last executing test programs: 4.775053736s ago: executing program 2 (id=425): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="1a6f9f325e43651aba66512fb11276f4a52c2c8229451ca504361f51dcc556214359159912c3a0ad01a1988837", 0x2d}], 0x1}}], 0x2, 0x8008801) sendto$inet6(r0, &(0x7f0000000040)='\x00a', 0x2, 0x480c0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 4.708505957s ago: executing program 2 (id=427): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x30, 0x5, 0x1, 0xfffff034}, {0x6, 0x1, 0x6, 0x6}]}, 0x10) syz_emit_ethernet(0x4a, &(0x7f00000012c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9eebfd", 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x2a}, @private2={0xfc, 0x2, '\x00', 0x1}, {[], {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0xf7fd, 0x0, 0x3}}}}}}}, 0x0) 4.707917487s ago: executing program 2 (id=430): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x60, 0x10, 0x1, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PROXYARP={0x5}, @IFLA_BRPORT_PROXYARP_WIFI={0x5, 0xc, 0x1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) 4.707626637s ago: executing program 2 (id=431): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a00)=@newtfilter={0x1e0, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0x3}, {}, {0xfff1, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x1ac, 0x2, [@TCA_MATCHALL_ACT={0x1a8, 0x2, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x1, 0xea, 0x100004}, 0x1}}, @TCA_IFE_SMAC={0xa, 0x4, @remote}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_tunnel_key={0x120, 0xc, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e20}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast2}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x80000001, 0x5, 0x0, 0x7fffffff, 0x3}, 0x2}}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}]}, {0xaa, 0x6, "702d7b7ca2605b80fb0bfc581434a99b0850c1e175b9e72d4819877b7effa9a22735ec0257f9035602a8c82a11dcd81f6da90792c83eb930b4651b0842fd8b24ec959c6de4ea9a6fdfff65cf7fc47d67a92fccbcf4fd60e2271bae67b9018d70f2d67b7fcbbfc60cf21233bfcc9ab73d6b2b4e85bed55d04fedeb2f8b470d29a44a7f85406cacfcdfea3e574aeb330772672c017d8cb90971aa75861a28f23ee6cdfb876faaa"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x6}}}}, @m_skbedit={0x30, 0x2, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) 4.687843747s ago: executing program 2 (id=433): openat$zero(0xffffffffffffff9c, &(0x7f0000000500), 0xc80, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) close(0x3) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xb0000004}) 2.736212841s ago: executing program 1 (id=470): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000180)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000140), 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000080), 0x0) 2.736046571s ago: executing program 1 (id=471): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef096ec866400fe2de0fae4e0afaf24e6ff00fc01ebbf3470fa7c063df", 0xdc000006, 0x0, {[0x39a]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x6f5f9e67baf3aa14, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.726683021s ago: executing program 1 (id=472): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x34}}, 0xc000) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000003f00)={&(0x7f00000001c0)=ANY=[@ANYRESDEC=r0], 0x14}}, 0x20020084) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0) 2.474365143s ago: executing program 3 (id=477): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newqdisc={0x7c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x1, 0x0, 0x2, 0x4}, 0xa4ca, 0x0, 0x0, 0x6, 0x0, 0x18, 0xb, 0x12, 0x3, 0x9, {0x10001, 0xb, 0x2, 0x7, 0x2, 0x7fffffff}}}}, @TCA_STAB={0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4c840}, 0x0) 2.456740693s ago: executing program 3 (id=478): r0 = getpid() ioprio_set$pid(0x1, r0, 0x6000) ioprio_get$pid(0x2, 0x0) 2.388066034s ago: executing program 3 (id=479): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x800}, 0x9, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0x80000d, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x8f, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x1, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x0, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x9, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0xfffffffc, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x0, 0x4, 0x0, 0x80000, 0x401, 0x46, 0xf1, 0x4, 0xab00040, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0xfffff50f, 0x4, 0xfffffff7, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xe, 0x2, 0x491, 0x6, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x100006, 0x8000, 0x400, 0x3e59, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x3, 0x0, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x8, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) rename(&(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.224513305s ago: executing program 4 (id=488): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x300, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 2.108198865s ago: executing program 4 (id=489): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x60, 0x10, 0x403, 0x300, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50080, 0x1}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1e, 0x1f}}, @IFLA_VLAN_ID={0x6, 0x1, 0xffc}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x60}}, 0x8000) 2.070021365s ago: executing program 4 (id=490): fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161942, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0xff7ffff7) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) eventfd(0x0) epoll_create1(0x80000) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010102000000000000000002000000240002800c00028004000d003a00000014000180080001cd4bde2a0192000000000000000c001980080002"], 0x44}, 0x1, 0x0, 0x0, 0x200448c1}, 0x40) 2.024015216s ago: executing program 4 (id=491): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000980)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000ac0)="648678210790aef789014d2950e053689eccf789ca22d52f003429a35ee198865ddbc79fdf08b2803880dca70ebfbb08514bb5107c999f3c3ec9cdd8bfa6d977863f4278649f9b9433d8879fd6c523b4817ff160"}) 1.944086737s ago: executing program 4 (id=492): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0), 0x0, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57) setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) 1.877069287s ago: executing program 1 (id=493): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc1103000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x24}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x60000000}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="03000000040000000400000009"], 0x48) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0) read(r4, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001d00), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x8, 0x0, 0x0}}, 0x10) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r5, 0x2, &(0x7f0000000540)={&(0x7f00000021c0)=""/16, 0x10}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newlink={0x30, 0x10, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x328a, 0x3}, [@IFLA_GROUP={0x8, 0x1b, 0x7}, @IFLA_PROP_LIST={0x0, 0x34, 0x0, 0x1, [{0x0, 0x35, 'veth1\x00'}, {0x0, 0x35, 'veth1_to_bridge\x00'}, {0x0, 0x35, 'veth1_to_batadv\x00'}, {0x0, 0x35, 'vlan1\x00'}, {0x0, 0x35, 'ipvlan1\x00'}, {0x0, 0x35, 'erspan0\x00'}, {0x0, 0x35, 'vlan0\x00'}, {0x0, 0x35, 'bridge_slave_0\x00'}]}]}, 0x27}, 0x1, 0x0, 0x0, 0x40801}, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, &(0x7f0000000100)) 1.351969341s ago: executing program 2 (id=494): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="0015b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) readv(r1, &(0x7f0000000480)=[{&(0x7f0000000300)=""/194, 0xc2}], 0x1) syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") 1.260126081s ago: executing program 3 (id=496): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x2000414, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2b8, &(0x7f0000000800)="$eJzs3NFLU38Yx/Hn5/y5OdEtiKCgeqibuhm6/oAaoRANCnNSXQTHPKux0ybnDGMRuZvotr9DuuwuqP4Bb6Kb7ruTIOjGi+gbnrPpmU6durml7xfIeXae74fzdZvybLCt3n/7rJj3UnmrIgMxlQGRmqyJJNeruv/qxwG/HpKwmlwd+fXt/L0HD29nstnJadWpzMy1tKqOXfz4/OW7S58rI7Pvxz5EZSX5aPVn+vvK0MrZ1T8zTwueFjwtlStq6Vy5XLHmHFvnC14xpXrXsS3P1kLJs92mft4pLyxU1SrNj8YXXNvz1CpVtWhXtVLWiltV64lVKGkqldLRuJxsg22syS1PT1uZHdsm0tEdoeuGW5103UytdTO3fAR7AgAAfWb3+T+Y9Xee/7OzwXE/8/+Zved/Eeb/Lqk13dpj/sex4LoZK17/+23G/A8AAAAAAAAAAAAAAAAAAAAAwL9gzZiEMSaxfqyf8m9HRSQmIqbe7/E20SXhx9+EfvZ4/K/3aLvosNAH92IizpvF3GIuOAb9TF4K4ogt45KQ3/7zoS6op25lJ8fVl5RPzlI9v7SYi0i0kW9ItspfODUR5LU5/7/Ew9dPS0JOt75+umV+SK5cDuVTkpAvj6Usjsz7z+vN/KsJ1Zt3slvyw/46AAAAAACOg5Ru2Pb63e/7C2KyvR/kQ+8PGGOWdnt/YMvr60E5185XVAIAAAAAgEPzqi+KluPY7gGKqIgcIt75whiR3m8jIv1xbzQXN0SkD7ZxVEVMRIIzepD4j414WynTxppBEen53bKPotf/mQAAAAB02ubQv4/Q19dd3BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdPu98H1li/rdVo7BIPXS5y5L8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Ef+BgAA//+4IRyf") lsetxattr$security_selinux(&(0x7f00000001c0)='.\x00', &(0x7f0000000300), &(0x7f0000000280)='system_u:object_r:hwdata_t:s0\x00', 0xffd7, 0x1) io_setup(0x1, &(0x7f00000004c0)) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101242, 0x0) r6 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11fefffdff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x527}}]}}]}, 0x48}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB="ffffffff000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/10], 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000740)={0x0, 0x2, 0xffff1000, 0x1000, &(0x7f00005ab000/0x1000)=nil}) pwritev(r0, &(0x7f0000000540)=[{&(0x7f0000000080)="16068d393eec75230aebacc64dc89170014f8ebb056b60595607dcad1e", 0x1d}, {&(0x7f0000000280)="6c067cbfa5b0e2b71e02341423961fc2836533a9a78c40597f7825e942b8f99bd9fef8e6dbec2c82d675f73144ce912e6a2a4213d408443a8dd52dece595f0eca1438a142d28b6abc4992f73fdf77de8c2f7c562a1", 0x55}, {&(0x7f00000001c0)="7b558a3b0a55208ab6d470", 