last executing test programs: 1.648324578s ago: executing program 0 (id=559): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56441, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff2}, {0x2, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x400000}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x8000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.544180613s ago: executing program 0 (id=564): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "54fcc1dbadb00b50", "f4d095d17ba57f000000002c455700", "8da40d64", "eb034ea618e777ea"}, 0x28) sendto$inet6(r0, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x404c090) syz_emit_ethernet(0x6e, &(0x7f0000000a00)={@broadcast, @local, @val={@val={0x88a8, 0x1, 0x0, 0x4}, {0x8100, 0x5, 0x0, 0x2}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x30, 0x3a, 0xff, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @mcast1, @private2}}}}}}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x20000040) sendto$inet6(r0, &(0x7f0000000240)="c6", 0x3fff, 0x8040, 0x0, 0x0) 1.544070143s ago: executing program 0 (id=565): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffffffff000000003900000008000300", @ANYRES32=r2, @ANYBLOB="18005a801400018005000a"], 0x34}}, 0x0) 1.543923773s ago: executing program 0 (id=566): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x94, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000004240)=0xc3, 0x4) recvmmsg(r1, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=""/243, 0xf3}, 0xf338}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5c}, 0xd}], 0x3fffe16, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.484305246s ago: executing program 3 (id=570): getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x4000800) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000a00)=""/170, 0xaa}], 0x1}, 0x8}], 0x1, 0x40000082, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4089, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f0000000540)=""/158, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.468997376s ago: executing program 3 (id=571): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x2000000, 0xfffffffffffffffc}]}, 0x108) 1.339522202s ago: executing program 3 (id=572): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x80) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0xe, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x5}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x80) 1.260394615s ago: executing program 3 (id=575): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x8, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000004c0)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "7c80690ea8c8123e", "f92dafad9e3b473a1eaac151fe41ea97", "ee367a98", "74aff2072572aca8"}, 0x28) writev(r0, &(0x7f0000001780)=[{&(0x7f00000006c0)="ba", 0x1}], 0x1) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000004ffe60000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20], 0x48) ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x80047441, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x10000000000000, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 764.671267ms ago: executing program 2 (id=596): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdb0c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 764.552047ms ago: executing program 4 (id=597): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000300)=0x6, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 764.408246ms ago: executing program 2 (id=598): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4a0, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3d0, 0xffffffff, 0xffffffff, 0x3d0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0xff, 0xff, 0xff], [0xff000000, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1e8, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0xc9, 0x7a3, 0x6, 'snmp_trap\x00', {0x369bc443}}}}, {{@ipv6={@remote, @local, [0xffffff00, 0xffffffff, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'netpci0\x00', 'bridge_slave_1\x00', {}, {0xff}, 0x2b, 0x2, 0x5, 0x5}, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x29, 0x1, 0x1, 'syz0\x00'}}, @inet=@rpfilter={{0x28}, {0x1c}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) close(0x3) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 757.781647ms ago: executing program 4 (id=600): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x33}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 746.035657ms ago: executing program 2 (id=601): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast1, @dev={0xac, 0x14, 0x14, 0xf}, @multicast1}, 0xc) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e20, @private=0xa010101}}}, 0x108) 680.663561ms ago: executing program 1 (id=603): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10) unshare(0x22020400) 680.54679ms ago: executing program 4 (id=604): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000002000010027bd7000fcdbdf250a002040000000070107de5814000200fe880000000000000000989700000401080018"], 0x38}, 0x1, 0x0, 0x0, 0x24048844}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 680.500521ms ago: executing program 2 (id=605): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000040)={0x0, 0x10}, 0x19}, 0x0) 680.323211ms ago: executing program 4 (id=606): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000140)=@routing={0x3c, 0x0, 0x2, 0xb}, 0x8) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) 680.168231ms ago: executing program 2 (id=607): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200006600000000000000200000008500000027000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffffc}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 668.098701ms ago: executing program 1 (id=608): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000140)="280320000a00140000007ef506be00000000000000000000000000143baa111f1f858ce632f47042195e", 0x2a, 0x400c010, &(0x7f0000000080)={0x11, 0x3, r2, 0x1, 0xe5, 0x6, @random="76caa646ae4c"}, 0x14) 667.924651ms ago: executing program 4 (id=609): socket$nl_route(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000300)='cgroup.clone_children\x00', 0x2, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x1a0000010}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 651.101471ms ago: executing program 1 (id=610): mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x4, 0x32, 0xffffffffffffffff, 0x8528c000) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="19000000040000000400000001"], 0x1d) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x13, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x41da}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x480}}, [@alu={0x7, 0x0, 0xd, 0x0, 0xb, 0xffffffffffffffc6, 0x1}, @jmp={0x5, 0x0, 0x3, 0x0, 0x8, 0xfffffffffffffff4}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0xae}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x40000000}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0xffe, &(0x7f0000000cc0)=""/4094, 0x41100, 0x48}, 0x94) 650.835712ms ago: executing program 2 (id=611): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) 589.785275ms ago: executing program 1 (id=612): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='timer_start\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)) 589.643084ms ago: executing program 4 (id=613): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001740), 0x80000, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) pread64(r0, &(0x7f0000000000)=""/178, 0xb2, 0x4) 589.396824ms ago: executing program 1 (id=614): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x4) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x800448d2, &(0x7f0000000100)) 528.552397ms ago: executing program 0 (id=615): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_read_part_table(0x5ea, &(0x7f0000000000)="$eJzs1D9rG2ccB/DfyVGtuA4yJR1KOwQiMqUNNEMyRNBSFOElCqUtLXRuyZAOgQwZjIycOY3fQE39B4wX492jqQvFBrsdjEajN2DjRUO5It1da28FtdgOn8/w/NE9z/0eSd+74FIrRbmcD8eH7bUzs0ylOmh/j5iNiD/TTCkivlxrPJy+8fjTz78YzJKIaHwwOdyS5FvT/D4b+byVzccGzUTE8drUzs397dpSKb++WcqqPD1cHhaN7+eLQ5w60Nh/+yNwaa3Xf6nOvXzWfPWi/uSgOdO7GxMxDPS9xQeDqH2dB2uYqzTKp/emadoeuX7EoH4RyF5t7/7Kbto6yh+Sv++fjlqIC2n9rYgY5u+bdwf5W7je6Xb6j26tPr9z+53uVvt1/iI8KV6ISUxkkSyf36EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA30vrVqM61SxHxSURc7d397sPG+z82fpi/t/ig/dV7k8W6zVLWVyIi+Wf7lZHr15Nk7uWz5qsX9SezzZlebe/+ym7aOvrp2kfl7b3+x7+OWoALrcjS4P8/aM70Fq53up3+o1urz+/cTrpb7df5gpNToaucy0kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMui8XD6RjkffxsxG1eycTqe9Ul+bSPvW/nn0+Nj8fNvnx2vTe3c3N+uLT1e/qNY3X87Ip4eLlfPVpoqBpViMPl/fSn+tb8CAAD//8bHfPo=") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x4, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sync() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001300)=@newtfilter={0x2c, 0x2c, 0xd2b, 0x70bd29, 0x35dfdbfb, {0x0, 0x0, 0x0, r4, {0x7}, {}, {0x7, 0xfff3}}, [@TCA_CHAIN={0x8, 0xb, 0x10001}]}, 0x2c}}, 0x24040084) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x18) r6 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8) inotify_init1(0x800) fcntl$setstatus(r6, 0x4, 0x2c00) 528.100887ms ago: executing program 1 (id=616): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) fchdir(0xffffffffffffffff) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'xfrm0\x00', 0x0}) setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote, r6}, 0x14) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000040)={@rand_addr=' \x01\x00', r6}, 0x14) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) socket$packet(0x11, 0x2, 0x300) socket$key(0xf, 0x3, 0x2) 219.21728ms ago: executing program 3 (id=617): r0 = gettid() timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) readv(r1, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0xce}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 144.355274ms ago: executing program 0 (id=618): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='netlink_extack\x00', r5}, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x3, 0xfffffffc, 0x8}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) 0s ago: executing program 3 (id=619): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv6_delrule={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, 0x8, 0x3, 0x0, 0x6, 0x2}}, 0x1c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.217' (ED25519) to the list of known hosts. [ 19.168275][ T30] audit: type=1400 audit(1764954698.678:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.169566][ T273] cgroup: Unknown subsys name 'net' [ 19.172075][ T30] audit: type=1400 audit(1764954698.678:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.176514][ T30] audit: type=1400 audit(1764954698.678:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.176776][ T273] cgroup: Unknown subsys name 'devices' [ 19.325569][ T273] cgroup: Unknown subsys name 'hugetlb' [ 19.331174][ T273] cgroup: Unknown subsys name 'rlimit' [ 19.497459][ T30] audit: type=1400 audit(1764954699.008:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.521010][ T30] audit: type=1400 audit(1764954699.008:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.528063][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.545968][ T30] audit: type=1400 audit(1764954699.008:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.577383][ T30] audit: type=1400 audit(1764954699.068:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.589370][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.602991][ T30] audit: type=1400 audit(1764954699.068:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.637492][ T30] audit: type=1400 audit(1764954699.098:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.663195][ T30] audit: type=1400 audit(1764954699.098:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.258858][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.266081][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.273548][ T281] device bridge_slave_0 entered promiscuous mode [ 21.284081][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.291120][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.298425][ T284] device bridge_slave_0 entered promiscuous mode [ 21.305107][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.312121][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.319580][ T281] device bridge_slave_1 entered promiscuous mode [ 21.333369][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.340464][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.347904][ T284] device bridge_slave_1 entered promiscuous mode [ 21.380424][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.387485][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.395036][ T282] device bridge_slave_0 entered promiscuous mode [ 21.409819][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.416885][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.424271][ T282] device bridge_slave_1 entered promiscuous mode [ 21.462005][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.469075][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.476437][ T285] device bridge_slave_0 entered promiscuous mode [ 21.483189][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.490238][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.497633][ T285] device bridge_slave_1 entered promiscuous mode [ 21.522584][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.529710][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.537133][ T283] device bridge_slave_0 entered promiscuous mode [ 21.556180][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.563228][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.570863][ T283] device bridge_slave_1 entered promiscuous mode [ 21.712916][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.719998][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.727315][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.734349][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.749585][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.756647][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.763935][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.770960][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.784889][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.791928][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.805395][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.812436][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.819712][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.826929][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.839160][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.846233][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.853486][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.860526][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.900501][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.909575][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.916814][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.925184][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.932324][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.939575][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.946835][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