last executing test programs: 1.839237791s ago: executing program 2 (id=520): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)='%pB \x00'}, 0x20) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x2b, 0x81}]}, 0x10) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 1.73711079s ago: executing program 2 (id=526): r0 = socket$igmp6(0xa, 0x3, 0x3a) getsockopt$MRT6(r0, 0x29, 0xcf, 0xffffffffffffffff, &(0x7f00000000c0)) 1.665348835s ago: executing program 2 (id=529): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) write$UHID_CREATE2(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073790101000000000000000000000000000af7f4f0c55de8ca0000000000000000000000000000000000000000f3c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000020000000000000030000000000000000000000004119202532aeecfcdbb73887feb3f14db126c935954a335f6469a793"], 0x138) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) request_key(0x0, &(0x7f0000000940)={'syz', 0x2}, 0x0, 0x0) write$UHID_DESTROY(r0, &(0x7f0000000340), 0x4) 854.446961ms ago: executing program 2 (id=590): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x1, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@directio}]}}) 840.677852ms ago: executing program 2 (id=591): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000101010200000000000000000a000000240002800c000280040001003a00000014000180080001cd4bde2a0192000000000000000c001980080002"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) 804.549635ms ago: executing program 2 (id=592): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x10001}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) read(r2, &(0x7f0000032440)=""/102364, 0x18fdc) write$binfmt_elf64(r3, 0x0, 0x78) openat$selinux_create(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/13, @ANYRES64=r1], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0xb, 0x8, 0x0, 0x0, @remote, @empty, 0x7800, 0x7800, 0xfffffffc, 0xdc67}}) 571.975454ms ago: executing program 3 (id=604): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r2, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 517.381408ms ago: executing program 3 (id=605): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0) 517.211188ms ago: executing program 3 (id=606): timer_create(0xb, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x1, &(0x7f00000005c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_settime(r0, 0x1, &(0x7f0000000080), &(0x7f00000000c0)) 517.165818ms ago: executing program 3 (id=607): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r0) creat(&(0x7f00000000c0)='./file0\x00', 0x48) 517.097678ms ago: executing program 3 (id=608): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 507.650229ms ago: executing program 3 (id=609): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYRES32], 0x48) stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000001c80)) socket$netlink(0x10, 0x3, 0x14) getegid() ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000080)=0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r2, r2], 0x0, 0x10, 0x1000}, 0x94) futex(&(0x7f0000000000)=0x2, 0xb, 0x2, 0x0, &(0x7f00000000c0)=0x2, 0x2) futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, 0x0, 0x0, 0x400000) futex(&(0x7f000000cffc)=0x1, 0x5, 0x4, 0x0, &(0x7f0000000000), 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x1, 0x0, r2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3, 0x0, 0x8000000}, 0x27) 127.10163ms ago: executing program 0 (id=634): prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$ext4(&(0x7f0000000280)='ext2\x00', &(0x7f00000001c0)='./file2\x00', 0x1000404, &(0x7f0000000340)={[{@usrjquota}, {@jqfmt_vfsold}, {@abort}, {@nobh}, {@oldalloc}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") 126.78811ms ago: executing program 4 (id=635): bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x19, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, {}, {}, [@map_idx_val={0x18, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfff}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='syzkaller\x00', 0xff, 0xd9, &(0x7f0000000240)=""/217, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x1, 0xe, 0xfffffffc, 0x3}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f00000003c0)=[{0x5, 0x3, 0x10, 0xa}, {0x0, 0x1, 0x9}, {0x3, 0x1, 0xa, 0x9}, {0x1, 0x3, 0x6, 0x5}, {0x0, 0x4, 0x9, 0xa}], 0x10, 0x1ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='xen_mmu_set_pud\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000040000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0xffffffffffffffff, 0x9, 0x8}, 0xc) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x8000001e) setsockopt$MRT_DEL_VIF(r5, 0x0, 0xcb, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r6}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000600000008000000ad00000000000000", @ANYRES32, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000008f2a75037047142100000000000000005ee5da49c4c5d35d17f6ef53ede543eb042ec3252912c1a68bb922813f720439666dc9555a723a36bd4d35ac455496779d0fda6a1450bf0cdb9acab193f2ba"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r8, 0x0, &(0x7f0000000000)=""/94}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000700)=@raw=[@ldst={0x3, 0x3, 0x0, 0xa, 0x0, 0xffffffffffffffc0, 0xfffffffffffffffc}, @printk={@x}, @map_idx={0x18, 0x8, 0x5, 0x0, 0xe}, @tail_call, @exit, @map_fd={0x18, 0x2, 0x1, 0x0, r4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}], &(0x7f00000007c0)='GPL\x00', 0xa88, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000900)={0x4, 0x10, 0x7, 0x10001}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000940)=[r5, 0xffffffffffffffff, 0x1, r8, 