0xb}, {&(0x7f00000012c0)="ffe08a2bf257ffc39a22368b2ff17af77aefcd60d93b8b02677fe242ea07288087a71a8fe8fdee5c63a1d962a84975a95b1acbc7406df928eb18e0537b15f443972e5da4e3bc2fc82fa0bf144c6f0ebd52d0c60e35dc2ef7c4c10d3e61b57acee991b78d324b9a721d7c07d7c81d3ad16bd3714da012b359705d50e727a147a003afbd9851ef146093caa14566d0b4283c525d371744deec7c55951d4a7d6d33d52303d1831eafe44935d3b996da99c4a6ecc882a8e1f427f65be0457709139a0a387db3a0b87c05a834836ba434555a31b7336ad57ac4cd6cc44fdbb020e40e66b905276a001daa56839eeaa8ee9f03a538e2654d42c74c181e223fb2955f178c5611d396a92838a9663fbc2c32b6e723af182848a88c110fa7877ab1cb7014a69894e4935428d9180fba77c6312d87d6aea7fe69e222c542c38fac8141e29f8c9633a2cd549019693a3db15c465181dfca2cc8f0b20391bc724ba93e6166fb816902f1373d7e447e3cbcc4c6c126a8974c7f02860b91cbfa910a57ef17aa218056fc3a77dbdd315df9b03e67da6ff12d46627e3977f02c7e966a3a6b572c7cf987d07765c05caab3f1a1de1a45dc07067447fe21b57031ec6d8044c4198871f4e2b3e2c07e83643573dc61f3cf532f0e3ef872ad6ae64222bf3b10a5e320ca7d3ba2e0302243553d6e13dd96b58b4567bcc0e1d588992900c2891aa94e9e82bac33b177a70d9e70e9c8456e95a21a0710cce36bcd86221d4826437a2081fe369fa240f5a8c761e3f7ad2ca8e85d3b54e336ec1d178e919c6ba52448cf459e4339b48d67167daa0ad05bb540f23138caa07ebbeddd8a9b1a4200eae918604516169f61e20ef769db3f3fe7a9bb958e0ea4ecadb2cc240e6c3617fa7cbee41ae50b2db68007468f46cd3f3b2a165c0063c4b1d3ca87003c8493d4d2c545b1e07208aeb463b694020cd3dabb7a979157f4cc095065394b7216cc02f03949514c698bd01794abc288dadf3454961ffeaf445653054f574d7f3c2855a03033a7057deccd74a62c1cb790dc404a1e0590b5d1dda73ba240f0fc0aad38b5e5a04e861686b8e4400846ce35fd47b1ff54312456f8346e3f86f98cf42efe1fc60fdf42bd8eec06eee39dd0b5657ee096cf763509b9c64f98a1f59e2e28f5582eb72933a6e535bd8c1ee233f9c64a4fb332bf7ff1c1501951939b3f2bfd0446de96f3aa0e2bbdb816806115317e3dc3be0476d28007a923ec6ac0185453b6daf460bcefe787f335d2f559c58f57ed945d9f975185cf8b0454a233aaab8fc8075f383044d9c70edeb91398a6d0287efa972a6ddfdd24c53dbf83efbfc9218e7ea180f7496e84eb2cc43d2d8365d2984f5c5ba3eac1317c08884db88221eb84b34610b216b4a41a0a72fd2a634ed72c4c1de732b9e9e414b10c153ee491077fe70f90dd605e4ee51d97a81bac2b14cb1a6a4370beed5b06ab0fa70b65950e01840397db50628226507617bd3cd421e51d4cbb42c036ad1616dd9d57c00cb916793ed8dc2e18c3e7c951cce749751f66ceb3776b8fbf72e3530605b182402267e4e49d1aeb2c3572c7c06f220c28e43272ec80b0fabadb1f2985aca27e5d67c1b7f44002bd722258aedca3ccb41ff1805fc3419c11c31e64104d6196e621247c3653a33dea8b4a4cf22ac25c3e7b073508f980710ae54882ecbc33beb2e8d1135803077f73f67c86b73cb6fdcaef0909382a370f05fe4b329df8f83b89b98dcd050e407698e5eef80c0fcecd0f4f5126bed9922125eb6687e4918339bef723a9f181dfc7a4c288987867a0173bb87bb2ea7e90e8c22c679f4a56d32a22683e050453bb8fea3acd729b46c22fe644c952a7a402372fa6c58775b7b396e96539d22540e3c0c0acf411bc42fa44f89c4d03348edf8eadfbc00f8a1a42b8e1f6adc55c7f01fd82167857335b5cd3f77f87e4673915b171d35093b25eb9ec163b26f3f882bbc36e89a6d20e1d138d67e3cc4868876a751c673871e150c241faed0549af06ec8542f708dbe03f3f9580bc6b742f6903132fabeb63ae85b601782b8f4e13afed2a8f26a300a96d1d58e02126a4d16c89e9ff7b9f9063220ccf422ea5e40d98e716f69df171058342bdcad1a7122a94a591fc5860f34cbe4379788f075875e709d6faecea3530f82a2a19e7661e312befbf94d997c6580c575fe05d36fa646b75ea47571784637774669004f07d61500796411bb6c5fae8ff4451d1c98ca8b86628ebd3c0dffa72e216d5b08185f01c83adaaa4c1a52dc171ded6000c3402c55c3fecfcd0ed973225fee406c1c82f9fefb0daed1d1356da56b278f5811bf7ff1466240409b119ca0bf6c048103440a3d57c0a0b9fbdbf9b74e38a20fa45873153989dd04f01c3be381bb70a53c40d26726c44b5ea6bd1f5f0b1e5b3145058cc83fe4f552eb3341da7b22a6c5e023a9450e7e55a45dc86461f9ba657f2ee99116f375c21c44e7d16feb0ef43aef5a74f34f8ea04f201ce772a28deff5ddd65cdd2802d46a5631e1f0a71e47fc41051f66804cc436fd6f174b6dd12fb0ace11389b63a601504ef31efa224ee9667f149b7a8be89289b58d5bb2fe201dd2057ba1c6908c3003b2d5c9b60e93b2f878564ae98c04525ba5618dbc911df96a8307dfd43860334d4a1ccde8ad8751c2f6b2a3be2e6c448c1b347a5c5867121bc61beb2fd9fb986fb85a290a3cf7325828bffa36441ce98b7f68dd60f55c0a1a458534749628fe2d4bf0a9d07d7fd7242ec466c001845ddfd91c16772a0264dfa0330f140472bd1d1db73ed9e8316d978b996e7df5c1aff8d101fe09cded41605684e667cf618c2c53e9a9c3877f72905b6603967b9e84a3b59f3f58f9ade49d5e0c83d477eff2d0e230fe0caae54a637d3678e0f22c08ba53e8d410829d73cdd7b04f20e73b6f4409440ecda70e499fdc2aab129adf45a1c3710fee4c50e4cd64080bb26119da139f48c0197dcfc7200caa2143c2f8fd23506119432e8dab1b7e6f6011d468ee979cad8bb7c68884179baef78f790207f9a546642dd90ace4c2752289df57583d8ff92a8d0fc6d578f7d16138170e5b26e6a91597d5c0ec0cef0e116132217ddc985e25af436b5ed800a5208d21f3afaa34b1d7288b68d8c0b36e410a6acfe653b770b42055b20d42d0f4022cffef19fd063e81df142ddb2799f8abdd4a209cb5102ab0de4ca060d75a0fa5a6261daf149ebef6e8d4da869b8279cc99c245bed966773c75b1003f1a89a748ef0193dda5eb2e821bfe26df99acc49ca6720474abbee6190964aeefb85f86c11270641813bda5f53aa73fef12828ed99d26ecca3841eda6fc0cd800fea64b33d04ac761bebd20662f8e87d1da495ca7ca17109ae50417f7b9b37ae41cb6d64d774de17d8c589116468cab1834228c43a5b258a5246fcb440866cb2713d60c2dcb476980f39565b45a6f10a3f6d0b2edcb40da0f96534345758011f0739253bca92277473832b139efc0230107087da363142428834c008f62000184072bddaa23f12f18a806fe167aa6c7d3c9a48ea7ffcbb9751483a9cf24af88525eb3989b0f1f19b853ac9d00c0340d420530ad57ef09b6ff84d4a85cfdbfd14cc987c8e5ccb20723bb6a28deae15d74d3a1eba9989372d64ae815f1c219e1500585242ab7b028c0401bcddc6b6e838c5f421aeed3d088827dd5257422db19e68f5c9e3c840560f36069135e33596ea21d5df6f887b4f4af56fe2cd0131dde22d09adb0ebb7ecd79c3f249158ffe38ab6c297bac85beb04d6be20987ef0b7714515f7cd3e6c52a6b3c15b7fca28cd7418fe5357c753dce50abae722664c376b83a3c172c72afad0ac449d65d7775e5bc2a75a8855d9f0b160c1030b6cb65749647ac1f8f59af334a4c2d8b2436cf2ade6477c4e67897b496da7a1318b25407c40cb9b06c6be0e26e05bbe9840a5e59b95426cc4facd319df551b2d14d432b93e543aa503b78e2b8603335abd1e8659792ff38c9d2509b985ada2c1e493461231a1d2e20e69978502a6bed023e304e7a3d9950fd20f69c9f42142b6dbc135748101f04c655135ab89cc59b483f17073839ea6e957c8a8515e89c7ecdaa9435d505ab7d285f8a0f2cefe19e65e80057bd7cd9cd49565dbb61835a253d9bbcadd242164959cd39c00317936415d2252fa683c8a4d06a64581ddef4af027bd600ce73bf498727121b3da4c8da4e52f5d30845cc00693dde3b94b5b15b941e8af24277797ea7ffa3bb6e3db8531952f962707e8707049da8f39959138e1dbba9381ac0bd53aa19aef3fc3c030d568bfa36e473117e89d107981dbd339f030ec1b6d50f2796286e1c4579d52702ecc00d662c9aeec14db4509d0b3cac34c50dd1eaea9ebddde2ecc37fb44061d84398f0fb34ecbeacd620b252ee65ae14bc27edb9a1d8f032ec0d400f54f3efb22b2df020994d40cd5bb65ec9593c706ef846ffe95301c0b354612f91a9d153c55c7cc06c8310246516b197b774da7140ba8687155716ce1c79c559eabf634038ecf383f572c763c53696d5c1e7e069eaa64384c3979c4cab6c11c1748f246f2a923811c122a3522fd103765c10ad8695dc7f30d80112f37ceb202ab6d7d4da43b4940115a9040f344603eaa7922c5d51d109096aa78675544571f04fa65bb5925845891e511814141bfdf594fdb6242573a3c266b987348445b3ccd745625b98767b6c1c787d69afeb025fcda53bd9336ea21857cba75be6b6e8a88441cd155f7732007fd0311b0c446b680ded5be2926468d96d3b0087c472942fd8324a234755610c894ee445b52cba3edd04a6a5c1ff6f588406dcf89109d499172a8d721c3fe1ac967b53398985a4fdc7ec83fd720e91dde386a03f444cb02ae8e2dfc7737fead50153f067cc3d6f61f92dd48fadf4ff4bcc0592cc2a1b49f18e5eac7cb22abd4abcfc820ae128f697d65d2ba23dd5276de7c6cd217b8f5c12a34cf14beb7edcd6ee54dbe03dd349dc8b3a31f917de7141d458c04e690180c3eebe25907324f638b0ed6f2a46beaaca0d2d9b", 0xe00}, {&(0x7f0000000600)="be0446a1979a9c5c39ff12a1e091126ae7bea3679ef52a5521d4cc5fa4b072148718028491cce20dcc79a55c7e6334ad2dfd5989128c41ab1f156e5bcd177924be931cbc45b9a0b98cf2a44f76662eab70e036d1e73ce405999e19c5fd2164e7831506a880e2462a53a7e3b6bffae1a6b8c29010fd54fe63a4d9a2f9c1b795e3c95ae2167b5fd83b3b7c8a557d08971e895c1415de5843e6301f5a2b5a639ccc1c1d47efb8ff0cf4d86f27c6bcc72d", 0xaf}], 0x5, 0x0, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xfff1, 0xc}}]}}]}, 0x3c}}, 0x0) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000700)={0x2, {0x2, 0x5, 0x9, 0x8, 0x1e, 0x11213a553a3e1fd7}}) 896.815524ms ago: executing program 1 (id=499): ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x4, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x9}, 0x0) syz_open_procfs(0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r2 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x238, 0x238, 0x238, 0x98, 0x98, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x4, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470) fcntl$setown(r0, 0x8, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0408c1}, 0x24000840) r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) pipe2$watch_queue(0x0, 0x80) add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r3) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 862.655104ms ago: executing program 4 (id=500): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x15b4033c9e1ec1c6}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101) 392.101818ms ago: executing program 1 (id=502): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) 258.936358ms ago: executing program 3 (id=503): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)={0x2c, 0x40, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x17}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc020) 222.351179ms ago: executing program 0 (id=504): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x70bd25, 0xfffffffe, {}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_DST={0x63, 0x2, @dev={0xac, 0x14, 0x14, 0x21}}}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x8}, @NHA_OIF={0x8}]}, 0x34}}, 0x40040d0) 160.236239ms ago: executing program 3 (id=505): connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000008000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff0000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) 159.983879ms ago: executing program 0 (id=507): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = epoll_create1(0x80000) io_setup(0xdda, &(0x7f00000000c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x2016}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r0) 110.77859ms ago: executing program 0 (id=508): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000013002f0a2bbd70000000000007006800", @ANYRES32=r1, @ANYBLOB="400900006522020024001a8009000100766c616e000000001400048010000180"], 0x44}}, 0x8004) 91.2863ms ago: executing program 0 (id=509): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)="ab", 0x1}], 0x1}}], 0x1, 0x4010) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newnexthop={0x24, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0x4}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 225.49µs ago: executing program 0 (id=510): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=@newsa={0xf8, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x2b}, @in6=@local, {0x0, 0x0, 0xb, 0xa, 0x6, 0x0, 0x2, 0x3}, {0x0, 0x7, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x4, 0x0, 0x28}, [@tfcpad={0x8, 0x16, 0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 0s ago: executing program 0 (id=511): socket$unix(0x1, 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xffe0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x8, 0x7, 0x1, 0x6, 0x5}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.148' (ED25519) to the list of known hosts. [ 21.675538][ T30] audit: type=1400 audit(1761906020.919:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.678033][ T273] cgroup: Unknown subsys name 'net' [ 21.699146][ T30] audit: type=1400 audit(1761906020.919:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.728977][ T30] audit: type=1400 audit(1761906020.949:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.729269][ T273] cgroup: Unknown subsys name 'devices' [ 21.904870][ T273] cgroup: Unknown subsys name 'hugetlb' [ 