.954149][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.961278][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.968510][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.994128][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.001894][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.009858][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.017375][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.025011][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.033108][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.040155][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.047854][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.056284][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.064429][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.071433][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.078790][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.086932][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.093964][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.101274][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.109436][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.116460][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.123960][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.131980][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.140276][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.147316][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.155239][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.185243][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.194302][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.202445][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.209489][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.217521][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.225807][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.232838][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.240304][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.248562][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.255586][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.262927][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.270888][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.279316][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.287558][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.294581][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.301901][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.309933][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.317861][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.325827][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.343892][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.352296][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.360633][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.370148][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.386377][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.394492][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.402367][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.410552][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.418641][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.426680][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.434782][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.442215][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.451374][ T284] device veth0_vlan entered promiscuous mode [ 22.463110][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.471133][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.479302][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.487964][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.496482][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.504063][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.514771][ T285] device veth0_vlan entered promiscuous mode [ 22.523703][ T282] device veth0_vlan entered promiscuous mode [ 22.530490][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.538441][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.546619][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.554265][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.562092][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.570347][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.591284][ T282] device veth1_macvtap entered promiscuous mode [ 22.598852][ T284] device veth1_macvtap entered promiscuous mode [ 22.606999][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.614797][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.623061][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.631628][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.640135][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.648582][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.656880][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.665203][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.672793][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.680857][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.688975][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.696493][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.705683][ T281] device veth0_vlan entered promiscuous mode [ 22.712499][ T283] device veth0_vlan entered promiscuous mode [ 22.725618][ T285] device veth1_macvtap entered promiscuous mode [ 22.736730][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.744750][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.752648][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.761130][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.769616][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.778081][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.786519][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.794833][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.802912][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.810709][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.819188][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.827816][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.836076][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.844671][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.852260][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.862974][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.871327][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.888446][ T283] device veth1_macvtap entered promiscuous mode [ 22.895505][ T285] request_module fs-gadgetfs succeeded, but still no fs? [ 22.907867][ T281] device veth1_macvtap entered promiscuous mode [ 22.915132][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.922824][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.931260][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.939777][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.947995][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.956480][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.964735][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.972816][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.982991][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.991499][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.017447][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.028419][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.044312][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.052681][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.079269][ T337] loop2: detected capacity change from 0 to 512 [ 23.106220][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.110773][ T343] loop3: detected capacity change from 0 to 128 [ 23.125290][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.129676][ T337] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.320716][ T343] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 23.331934][ T349] netlink: 51 bytes leftover after parsing attributes in process `syz.0.1'. [ 23.342226][ T337] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 23.363947][ T343] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 23.410377][ T337] EXT4-fs (loop2): 1 truncate cleaned up [ 23.431050][ T345] syz.1.2 (345) used greatest stack depth: 20736 bytes left [ 23.444850][ T337] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.obj_user=¿ÒPo¶Á´8+QÉq…®àL©a-OÈ )übÌXû\î(™¿jKÜÍ£3ÅB£×C1ûHgs袗æ÷wø§ ê&b?