0xffffffffffffffff], &(0x7f0000000980)=[{0x4, 0x4, 0x5}, {0x0, 0x5, 0x3, 0x6}, {0x1, 0x3, 0xd, 0x9}], 0x10, 0x4}, 0x94) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100fffe08000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f840000000c0a01030000000000000000010000000900020073797a32000000005800038054000080080003400000000248000b80200001800a00010071756f7461000000100002800c0001400000000000000000100001800c000100636f756e74657200140001800a00010072616e6765000000040002800900010073797a30"], 0x108}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000b80)='thermal_zone_trip\x00', r1, 0x0, 0x2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/12, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x18) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 126.68501ms ago: executing program 0 (id=636): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}}], {0x14}}, 0x3c}}, 0x0) 126.49731ms ago: executing program 4 (id=637): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) poll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x200}, {0xffffffffffffffff, 0x508}, {0xffffffffffffffff, 0x242}], 0x4f, 0x8000007) 94.837382ms ago: executing program 4 (id=638): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[], 0x50) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$selinux_load(r2, 0x0, 0x2000) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1400000000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) writev(0xffffffffffffffff, &(0x7f0000000940)=[{&(0x7f0000000200)='\f7', 0x2}, {&(0x7f00000007c0)="f8", 0x1}], 0x2) r7 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="050000000000000000000000001bb5dd5343eb3c811300000000000000", @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="03000000050000000300"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000007118530000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 94.488712ms ago: executing program 0 (id=640): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x23) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x1000007, 0x2172, 0xffffffffffffffff, 0xffffc000) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) 94.415372ms ago: executing program 0 (id=641): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x82000714) close_range(r1, 0xffffffffffffffff, 0x0) 56.658255ms ago: executing program 1 (id=643): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f00000003c0)) 56.535455ms ago: executing program 0 (id=644): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4e27, 0x0, @loopback, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000b80)=@ccm_128={{0x303}, "ae9660533ca23ee7", "e2adea2bc8000000000000000900", "19a000", "0010000000000002"}, 0x28) close(r0) 56.375915ms ago: executing program 1 (id=645): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x200980) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) 56.155975ms ago: executing program 0 (id=646): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004) keyctl$KEYCTL_CAPABILITIES(0x15, &(0x7f0000000080)=""/37, 0x25) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x8000000000}, 0x18) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x4) r4 = dup(r3) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x101, 0x100}}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) setreuid(0x0, 0x0) 55.873476ms ago: executing program 4 (id=647): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x40000) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000800", [0x0, 0x2000000000001]}}) 9.420059ms ago: executing program 1 (id=648): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x94) syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=") 9.261149ms ago: executing program 4 (id=649): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e6576653000"], 0x104}, 0x1, 0x0, 0x0, 0x11}, 0x41000) 9.200459ms ago: executing program 1 (id=650): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001440), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000001480)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000014c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x44) 9.112629ms ago: executing program 1 (id=651): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18) syz_emit_ethernet(0x89, &(0x7f0000000a40)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6001070000531100fc010000000000000000000000000000ff020000000000000000000000000001fffc0e22005390"], 0x0) 4.23592ms ago: executing program 4 (id=652): r0 = syz_io_uring_setup(0x7edc, &(0x7f0000000400)={0x0, 0xc38b, 0x2, 0x1, 0x122}, &(0x7f0000000180), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r0, 0x1e, &(0x7f00000004c0), 0x1) 0s ago: executing program 1 (id=653): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x6, 0x2ab, &(0x7f0000000a80)="$eJzs3b1rLFUUAPAzyX6pxW5hJYIDWlg9Xl5rs0HyILiVsoVa6MP3Hkh2ERII+IFrKlsbS/8CQbDzn7CxsBdsBTtTBEZmZya7ibObTHATP36/Jjd3zrn3zOQmYYs9+/6L04PHaTw9+eyX6PWS2BrGME6TGMRWVL6IC4ZfBQDwb3aaZfF7VmiSl0REb3NlAQAb1Pj///cbLwkA2LC33n7njd3RaO/NNO3Fw+mXx+P8lX3+tbi++zQ+jEk8ifvRj7OI7Fwxfphl2ayV5gbxynR2PM4zp+/9WK6/+1vEPH8n+jGYT13M3x/t7aSFpfxZXsez5f7DPP9B9OP5mv33R3sPavJj3IlXX16q/17046cP4qOYxON5EYv8z3fS9PXs6z8+fTcvL89PZsfj7jxuIdu+5R8NAAAAAAAAAAAAAAAAAAAAAAD/YffK3jndmPfvyafK/jvbZ/k37Ugrg4v9eYr8pFroUn+gWRbfVP117qdpmpWBi/xWvNCK1t3cNQAAAAAAAAAAAAAAAAAAAPyzHH38ycGjyeTJ4d8yqLoBVG/rv+k6w6WZl6ImZhDnM93FllvltmtWju0qJolYW0a+YqPi21fvvmLwzKqsb79r+uh6V8e0b1Bhw0F1ug4eJfXPsBvVTK86JD8sx3Timnt1Vl3KGh2/Tu2lfuN77zw3H8zWxESyrrDXfi2eXDmTXL6Lzvyp1qa3y0Hxu1B3Nhqd57/+rUh06wAAAAAAAAAAAAAAAAAAgI1avOm35uLJiqSf94sP+Y/BhqsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNux+Pz/BoNZmXyN4E4cHt3xLQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/8GcAAAD//wrtYeE=") openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x3) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) 