21.910732][ T273] cgroup: Unknown subsys name 'rlimit' [ 22.081297][ T30] audit: type=1400 audit(1761906021.319:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.104801][ T30] audit: type=1400 audit(1761906021.319:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.130143][ T30] audit: type=1400 audit(1761906021.319:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.141143][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.162597][ T30] audit: type=1400 audit(1761906021.399:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.188593][ T30] audit: type=1400 audit(1761906021.429:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.220870][ T30] audit: type=1400 audit(1761906021.459:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.221445][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.246745][ T30] audit: type=1400 audit(1761906021.459:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.955045][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.962137][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.969763][ T281] device bridge_slave_0 entered promiscuous mode [ 23.976893][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.984010][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.991587][ T281] device bridge_slave_1 entered promiscuous mode [ 24.078587][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.085772][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.093521][ T282] device bridge_slave_0 entered promiscuous mode [ 24.100580][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.107703][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.115212][ T282] device bridge_slave_1 entered promiscuous mode [ 24.179299][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.186566][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.194196][ T283] device bridge_slave_0 entered promiscuous mode [ 24.211810][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.219226][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.226841][ T283] device bridge_slave_1 entered promiscuous mode [ 24.263720][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.271248][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.278814][ T285] device bridge_slave_0 entered promiscuous mode [ 24.297122][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.304462][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.311937][ T285] device bridge_slave_1 entered promiscuous mode [ 24.356529][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.363624][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.371018][ T284] device bridge_slave_0 entered promiscuous mode [ 24.384872][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.391946][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.399471][ T284] device bridge_slave_1 entered promiscuous mode [ 24.464294][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.471367][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.478718][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.485774][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.530095][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.537189][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.544507][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.551666][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.613399][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.622191][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.631088][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.639150][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.651702][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.660969][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.690917][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.715599][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.723994][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.731062][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.738888][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.748180][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.755290][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.763267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.771783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.792971][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.802084][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.810451][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.819268][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.827927][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.835053][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.842783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.862495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.886453][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.895758][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.902859][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.910308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.934624][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.943127][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.951181][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.959142][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.967140][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.975519][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.983655][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.992059][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.999149][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.006818][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.015244][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.022571][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.030307][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.048865][ T281] device veth0_vlan entered promiscuous mode [ 25.055949][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.064495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.072806][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.079851][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.087956][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.096593][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.105326][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.112665][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.120144][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.128919][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.137431][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.145701][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.153896][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.166631][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.174750][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.184594][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.193089][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.202958][ T282] device veth0_vlan entered promiscuous mode [ 25.213529][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.222024][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.230730][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.239390][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.256510][ T281] device veth1_macvtap entered promiscuous mode [ 25.266141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.275139][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.283261][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.291836][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.300986][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.309544][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.318444][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.326255][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.334552][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.343037][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.350596][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.360297][ T283] device veth0_vlan entered promiscuous mode [ 25.374417][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.383434][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.398958][ T282] device veth1_macvtap entered promiscuous mode [ 25.405942][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.415540][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.424439][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.433593][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.442279][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.450906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.459380][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.478501][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.487141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.495904][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.504069][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.512173][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.520406][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.528910][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.536837][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.544582][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.552435][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.562518][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.570815][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.581418][ T285] device veth0_vlan entered promiscuous mode [ 25.591064][ T283] device veth1_macvtap entered promiscuous mode [ 25.598321][ T284] device veth0_vlan entered promiscuous mode [ 25.609861][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.618771][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.618863][ T281] request_module fs-gadgetfs succeeded, but still no fs? [ 25.640736][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.649771][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.658476][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.667513][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.676086][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.684387][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.700907][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.710009][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.731496][ T285] device veth1_macvtap entered promiscuous mode [ 25.749649][ T284] device veth1_macvtap entered promiscuous mode [ 25.761944][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.884297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.908927][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.927803][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.958164][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.006952][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.204019][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.257986][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.273105][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.331888][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 