ÉT¶:šÌkBïX LWr*vW©Fv Au g¥ :(³c¤[dŽx˜J#±Lžau‡íÝ{‰Ð­;Æ`ü-¢î. Quota mode: writeback. [ 23.629048][ T337] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.3: Invalid block bitmap block 3 in block_group 0 [ 23.646525][ T343] EXT4-fs error (device loop3): dx_make_map:1328: inode #2: block 63: comm syz.3.4: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 23.703660][ T337] EXT4-fs (loop2): Remounting filesystem read-only [ 23.714285][ T337] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 23.733359][ T337] EXT4-fs (loop2): Remounting filesystem read-only [ 23.743312][ T337] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3: invalid indirect mapped block 1024 (level 1) [ 23.756812][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 23.774107][ T337] EXT4-fs (loop2): Remounting filesystem read-only [ 23.778220][ T343] EXT4-fs error (device loop3) in do_split:2095: Corrupt filesystem [ 23.786684][ T364] loop4: detected capacity change from 0 to 16 [ 23.797950][ T362] EXT4-fs (loop2): shut down requested (1) [ 23.813890][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 23.828468][ T343] EXT4-fs error (device loop3): dx_make_map:1328: inode #2: block 63: comm syz.3.4: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 23.846784][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 23.853303][ T343] EXT4-fs error (device loop3) in do_split:2095: Corrupt filesystem [ 23.868023][ T364] erofs: (device loop4): mounted with root inode @ nid 36. [ 23.873762][ T301] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.891749][ T343] EXT4-fs (loop3): Remounting filesystem read-only [ 23.891811][ T366] Illegal XDP return value 4294967274, expect packet loss! [ 24.016910][ T380] loop3: detected capacity change from 0 to 512 [ 24.024970][ T377] tc_dump_action: action bad kind [ 24.035217][ T382] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.105784][ T388] loop4: detected capacity change from 0 to 512 [ 24.130162][ T388] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.196397][ T380] EXT4-fs (loop3): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback. [ 24.209104][ T380] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.298934][ T380] EXT4-fs error (device loop3): ext4_ind_map_blocks:604: inode #18: comm syz.3.15: Can't allocate blocks for non-extent mapped inodes with bigalloc [ 24.315298][ T380] EXT4-fs (loop3): Remounting filesystem read-only [ 24.343823][ T385] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 24.422430][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 24.422452][ T30] audit: type=1400 audit(1764954703.928:151): avc: denied { setcurrent } for pid=390 comm="syz.4.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.449471][ T30] audit: type=1400 audit(1764954703.928:152): avc: denied { create } for pid=390 comm="syz.4.19" dev="anon_inodefs" ino=16475 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 24.541885][ T30] audit: type=1400 audit(1764954703.928:153): avc: denied { ioctl } for pid=390 comm="syz.4.19" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=16475 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 24.569644][ T30] audit: type=1400 audit(1764954703.928:154): avc: denied { create } for pid=390 comm="syz.4.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 24.596671][ T301] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 24.612841][ T301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.640575][ T301] usb 2-1: config 0 descriptor?? [ 24.768557][ T385] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 24.779970][ T385] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 65535, setting to 8 [ 24.791351][ T385] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 24.800564][ T385] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.833882][ T377] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 24.863789][ T373] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.896689][ T418] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29'. [ 24.897089][ T30] audit: type=1400 audit(1764954704.408:155): avc: denied { getopt } for pid=411 comm="syz.4.29" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 25.054428][ T30] audit: type=1400 audit(1764954704.568:156): avc: denied { read } for pid=376 comm="syz.0.16" dev="nsfs" ino=4026532294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 25.056341][ T377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 25.083956][ T30] audit: type=1400 audit(1764954704.568:157): avc: denied { open } for pid=376 comm="syz.0.16" path="net:[4026532294]" dev="nsfs" ino=4026532294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 25.107042][ T30] audit: type=1400 audit(1764954704.568:158): avc: denied { create } for pid=376 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 25.107746][ T20] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.126948][ T30] audit: type=1400 audit(1764954704.568:159): avc: denied { write } for pid=376 comm="syz.0.16" path="socket:[15867]" dev="sockfs" ino=15867 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 25.134234][ T373] usb 4-1: Using ep0 maxpacket: 8 [ 25.162824][ T385] usb 1-1: string descriptor 0 read error: -71 [ 25.164191][ T30] audit: type=1400 audit(1764954704.568:160): avc: denied { ioctl } for pid=376 comm="syz.0.16" path="socket:[15869]" dev="sockfs" ino=15869 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.169402][ T385] hub 1-1:32.0: USB hub found [ 25.253937][ T385] hub 1-1:32.0: config failed, can't read hub descriptor (err -22) [ 25.303818][ T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.315083][ T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.315570][ T385] usb 1-1: USB disconnect, device number 2 [ 25.324950][ T373] usb 4-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice= 0.00 [ 25.339871][ T373] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.348626][ T373] usb 4-1: config 0 descriptor?? [ 25.551087][ T418] syz.4.29 (418) used greatest stack depth: 20064 bytes left [ 25.558623][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.569622][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.579376][ T20] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 25.595327][ T20] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 25.605099][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.635233][ T20] usb 3-1: config 0 descriptor?? [ 26.249869][ T373] apple 0003:05AC:0274.0001: unknown main item tag 0x0 [ 26.257149][ T373] apple 0003:05AC:0274.0001: unknown main item tag 0x0 [ 26.264645][ T373] apple 0003:05AC:0274.0001: unknown main item tag 0x0 [ 26.271519][ T373] apple 0003:05AC:0274.0001: unknown main item tag 0x0 [ 26.278722][ T373] apple 0003:05AC:0274.0001: unknown