last executing test programs: 374.636279ms ago: executing program 1 (id=2): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x3a, 0xec, 0x0, &(0x7f0000000400)="e460cdfbef24f1582f22eb311ccd3ec8a755b6e1380081ffad008036e8ff01000000f58c4d3b3310ae7fe6a2e12e8aebabb9c3e29eb0bec1d0aac4aa136262229202d02a47ebd4d85b0c31f95f3983ad47bb1a4f5ab42cce9b0f8ac811acfc07fa9d9594455e9b399d312fffce0a38efb9d16318c08362e97f5c2559d860b726628e02ae05000000000000005afe7c15194fdd51d4a2b27257ff490998e9b3619bda4910ad7475f62fafa0063d20e822534a23a6145abc7e7f16e76d194eed57741be8c469f3378dcc07072da18b24aa56a054e0cd4bfeacc972a98c556d99ec523da8d40c5fb2c28e62ffee", 0x0, 0x401, 0x44000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x2}, 0x50) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008200122010009058103"], 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, 0x0) syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="2c696f636861727365743d63703933362c6572726f72733d72656d6f756e742d726f2c757466382c6572726f72733d72656d6f756e742d726f2c646d61736b3d30303030303030303030303030303030303030303030342c74696d655f6f66667365743d3078303030303030303030303030303030362c6572726f72733d72656d6f756e742d726f2c007718493fa5e1236995baf2ad873ae8a6dcba132eaa9b3fc33fca0eae1117284d531e0b15de5920ba8a9def72ef71fa641ef945666de6243e41bb8a0d8191ba7da5b33fb6bf7c7523288c5ee3cd60793ca5e511de63ffdaff0aee632ad6e89f82002b43d590db5fc4d2f43254f8930172f330adcd3cc857a05479d5b30736918a2cadb61c826043c33db0e3bf385b005236710fa3aef32a9eca8f6978e6f582ddb2514f7178088106458bf95f327c8ec213f75eb9a7942bdef6afca47a252fe8d2e6dca8f25704e6e7031521fa0f8aad51387e033e016b1a9c4606c2db8086a66ca930c302b3fe0d727f7a550077dcf44a2e53b4cdb6dc936399f11d0043cb9cb45b1a90e5607ac0862db9959221c180be79faf6c310de442906787664012685c4e14cf5cc80adfdb28e2cce992a001fa0777961ee995508474e4ec72439e1cdecc244b504f1f5cf8cb193b8c542a4b98eebfe8f5c93222bd2cee0a5c508c3bf5d827fd53371c7f298236143d65ebbc54f72fa8209cdecfa9fb5d9be7e0014ecf09b85d4ce029e4febb04f21dc575f7a838dc0d5d24630000000051f17b7f81a040fbdc4c484eb430c5c17a4aab859bcdd0967e4af04d6610ad4e359ad9f524c99e04a555e31532e19d782008b2aa91ec56438be34677007a87a78f0763977815e916bd4c7a1c4785ee19af6354e609c4171b5c0be0337194c8f054ad0e63e2d859843224c1c2a31562e6f25c994c52c8a821f9a5879eea118aa7c55c49039af8b4dfad", @ANYRES8, @ANYRESOCT, @ANYRES64], 