26.343591][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 26.351976][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 26.358156][ T357] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4'. [ 26.361043][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 26.377909][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 26.386438][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 26.394968][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 26.403774][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 26.719861][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 26.719877][ T30] audit: type=1400 audit(1761906025.959:119): avc: denied { read } for pid=364 comm="syz.0.8" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.755217][ T363] device syzkaller0 entered promiscuous mode [ 26.764295][ T365] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.770504][ T30] audit: type=1400 audit(1761906025.959:120): avc: denied { open } for pid=364 comm="syz.0.8" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.825491][ T369] FAULT_INJECTION: forcing a failure. [ 26.825491][ T369] name failslab, interval 1, probability 0, space 0, times 1 [ 26.842496][ T369] CPU: 0 PID: 369 Comm: syz.0.8 Not tainted syzkaller #0 [ 26.849592][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 26.859701][ T369] Call Trace: [ 26.863092][ T369] [ 26.866046][ T369] __dump_stack+0x21/0x30 [ 26.870442][ T369] dump_stack_lvl+0xee/0x150 [ 26.875072][ T369] ? show_regs_print_info+0x20/0x20 [ 26.880480][ T369] dump_stack+0x15/0x20 [ 26.884669][ T369] should_fail+0x3c1/0x510 [ 26.889123][ T369] __should_failslab+0xa4/0xe0 [ 26.893912][ T369] should_failslab+0x9/0x20 [ 26.898435][ T369] slab_pre_alloc_hook+0x3b/0xe0 [ 26.903493][ T369] __kmalloc+0x6d/0x2c0 [ 26.907761][ T369] ? security_prepare_creds+0x4e/0x140 [ 26.913263][ T369] security_prepare_creds+0x4e/0x140 [ 26.918591][ T369] prepare_creds+0x456/0x640 [ 26.923507][ T369] copy_creds+0xe4/0x640 [ 26.927808][ T369] copy_process+0x799/0x3210 [ 26.932444][ T369] ? kstrtol_from_user+0x260/0x260 [ 26.937616][ T369] ? check_stack_object+0x106/0x140 [ 26.942863][ T369] ? __pidfd_prepare+0x150/0x150 [ 26.945098][ T30] audit: type=1400 audit(1761906026.009:121): avc: denied { ioctl } for pid=364 comm="syz.0.8" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.947835][ T369] ? copy_clone_args_from_user+0x525/0x630 [ 26.947862][ T369] kernel_clone+0x23f/0x940 [ 26.982512][ T369] ? __delayed_free_task+0x20/0x20 [ 26.987659][ T369] ? create_io_thread+0x130/0x130 [ 26.992816][ T369] __x64_sys_clone3+0x296/0x2f0 [ 26.997698][ T369] ? __ia32_sys_clone+0x1d0/0x1d0 [ 27.003031][ T30] audit: type=1400 audit(1761906026.079:122): avc: denied { compute_member } for pid=371 comm="syz.1.10" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 27.003228][ T369] ? mutex_unlock+0x89/0x220 [ 27.003261][ T369] ? fput_many+0x15a/0x1a0 [ 27.033873][ T369] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 27.040169][ T369] x64_sys_call+0x53e/0x9a0 [ 27.044710][ T369] do_syscall_64+0x4c/0xa0 [ 27.049589][ T369] ? clear_bhb_loop+0x50/0xa0 [ 27.054289][ T369] ? clear_bhb_loop+0x50/0xa0 [ 27.058995][ T369] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 27.064921][ T369] RIP: 0033:0x7f5afd2bdfc9 [ 27.069366][ T369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 27.089357][ T369] RSP: 002b:00007f5afbd04f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 27.098293][ T369] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f5afd2bdfc9 [ 27.106305][ T369] RDX: 00007f5afbd04f20 RSI: 0000000000000058 RDI: 00007f5afbd04f20 [ 27.114316][ T369] RBP: 00007f5afbd05090 R08: 0000000000000000 R09: 0000000000000058 [ 27.122317][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 27.130318][ T369] R13: 00007f5afd515128 R14: 00007f5afd515090 R15: 00007ffda69c15c8 [ 27.138437][ T369] [ 27.145459][ T375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10'. [ 27.186615][ T30] audit: type=1400 audit(1761906026.429:123): avc: denied { read write } for pid=379 comm="syz.3.13" name="uinput" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 27.234542][ T382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 27.243481][ T30] audit: type=1400 audit(1761906026.429:124): avc: denied { open } for pid=379 comm="syz.3.13" path="/dev/uinput" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 27.271783][ T385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 27.312699][ T30] audit: type=1400 audit(1761906026.469:125): avc: denied { read write } for pid=383 comm="syz.3.14" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.357217][ T30] audit: type=1400 audit(1761906026.469:126): avc: denied { open } for pid=383 comm="syz.3.14" path="/dev/raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.389101][ T30] audit: type=1400 audit(1761906026.469:127): avc: denied { ioctl } for pid=383 comm="syz.3.14" path="/dev/raw-gadget" dev="devtmpfs" ino=254 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.414663][ T30] audit: type=1400 audit(1761906026.529:128): avc: denied { create } for pid=386 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 27.509389][ T361] loop4: detected capacity change from 0 to 131072 [ 27.522728][ T6] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 27.597338][ T361] F2FS-fs (loop4): Test dummy encryption mode enabled [ 27.609349][ T361] F2FS-fs (loop4): invalid crc value [ 27.621160][ T395] loop0: detected capacity change from 0 to 256 [ 27.646570][ T361] F2FS-fs (loop4): Found nat_bits in checkpoint [ 27.690726][ T361] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 27.769809][ T403] netlink: 4476 bytes leftover after parsing attributes in process `syz.1.19'. [ 27.882746][ T6] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 27.892881][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.902364][ T6] usb 4-1: config 0 descriptor?? [ 28.681888][ T424] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5664 sclass=netlink_route_socket pid=424 comm=syz.0.24 [ 28.870362][ T426] loop1: detected capacity change from 0 to 512 [ 28.914299][ T426] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.034333][ T432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22'. [ 29.281867][ T438] loop2: detected capacity change from 0 to 512 [ 29.384127][ T447] FAULT_INJECTION: forcing a failure. [ 29.384127][ T447] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 29.397423][ T447] CPU: 0 PID: 447 Comm: syz.2.29 Not tainted syzkaller #0 [ 29.405586][ T447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 29.416044][ T447] Call Trace: [ 29.419356][ T447] [ 29.422298][ T447] __dump_stack+0x21/0x30 [ 29.426641][ T447] dump_stack_lvl+0xee/0x150 [ 29.431246][ T447] ? show_regs_print_info+0x20/0x20 [ 29.436469][ T447] dump_stack+0x15/0x20 [ 29.440728][ T447] should_fail+0x3c1/0x510 [ 29.445158][ T447] should_fail_usercopy+0x1a/0x20 [ 29.450192][ T447] strncpy_from_user+0x24/0x2e0 [ 29.455054][ T447] ? kmem_cache_alloc+0xf7/0x260 [ 29.460005][ T447] getname_flags+0xf4/0x500 [ 29.464518][ T447] user_path_at_empty+0x30/0x1c0 [ 29.469465][ T447] do_sys_truncate+0xa3/0x190 [ 29.474153][ T447] ? break_lease+0xd0/0xd0 [ 29.478577][ T447] ? debug_smp_processor_id+0x17/0x20 [ 29.483960][ T447] __x64_sys_truncate+0x5b/0x70 [ 29.488824][ T447] x64_sys_call+0x212/0x9a0 [ 29.493340][ T447] do_syscall_64+0x4c/0xa0 [ 29.497861][ T447] ? clear_bhb_loop+0x50/0xa0 [ 29.502560][ T447] ? clear_bhb_loop+0x50/0xa0 [ 29.507243][ T447] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.513168][ T447] RIP: 0033:0x7f4861745fc9 [ 29.517594][ T447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 29.537325][ T447] RSP: 002b:00007f48601ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 29.546733][ T447] RAX: ffffffffffffffda RBX: 00007f486199cfa0 RCX: 00007f4861745fc9 [ 29.554834][ T447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 [ 29.563026][ T447] RBP: 00007f48601ae090 R08: 0000000000000000 R09: 0000000000000000 [ 29.571010][ T447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 29.578995][ T447] R13: 00007f486199d038 R14: 00007f486199cfa0 R15: 00007ffc1f42a168 [ 29.587012][ T447] [ 29.985587][ T463] loop4: detected capacity change from 0 to 256 [ 30.086563][ T469] Zero length message leads to an empty skb [ 30.094898][ T468] loop2: detected capacity change from 0 to 1024 [ 30.127080][ T468] EXT4-fs (loop2): Ignoring removed orlov option [ 30.154099][ T468] EXT4-fs (loop2): mounted filesystem without journal. Opts: block_validity,nodiscard,errors=remount-ro,nombcache,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,. Quota mode: none. [ 30.285386][ T483] netlink: 80 bytes leftover after parsing attributes in process `syz.0.39'. [ 30.404213][ T486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'. [ 30.413318][ T486] FAULT_INJECTION: forcing a failure. [ 30.413318][ T486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 30.426652][ T486] CPU: 1 PID: 486 Comm: syz.0.40 Not tainted syzkaller #0 [ 30.433987][ T486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 30.444329][ T486] Call Trace: [ 30.447614][ T486] [ 30.450569][ T486] __dump_stack+0x21/0x30 [ 30.454907][ T486] dump_stack_lvl+0xee/0x150 [ 30.459513][ T486] ? show_regs_print_info+0x20/0x20 [ 30.464788][ T486] dump_stack+0x15/0x20 [ 30.468976][ T486] should_fail+0x3c1/0x510 [ 30.473438][ T486] should_fail_usercopy+0x1a/0x20 [ 30.478488][ T486] _copy_to_user+0x20/0x90 [ 30.483433][ T486] simple_read_from_buffer+0xe9/0x160 [ 30.488940][ T486] proc_fail_nth_read+0x19a/0x210 [ 30.494114][ T486] ? proc_fault_inject_write+0x2f0/0x2f0 [ 30.500312][ T486] ? security_file_permission+0x83/0xa0 [ 30.506236][ T486] ? proc_fault_inject_write+0x2f0/0x2f0 [ 30.511894][ T486] vfs_read+0x282/0xbe0 [ 30.516110][ T486] ? kernel_read+0x1f0/0x1f0 [ 30.520715][ T486] ? __kasan_check_write+0x14/0x20 [ 30.525861][ T486] ? mutex_lock+0x95/0x1a0 [ 30.530305][ T486] ? wait_for_completion_killable_timeout+0x10/0x10 [ 30.537123][ T486] ? __fget_files+0x2c4/0x320 [ 30.542296][ T486] ? __fdget_pos+0x2d2/0x380 [ 30.547075][ T486] ? ksys_read+0x71/0x240 [ 30.551619][ T486] ksys_read+0x140/0x240 [ 30.553167][ T289] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.556149][ T486] ? vfs_write+0xf70/0xf70 [ 30.556177][ T486] ? __kasan_check_write+0x14/0x20 [ 30.556199][ T486] ? switch_fpu_return+0x15d/0x2c0 [ 30.556221][ T486] __x64_sys_read+0x7b/0x90 [ 30.556237][ T486] x64_sys_call+0x96d/0x9a0 [ 30.556256][ T486] do_syscall_64+0x4c/0xa0 [ 30.556276][ T486] ? clear_bhb_loop+0x50/0xa0 [ 30.556292][ T486] ? clear_bhb_loop+0x50/0xa0 [ 