0s ago: executing program 1 (id=655): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000a850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30b529, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0xffffffffffffffff, 0xa, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 13.860956][ T30] audit: type=1400 audit(1755282465.968:59): avc: denied { transition } for pid=223 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.867888][ T30] audit: type=1400 audit(1755282465.968:60): avc: denied { noatsecure } for pid=223 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.876015][ T30] audit: type=1400 audit(1755282465.978:61): avc: denied { write } for pid=223 comm="sh" path="pipe:[12845]" dev="pipefs" ino=12845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.890848][ T30] audit: type=1400 audit(1755282465.978:62): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.909926][ T30] audit: type=1400 audit(1755282465.978:63): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.571871][ T226] sshd-session (226) used greatest stack depth: 21216 bytes left Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. [ 20.571893][ T30] audit: type=1400 audit(1755282472.688:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.572845][ T273] cgroup: Unknown subsys name 'net' [ 20.595273][ T30] audit: type=1400 audit(1755282472.688:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.624814][ T30] audit: type=1400 audit(1755282472.718:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.624978][ T273] cgroup: Unknown subsys name 'devices' [ 20.773067][ T273] cgroup: Unknown subsys name 'hugetlb' [ 20.778943][ T273] cgroup: Unknown subsys name 'rlimit' [ 20.944099][ T30] audit: type=1400 audit(1755282473.058:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.968277][ T30] audit: type=1400 audit(1755282473.058:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.974316][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.993348][ T30] audit: type=1400 audit(1755282473.058:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.025445][ T30] audit: type=1400 audit(1755282473.118:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.052803][ T30] audit: type=1400 audit(1755282473.118:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.083971][ T30] audit: type=1400 audit(1755282473.198:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.113103][ T30] audit: type=1400 audit(1755282473.198:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.113188][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.077375][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.084594][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.092037][ T282] device bridge_slave_0 entered promiscuous mode [ 22.100085][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.107237][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.114991][ T282] device bridge_slave_1 entered promiscuous mode [ 22.142147][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.150054][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.157938][ T281] device bridge_slave_0 entered promiscuous mode [ 22.168297][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.176139][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.184152][ T283] device bridge_slave_0 entered promiscuous mode [ 22.192083][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.199783][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.207710][ T283] device bridge_slave_1 entered promiscuous mode [ 22.215120][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.222557][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.230909][ T281] device bridge_slave_1 entered promiscuous mode [ 22.306119][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.313411][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.320901][ T284] device bridge_slave_0 entered promiscuous mode [ 22.329629][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.336802][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.344713][ T284] device bridge_slave_1 entered promiscuous mode [ 22.389242][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.396765][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.404832][ T285] device bridge_slave_0 entered promiscuous mode [ 22.426085][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.434207][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.441966][ T285] device bridge_slave_1 entered promiscuous mode [ 22.578136][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.585440][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.592985][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.600729][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.617417][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.625474][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.633061][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.640427][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.650292][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.659401][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.667746][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.676078][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.688478][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.695892][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.704050][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.711268][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.771619][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.781366][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