main item tag 0x0 [ 26.286457][ T373] apple 0003:05AC:0274.0001: hidraw0: USB HID v0.00 Device [HID 05ac:0274] on usb-dummy_hcd.3-1/input0 [ 26.393548][ T436] loop0: detected capacity change from 0 to 1024 [ 26.415458][ T385] usb 4-1: USB disconnect, device number 2 [ 26.426543][ T436] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 26.434810][ T436] EXT4-fs (loop0): orphan cleanup on readonly fs [ 26.441367][ T436] EXT4-fs error (device loop0): ext4_free_blocks:6218: comm syz.0.35: Freeing blocks not in datazone - block = 0, count = 4096 [ 26.443786][ T301] usb 2-1: Cannot set autoneg [ 26.459367][ T301] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -32 [ 26.459387][ T436] EXT4-fs (loop0): 1 orphan inode deleted [ 26.473426][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.541338][ T439] input: syz1 as /devices/virtual/input/input4 [ 26.559249][ T441] loop0: detected capacity change from 0 to 512 [ 26.565609][ T6] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 26.574112][ T441] EXT4-fs (loop0): Mount option "dioread_lock" incompatible with ext3 [ 26.622880][ T443] loop0: detected capacity change from 0 to 512 [ 26.634842][ T20] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 26.643511][ T20] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 26.725835][ T443] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 26.738921][ T443] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 26.750084][ T443] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.38: invalid indirect mapped block 4294967295 (level 0) [ 26.764366][ T443] EXT4-fs (loop0): Remounting filesystem read-only [ 26.770903][ T443] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.38: invalid indirect mapped block 4294967295 (level 1) [ 26.785201][ T443] EXT4-fs (loop0): Remounting filesystem read-only [ 26.791806][ T443] EXT4-fs (loop0): 1 orphan inode deleted [ 26.797728][ T443] EXT4-fs (loop0): 1 truncate cleaned up [ 26.803363][ T443] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,lazytime,block_validity,block_validity,block_validity,quota,jqfmt=vfsv0,. Quota mode: writeback. [ 26.839852][ T20] usb 3-1: USB disconnect, device number 2 [ 26.933812][ T6] usb 5-1: config index 0 descriptor too short (expected 539, got 27) [ 26.952246][ T6] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 27.853813][ T6] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 27.862892][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.871477][ T6] usb 5-1: Product: syz [ 27.881323][ T26] usb 2-1: USB disconnect, device number 2 [ 27.883895][ T6] usb 5-1: Manufacturer: syz [ 27.893056][ T6] usb 5-1: SerialNumber: syz [ 27.898487][ T6] usb 5-1: config 0 descriptor?? [ 27.905149][ T470] loop1: detected capacity change from 0 to 1024 [ 27.913779][ T427] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 27.931972][ T474] loop2: detected capacity change from 0 to 128 [ 27.938720][ T6] hub 5-1:0.0: bad descriptor, ignoring hub [ 27.946016][ T6] hub: probe of 5-1:0.0 failed with error -5 [ 27.952087][ T470] EXT4-fs (loop1): Unrecognized mount option "mask=MAY_WRITE" or missing value [ 28.634023][ T429] usb 5-1: USB disconnect, device number 2 [ 28.653963][ T461] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 28.891591][ T483] Zero length message leads to an empty skb [ 28.943812][ T461] usb 1-1: Using ep0 maxpacket: 16 [ 28.964090][ T487] loop3: detected capacity change from 0 to 512 [ 29.749403][ T487] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.761747][ T487] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.793812][ T461] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 29.820735][ T499] loop2: detected capacity change from 0 to 512 [ 29.851724][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 29.851738][ T30] audit: type=1400 audit(1764954709.358:184): avc: denied { read } for pid=500 comm="syz.3.51" path="/8/file0/core" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 29.872457][ T500] syz.3.51 (500) used greatest stack depth: 20000 bytes left [ 29.936382][ T30] audit: type=1400 audit(1764954709.428:185): avc: denied { write } for pid=501 comm="syz.1.57" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.957431][ T499] EXT4-fs (loop2): Ignoring removed orlov option [ 29.994089][ T461] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 30.029896][ T461] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.031980][ T499] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.52: inode #1: comm syz.2.52: iget: illegal inode # [ 30.051126][ T499] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.52: error while reading EA inode 1 err=-117 [ 30.063812][ T499] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.077135][ T499] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.52: inode #1: comm syz.2.52: iget: illegal inode # [ 30.090174][ T499] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.52: error while reading EA inode 1 err=-117 [ 30.102597][ T499] EXT4-fs (loop2): 1 orphan inode deleted [ 30.108367][ T499] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,orlov,debug_want_extra_isize=0x000000000000004c,auto_da_alloc=0x00000000000007ff,resgid=0x0000000000000000,acl,usrjquota=,grpjquota=,usrquota,dioread_lock,,errors=continue. Quota mode: writeback. [ 30.135882][ T461] usb 1-1: Product: syz [ 30.140068][ T461] usb 1-1: Manufacturer: syz [ 30.145635][ T461] usb 1-1: SerialNumber: syz [ 30.150883][ T461] usb 1-1: config 0 descriptor?? [ 30.185683][ T30] audit: type=1400 audit(1764954709.698:186): avc: denied { ioctl } for pid=511 comm="syz.4.61" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.211495][ T461] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 30.221306][ T30] audit: type=1400 audit(1764954709.728:187): avc: denied { create } for pid=514 comm="syz.4.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.235042][ T517] loop3: detected capacity change from 0 to 256 [ 30.258924][ T519] loop4: detected capacity change from 0 to 512 [ 30.268057][ T30] audit: type=1400 audit(1764954709.758:188): avc: denied { write } for pid=514 comm="syz.4.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.288169][ T30] audit: type=1400 audit(1764954709.758:189): avc: denied { nlmsg_write } for pid=514 comm="syz.4.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.288905][ T461] usb 1-1: Detected FT232RL [ 30.314058][ T517] ======================================================= [ 30.314058][ T517] WARNING: The mand mount option has been deprecated and [ 30.314058][ T517] and is ignored by this kernel. Remove the mand [ 30.314058][ T517] option from the mount to silence this warning. [ 30.314058][ T517] ======================================================= [ 30.350203][ T519] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 30.361573][ T519] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.380030][ T517] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.390920][ T517] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 30.400737][ T517] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 30.433784][ T461] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 30.446125][ T30] audit: type=1400 audit(1764954709.958:190): avc: denied { mounton } for pid=521 comm="syz.1.65" path="/11/file0" dev="tmpfs" ino=77 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 30.546375][ T30] audit: type=1400 audit(1764954709.958:191): avc: denied { write } for pid=516 comm="syz.3.59" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.746113][ T30] audit: type=1400 audit(1764954709.958:192): avc: denied { add_name } for pid=516 