30.556309][ T486] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.556331][ T486] RIP: 0033:0x7f5afd2bc9dc [ 30.556350][ T486] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 30.556366][ T486] RSP: 002b:00007f5afbd05030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 30.556386][ T486] RAX: ffffffffffffffda RBX: 00007f5afd515090 RCX: 00007f5afd2bc9dc [ 30.556401][ T486] RDX: 000000000000000f RSI: 00007f5afbd050a0 RDI: 000000000000000a [ 30.556414][ T486] RBP: 00007f5afbd05090 R08: 0000000000000000 R09: 0000000000000000 [ 30.556426][ T486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 30.556438][ T486] R13: 00007f5afd515128 R14: 00007f5afd515090 R15: 00007ffda69c15c8 [ 30.556458][ T486] [ 30.755369][ T490] loop4: detected capacity change from 0 to 4096 [ 30.773480][ T490] EXT4-fs (loop4): Test dummy encryption mode enabled [ 30.784671][ T490] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,barrier,dioread_nolock,test_dummy_encryption,nobarrier,grpjquota=,dioread_nolock,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 30.822805][ T6] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 30.833294][ T6] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9 [ 30.845028][ T6] asix: probe of 4-1:0.0 failed with error -71 [ 30.845230][ T490] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 30.852497][ T6] usb 4-1: USB disconnect, device number 2 [ 30.964471][ T289] usb 3-1: Using ep0 maxpacket: 32 [ 31.083004][ T289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.102693][ T289] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.122710][ T289] usb 3-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 31.131905][ T289] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.154865][ T289] usb 3-1: config 0 descriptor?? [ 31.298544][ T499] mmap: syz.4.44 (499) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 31.350118][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 31.394705][ T475] loop2: detected capacity change from 0 to 256 [ 31.443912][ T475] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 31.464031][ T507] loop4: detected capacity change from 0 to 128 [ 31.485991][ T506] syz.3.46[506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.486101][ T506] syz.3.46[506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.638472][ T513] syz.0.47[513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.651659][ T513] syz.0.47[513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.702914][ T289] usbhid 3-1:0.0: can't add hid device: -71 [ 31.727362][ T289] usbhid: probe of 3-1:0.0 failed with error -71 [ 31.740440][ T289] usb 3-1: USB disconnect, device number 2 [ 31.796483][ T30] kauditd_printk_skb: 79 callbacks suppressed [ 31.796498][ T30] audit: type=1400 audit(1761906031.039:208): avc: denied { write } for pid=512 comm="syz.0.47" name="mcfilter" dev="proc" ino=4026532309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 32.007683][ T524] syz.2.49[524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.008202][ T524] syz.2.49[524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.844917][ T30] audit: type=1326 audit(1761906032.089:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.213562][ T530] loop4: detected capacity change from 0 to 2048 [ 33.259402][ T530] ======================================================= [ 33.259402][ T530] WARNING: The mand mount option has been deprecated and [ 33.259402][ T530] and is ignored by this kernel. Remove the mand [ 33.259402][ T530] option from the mount to silence this warning. [ 33.259402][ T530] ======================================================= [ 33.260175][ T30] audit: type=1326 audit(1761906032.129:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.348719][ T30] audit: type=1326 audit(1761906032.129:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.372555][ T30] audit: type=1326 audit(1761906032.129:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.398238][ T30] audit: type=1326 audit(1761906032.129:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.421907][ T530] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.432811][ T6] Bluetooth: hci0: command 0x1003 tx timeout [ 33.439693][ T501] Bluetooth: hci0: sending frame failed (-49) [ 33.446075][ T30] audit: type=1326 audit(1761906032.129:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.469840][ T30] audit: type=1326 audit(1761906032.129:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.493033][ T30] audit: type=1326 audit(1761906032.129:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.516363][ T30] audit: type=1326 audit(1761906032.129:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdded2dcfc9 code=0x7ffc0000 [ 33.547745][ T542] incfs: Options parsing error. -22 [ 33.553174][ T542] incfs: mount failed -22 [ 34.798200][ T571] capability: warning: `syz.2.62' uses deprecated v2 capabilities in a way that may be insecure [ 34.866186][ T572] loop0: detected capacity change from 0 to 2048 [ 34.970829][ T572] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000004,noload,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 34.994770][ T572] overlayfs: option "workdir=./file1\" is useless in a non-upper mount, ignore [ 35.022775][ T572] overlayfs: missing 'lowerdir' [ 35.502701][ T289] Bluetooth: hci0: command 0x1001 tx timeout [ 35.509000][ T501] Bluetooth: hci0: sending frame failed (-49) [ 35.938731][ T624] netlink: 'syz.3.84': attribute type 16 has an invalid length. [ 35.946509][ T624] netlink: 20 bytes leftover after parsing attributes in process `syz.3.84'. [ 35.955359][ T624] device veth0_macvtap entered promiscuous mode [ 36.092718][ T523] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 36.482730][ T523] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 36.494605][ T523] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.602752][ T523] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 36.617690][ T523] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 36.635608][ T523] usb 5-1: Manufacturer: syz [ 36.651313][ T523] usb 5-1: config 0 descriptor?? [ 36.692704][ T540] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 36.895078][ T523] usb 5-1: USB disconnect, device number 2 [ 36.912517][ T30] kauditd_printk_skb: 69 callbacks suppressed [ 36.912535][ T30] audit: type=1400 audit(1761906036.149:287): avc: denied { bind } for pid=658 comm="syz.3.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 36.969163][ T661] xt_hashlimit: max too large, truncated to 1048576 [ 37.044382][ T669] netlink: 16 bytes leftover after parsing attributes in process `syz.2.102'. [ 37.110284][ T30] audit: type=1400 audit(1761906036.349:288): avc: denied { write } for pid=676 comm="syz.0.106" laddr=fe80::13 lport=60 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 37.261213][ T682] kvm [681]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xc26a [ 37.272286][ T682] kvm [681]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x9e6a [ 37.283869][ T682] kvm [681]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x8604 [ 37.382701][ T60] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 37.515855][ T30] audit: type=1400 audit(1761906036.759:289): avc: denied { ioctl } for pid=700 comm="syz.4.116" path="/dev/uinput" dev="devtmpfs" ino=258 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 37.520977][ T703] input: syz0 as /devices/virtual/input/input5 [ 37.572735][ T289] Bluetooth: hci0: command 0x1009 tx timeout [ 37.586222][ T30] audit: type=1400 audit(1761906036.799:290): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=598 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.609800][ T30] audit: type=1400 audit(1761906036.799:291): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=598 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.634238][ T60] usb 4-1: Using ep0 maxpacket: 8 [ 37.653051][ T30] audit: type=1400 audit(1761906036.799:292): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=598 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.680695][ T30] audit: type=1400 audit(1761906036.919:293): avc: denied { ioctl } for pid=707 comm="syz.4.118" path="socket:[16100]" dev="sockfs" ino=16100 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 37.772831][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.792556][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.803233][ T60] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 37.815141][ T30] audit: type=1400 audit(1761906037.059:294): avc: denied { setopt } for pid=707 comm="syz.4.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 37.835714][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.856421][ T60] usb 4-1: config 0 descriptor?? [ 37.913487][ T716] tipc: Started in network mode [ 37.918754][ T716] tipc: Node identity 66ad9c08d8df, cluster identity 4711 [ 37.926207][ T716] tipc: Enabled bearer , priority 0 [ 37.933458][ T716] device syzkaller0 entered promiscuous mode [ 37.942556][ T716] tipc: Resetting bearer [ 37.949768][ T715] tipc: Resetting bearer [ 37.957184][ T715] tipc: Disabling bearer [ 38.060382][ T724] tipc: New replicast peer: 255.255.255.255 [ 38.066880][ T724] tipc: Enabled bearer , priority 10 [ 38.482704][ T60] usbhid 4-1:0.0: can't add hid device: -71 [ 38.488857][ T60] usbhid: probe of 4-1:0.0 failed with error -71 [ 38.496944][ T60] usb 4-1: USB disconnect, device number 3 [ 38.660062][ T741] futex_wake_op: syz.0.131 tries to shift op by -1; fix this program [ 38.763962][ T755] tipc: Enabling of bearer rejected, failed to enable media [ 38.948143][ T764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.142'. [ 39.018417][ T30] audit: type=1400 audit(1761906038.259:295): avc: denied { map } for pid=765 comm="syz.3.143" path="socket:[16194]" dev="sockfs" ino=16194 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 39.059031][ T770] tipc: Started in network mode [ 39.067740][ T770] tipc: Node identity , cluster identity 4711 [ 39.074166][ T770] tipc: Failed to set node id, please configure manually [ 39.081268][ T770] tipc: Enabling of bearer rejected, failed to enable media [ 39.123055][ T30] audit: type=1400 audit(1761906038.369:296): avc: denied { create } for pid=777 comm="syz.3.