.790972][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.800059][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.809852][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.817456][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.825449][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.833235][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.841983][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.850264][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.857988][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.883273][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.892356][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.900867][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.909341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.917957][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.925234][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.933566][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.942259][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.949453][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.968979][ T282] device veth0_vlan entered promiscuous mode [ 22.985633][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.993871][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.002477][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.011014][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.019318][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.026956][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.034753][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.043713][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.051096][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.058493][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.066912][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.074069][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.097784][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.106776][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.115571][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.122813][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.130481][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.139046][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.147430][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.155562][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.163858][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.171988][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.179987][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.188350][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.196421][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.205058][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.213646][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.221400][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.229917][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.238578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.248224][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.255521][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.263485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.272127][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.280810][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.293360][ T282] device veth1_macvtap entered promiscuous mode [ 23.301805][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.310296][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.319427][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.327319][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.335781][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.351761][ T284] device veth0_vlan entered promiscuous mode [ 23.358950][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.368077][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.377432][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.387189][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.395374][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.403736][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.412760][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.420491][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.434646][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.444732][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.465766][ T284] device veth1_macvtap entered promiscuous mode [ 23.482760][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.491733][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.501688][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.511351][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.520877][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.529577][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.538988][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.547358][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.555924][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.564715][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.573996][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.583324][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.592256][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.600708][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.608601][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.621839][ T285] device veth0_vlan entered promiscuous mode [ 23.629257][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.637926][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.647362][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.656405][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.665080][ T281] device veth0_vlan entered promiscuous mode [ 23.679758][ T282] request_module fs-gadgetfs succeeded, but still no fs? [ 23.703982][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.713307][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.722838][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.732793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.742179][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.758286][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.767289][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.787674][ T285] device veth1_macvtap entered promiscuous mode [ 23.812782][ T283] device veth0_vlan entered promiscuous mode [ 23.820908][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.829675][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.839698][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.848245][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.858133][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.869274][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.879251][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.889168][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.898505][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.907331][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.280316][ T337] loop1: detected capacity change from 0 to 1024 [ 24.296365][ T281] device veth1_macvtap entered promiscuous mode [ 24.304573][ T337] ======================================================= [ 24.304573][ T337] WARNING: The mand mount option has been deprecated and [ 24.304573][ T337] and is ignored by this kernel. Remove the mand [ 24.304573][ T337] option from the mount to silence this warning. [ 24.304573][ T337] ======================================================= [ 24.346546][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.394531][ T337] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.422873][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.448147][ T337] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3876: comm syz.1.2: Allocating blocks 449-513 which overlap fs metadata [ 24.482331][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.492948][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.503994][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.538907][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.553228][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.644430][ T332] EXT4-fs (loop1): pa ffff8881119a7a80: logic 48, phys. 177, len 21 [ 24.652703][ T332] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 4 [ 24.683543][ T283] device veth1_macvtap entered promiscuous mode [ 24.717252][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.726816][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.757974][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.781790][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.794724][ T348] loop0: detected capacity change from 0 to 1024 [ 24.801519][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.824392][ T353] loop4: detected capacity change from 0 to 512 [ 24.858132][ T362] loop1: detected capacity change from 0 to 128 [ 24.871190][ T353] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 24.876415][ T360] tmpfs: Unsupported parameter 'mpol' [ 24.892147][ T353] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.939953][ T348] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 24.942962][ T362] attempt to access beyond end of device [ 24.942962][ T362] loop1: rw=2049, want=1041, limit=128 [ 24.956574][ T348] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e028, mo2=0000] [ 24.972960][ T348] System zones: 0-1, 3-12 [ 24.977986][ T348] EXT4-fs (loop0): orphan cleanup on readonly fs [ 24.986527][ T348] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 25.000766][ T348] EXT4-fs (loop0): Remounting filesystem read-only [ 25.007745][ T348] EXT4-fs (loop0): 1 orphan inode deleted [ 25.013881][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000002,journal_dev=0x0000000000000009,noquota,debug,errors=remount-ro,auto_da_alloc=0x0000000000000001,. Quota mode: writeback. [ 25.036537][ T368] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #18: comm syz.4.5: corrupted inode contents [ 25.065378][ T368] EXT4-fs error (device loop4): ext4_dirty_inode:6071: inode #18: comm syz.4.5: mark_inode_dirty error [ 25.088887][ T368] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #18: comm syz.4.5: corrupted inode contents [ 25.145863][ T368] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2970: inode #18: comm syz.4.5: mark_inode_dirty error [ 25.174543][ T368] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2973: inode #18: comm syz.4.5: mark inode dirty (error -117) [ 25.231982][ T368] EXT4-fs warning (device loop4): ext4_evict_inode:303: xattr delete (err -117) [ 25.685166][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 25.685185][ T30] audit: type=1400 audit(1755282477.518:130): avc: denied { create } for pid=376 comm="syz.1.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 25.720409][ T30] audit: type=1400 audit(1755282477.528:131): avc: denied { write } for pid=376 comm="syz.1.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 25.760963][ T30] audit: type=1404 audit(1755282477.528:132): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 25.777227][ T30] audit: type=1400 audit(1755282477.768:133): avc: denied { write } for pid=383 comm="syz.0.18" name="001" dev="devtmpfs" ino=181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=0 [ 25.800322][ T30] audit: type=1400 audit(1755282477.798:134): avc: denied { map_create } for pid=376 comm="syz.1.