T553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.670327][ T553] R13: 0000000000000000 R14: 00007f12ffa6afa0 R15: 00007ffde6bc20e8 [ 28.678140][ T553] [ 28.680996][ T553] [ 28.683165][ T553] Allocated by task 553: [ 28.687261][ T553] ____kasan_kmalloc+0xdb/0x110 [ 28.691933][ T553] __kasan_kmalloc+0x9/0x10 [ 28.696272][ T553] __kmalloc+0x13f/0x2c0 [ 28.700352][ T553] sk_prot_alloc+0xf9/0x330 [ 28.704712][ T553] sk_alloc+0x38/0x430 [ 28.708594][ T553] pfkey_create+0x12c/0x620 [ 28.712937][ T553] __sock_create+0x3be/0x7e0 [ 28.717364][ T553] __sys_socket+0x132/0x370 [ 28.721701][ T553] __x64_sys_socket+0x7a/0x90 [ 28.726213][ T553] x64_sys_call+0x147/0x9a0 [ 28.730556][ T553] do_syscall_64+0x3b/0x80 [ 28.734810][ T553] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 28.740535][ T553] [ 28.742706][ T553] The buggy address belongs to the object at ffff888119504800 [ 28.742706][ T553] which belongs to the cache kmalloc-1k of size 1024 [ 28.756595][ T553] The buggy address is located 1016 bytes inside of [ 28.756595][ T553] 1024-byte region [ffff888119504800, ffff888119504c00) [ 28.769875][ T553] The buggy address belongs to the page: [ 28.775345][ T553] page:ffffea0004654000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119500 [ 28.785496][ T553] head:ffffea0004654000 order:3 compound_mapcount:0 compound_pincount:0 [ 28.793658][ T553] flags: 0x4000000000010200(slab|head|zone=1) [ 28.799570][ T553] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043080 [ 28.807985][ T553] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 28.816393][ T553] page dumped because: kasan: bad access detected [ 28.822653][ T553] page_owner tracks the page as allocated [ 28.828196][ T553] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 290, ts 28179275849, free_ts 28165087440 [ 28.848424][ T553] post_alloc_hook+0x1a3/0x1b0 [ 28.853034][ T553] prep_new_page+0x1b/0x110 [ 28.857363][ T553] get_page_from_freelist+0x3550/0x35d0 [ 28.862742][ T553] __alloc_pages+0x27e/0x8f0 [ 28.867169][ T553] new_slab+0x9a/0x4e0 [ 28.871082][ T553] ___slab_alloc+0x39e/0x830 [ 28.875501][ T553] __slab_alloc+0x4a/0x90 [ 28.879669][ T553] __kmalloc+0x172/0x2c0 [ 28.883749][ T553] kvmalloc_node+0x1f0/0x4d0 [ 28.888177][ T553] xt_alloc_table_info+0x42/0xb0 [ 28.892951][ T553] do_ip6t_set_ctl+0x944/0x1100 [ 28.897641][ T553] nf_setsockopt+0x274/0x2a0 [ 28.902060][ T553] ipv6_setsockopt+0x1d13/0x3eb0 [ 28.906836][ T553] tcp_setsockopt+0x22d/0x3800 [ 28.911434][ T553] sock_common_setsockopt+0xa2/0xc0 [ 28.916471][ T553] __sys_setsockopt+0x475/0x7e0 [ 28.921155][ T553] page last free stack trace: [ 28.925677][ T553] free_unref_page_prepare+0x7c8/0x7d0 [ 28.930996][ T553] free_unref_page+0xe8/0x750 [ 28.935475][ T553] __free_pages+0x61/0xf0 [ 28.939733][ T553] __free_slab+0xec/0x1d0 [ 28.943898][ T553] __unfreeze_partials+0x165/0x1a0 [ 28.948841][ T553] put_cpu_partial+0xc4/0x120 [ 28.953355][ T553] __slab_free+0x1c8/0x290 [ 28.957607][ T553] ___cache_free+0x109/0x120 [ 28.962033][ T553] qlink_free+0x4d/0x90 [ 28.966027][ T553] qlist_free_all+0x44/0xb0 [ 28.970371][ T553] kasan_quarantine_reduce+0x15a/0x180 [ 28.975661][ T553] __kasan_slab_alloc+0x2f/0xe0 [ 28.980349][ T553] slab_post_alloc_hook+0x53/0x2c0 [ 28.985294][ T553] kmem_cache_alloc+0xf5/0x250 [ 28.989899][ T553] getname_flags+0xba/0x520 [ 28.994233][ T553] __x64_sys_unlinkat+0xb2/0xf0 [ 28.998924][ T553] [ 29.001094][ T553] Memory state around the buggy address: [ 29.006564][ T553] ffff888119504a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.014477][ T553] ffff888119504b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.022364][ T553] >ffff888119504b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 29.030264][ T553] ^ [ 29.038078][ T553] ffff888119504c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.045972][ T553] ffff888119504c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.053864][ T553] ================================================================== [ 29.061774][ T553] Disabling lock debugging due to kernel taint [ 29.241852][ T290] syz-executor (290) used greatest stack depth: 20640 bytes left [ 29.347365][ T8] device bridge_slave_1 left promiscuous mode [ 29.353444][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.360778][ T8] device bridge_slave_0 left promiscuous mode [ 29.366826][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.374450][ T8] device veth1_macvtap left promiscuous mode [ 29.380301][ T8] device veth0_vlan left promiscuous mode [ 31.017399][ T8] device bridge_slave_1 left promiscuous mode [ 31.023362][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.030923][ T8] device bridge_slave_0 left promiscuous mode [ 31.036969][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.044701][ T8] device bridge_slave_1 left promiscuous mode [ 31.050712][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.058086][ T8] device bridge_slave_0 left promiscuous mode [ 31.064007][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.071795][ T8] device bridge_slave_1 left promiscuous mode [ 31.077770][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.084947][ T8] device bridge_slave_0 left promiscuous mode [ 31.091009][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.098695][ T8] device bridge_slave_1 left promiscuous mode [ 31.104617][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.112006][ T8] device bridge_slave_0 left promiscuous mode [ 31.118046][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.125847][ T8] device bridge_slave_1 left promiscuous mode [ 31.131935][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.139374][ T8] device bridge_slave_0 left promiscuous mode [ 31.145299][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.153847][ T8] device veth1_macvtap left promiscuous mode [ 31.159702][ T8] device veth0_vlan left promiscuous mode [ 31.165532][ T8] device veth1_macvtap left promiscuous mode [ 31.171413][ T8] device veth0_vlan left promiscuous mode [ 31.177353][ T8] device veth1_macvtap left promiscuous mode [ 31.183177][ T8] device veth0_vlan left promiscuous mode [ 31.188917][ T8] device veth1_macvtap left promiscuous mode [ 31.194727][ T8] device veth0_vlan left promiscuous mode