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 39.183020][ T289] tipc: Node number set to 3195182088 [ 39.197685][ T790] netlink: 'syz.3.155': attribute type 12 has an invalid length. [ 39.206978][ T790] netlink: 'syz.3.155': attribute type 28 has an invalid length. [ 39.216590][ T790] netlink: 148 bytes leftover after parsing attributes in process `syz.3.155'. [ 39.287943][ T802] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=95 sclass=netlink_route_socket pid=802 comm=syz.2.162 [ 39.384847][ T813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 39.483311][ T818] netlink: 4 bytes leftover after parsing attributes in process `syz.3.168'. [ 39.793001][ T836] loop6: detected capacity change from 0 to 7 [ 41.243246][ T328] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 41.612742][ T328] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 41.621748][ T328] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 41.632074][ T328] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 41.641072][ T328] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 41.652282][ T328] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 41.752700][ T289] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 41.779334][ T898] netlink: 'syz.1.199': attribute type 29 has an invalid length. [ 41.787355][ T328] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 41.787532][ T898] netlink: 148 bytes leftover after parsing attributes in process `syz.1.199'. [ 41.805947][ T328] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 41.814329][ T328] usb 5-1: Product: syz [ 41.818645][ T328] usb 5-1: Manufacturer: syz [ 41.840865][ T902] loop6: detected capacity change from 0 to 7 [ 41.842729][ T335] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 41.863433][ T328] cdc_wdm 5-1:1.0: skipping garbage [ 41.868700][ T328] cdc_wdm 5-1:1.0: skipping garbage [ 41.877793][ T328] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 42.065946][ T328] usb 5-1: USB disconnect, device number 3 [ 42.090199][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 42.090215][ T30] audit: type=1400 audit(1761906041.329:315): avc: denied { append } for pid=906 comm="syz.4.203" name="event1" dev="devtmpfs" ino=257 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 42.122749][ T289] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.134312][ T289] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.144279][ T289] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 42.157585][ T289] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 42.166705][ T289] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.178877][ T289] usb 4-1: config 0 descriptor?? [ 42.272728][ T335] usb 3-1: unable to get BOS descriptor or descriptor too short [ 42.362767][ T335] usb 3-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 32 [ 42.372604][ T335] usb 3-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 42.385678][ T335] usb 3-1: config 1 interface 0 has no altsetting 0 [ 42.552752][ T335] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 42.561870][ T335] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.570555][ T335] usb 3-1: Product: syz [ 42.574874][ T335] usb 3-1: Manufacturer: syz [ 42.579487][ T335] usb 3-1: SerialNumber: syz [ 42.592773][ T328] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 42.602857][ T896] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 42.653804][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.661332][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.668800][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.676266][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.683734][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.691131][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.698610][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.706825][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.723090][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.730568][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.738514][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.746045][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.753557][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.761038][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.768529][ T289] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 42.776879][ T289] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 42.787988][ T289] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 42.832790][ T328] usb 5-1: Using ep0 maxpacket: 16 [ 42.873145][ T335] usb 3-1: bad CDC descriptors [ 42.881669][ T335] usb 3-1: USB disconnect, device number 3 [ 42.923335][ T523] usb 4-1: USB disconnect, device number 4 [ 42.952819][ T328] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 42.963474][ T328] usb 5-1: config 0 has no interfaces? [ 42.968965][ T328] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 42.978344][ T328] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.987231][ T328] usb 5-1: config 0 descriptor?? [ 43.099775][ T30] audit: type=1400 audit(1761906042.339:316): avc: denied { bind } for pid=924 comm="syz.1.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.232899][ T328] usb 5-1: USB disconnect, device number 4 [ 43.251604][ T30] audit: type=1400 audit(1761906042.489:317): avc: denied { create } for pid=932 comm="syz.0.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 43.272953][ T30] audit: type=1400 audit(1761906042.489:318): avc: denied { map } for pid=932 comm="syz.0.212" path="socket:[18172]" dev="sockfs" ino=18172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 43.296213][ T30] audit: type=1400 audit(1761906042.489:319): avc: denied { read write } for pid=932 comm="syz.0.212" path="socket:[18172]" dev="sockfs" ino=18172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 43.320084][ T30] audit: type=1400 audit(1761906042.489:320): avc: denied { write } for pid=932 comm="syz.0.212" name="001" dev="devtmpfs" ino=181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 43.343226][ T30] audit: type=1326 audit(1761906042.509:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=932 comm="syz.0.212" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5afd2bdfc9 code=0x0 [ 43.505242][ T30] audit: type=1400 audit(1761906042.749:322): avc: denied { append } for pid=941 comm="syz.3.216" name="pfkey" dev="proc" ino=4026532439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 43.551952][ T946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.218'. [ 43.613019][ T948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.218'. [ 43.761388][ T954] input: syz0 as /devices/virtual/input/input6 [ 43.878779][ T966] tipc: Started in network mode [ 43.883887][ T966] tipc: Node identity 7af649c5c339, cluster identity 4711 [ 43.891093][ T966] tipc: Enabled bearer , priority 0 [ 43.903787][ T966] device syzkaller0 entered promiscuous mode [ 43.913206][ T966] tipc: Resetting bearer [ 43.919988][ T965] tipc: Resetting bearer [ 43.927101][ T965] tipc: Disabling bearer [ 43.983719][ T970] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.991846][ T970] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.022694][ T972] netlink: 8 bytes leftover after parsing attributes in process `syz.2.229'. [ 44.032412][ T972] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.064672][ T30] audit: type=1400 audit(1761906043.309:323): avc: denied { setopt } for pid=975 comm="syz.2.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 44.172717][ T6] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 44.254085][ T30] audit: type=1400 audit(1761906043.499:324): avc: denied { create } for pid=982 comm="syz.2.235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 44.542759][ T6] usb 5-1: config 0 has no interfaces? [ 44.712731][ T6] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 44.721812][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.729859][ T6] usb 5-1: Product: syz [ 44.734173][ T6] usb 5-1: Manufacturer: syz [ 44.738819][ T6] usb 5-1: SerialNumber: syz [ 44.744475][ T6] usb 5-1: config 0 descriptor?? [ 44.985449][ T6] usb 5-1: USB disconnect, device number 5 [ 45.041981][ T1006] syz.2.242 (1006) used greatest stack depth: 21536 bytes left [ 45.218179][ T1028] device wireguard0 entered promiscuous mode [ 45.564723][ T1059] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 45.632257][ T1064] device bridge0 entered promiscuous mode [ 45.642865][ T1063] device bridge0 left promiscuous mode [ 45.724025][ T1070] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 45.963487][ T1078] fuse: Bad value for 'fd' [ 46.155205][ T1085] binder: 1084:1085 ioctl c0306201 2000000001c0 returned -14 [ 46.692005][ T1107] tipc: Started in network mode [ 46.714808][ T1107] tipc: Node identity 9a0285ade3d1, cluster identity 4711 [ 46.740879][ T1107] tipc: Enabled bearer , priority 0 [ 46.768484][ T1108] device syzkaller0 entered promiscuous mode [ 46.802547][ T1107] tipc: Resetting bearer [ 46.981485][ T1113] tipc: Resetting bearer [ 47.003073][ T1113] tipc: Disabling bearer [ 47.036453][ T328] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 47.264538][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 47.264555][ T30] audit: type=1400 audit(1761906046.509:356): avc: denied { sys_module } for pid=1150 comm="syz.1.303" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.292371][ T328] usb 4-1: Using ep0 maxpacket: 16 [ 47.337291][ T30] audit: type=1400 audit(1761906046.539:357): avc: denied { read } for pid=1150 comm="syz.1.303" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.397575][ T30] audit: type=1400 audit(1761906046.539:358): avc: denied { open } for pid=1150 comm="syz.1.303" path="/dev/ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.422768][ T328] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.441128][ T328] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.460818][ T328] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 47.481755][ T30] audit: type=1400 audit(1761906046.539:359): avc: denied { ioctl } for pid=1150 comm="syz.1.303" path="/dev/ppp" dev="devtmpfs" ino=154 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.512712][ T328] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 47.521816][ T328] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.539131][ T1170] syz.0.309 uses obsolete (PF_INET,SOCK_PACKET) [ 47.546619][ T328] usb 4-1: config 0 descriptor?? [ 47.722336][ T1176] netlink: 35 bytes leftover after parsing attributes in process `syz.1.311'. [ 47.745723][ T1176] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 47.885821][ T30] audit: type=1400 audit(1761906047.129:360): avc: denied { ioctl } for pid=1183 comm="syz.1.315" path="socket:[19790]" dev="sockfs" ino=19790 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 48.010272][ T30] audit: type=1400 audit(1761906047.249:361): avc: denied { relabelfrom } for pid=1192 comm="syz.1.319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 48.036916][ T328] HID 045e:07da: Invalid code 65791 type 1 [ 48.049183][ T30] audit: type=1400 audit(1761906047.289:362): avc: denied { relabelto } for pid=1192 comm="syz.1.319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 48.070028][ T328] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0002/input/input7 [ 48.102409][ T328] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 48.118976][ T1196] syzkaller0: create flow: hash 3809461908 index 1 [ 48.128545][ T1192] syzkaller0: delete flow: hash 3809461908 index 1 [ 48.219420][ T30] audit: type=1400 audit(1761906047.459:363): avc: denied { write } for pid=1206 comm="syz.2.325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 48.238860][ T289] usb 4-1: USB disconnect, device number 5 [ 48.245049][ T30] audit: type=1400 audit(1761906047.459:364): avc: denied { read } for pid=1206 comm="syz.2.325" path="socket:[20487]" dev="sockfs" ino=20487 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 48.269343][ T30] audit: type=1400 audit(1761906047.509:365): avc: denied { setopt } for pid=1210 comm="syz.1.327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 48.392733][ T328] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 48.632677][ T328] usb 5-1: Using ep0 maxpacket: 16 [ 48.752771][ T328] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 48.763702][ T328] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD7, skipping [ 48.774625][ T328] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 48.952764][ T328] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 48.962052][ T328] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.970208][ T328] usb 5-1: Product: syz [ 48.974603][ T328] usb 5-1: Manufacturer: syz [ 48.979242][ T328] usb 5-1: SerialNumber: syz [ 48.988453][ T328] usb 5-1: config 0 descriptor?? [ 49.022676][ T60] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 49.033333][ T328] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 49.236484][ T328] usb 5-1: USB disconnect, device number 6 [ 49.272783][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 49.392770][ T60] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.403755][ T60] usb 4-1: config 0 interface 0 has no altsetting 0 [ 49.410498][ T60] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 49.419705][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.428843][ T60] usb 4-1: config 0 descriptor?? [ 49.762789][ T1247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'. [ 49.905536][ T60] hid-generic 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0 [ 49.972516][ T1271] device veth3 entered promiscuous mode [ 50.169754][ T1286] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 50.373172][ T328] usb 4-1: USB disconnect, device number 6 [ 50.422736][ T6] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 50.662727][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 50.782753][ T6] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 50.794237][ T6] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 50.804343][ T6] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 50.817714][ T6] usb 5-1: config 1 interface 0 has no altsetting 0 [ 50.982770][ T6] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 50.992145][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.011335][ T6] usb 5-1: Product: syz [ 51.015941][ T6] usb 5-1: Manufacturer: syz [ 51.020815][ T6] usb 5-1: SerialNumber: syz [ 51.050830][ T1321] loop2: detected capacity change from 0 to 7 [ 51.283522][ T6] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 51.312727][ T60] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 51.364222][ T1332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.375'. [ 51.375485][ T1332] netlink: 16 bytes leftover after parsing attributes in process `syz.1.375'. [ 51.432711][ T523] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 51.662698][ T1283] usblp0:failed reading printer status (-32) [ 51.672737][ T60] usb 3-1: config 0 has an invalid interface number: 95 but max is 0 [ 51.681697][ T523] usb 1-1: Using ep0 maxpacket: 8 [ 51.690077][ T60] usb 3-1: config 0 has no interface number 0 [ 51.702772][ T60] usb 3-1: config 0 interface 95 has no altsetting 0 [ 51.709904][ T26] usb 5-1: USB disconnect, device number 7 [ 51.716845][ T26] usblp0: removed [ 51.747499][ T1355] process 'syz.3.383' launched './file1' with NULL argv: empty string added [ 51.802849][ T523] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 51.811148][ T523] usb 1-1: config 0 has no interface number 0 [ 51.817916][ T523] usb 1-1: config 0 interface 1 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 51.828821][ T523] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 51.838920][ T523] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.cb [ 51.848104][ T523] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.862739][ T60] usb 3-1: New USB device found, idVendor=0403, idProduct=bca0, bcdDevice=a7.6f [ 51.871836][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.885340][ T523] usb 1-1: config 0 descriptor?? [ 51.901719][ T60] usb 3-1: Product: syz [ 51.906500][ T60] usb 3-1: Manufacturer: syz [ 51.911113][ T60] usb 3-1: SerialNumber: syz [ 51.939043][ T60] usb 3-1: config 0 descriptor?? [ 52.135292][ T328] usb 1-1: USB disconnect, device number 2 [ 52.273214][ T60] ftdi_sio 3-1:0.95: FTDI USB Serial Device converter detected [ 52.280964][ T523] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 52.288977][ T60] usb 3-1: Detected FT-X [ 52.312746][ T60] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 52.332782][ T60] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 52.352773][ T60] ftdi_sio 3-1:0.95: GPIO initialisation failed: -71 [ 52.360165][ T60] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 52.372075][ T60] usb 3-1: USB disconnect, device number 4 [ 52.379191][ T60] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 52.388935][ T60] ftdi_sio 3-1:0.95: device disconnected [ 52.522740][ T523] usb 2-1: Using ep0 maxpacket: 8 [ 52.542667][ T348] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 52.652821][ T523] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 52.663665][ T523] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 52.675590][ T523] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 52.685796][ T523] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 52.699206][ T523] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 52.708873][ T523] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.872195][ T1387] kvm [1386]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 52.893754][ T1387] kvm [1386]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111 [ 52.902766][ T348] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 52.915164][ T1387] kvm [1386]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000 [ 52.916783][ T348] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 52.955196][ T348] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 52.981469][ T348] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 53.000774][ T348] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.022039][ T348] usb 5-1: config 0 descriptor?? [ 53.062754][ T1377] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 53.083343][ T348] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 53.244920][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 53.244936][ T30] audit: type=1400 audit(1761906052.489:377): avc: denied { ioctl } for pid=1413 comm="syz.3.407" path="socket:[21078]" dev="sockfs" ino=21078 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 53.280468][ T1414] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.320706][ T1420] netlink: 'syz.0.408': attribute type 28 has an invalid length. [ 53.348329][ T1422] netlink: 24 bytes leftover after parsing attributes in process `syz.0.410'. [ 53.479749][ T30] audit: type=1400 audit(1761906052.719:378): avc: denied { read } for pid=1431 comm="syz.0.415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.575673][ T1438] tipc: Enabling of bearer rejected, already enabled [ 53.639340][ T1446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.422'. [ 53.733945][ T1463] netlink: 24 bytes leftover after parsing attributes in process `syz.0.429'. [ 53.819775][ T1477] device veth0 entered promiscuous mode [ 53.826058][ T1477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.437'. [ 53.847102][ T1477] device veth0 left promiscuous mode [ 54.052723][ T328] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 54.182729][ T348] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 54.292714][ T328] usb 3-1: Using ep0 maxpacket: 8 [ 54.412762][ T328] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 54.424132][ T328] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 54.434234][ T348] usb 1-1: Using ep0 maxpacket: 8 [ 54.439556][ T328] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 54.449547][ T328] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 54.462770][ T328] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 54.471818][ T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.492711][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 54.562828][ T348] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 54.574149][ T348] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 54.584257][ T348] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 54.594346][ T348] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 54.607432][ T348] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 54.616752][ T348] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.852823][ T6] usb 4-1: config 0 has no interfaces? [ 55.012837][ T6] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 55.016221][ T523] usb 2-1: USB disconnect, device number 2 [ 55.022090][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.042722][ T6] usb 4-1: Product: syz [ 55.047504][ T6] usb 4-1: Manufacturer: syz [ 55.057207][ T6] usb 4-1: SerialNumber: syz [ 55.072286][ T6] usb 4-1: config 0 descriptor?? [ 55.228612][ T30] audit: type=1326 audit(1761906054.469:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.252186][ T30] audit: type=1326 audit(1761906054.469:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.282122][ T289] usb 5-1: USB disconnect, device number 8 [ 55.309789][ T30] audit: type=1326 audit(1761906054.479:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.335901][ T523] usb 4-1: USB disconnect, device number 7 [ 55.364755][ T30] audit: type=1326 audit(1761906054.479:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.390917][ T30] audit: type=1326 audit(1761906054.479:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.414508][ T1526] fuse: Bad value for 'fd' [ 55.422445][ T30] audit: type=1326 audit(1761906054.479:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.446295][ T30] audit: type=1326 audit(1761906054.479:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.476875][ T30] audit: type=1326 audit(1761906054.479:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1512 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e408d9fc9 code=0x7ffc0000 [ 55.608432][ T1545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.467'. [ 55.679515][ T1550] syz.1.469 (1550) used greatest stack depth: 21472 bytes left [ 55.722099][ T1539] syz.4.465 (1539) used greatest stack depth: 20832 bytes left [ 55.881566][ T1565] netlink: 76 bytes leftover after parsing attributes in process `syz.3.475'. [ 56.134015][ T1584] netlink: 51 bytes leftover after parsing attributes in process `syz.4.483'. [ 56.444378][ T1601] binder_alloc: 1600: pid 1600 spamming oneway? 