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 25.855732][ T30] audit: type=1400 audit(1755282477.828:135): avc: denied { prog_load } for pid=376 comm="syz.1.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 25.896570][ T30] audit: type=1400 audit(1755282477.828:136): avc: denied { read write } for pid=284 comm="syz-executor" name="loop0" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 25.944103][ T30] audit: type=1400 audit(1755282477.828:137): avc: denied { read write } for pid=283 comm="syz-executor" name="loop2" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 25.970402][ T410] audit: audit_backlog=65 > audit_backlog_limit=64 [ 25.975299][ T30] audit: type=1400 audit(1755282477.828:138): avc: denied { prog_load } for pid=388 comm="syz.0.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 25.998636][ T412] netlink: 136 bytes leftover after parsing attributes in process `syz.0.30'. [ 26.089113][ T410] netlink: 'syz.3.29': attribute type 4 has an invalid length. [ 26.112836][ T410] netlink: 32 bytes leftover after parsing attributes in process `syz.3.29'. [ 26.731368][ T504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.74'. [ 26.752483][ T504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.74'. [ 26.833041][ T517] netlink: 28 bytes leftover after parsing attributes in process `syz.4.81'. [ 26.868542][ T520] device bridge_slave_0 left promiscuous mode [ 26.880216][ T520] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.893747][ T520] device bridge_slave_1 left promiscuous mode [ 26.906069][ T520] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.248510][ T575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 27.263577][ T575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.107'. [ 27.295270][ T575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 27.443696][ T594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.116'. [ 27.455709][ T594] Zero length message leads to an empty skb [ 28.444026][ T694] device bridge0 entered promiscuous mode [ 28.450406][ T694] bridge0: port 3(macsec1) entered blocking state [ 28.457774][ T694] bridge0: port 3(macsec1) entered disabled state [ 28.466695][ T694] device bridge0 left promiscuous mode [ 28.672697][ T710] capability: warning: `syz.3.172' uses 32-bit capabilities (legacy support in use) [ 28.892179][ T759] process 'syz.4.195' launched '/dev/fd/3' with NULL argv: empty string added [ 28.911768][ T761] capability: warning: `syz.2.196' uses deprecated v2 capabilities in a way that may be insecure [ 29.056407][ T787] netlink: 'syz.2.209': attribute type 12 has an invalid length. [ 29.127922][ T796] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 29.357201][ T817] netlink: 12 bytes leftover after parsing attributes in process `syz.4.222'. [ 29.997884][ T902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=902 comm=syz.2.262 [ 30.282969][ T945] bridge: RTM_NEWNEIGH with invalid ether address [ 30.694929][ T30] kauditd_printk_skb: 1535 callbacks suppressed [ 30.694943][ T30] audit: type=1400 audit(1755282482.808:1648): avc: denied { read write } for pid=285 comm="syz-executor" name="loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 30.730459][ T30] audit: type=1400 audit(1755282482.808:1649): avc: denied { read write } for pid=1059 comm="syz.4.339" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 30.760311][ T30] audit: type=1400 audit(1755282482.838:1650): avc: denied { map_create } for pid=1049 comm="syz.1.334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 30.781595][ T30] audit: type=1400 audit(1755282482.838:1651): avc: denied { prog_load } for pid=1049 comm="syz.1.334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 30.802070][ T30] audit: type=1400 audit(1755282482.838:1652): avc: denied { prog_load } for pid=1049 comm="syz.1.334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 30.822145][ T30] audit: type=1400 audit(1755282482.868:1653): avc: denied { prog_load } for pid=1062 comm="syz.3.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 30.859899][ T30] audit: type=1400 audit(1755282482.868:1654): avc: denied { read write } for pid=283 comm="syz-executor" name="loop2" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 30.876416][ T1068] syz.3.343 (1068) used greatest stack depth: 20128 bytes left [ 30.895508][ T30] audit: type=1400 audit(1755282482.868:1655): avc: denied { create } for pid=1059 comm="syz.4.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0 [ 30.918800][ T30] audit: type=1400 audit(1755282482.868:1656): avc: denied { prog_load } for pid=1059 comm="syz.4.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 30.939628][ T1070] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1070 comm=syz.4.342 [ 30.954532][ T30] audit: type=1400 audit(1755282482.918:1657): avc: denied { name_bind } for pid=1065 comm="syz.2.341" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=0 [ 31.028027][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 31.036581][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 31.045937][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 31.066138][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 31.076520][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.085774][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 31.094880][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.105681][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 31.263370][ T1135] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 32.087504][ T1227] __nla_validate_parse: 3 callbacks suppressed [ 32.087529][ T1227] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'. [ 32.950050][ T1338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.470'. [ 32.984849][ T1344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.472'. [ 33.357115][ T1406] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 33.560399][ T1436] mmap: syz.4.515 (1436) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 34.008128][ T1515] bridge: RTM_NEWNEIGH with invalid ether address [ 34.469691][ T1584] ipt_REJECT: ECHOREPLY no longer supported. [ 34.476871][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 35.244595][ T1677] IPv6: NLM_F_CREATE should be specified when creating new route [ 35.476399][ T1728] ================================================================== [ 35.484627][ T1728] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 35.493004][ T1728] Read of size 8 at addr ffff88810eff7fc0 by task syz.1.655/1728 [ 35.500742][ T1728] [ 35.503094][ T1728] CPU: 0 PID: 1728 Comm: syz.1.655 Not tainted 5.15.189-syzkaller-android13-5.15.189_r00 #0 [ 35.513382][ T1728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 35.523822][ T1728] Call Trace: [ 35.527123][ T1728] [ 35.530082][ T1728] __dump_stack+0x21/0x30 [ 35.534636][ T1728] dump_stack_lvl+0xee/0x150 [ 35.539248][ T1728] ? show_regs_print_info+0x20/0x20 [ 35.544460][ T1728] ? load_image+0x3a0/0x3a0 [ 35.548957][ T1728] print_address_description+0x7f/0x2c0 [ 35.554509][ T1728] ? tc_setup_flow_action+0x870/0x3240 [ 35.560018][ T1728] kasan_report+0xf1/0x140 [ 35.564441][ T1728] ? tc_setup_flow_action+0x870/0x3240 [ 35.569902][ T1728] __asan_report_load8_noabort+0x14/0x20 [ 35.575620][ T1728] tc_setup_flow_action+0x870/0x3240 [ 35.581108][ T1728] mall_replace_hw_filter+0x293/0x820 [ 35.586566][ T1728] ? pcpu_block_update_hint_alloc+0x8c1/0xc50 [ 35.592811][ T1728] ? mall_set_parms+0x520/0x520 [ 35.599292][ T1728] ? tcf_exts_destroy+0xb0/0xb0 [ 35.604349][ T1728] ? mall_set_parms+0x1e8/0x520 [ 35.609299][ T1728] mall_change+0x526/0x740 [ 35.613714][ T1728] ? __kasan_check_write+0x14/0x20 [ 35.618833][ T1728] ? mall_get+0xa0/0xa0 [ 35.623895][ T1728] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 35.630010][ T1728] tc_new_tfilter+0x12a2/0x1870 [ 35.635072][ T1728] ? tcf_gate_entry_destructor+0x20/0x20 [ 35.640724][ T1728] ? security_capable+0x87/0xb0 [ 35.646784][ T1728] ? ns_capable+0x8c/0xf0 [ 35.651999][ T1728] ? netlink_net_capable+0x125/0x160 [ 35.657655][ T1728] ? tcf_gate_entry_destructor+0x20/0x20 [ 35.663496][ T1728] rtnetlink_rcv_msg+0x81b/0xb90 [ 35.668885][ T1728] ? rtnetlink_bind+0x80/0x80 [ 35.673701][ T1728] ? memcpy+0x56/0x70 [ 35.677815][ T1728] ? avc_has_perm_noaudit+0x2f4/0x460 [ 35.683184][ T1728] ? arch_stack_walk+0xee/0x140 [ 35.688132][ T1728] ? avc_denied+0x1b0/0x1b0 [ 35.692627][ T1728] ? stack_trace_save+0x98/0xe0 [ 35.697563][ T1728] ? avc_has_perm+0x158/0x240 [ 35.702235][ T1728] ? avc_has_perm_noaudit+0x460/0x460 [ 35.707611][ T1728] ? x64_sys_call+0x4b/0x9a0 [ 35.712219][ T1728] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 35.717594][ T1728] netlink_rcv_skb+0x1e0/0x430 [ 35.722445][ T1728] ? rtnetlink_bind+0x80/0x80 [ 35.727143][ T1728] ? netlink_ack+0xb60/0xb60 [ 35.731926][ T1728] ? __netlink_lookup+0x387/0x3b0 [ 35.737048][ T1728] rtnetlink_rcv+0x1c/0x20 [ 35.741653][ T1728] netlink_unicast+0x876/0xa40 [ 35.746533][ T1728] netlink_sendmsg+0x86a/0xb70 [ 35.751419][ T1728] ? netlink_getsockopt+0x530/0x530 [ 35.756627][ T1728] ? security_socket_sendmsg+0x82/0xa0 [ 35.762172][ T1728] ? netlink_getsockopt+0x530/0x530 [ 35.767366][ T1728] ____sys_sendmsg+0x5a2/0x8c0 [ 35.772127][ T1728] ? __sys_sendmsg_sock+0x40/0x40 [ 35.777149][ T1728] ? import_iovec+0x7c/0xb0 [ 35.781776][ T1728] ___sys_sendmsg+0x1f0/0x260 [ 35.786455][ T1728] ? __sys_sendmsg+0x250/0x250 [ 35.791229][ T1728] ? sock_show_fdinfo+0xa0/0xa0 [ 35.796362][ T1728] ? __fdget+0x1a1/0x230 [ 35.800720][ T1728] __x64_sys_sendmsg+0x1e2/0x2a0 [ 35.805860][ T1728] ? ___sys_sendmsg+0x260/0x260 [ 35.811190][ T1728] ? __kasan_check_write+0x14/0x20 [ 35.817699][ T1728] ? switch_fpu_return+0x15d/0x2c0 [ 35.823094][ T1728] x64_sys_call+0x4b/0x9a0 [ 35.828179][ T1728] do_syscall_64+0x4c/0xa0 [ 35.833204][ T1728] ? clear_bhb_loop+0x50/0xa0 [ 35.837903][ T1728] ? clear_bhb_loop+0x50/0xa0 [ 35.842776][ T1728] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.848806][ T1728] RIP: 0033:0x7f689bf81be9 [ 35.853220][ T1728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 35.874112][ T1728] RSP: 002b:00007f689a9ea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 35.882988][ T1728] RAX: ffffffffffffffda RBX: 00007f689c1a8fa0 RCX: 00007f689bf81be9 [ 35.891245][ T1728] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 35.899404][ T1728] RBP: 00007f689c004e19 R08: 0000000000000000 R09: 0000000000000000 [ 35.907390][ T1728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 35.915466][ T1728] R13: 00007f689c1a9038 R14: 00007f689c1a8fa0 R15: 00007ffe727ab9c8 [ 35.923448][ T1728] [ 35.926572][ T1728] [ 35.928902][ T1728] Allocated by task 1728: [ 35.933232][ T1728] __kasan_kmalloc+0xda/0x110 [ 35.938029][ T1728] __kmalloc+0x13d/0x2c0 [ 35.942288][ T1728] tcf_idr_create+0x5f/0x790 [ 35.946882][ T1728] tcf_idr_create_from_flags+0x61/0x70 [ 35.952333][ T1728] tcf_gact_init+0x346/0x580 [ 35.956918][ T1728] tcf_action_init_1+0x3f7/0x6a0 [ 35.962113][ T1728] tcf_action_init+0x1e9/0x710 [ 35.966959][ T1728] tcf_exts_validate+0x217/0x520 [ 35.971984][ T1728] mall_set_parms+0x48/0x520 [ 35.976667][ T1728] mall_change+0x45a/0x740 [ 35.981177][ T1728] tc_new_tfilter+0x12a2/0x1870 [ 35.986036][ T1728] rtnetlink_rcv_msg+0x81b/0xb90 [ 35.990969][ T1728] netlink_rcv_skb+0x1e0/0x430 [ 35.995820][ T1728] rtnetlink_rcv+0x1c/0x20 [ 36.000238][ T1728] netlink_unicast+0x876/0xa40 [ 36.005003][ T1728] netlink_sendmsg+0x86a/0xb70 [ 36.010020][ T1728] ____sys_sendmsg+0x5a2/0x8c0 [ 36.014896][ T1728] ___sys_sendmsg+0x1f0/0x260 [ 36.019596][ T1728] __x64_sys_sendmsg+0x1e2/0x2a0 [ 36.024540][ T1728] x64_sys_call+0x4b/0x9a0 [ 36.029002][ T1728] do_syscall_64+0x4c/0xa0 [ 36.033444][ T1728] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 36.039432][ T1728] [ 36.041798][ T1728] The buggy address belongs to the object at ffff88810eff7f00 [ 36.041798][ T1728] which belongs to the cache kmalloc-192 of size 192 [ 36.056126][ T1728] The buggy address is located 0 bytes to the right of [ 36.056126][ T1728] 192-byte region [ffff88810eff7f00, ffff88810eff7fc0) [ 36.069940][ T1728] The buggy address belongs to the page: [ 36.075573][ T1728] page:ffffea00043bfdc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10eff7 [ 36.086023][ T1728] flags: 0x4000000000000200(slab|zone=1) [ 36.091689][ T1728] raw: 4000000000000200 ffffea00043d0200 0000000300000003 ffff888100042c00 [ 36.100481][ T1728] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 36.109258][ T1728] page dumped because: kasan: bad access detected [ 36.115659][ T1728] page_owner tracks the page as allocated [ 36.121563][ T1728] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4748073482, free_ts 4748050951 [ 36.137354][ T1728] post_alloc_hook+0x192/0x1b0 [ 36.142124][ T1728] prep_new_page+0x1c/0x110 [ 36.146633][ T1728] get_page_from_freelist+0x2cc5/0x2d50 [ 36.152313][ T1728] __alloc_pages+0x18f/0x440 [ 36.156897][ T1728] new_slab+0xa1/0x4d0 [ 36.161046][ T1728] ___slab_alloc+0x381/0x810 [ 36.165632][ T1728] __slab_alloc+0x49/0x90 [ 36.170039][ T1728] kmem_cache_alloc_trace+0x146/0x270 [ 36.175494][ T1728] kernfs_fop_open+0x343/0xb30 [ 36.180370][ T1728] do_dentry_open+0x834/0x1010 [ 36.185256][ T1728] vfs_open+0x73/0x80 [ 36.189240][ T1728] path_openat+0x2646/0x2f10 [ 36.193943][ T1728] do_filp_open+0x1b3/0x3e0 [ 36.198481][ T1728] do_sys_openat2+0x14c/0x7b0 [ 36.203241][ T1728] __x64_sys_openat+0x136/0x160 [ 36.208192][ T1728] x64_sys_call+0x219/0x9a0 [ 36.212689][ T1728] page last free stack trace: [ 36.217533][ T1728] free_unref_page_prepare+0x542/0x550 [ 36.222991][ T1728] free_unref_page+0xa2/0x550 [ 36.227665][ T1728] __free_pages+0x6c/0x100 [ 36.232328][ T1728] free_pages+0x82/0x90 [ 36.236522][ T1728] selinux_genfs_get_sid+0x20b/0x250 [ 36.241804][ T1728] inode_doinit_with_dentry+0x86e/0xd70 [ 36.247520][ T1728] selinux_d_instantiate+0x27/0x40 [ 36.252810][ T1728] security_d_instantiate+0x9e/0xf0 [ 36.258016][ T1728] d_splice_alias+0x6d/0x390 [ 36.262597][ T1728] kernfs_iop_lookup+0x2c2/0x310 [ 36.267534][ T1728] path_openat+0xfcf/0x2f10 [ 36.272032][ T1728] do_filp_open+0x1b3/0x3e0 [ 36.276544][ T1728] do_sys_openat2+0x14c/0x7b0 [ 36.281223][ T1728] __x64_sys_openat+0x136/0x160 [ 36.286253][ T1728] x64_sys_call+0x219/0x9a0 [ 36.291194][ T1728] do_syscall_64+0x4c/0xa0 [ 36.295614][ T1728] [ 36.297946][ T1728] Memory state around the buggy address: [ 36.303577][ T1728] ffff88810eff7e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 36.312259][ T1728] ffff88810eff7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.320326][ T1728] >ffff88810eff7f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 36.328377][ T1728] ^ [ 36.334656][ T1728] ffff88810eff8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.342797][ T1728] ffff88810eff8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 36.350955][ T1728] ================================================================== [ 36.359028][ T1728] Disabling lock debugging due to kernel taint [ 36.373980][ T30] kauditd_printk_skb: 1619 callbacks suppressed [ 36.374003][ T30] audit: type=1400 audit(1755282488.488:3277): avc: denied { map_create } for pid=1733 comm="syz.4.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 Aug 15 18:28:08 syzkaller kern.alert kernel: [ 36.115659][ T1728] page_owner tracks the page as allocated Aug 15 18:28:08 syzkaller kern.alert kernel: [ 36.121563][ T1728] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 4748073482, free_ts 4748050951 Au[ 36.431314][ T30] audit: type=1400 audit(1755282488.488:3278): avc: denied { prog_load } for pid=1733 comm="syz.4.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 g 15 18:28:08 syzkaller kern.alert kernel: [ 3[ 36.454562][ T30] audit: type=1400 audit(1755282488.498:3279): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0 6.212689][ T1728] page last free stack trace: [ 36.492061][ T30] audit: type=1400 audit(1755282488.518:3280): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0 [ 36.530863][ T30] audit: type=1400 audit(1755282488.518:3281): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0 [ 36.585027][ T30] audit: type=1400 audit(1755282488.518:3282): avc: denied { read write } for pid=1733 comm="syz.4.657" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 36.620064][ T30] audit: type=1400 audit(1755282488.528:3283): avc: denied { map_create } for pid=1729 comm="syz.0.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 36.640634][ T30] audit: type=1400 audit(1755282488.528:3284): avc: denied { prog_load } for pid=1729 comm="syz.0.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 36.660024][ T30] audit: type=1400 audit(1755282488.528:3285): avc: denied { map_create } for pid=1733 comm="syz.4.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 36.679547][ T30] audit: type=1400 audit(1755282488.528:3286): avc: denied { prog_load } for pid=1733 comm="syz.4.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0