comm="syz.3.59" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.818123][ T461] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 30.896394][ T30] audit: type=1400 audit(1764954709.958:193): avc: denied { associate } for pid=516 comm="syz.3.59" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 31.082098][ T461] usb 1-1: USB disconnect, device number 3 [ 31.117338][ T461] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 31.181060][ T461] ftdi_sio 1-1:0.0: device disconnected [ 31.717851][ T555] loop4: detected capacity change from 0 to 2048 [ 32.167245][ T555] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.732563][ T598] loop0: detected capacity change from 0 to 128 [ 33.785486][ T598] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 33.818964][ T598] ext4 filesystem being mounted at /17/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 33.851069][ T461] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 33.933102][ T598] EXT4-fs error (device loop0): dx_make_map:1328: inode #2: block 63: comm syz.0.84: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 33.979900][ T598] EXT4-fs (loop0): Remounting filesystem read-only [ 33.992421][ T598] EXT4-fs error (device loop0) in do_split:2095: Corrupt filesystem [ 34.000741][ T598] EXT4-fs (loop0): Remounting filesystem read-only [ 34.008660][ T598] EXT4-fs error (device loop0): dx_make_map:1328: inode #2: block 63: comm syz.0.84: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 34.105418][ T598] EXT4-fs (loop0): Remounting filesystem read-only [ 34.111960][ T598] EXT4-fs error (device loop0) in do_split:2095: Corrupt filesystem [ 34.148726][ T598] EXT4-fs (loop0): Remounting filesystem read-only [ 34.167003][ T656] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=656 comm=syz.4.116 [ 34.304307][ T680] loop2: detected capacity change from 0 to 128 [ 34.314750][ T682] netlink: 4 bytes leftover after parsing attributes in process `syz.4.126'. [ 34.321267][ T684] netlink: 104 bytes leftover after parsing attributes in process `syz.0.130'. [ 34.403821][ T461] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 34.412891][ T461] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.423302][ T680] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 34.423360][ T461] usb 2-1: Product: syz [ 34.440334][ T711] netlink: 28 bytes leftover after parsing attributes in process `syz.4.142'. [ 34.444346][ T680] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 34.451002][ T461] usb 2-1: Manufacturer: syz [ 34.541460][ T461] usb 2-1: SerialNumber: syz [ 34.547035][ T723] netpci0: tun_chr_ioctl cmd 1074025677 [ 34.555001][ T723] netpci0: linktype set to 773 [ 34.555009][ T724] EXT4-fs error (device loop2): dx_make_map:1328: inode #2: block 63: comm syz.2.129: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 34.586262][ T724] EXT4-fs (loop2): Remounting filesystem read-only [ 34.598804][ T724] EXT4-fs error (device loop2) in do_split:2095: Corrupt filesystem [ 34.609499][ T724] EXT4-fs (loop2): Remounting filesystem read-only [ 34.618493][ T734] sch_tbf: burst 3 is lower than device ip6tnl0 mtu (1452) ! [ 34.622779][ T724] EXT4-fs error (device loop2): dx_make_map:1328: inode #2: block 63: comm syz.2.129: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 34.645292][ T724] EXT4-fs (loop2): Remounting filesystem read-only [ 34.651819][ T724] EXT4-fs error (device loop2) in do_split:2095: Corrupt filesystem [ 34.661550][ T724] EXT4-fs (loop2): Remounting filesystem read-only [ 34.757414][ T760] sch_tbf: burst 3 is lower than device ip6tnl0 mtu (1452) ! [ 34.863458][ T784] netlink: 12 bytes leftover after parsing attributes in process `syz.4.178'. [ 34.902760][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 34.902773][ T30] audit: type=1400 audit(2000000002.140:226): avc: denied { create } for pid=789 comm="syz.0.181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 35.153407][ T30] audit: type=1400 audit(2000000002.390:227): avc: denied { read } for pid=828 comm="syz.3.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.305972][ T30] audit: type=1400 audit(2000000002.550:228): avc: denied { connect } for pid=860 comm="syz.4.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 35.398814][ T30] audit: type=1400 audit(2000000002.640:229): avc: denied { ioctl } for pid=870 comm="syz.4.220" path="socket:[17270]" dev="sockfs" ino=17270 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.441043][ T30] audit: type=1400 audit(2000000002.680:230): avc: denied { map } for pid=874 comm="syz.4.222" path="socket:[17281]" dev="sockfs" ino=17281 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 35.527498][ T30] audit: type=1400 audit(2000000002.770:231): avc: denied { create } for pid=890 comm="syz.4.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 35.568681][ T30] audit: type=1400 audit(2000000002.810:232): avc: denied { create } for pid=896 comm="syz.4.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 35.598186][ T30] audit: type=1400 audit(2000000002.840:233): avc: denied { getopt } for pid=896 comm="syz.4.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.641924][ T911] netlink: 43 bytes leftover after parsing attributes in process `syz.2.240'. [ 35.686330][ T461] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 35.692827][ T461] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 35.701665][ T461] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 35.781731][ T30] audit: type=1400 audit(2000000003.020:234): avc: denied { connect } for pid=938 comm="syz.4.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 35.811421][ T30] audit: type=1400 audit(2000000003.050:235): avc: denied { read write } for pid=942 comm="syz.2.256" name="ppp" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 35.916902][ T461] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 35.952954][ T461] usb 2-1: USB disconnect, device number 3 [ 35.995860][ T461] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 36.034797][ T981] netlink: 12 bytes leftover after parsing attributes in process `syz.4.273'. [ 36.063601][ T983] tipc: Started in network mode [ 36.102988][ T983] tipc: Node identity 6e267caaa1f4, cluster identity 4711 [ 36.126772][ T983] tipc: Enabled bearer , priority 0 [ 36.141842][ T996] tipc: Started in network mode [ 36.148959][ T996] tipc: Node identity ff75, cluster identity 4711 [ 36.163585][ T996] tipc: Enabling of bearer rejected, failed to enable media [ 36.185201][ T1001] device syzkaller0 entered promiscuous mode [ 36.195807][ T983] tipc: Resetting bearer [ 36.205886][ T982] tipc: Resetting bearer [ 36.214905][ T982] tipc: Disabling bearer [ 36.236006][ T1016] tipc: Started in network mode [ 36.240988][ T1016] tipc: Node identity 0636225f8a5c, cluster identity 4711 [ 36.248800][ T1016] tipc: Enabled bearer , priority 0 [ 36.257630][ T1019] tipc: Enabled bearer , priority 0 [ 36.270007][ T1019] device syzkaller0 entered promiscuous mode [ 36.282819][ T1016] device syzkaller0 entered promiscuous mode [ 36.291998][ T1019] tipc: Resetting bearer [ 36.303350][ T1018] tipc: Resetting bearer [ 36.322169][ T1018] tipc: Disabling bearer [ 36.337566][ T1016] tipc: Resetting bearer [ 36.344076][ T1015] tipc: Resetting bearer [ 36.356285][ T1015] tipc: Disabling bearer [ 36.406579][ T1049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'. [ 36.427165][ T1049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'. [ 36.678260][ T1101] netlink: 44 bytes leftover after parsing attributes in process `syz.3.318'. [ 36.792889][ T1126] netlink: 28 bytes leftover after parsing attributes in process `syz.1.332'. [ 36.999541][ T1167] netlink: 'syz.0.351': attribute type 10 has an invalid length. [ 37.208512][ T1214] tipc: Started in network mode [ 37.213621][ T1214] tipc: Node identity ae5122a0eae8, cluster identity 4711 [ 37.224640][ T1214] tipc: Enabled bearer , priority 0 [ 37.241387][ T1214] device syzkaller0 entered promiscuous mode [ 37.262100][ T1214] tipc: Resetting bearer [ 37.281877][ T1213] tipc: Resetting bearer [ 37.293889][ T1213] tipc: Disabling bearer [ 37.372080][ T1244] device veth1_macvtap left promiscuous mode [ 37.408347][ T1254] netlink: 'syz.0.394': attribute type 46 has an invalid length. [ 37.617407][ T1294] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 37.653775][ T1294] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=1294 comm=syz.4.413 [ 37.803308][ T1324] device syzkaller0 entered promiscuous mode [ 38.786225][ T1427] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.793498][ T1427] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.417511][ T1551] loop2: detected capacity change from 0 to 128 [ 39.484802][ T1551] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 39.515827][ T1551] ext4 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.610761][ T1589] EXT4-fs error (device loop2): dx_make_map:1328: inode #2: block 63: comm syz.2.535: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 39.635660][ T1589] EXT4-fs (loop2): Remounting filesystem read-only [ 39.653371][ T1589] EXT4-fs error (device loop2) in do_split:2095: Corrupt filesystem [ 39.666418][ T1589] EXT4-fs (loop2): Remounting filesystem read-only [ 39.677123][ T1589] EXT4-fs error (device loop2): dx_make_map:1328: inode #2: block 63: comm syz.2.535: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 39.681434][ T1603] tipc: Enabled bearer , priority 0 [ 39.695517][ T1589] EXT4-fs (loop2): Remounting filesystem read-only [ 39.709720][ T1589] EXT4-fs error (device loop2) in do_split:2095: Corrupt filesystem [ 39.721066][ T1589] EXT4-fs (loop2): Remounting filesystem read-only [ 39.734096][ T1603] device syzkaller0 entered promiscuous mode [ 39.742681][ T1603] tipc: Resetting bearer [ 39.751578][ T1602] tipc: Resetting bearer [ 39.758097][ T1602] tipc: Disabling bearer [ 39.764683][ T1609] netlink: 'syz.3.562': attribute type 12 has an invalid length. [ 39.849043][ T1622] netlink: 'syz.3.568': attribute type 3 has an invalid length. [ 40.378399][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 40.378413][ T30] audit: type=1400 audit(2000000007.620:273): avc: denied { read } for pid=1659 comm="syz.2.585" path="socket:[19967]" dev="sockfs" ino=19967 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.388467][ T1662] __nla_validate_parse: 6 callbacks suppressed [ 40.388483][ T1662] netlink: 40 bytes leftover after parsing attributes in process `syz.4.586'. [ 40.838883][ T1722] loop0: detected capacity change from 0 to 2048 [ 40.904328][ T347] loop0: p1 < > p3 p4 [ 40.909158][ T347] loop0: p3 size 54016 extends beyond EOD, truncated [ 40.959839][ T347] loop0: p4 start 4294967295 is beyond EOD, truncated [ 41.068149][ T30] audit: type=1400 audit(2000000008.210:274): avc: denied { write } for pid=1723 comm="syz.1.616" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 41.149259][ T1722] loop0: p1 < > p3 p4 [ 41.156272][ T30] audit: type=1400 audit(2000000008.400:275): avc: denied { wake_alarm } for pid=1731 comm="syz.3.617" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 41.162997][ T1722] loop0: p3 size 54016 extends beyond EOD, truncated [ 41.187828][ T1722] loop0: p4 start 4294967295 is beyond EOD, truncated [ 41.204396][ T1722] syz.0.615 (1722) used greatest stack depth: 19872 bytes left [ 41.298695][ T346] udevd[346]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 41.298708][ T347] udevd[347]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 41.324531][ T1738] IPv6: NLM_F_CREATE should be specified when creating new route [ 41.329270][ T347] udevd[347]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 41.332442][ T1738] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 41.343219][ T346] udevd[346]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 41.349230][ T1738] IPv6: NLM_F_CREATE should be set when creating new route [ 41.366518][ T1738] IPv6: NLM_F_CREATE should be set when creating new route [ 41.374705][ T1736] ================================================================== [ 41.383409][ T1736] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 41.390977][ T1740] loop3: detected capacity change from 0 to 512 [ 41.391597][ T1736] Read of size 8 at addr ffff88810eca1bc0 by task syz.0.618/1736 [ 41.405526][ T1736] [ 41.407839][ T1736] CPU: 1 PID: 1736 Comm: syz.0.618 Not tainted syzkaller #0 [ 41.415097][ T1736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 41.425148][ T1736] Call Trace: [ 41.428409][ T1736] [ 41.431321][ T1736] __dump_stack+0x21/0x30 [ 41.435634][ T1736] dump_stack_lvl+0xee/0x150 [ 41.440220][ T1736] ? show_regs_print_info+0x20/0x20 [ 41.445400][ T1736] ? load_image+0x3a0/0x3a0 [ 41.449920][ T1736] print_address_description+0x7f/0x2c0 [ 41.455463][ T1736] ? tc_setup_flow_action+0x870/0x3240 [ 41.460905][ T1736] kasan_report+0xf1/0x140 [ 41.465331][ T1736] ? tc_setup_flow_action+0x870/0x3240 [ 41.470773][ T1736] __asan_report_load8_noabort+0x14/0x20 [ 41.476389][ T1736] tc_setup_flow_action+0x870/0x3240 [ 41.481660][ T1736] mall_replace_hw_filter+0x293/0x820 [ 41.487016][ T1736] ? pcpu_block_update_hint_alloc+0x8c1/0xc50 [ 41.493068][ T1736] ? mall_set_parms+0x520/0x520 [ 41.497905][ T1736] ? tcf_exts_destroy+0xb0/0xb0 [ 41.502744][ T1736] ? mall_set_parms+0x1e8/0x520 [ 41.507578][ T1736] mall_change+0x526/0x740 [ 41.511982][ T1736] ? __kasan_check_write+0x14/0x20 [ 41.517086][ T1736] ? mall_get+0xa0/0xa0 [ 41.521226][ T1736] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 41.527100][ T1736] tc_new_tfilter+0x12a2/0x1870 [ 41.531933][ T1736] ? tcf_gate_entry_destructor+0x20/0x20 [ 41.537570][ T1736] ? security_capable+0x87/0xb0 [ 41.542422][ T1736] ? ns_capable+0x8c/0xf0 [ 41.546737][ T1736] ? netlink_net_capable+0x125/0x160 [ 41.552007][ T1736] ? tcf_gate_entry_destructor+0x20/0x20 [ 41.557623][ T1736] rtnetlink_rcv_msg+0x81b/0xb90 [ 41.562545][ T1736] ? rtnetlink_bind+0x80/0x80 [ 41.567206][ T1736] ? memcpy+0x56/0x70 [ 41.571168][ T1736] ? avc_has_perm_noaudit+0x2f4/0x460 [ 41.576518][ T1736] ? arch_stack_walk+0xee/0x140 [ 41.581356][ T1736] ? avc_denied+0x1b0/0x1b0 [ 41.585840][ T1736] ? stack_trace_save+0x98/0xe0 [ 41.590672][ T1736] ? avc_has_perm+0x158/0x240 [ 41.595346][ T1736] ? avc_has_perm_noaudit+0x460/0x460 [ 41.600701][ T1736] ? x64_sys_call+0x4b/0x9a0 [ 41.605271][ T1736] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 41.610635][ T1736] netlink_rcv_skb+0x1e0/0x430 [ 41.615392][ T1736] ? rtnetlink_bind+0x80/0x80 [ 41.620057][ T1736] ? netlink_ack+0xb60/0xb60 [ 41.624629][ T1736] ? __netlink_lookup+0x387/0x3b0 [ 41.629633][ T1736] rtnetlink_rcv+0x1c/0x20 [ 41.634027][ T1736] netlink_unicast+0x876/0xa40 [ 41.638771][ T1736] netlink_sendmsg+0x86a/0xb70 [ 41.643516][ T1736] ? netlink_getsockopt+0x530/0x530 [ 41.648697][ T1736] ? sock_alloc_file+0xba/0x260 [ 41.653526][ T1736] ? security_socket_sendmsg+0x82/0xa0 [ 41.658964][ T1736] ? netlink_getsockopt+0x530/0x530 [ 41.664140][ T1736] ____sys_sendmsg+0x5a2/0x8c0 [ 41.668891][ T1736] ? __sys_sendmsg_sock+0x40/0x40 [ 41.673894][ T1736] ? import_iovec+0x7c/0xb0 [ 41.678379][ T1736] ___sys_sendmsg+0x1f0/0x260 [ 41.683048][ T1736] ? __sys_sendmsg+0x250/0x250 [ 41.687793][ T1736] ? __fdget+0x1a1/0x230 [ 41.692014][ T1736] __x64_sys_sendmsg+0x1e2/0x2a0 [ 41.696933][ T1736] ? ___sys_sendmsg+0x260/0x260 [ 41.701765][ T1736] ? __kasan_check_write+0x14/0x20 [ 41.706857][ T1736] ? switch_fpu_return+0x15d/0x2c0 [ 41.711955][ T1736] x64_sys_call+0x4b/0x9a0 [ 41.716349][ T1736] do_syscall_64+0x4c/0xa0 [ 41.720748][ T1736] ? clear_bhb_loop+0x50/0xa0 [ 41.725397][ T1736] ? clear_bhb_loop+0x50/0xa0 [ 41.730486][ T1736] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 41.736364][ T1736] RIP: 0033:0x7f9bce7e3749 [ 41.740759][ T1736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 41.760949][ T1736] RSP: 002b:00007f9bcd24b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.769340][ T1736] RAX: ffffffffffffffda RBX: 00007f9bcea39fa0 RCX: 00007f9bce7e3749 [ 41.777291][ T1736] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 41.785278][ T1736] RBP: 00007f9bce867f91 R08: 0000000000000000 R09: 0000000000000000 [ 41.793227][ T1736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 41.801177][ T1736] R13: 00007f9bcea3a038 R14: 00007f9bcea39fa0 R15: 00007ffde9ea65d8 [ 41.809135][ T1736] [ 41.812142][ T1736] [ 41.814444][ T1736] Allocated by task 1736: [ 41.818744][ T1736] __kasan_kmalloc+0xda/0x110 [ 41.823402][ T1736] __kmalloc+0x13d/0x2c0 [ 41.827623][ T1736] tcf_idr_create+0x5f/0x790 [ 41.832193][ T1736] tcf_idr_create_from_flags+0x61/0x70 [ 41.837629][ T1736] tcf_gact_init+0x346/0x580 [ 41.842200][ T1736] tcf_action_init_1+0x3f7/0x6a0 [ 41.847118][ T1736] tcf_action_init+0x1e9/0x710 [ 41.851865][ T1736] tcf_exts_validate+0x217/0x520 [ 41.856780][ T1736] mall_set_parms+0x48/0x520 [ 41.861351][ T1736] mall_change+0x45a/0x740 [ 41.865756][ T1736] tc_new_tfilter+0x12a2/0x1870 [ 41.870588][ T1736] rtnetlink_rcv_msg+0x81b/0xb90 [ 41.875504][ T1736] netlink_rcv_skb+0x1e0/0x430 [ 41.880244][ T1736] rtnetlink_rcv+0x1c/0x20 [ 41.884639][ T1736] netlink_unicast+0x876/0xa40 [ 41.889383][ T1736] netlink_sendmsg+0x86a/0xb70 [ 41.894126][ T1736] ____sys_sendmsg+0x5a2/0x8c0 [ 41.898872][ T1736] ___sys_sendmsg+0x1f0/0x260 [ 41.903528][ T1736] __x64_sys_sendmsg+0x1e2/0x2a0 [ 41.908445][ T1736] x64_sys_call+0x4b/0x9a0 [ 41.912931][ T1736] do_syscall_64+0x4c/0xa0 [ 41.917332][ T1736] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 41.923209][ T1736] [ 41.925513][ T1736] Last potentially related work creation: [ 41.931203][ T1736] kasan_save_stack+0x3a/0x60 [ 41.935857][ T1736] __kasan_record_aux_stack+0xd2/0x100 [ 41.941294][ T1736] kasan_record_aux_stack_noalloc+0xb/0x10 [ 41.947124][ T1736] call_rcu+0x105/0xfe0 [ 41.951264][ T1736] __nf_unregister_net_hook+0x432/0x570 [ 41.956791][ T1736] nf_unregister_net_hooks+0xe2/0x150 [ 41.962142][ T1736] nf_ct_netns_do_put+0x25a/0x3f0 [ 41.967142][ T1736] nf_ct_netns_put+0x150/0x360 [ 41.971898][ T1736] connmark_tg_destroy+0x4e/0x70 [ 41.976842][ T1736] cleanup_entry+0x256/0x310 [ 41.981411][ T1736] translate_table+0x1e3c/0x2020 [ 41.986325][ T1736] do_ip6t_set_ctl+0x965/0xcf0 [ 41.991068][ T1736] nf_setsockopt+0x272/0x2a0 [ 41.995642][ T1736] ipv6_setsockopt+0x2555/0x38a0 [ 42.000556][ T1736] rawv6_setsockopt+0x263/0x620 [ 42.005384][ T1736] sock_common_setsockopt+0xa0/0xb0 [ 42.010567][ T1736] __sys_setsockopt+0x2f0/0x460 [ 42.015401][ T1736] __x64_sys_setsockopt+0xbf/0xd0 [ 42.020419][ T1736] x64_sys_call+0x982/0x9a0 [ 42.024905][ T1736] do_syscall_64+0x4c/0xa0 [ 42.029299][ T1736] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 42.035174][ T1736] [ 42.037481][ T1736] The buggy address belongs to the object at ffff88810eca1b00 [ 42.037481][ T1736] which belongs to the cache kmalloc-192 of size 192 [ 42.051516][ T1736] The buggy address is located 0 bytes to the right of [ 42.051516][ T1736] 192-byte region [ffff88810eca1b00, ffff88810eca1bc0) [ 42.065239][ T1736] The buggy address belongs to the page: [ 42.070853][ T1736] page:ffffea00043b2840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10eca1 [ 42.081213][ T1736] flags: 0x4000000000000200(slab|zone=1) [ 42.086842][ T1736] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100042c00 [ 42.095413][ T1736] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.103972][ T1736] page dumped because: kasan: bad access detected [ 42.110362][ T1736] page_owner tracks the page as allocated [ 42.116053][ T1736] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4179916718, free_ts 4179898720 [ 42.131829][ T1736] post_alloc_hook+0x192/0x1b0 [ 42.136586][ T1736] prep_new_page+0x1c/0x110 [ 42.141072][ T1736] get_page_from_freelist+0x2cc5/0x2d50 [ 42.146601][ T1736] __alloc_pages+0x18f/0x440 [ 42.151172][ T1736] new_slab+0xa1/0x4d0 [ 42.155228][ T1736] ___slab_alloc+0x381/0x810 [ 42.159795][ T1736] __slab_alloc+0x49/0x90 [ 42.164252][ T1736] kmem_cache_alloc_trace+0x146/0x270 [ 42.169614][ T1736] kernfs_fop_open+0x343/0xb30 [ 42.174359][ T1736] do_dentry_open+0x834/0x1010 [ 42.179105][ T1736] vfs_open+0x73/0x80 [ 42.183069][ T1736] path_openat+0x2646/0x2f10 [ 42.187644][ T1736] do_filp_open+0x1b3/0x3e0 [ 42.192129][ T1736] do_sys_openat2+0x14c/0x7b0 [ 42.196798][ T1736] __x64_sys_openat+0x136/0x160 [ 42.201644][ T1736] x64_sys_call+0x219/0x9a0 [ 42.206137][ T1736] page last free stack trace: [ 42.210791][ T1736] free_unref_page_prepare+0x542/0x550 [ 42.216254][ T1736] free_unref_page+0xa2/0x550 [ 42.220924][ T1736] __free_pages+0x6c/0x100 [ 42.225322][ T1736] free_pages+0x82/0x90 [ 42.229455][ T1736] selinux_genfs_get_sid+0x20b/0x250 [ 42.234726][ T1736] inode_doinit_with_dentry+0x86e/0xd70 [ 42.240255][ T1736] selinux_d_instantiate+0x27/0x40 [ 42.245347][ T1736] security_d_instantiate+0x9e/0xf0 [ 42.250528][ T1736] d_splice_alias+0x6d/0x390 [ 42.255159][ T1736] kernfs_iop_lookup+0x2c2/0x310 [ 42.260093][ T1736] path_openat+0xfcf/0x2f10 [ 42.264580][ T1736] do_filp_open+0x1b3/0x3e0 [ 42.269067][ T1736] do_sys_openat2+0x14c/0x7b0 [ 42.273729][ T1736] __x64_sys_openat+0x136/0x160 [ 42.278573][ T1736] x64_sys_call+0x219/0x9a0 [ 42.283056][ T1736] do_syscall_64+0x4c/0xa0 [ 42.287457][ T1736] [ 42.289754][ T1736] Memory state around the buggy address: [ 42.295360][ T1736] ffff88810eca1a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 42.303396][ T1736] ffff88810eca1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.311435][ T1736] >ffff88810eca1b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 42.319472][ T1736] ^ [ 42.325599][ T1736] ffff88810eca1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.333636][ T1736] ffff88810eca1c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 42.341679][ T1736] ================================================================== [ 42.349714][ T1736] Disabling lock debugging due to kernel taint [ 42.425718][ T1740] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.620: inode has both inline data and extents flags [ 42.439062][ T1740] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.620: couldn't read orphan inode 15 (err -117) [ 42.451044][ T1740] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 42.465826][ T30] audit: type=1400 audit(2000000009.710:276): avc: denied { mounton } for pid=1739 comm="syz.3.620" path="/95/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.533835][ T1740] loop_set_status: loop3 () has still dirty pages (nrpages=2) [ 42.548796][ T30] audit: type=1400 audit(2000000009.790:277): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 42.568738][ T30] audit: type=1400 audit(2000000009.790:278): avc: denied { unlink } for pid=283 comm="syz-executor" name="bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.590511][ T30] audit: type=1400 audit(2000000009.790:279): avc: denied { rmdir } for pid=283 comm="syz-executor" name="file2" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1