2 buffers allocated for a total size of 5120 [ 56.583216][ T1605] netlink: 'syz.4.492': attribute type 4 has an invalid length. [ 57.091684][ T523] usb 3-1: USB disconnect, device number 5 [ 57.105640][ T60] usb 1-1: USB disconnect, device number 3 [ 57.259638][ T1624] loop0: detected capacity change from 0 to 1024 [ 57.311772][ T1624] EXT4-fs (loop0): Ignoring removed bh option [ 57.323998][ T1626] loop3: detected capacity change from 0 to 128 [ 57.364075][ T1626] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 57.377641][ T1626] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 57.424366][ T1626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.496'. [ 57.438436][ T1626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.496'. [ 57.607316][ T1624] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none. [ 57.648787][ T1624] overlayfs: missing 'lowerdir' [ 57.752727][ T523] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 58.172742][ T523] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 58.181874][ T523] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 58.192520][ T523] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 58.201947][ T523] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 58.213102][ T523] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 58.342752][ T523] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 58.351896][ T523] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 58.360151][ T523] usb 3-1: Product: syz [ 58.364671][ T523] usb 3-1: Manufacturer: syz [ 58.403375][ T523] cdc_wdm 3-1:1.0: skipping garbage [ 58.410905][ T523] cdc_wdm 3-1:1.0: skipping garbage [ 58.421161][ T523] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 58.438590][ T1660] ================================================================== [ 58.446717][ T1660] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 58.454880][ T1660] Read of size 8 at addr ffff88811554e5c0 by task syz.0.511/1660 [ 58.462598][ T1660] [ 58.464931][ T1660] CPU: 0 PID: 1660 Comm: syz.0.511 Not tainted syzkaller #0 [ 58.472472][ T1660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 58.482542][ T1660] Call Trace: [ 58.485828][ T1660] [ 58.488759][ T1660] __dump_stack+0x21/0x30 [ 58.493092][ T1660] dump_stack_lvl+0xee/0x150 [ 58.497726][ T1660] ? show_regs_print_info+0x20/0x20 [ 58.502953][ T1660] ? load_image+0x3a0/0x3a0 [ 58.507491][ T1660] print_address_description+0x7f/0x2c0 [ 58.513045][ T1660] ? tc_setup_flow_action+0x870/0x3240 [ 58.518520][ T1660] kasan_report+0xf1/0x140 [ 58.522967][ T1660] ? tc_setup_flow_action+0x870/0x3240 [ 58.528452][ T1660] __asan_report_load8_noabort+0x14/0x20 [ 58.534099][ T1660] tc_setup_flow_action+0x870/0x3240 [ 58.539420][ T1660] mall_replace_hw_filter+0x293/0x820 [ 58.544807][ T1660] ? pcpu_block_update_hint_alloc+0x8c1/0xc50 [ 58.550913][ T1660] ? mall_set_parms+0x520/0x520 [ 58.555772][ T1660] ? tcf_exts_destroy+0xb0/0xb0 [ 58.560636][ T1660] ? mall_set_parms+0x1e8/0x520 [ 58.565500][ T1660] mall_change+0x526/0x740 [ 58.569931][ T1660] ? __kasan_check_write+0x14/0x20 [ 58.575054][ T1660] ? mall_get+0xa0/0xa0 [ 58.579218][ T1660] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 58.585121][ T1660] tc_new_tfilter+0x12a2/0x1870 [ 58.589985][ T1660] ? tcf_gate_entry_destructor+0x20/0x20 [ 58.595622][ T1660] ? security_capable+0x87/0xb0 [ 58.600490][ T1660] ? ns_capable+0x8c/0xf0 [ 58.604822][ T1660] ? netlink_net_capable+0x125/0x160 [ 58.610113][ T1660] ? tcf_gate_entry_destructor+0x20/0x20 [ 58.615758][ T1660] rtnetlink_rcv_msg+0x81b/0xb90 [ 58.620724][ T1660] ? rtnetlink_bind+0x80/0x80 [ 58.625534][ T1660] ? memcpy+0x56/0x70 [ 58.629559][ T1660] ? avc_has_perm_noaudit+0x2f4/0x460 [ 58.634952][ T1660] ? arch_stack_walk+0xee/0x140 [ 58.639856][ T1660] ? avc_denied+0x1b0/0x1b0 [ 58.644373][ T1660] ? stack_trace_save+0x98/0xe0 [ 58.649233][ T1660] ? avc_has_perm+0x158/0x240 [ 58.653916][ T1660] ? avc_has_perm_noaudit+0x460/0x460 [ 58.659294][ T1660] ? x64_sys_call+0x4b/0x9a0 [ 58.663897][ T1660] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 58.669284][ T1660] netlink_rcv_skb+0x1e0/0x430 [ 58.674060][ T1660] ? rtnetlink_bind+0x80/0x80 [ 58.678749][ T1660] ? netlink_ack+0xb60/0xb60 [ 58.683464][ T1660] ? __netlink_lookup+0x387/0x3b0 [ 58.688634][ T1660] rtnetlink_rcv+0x1c/0x20 [ 58.693061][ T1660] netlink_unicast+0x876/0xa40 [ 58.697844][ T1660] netlink_sendmsg+0x86a/0xb70 [ 58.702642][ T1660] ? netlink_getsockopt+0x530/0x530 [ 58.707959][ T1660] ? security_socket_sendmsg+0x82/0xa0 [ 58.713427][ T1660] ? netlink_getsockopt+0x530/0x530 [ 58.718721][ T1660] ____sys_sendmsg+0x5a2/0x8c0 [ 58.723504][ T1660] ? __sys_sendmsg_sock+0x40/0x40 [ 58.728545][ T1660] ? import_iovec+0x7c/0xb0 [ 58.733064][ T1660] ___sys_sendmsg+0x1f0/0x260 [ 58.737751][ T1660] ? __sys_sendmsg+0x250/0x250 [ 58.742528][ T1660] ? sock_show_fdinfo+0xa0/0xa0 [ 58.747387][ T1660] ? __fdget+0x1a1/0x230 [ 58.751642][ T1660] __x64_sys_sendmsg+0x1e2/0x2a0 [ 58.756701][ T1660] ? ___sys_sendmsg+0x260/0x260 [ 58.761573][ T1660] ? __kasan_check_write+0x14/0x20 [ 58.766732][ T1660] ? switch_fpu_return+0x15d/0x2c0 [ 58.771890][ T1660] x64_sys_call+0x4b/0x9a0 [ 58.776319][ T1660] do_syscall_64+0x4c/0xa0 [ 58.780742][ T1660] ? clear_bhb_loop+0x50/0xa0 [ 58.785422][ T1660] ? clear_bhb_loop+0x50/0xa0 [ 58.790109][ T1660] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 58.796289][ T1660] RIP: 0033:0x7f5afd2bdfc9 [ 58.800736][ T1660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.820356][ T1660] RSP: 002b:00007f5afbd26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.828819][ T1660] RAX: ffffffffffffffda RBX: 00007f5afd514fa0 RCX: 00007f5afd2bdfc9 [ 58.836916][ T1660] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 58.844949][ T1660] RBP: 00007f5afd340f91 R08: 0000000000000000 R09: 0000000000000000 [ 58.852938][ T1660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.860926][ T1660] R13: 00007f5afd515038 R14: 00007f5afd514fa0 R15: 00007ffda69c15c8 [ 58.868920][ T1660] [ 58.871966][ T1660] [ 58.874305][ T1660] Allocated by task 1660: [ 58.878633][ T1660] __kasan_kmalloc+0xda/0x110 [ 58.883324][ T1660] __kmalloc+0x13d/0x2c0 [ 58.887773][ T1660] tcf_idr_create+0x5f/0x790 [ 58.892388][ T1660] tcf_idr_create_from_flags+0x61/0x70 [ 58.897872][ T1660] tcf_gact_init+0x346/0x580 [ 58.902486][ T1660] tcf_action_init_1+0x3f7/0x6a0 [ 58.907444][ T1660] tcf_action_init+0x1e9/0x710 [ 58.912213][ T1660] tcf_exts_validate+0x217/0x520 [ 58.917156][ T1660] mall_set_parms+0x48/0x520 [ 58.921758][ T1660] mall_change+0x45a/0x740 [ 58.926183][ T1660] tc_new_tfilter+0x12a2/0x1870 [ 58.931042][ T1660] rtnetlink_rcv_msg+0x81b/0xb90 [ 58.935990][ T1660] netlink_rcv_skb+0x1e0/0x430 [ 58.940849][ T1660] rtnetlink_rcv+0x1c/0x20 [ 58.945314][ T1660] netlink_unicast+0x876/0xa40 [ 58.950092][ T1660] netlink_sendmsg+0x86a/0xb70 [ 58.954976][ T1660] ____sys_sendmsg+0x5a2/0x8c0 [ 58.959775][ T1660] ___sys_sendmsg+0x1f0/0x260 [ 58.964586][ T1660] __x64_sys_sendmsg+0x1e2/0x2a0 [ 58.969735][ T1660] x64_sys_call+0x4b/0x9a0 [ 58.974173][ T1660] do_syscall_64+0x4c/0xa0 [ 58.978637][ T1660] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 58.984548][ T1660] [ 58.986874][ T1660] The buggy address belongs to the object at ffff88811554e500 [ 58.986874][ T1660] which belongs to the cache kmalloc-192 of size 192 [ 59.000931][ T1660] The buggy address is located 0 bytes to the right of [ 59.000931][ T1660] 192-byte region [ffff88811554e500, ffff88811554e5c0) [ 59.014706][ T1660] The buggy address belongs to the page: [ 59.020379][ T1660] page:ffffea0004555380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11554e [ 59.031167][ T1660] flags: 0x4000000000000200(slab|zone=1) [ 59.037008][ T1660] raw: 4000000000000200 ffffea0004c61b00 0000000200000002 ffff888100042c00 [ 59.045695][ T1660] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 59.054477][ T1660] page dumped because: kasan: bad access detected [ 59.060903][ T1660] page_owner tracks the page as allocated [ 59.066754][ T1660] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 6233310573, free_ts 0 [ 59.082901][ T1660] post_alloc_hook+0x192/0x1b0 [ 59.087705][ T1660] prep_new_page+0x1c/0x110 [ 59.092338][ T1660] get_page_from_freelist+0x2cc5/0x2d50 [ 59.097928][ T1660] __alloc_pages+0x18f/0x440 [ 59.102547][ T1660] new_slab+0xa1/0x4d0 [ 59.106624][ T1660] ___slab_alloc+0x381/0x810 [ 59.111220][ T1660] __slab_alloc+0x49/0x90 [ 59.115627][ T1660] kmem_cache_alloc_trace+0x146/0x270 [ 59.121007][ T1660] kernfs_fop_open+0x343/0xb30 [ 59.125798][ T1660] do_dentry_open+0x834/0x1010 [ 59.130574][ T1660] vfs_open+0x73/0x80 [ 59.134564][ T1660] path_openat+0x2646/0x2f10 [ 59.139163][ T1660] do_filp_open+0x1b3/0x3e0 [ 59.143690][ T1660] do_sys_openat2+0x14c/0x7b0 [ 59.148374][ T1660] __x64_sys_openat+0x136/0x160 [ 59.153405][ T1660] x64_sys_call+0x219/0x9a0 [ 59.158187][ T1660] page_owner free stack trace missing [ 59.164129][ T1660] [ 59.166469][ T1660] Memory state around the buggy address: [ 59.172111][ T1660] ffff88811554e480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 59.180786][ T1660] ffff88811554e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.188989][ T1660] >ffff88811554e580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 59.197159][ T1660] ^ [ 59.203521][ T1660] ffff88811554e600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.211733][ T1660] ffff88811554e680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 59.219811][ T1660] ================================================================== [ 59.227917][ T1660] Disabling lock debugging due to kernel taint [ 59.247079][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 59.247094][ T30] audit: type=1400 audit(1761906058.489:433): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 59.278419][ T30] audit: type=1400 audit(1761906058.489:434): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.301037][ T30] audit: type=1400 audit(1761906058.489:435): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.322537][ T30] audit: type=1400 audit(1761906058.489:436): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.343260][ T30] audit: type=1400 audit(1761906058.489:437): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.363826][ T30] audit: type=1400 audit(1761906058.489:438): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.388421][ T30] audit: type=1400 audit(1761906058.489:439): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 60.806243][ T523] usb 3-1: USB disconnect, device number 6