tc_dump_action: action bad kind
==================================================================
BUG: KASAN: wild-memory-access on address ffe708746e53f000
Read of size 28 by task syz-executor0/9729
CPU: 1 PID: 9729 Comm: syz-executor0 Not tainted 4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d5c879e8 ffffffff81d93149 ffe708746e53f000 000000000000001c
 0000000000000000 ffff8801d2564780 ffe708746e53f000 ffff8801d5c87a70
 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d08f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d08f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d460>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153bda7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153bda7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153be11>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826648db>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826648db>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826648db>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156b741>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156f510>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156f510>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156f7c4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156f8e6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81572ca7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81572ca7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'.
tc_dump_action: action bad kind
IPVS: Creating netns size=2536 id=26
device lo entered promiscuous mode
device lo left promiscuous mode
binder: 9878:9892 ioctl 541c 20002fff returned -22
binder: 9878:9879 ioctl 541c 20002fff returned -22
device syz2 left promiscuous mode
device syz2 entered promiscuous mode
PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex
device syz2 left promiscuous mode
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=9942 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=9948 comm=syz-executor7
device syz2 entered promiscuous mode
PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex
IPVS: Creating netns size=2536 id=27
device gre0 entered promiscuous mode
IPVS: Creating netns size=2536 id=28
netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
IPv6: Can't replace route, no match found
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
IPv6: Can't replace route, no match found
binder: 10101:10104 ioctl 8940 20919fe8 returned -22
netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'.
binder: 10101:10104 ioctl 89e1 207ca000 returned -22
binder: 10101:10110 ioctl 8940 20919fe8 returned -22
binder: 10101:10110 ioctl 89e1 207ca000 returned -22
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
binder_alloc: binder_alloc_mmap_handler: 10173 20000000-20400000 already mapped failed -16
device gre0 entered promiscuous mode
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
ALSA: seq fatal error: cannot create timer (-19)
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
ALSA: seq fatal error: cannot create timer (-19)
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
device gre0 entered promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10536 comm=syz-executor1
binder: 10572:10582 ioctl 4b4e 19 returned -22
binder: 10572:10582 ioctl 4b4e 19 returned -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49472 sclass=netlink_route_socket pig=10620 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10620 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49472 sclass=netlink_route_socket pig=10611 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10620 comm=syz-executor1
binder: 10712:10713 ioctl 4b4a 20cfff0d returned -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10725 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pig=10725 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10725 comm=syz-executor7
IPVS: Creating netns size=2536 id=29
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10747 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10747 comm=syz-executor7
binder: 10746:10750 ioctl 5411 20582000 returned -22
binder: 10746:10758 ioctl 5411 20582000 returned -22
binder: 10712:10748 ioctl 4b4a 20cfff0d returned -22
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
nla_parse: 2 callbacks suppressed
netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'.
binder: 11044:11050 ioctl 5609 208daffa returned -22
netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'.
binder: 11044:11090 ioctl 5609 208daffa returned -22
device lo entered promiscuous mode
binder: 11144:11146 ioctl 80044584 20fe6f09 returned -22
device gre0 entered promiscuous mode
binder: 11144:11146 ioctl 80044584 20fe6f09 returned -22
netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
binder: 11312:11315 ioctl 40084504 20386ff8 returned -22
binder: 11312:11332 ioctl 40084504 20386ff8 returned -22
netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
IPVS: Creating netns size=2536 id=30
IPVS: Creating netns size=2536 id=31
sock: process `syz-executor3' is using obsolete getsockopt SO_BSDCOMPAT
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 11623 Comm: syz-executor6 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d99179e0 ffffffff81d93149 ffff8801d9917cc0 0000000000000000
 ffff8801d66fbf10 ffff8801d9917bb0 ffff8801d66fbe00 ffff8801d9917bd8
 ffffffff81660dc8 ffff8801d9917b30 ffff8801c9e20000 00000001d96c0067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 1 PID: 11636 Comm: syz-executor6 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cec1f920 ffffffff81d93149 ffff8801cec1fc00 0000000000000000
 ffff8801d66fbf10 ffff8801cec1faf0 ffff8801d66fbe00 ffff8801cec1fb18
 ffffffff81660dc8 ffff8801cec1fa70 dffffc0000000000 00000001d96c0067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff81baed04>] SyS_mq_getsetattr+0x24/0x30 ipc/mqueue.c:1321
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
device gre0 entered promiscuous mode
binder: 11892:11894 ioctl 8010aa02 2053bff0 returned -22
binder: 11892:11931 ioctl 8010aa02 2053bff0 returned -22
device syz7 left promiscuous mode
skbuff: bad partial csum: csum=250/65535 len=310
device gre0 entered promiscuous mode
sock: sock_set_timeout: `syz-executor4' (pid 11954) tries to set negative timeout
sock: sock_set_timeout: `syz-executor4' (pid 11981) tries to set negative timeout
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
selinux_nlmsg_perm: 6 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12086 comm=syz-executor7