0x1, 0x153b, &(0x7f0000000a00)="$eJzs3AmYjlX7APD7Puc8Y0h6m2QZzjn3w5sshyTJkiRLkiRJki0haZJPEhJDtqQhCckyJMsQkmVi0tj3fUlIkiZJsmVLzv+a4lP/+r6vb/Vd39y/63ou537Oc5/nPO/9Pp5lrplvOg+p0ahm1QZEBP8U/PmfRACIBYABAHANAAQAUDaubFxmf3aJif/cTti/1kMpV3oG7Eri+mdtXP+sjeuftXH9szauf9bG9c/auP5ZG9efsaxs07T81/KSdRd+/5+V8fX/f0hGyTFfrCl5fReAmD+awvXP2rj+/7OCP7IR1z9r4/pnVbFXegLsvwCf/1lBtr/Yw/XP2rj+jGVlV/r9879/kX+1HyJZ4TP4K8fPGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4z9B5zxlykAuNS+0vNijDHGGGOMMcbYv47PdqVnwBhjjDHGGGOMsX8/BAESFAQQA9kgFrJDDhAAcDXkgmsgAtdCHFwHueF6yAN5IR/kh3goAAVBgwELBCEUgsIQhRugCNwIRaEYFIcS4KAklIKboDTcDGXgFigLt0I5uA3KQwWoCJXgdqgMd0AVuBOqwl1QDapDDagJd0MtuAdqw71QB+6DunA/1IMHoD48CA3gIWgID0MjeAQaw6PQBJpCM2gOLf6h/BegO7wIPaAnJEIv6A0vQR/oC/2gPwyAl2EgvAKD4FVIgsEwBF6DofA6DIM3YDiMgJHwJoyCt2A0jIGxMA6SYTxMgLdhIrwDk2AyTIGpkALTYDq8CzNgJsyC92A2vA9zYC7Mg/mQCh/AAlgIafAhLIKPIB0WwxJYCstgOayAlbAKVsMaWAvrYD1sgI2wCTbDFtgK22A77ICPYSd8ArtgN+z5c/3+nvzTv8j/FPZCFwQEFChQocIYjMFYjMUcmANzYk7MhbkwghGMwzjMjbkxD+bBfJgP4zEeC2JBNGiQkLAQFsIoRrEIFsGiWBSLY3F06LAUlsLSeDOWwTJYFstiOSyH5bECVsBKWAkrY2WsglWwKlbFalgNa2ANvBvvxl5YG2tjHayDdbHupddT2AAbYENsiI2wETbGxtgEm2AzbIYtsAW2xJbYClthG2yDbbEttsN2mIAJ2B7bYwfsgB2xI3bCTtgZO2MX7IpdM17IBvgivog9sZrohb2xN/bBpGz9sD/2x5dxIL6Cr+CrmISDcQi+hq/h6zgMT+FwHIEjcSRWFm/haByDJMZhMibjBJyAE3EiTsLJOBmnYgpOw+k4HWfgTJyJ7+FsfB/fx7k4F+djKqbiAlyIaZiGi/A0puNiXIJLcRkux2W4ElfhSlyDa3ENrsf1uBE34mbcjFtxK27H7fgxKgD8BHfjbkzCvbgX9+E+3I/78QAewAzMwIN4EA/hITyMh/EIHsGjeAyP4zE8iSfxFJ7GM3gGz+E5PI/PxX/V8ONiq5NAZFJCiRgRI2JFrMghcoicIqfIJXKJiIiIOBEncovcIo/II/KJfCJexIuCoqAwwggSYQwAiKiIiiKiiCgqioriorhwwolSopQoLUqLMqKMKCtuFeXEbaK8qCBau0qikqgs2rgq4k5RVVQV1UR1UUPUFDVFLVFL1Ba1RR1RR9QVdUU98YCoL3phP3xIZFamkRiMjcUQbCKaCnnxDGgphmEr0Vq0EU+IETgc24mWLkE8LdqL0dhB/EmMwWdFJzEOO4vnRRfRVXQTL4juopXrIXqKSdhL9BZTsY/oK/qJ/mIGVhfv4ezsNcSrIkkMFkPEa2I+vi6GiTfEcDFCjBRvilHiLTFajBFjxTiRLMaLCeJtMVG8IyaJyWKKmCpSxDQxXbwrZoiZYpZ4T8wW74s5Yq6YJ+aLVPGBWCAWijTxoVgkPhLpYrFYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghPhY7xSdil9gt9ohPxV7xmdgnPhf7xRfigPhSZIivxEHxtTgkvhGHxbfiiPhOHBXHxHFxQpwU34tT4rQ4I86Kc+IHcV78KC4IL0CiFFJKJQMZI7PJWJld5pBXyZwygF4/fbrXyjh5ncwtr5d5ZF6ZT+aX8bKALCi1NNJKkqEsJAvLqLxBFpE3yqKymCwuS0gnS8pS8iZZWt4sy8hbZFl5qywnb5PlZQVZUVaSt8vK8g4JkZ8rWE1WlzVkTXm3TIR7ZG15r6wj75N15f2ynnxA1pcPygbyIdlQPiwbyUdkY/mobCKbymayuWwhH5Mt5eOylWwt28gnZFv5pGwnn5IJ8mnZXvqLX5FnZSf5nOwsn5ddZFfZTf4oL0gve8ieEnqB7C1fkn1kX9lP9pcD5MtyoHxFDpKvyiQ5WA6Rr8mh8nU5TL4hh8sRcqR8U46Sb8nRcowcK8fJZDleTpBvy4nyHTlJTpZT5FSZIqfJfhdHmiXl38x/+5f5mZdeOU0O+mnvG+UmuVlukVvlNrld7pAfy51yp9wld8k9co/cK/fKfXKf3C/3ywPygMyQGfKgPCgPyUPysDwsj8gj8qg8Js/KE/Kk/F6ekqflaXlWnpPn5PmLnwEoVEJJpVSgYlQ2FauyqxzqKpVTXa1yqWtURF2r4tR1Kre6XuVReVU+lV/FqwKqoNLKKKtIhaqQKqyi6ga8eDqq4qqEcqqkKqVu+nvyVRF1oyqqiv0q/9L8Ev/C/FqoFqqlaqlaqVaqjWqj2qq2qp1qpxJUgmqv2qsOqoPqqDqqTqqT6qw6qy6qi+qmuqnuqrvqoXqoRJWoequXVB/VV/VT/dUA9bIaqAaqQWqQSlJJaogaooaqoWqYGqaGq+FqpBqpRqlRarQarcaqsSpZJasJaoKaqCaqSWqSmqKmqBSVoqar6WqGmqFmqVlqtpqt5qg5ap6ap1JVqlqgFqg0laYWqUUqXS1Wi9VStVQtV8vVSrVSrVar1Vq1Vq1X61W62qQ2qS1qi9qmtqkdaofaqXaqXWqX2qP2qL1qr9qn9qn9ar86oA6oDJWhDqqD6pA6pA6rw+qIOqKOqqPquDquTqqT6pQ6pc6oM+qcOqfOq/PqgrqgIBAgAhGoQAUxQUwQG8QGOYIcQc4gZ5AryBVEgkgQF8QFuYPrgzxB3iBfkD+IDwoEBQMdmMAG4mLRo8ENQZHgxqBoUCwoHpQIXFAyKBXcFJQObg7KBLcEZYNbg3LBbUH5oEJQMagU3B5UDu4IqgR3BlWDu4JqQfWgRlAzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf0g86v1UNAweDhoFDwSNA4eDZoETYNmQfOgxb9k/AeDBkHm+N6fyvu466F76kTdS/fWL+k+uq/up/vrAfplPVC/ogfpV3WSHqyH6Nf0UP26Hqbf0MP1CD1Sv6lH6bf0aD1Gj9XjdLIeryfot/VE/Y6epCfrKXqqTtHT9HT9rp6hZ+pZ+j09W7+v5+i5ep6er1P1B3qBXqjT9Id6kf5Ip+vFeoleqpfp5XqFXqlX6dV6jV6r1+n1eoPeqDfpzXqL3qq36e16h/5Y79Sf6F16t96jP9V79Wd6n/5c79df6AP6S52hv9IH9df6kP5GH9bf6iP6O31UH9PH9Ql9Un+vT+nT+ow+q8/pH/R5/aO+oH3mzX3m5d0oo0yMiTGxJtbkMDlMTpPT5DK5TMRETJyJM7lNbpPH5DH5TD4Tb+JNQVPQZCJDppApZKImaoqYIqaoKWqKm+LGGWdKmVKmtCltypgypqwpa8qZcqa8KW8qmormdnO7ucPcYe40d5q7zF2muqluapqappapZWqb2qaOqWPqmrqmnqln6pv6poFpYBqahqaRaWQam8amiWlimplmpoVpYVqalqaVaWXamDamrWlr2pl2JsEkmPamvelgOpiOpqPpZDqZzqaz6WK6mG6mm+luupsepodJNImmt+lt+pg+pp/pZwaYAWagGWgGmUEmySSZIWaIGWqGmmFmmBluRpiRmTeq5i0z2owxY804k2ySzQQzwUw0E80kM8lMMVNMikkx0810M8PMMLPMLDPbzDZzzBwzz8wzqSbVLDALTJpJM4vMIpNu0s0Ss8QsM8vMCrPCrDKrzBqzxqyDdWaD2WA2mU1mi9litpltZofZYXaanWaX2WX2mD1mr9lr9pl9Zr/Zbw6YAybDZJiD5qA5ZA6Zw+awOWKOmKPmqDlujpuT5qQ5ZU6ZM+aMOWfyXrxeehNrs9sc9iqb015tc9lr7P+P89n8Nt4WsAWttnls3l/Fxlpb1BazxW0J62xJW8re9Ju4vK1gK9pK9nZb2d5hq/wmrmXvsbXtvbaOvc/WtHf/Kq5r77f17CO2PiKAbWob2ua2kX3ENraP2ia2qW1mm9u29knbzj5lE+zTtr195jfxArvQrrKr7Rq71u6yu+0Ze9Yest/Yc/YH28P2tAPsy3agfcUOsq/aJDv4N/FI+6YdZd+yo+0YO9aO+008xU61KXaanW7ftTPszN/EqfYDO9um2Tl2rp1n5/8UZ84pzX5oF9mPbLoNYIldapfZ5XaFXfnnuS616+0Gu9HutJ/YLXar3Wa32x2XboTtbrvHfmr32s/sQfu13W+/sAfsYZthv/opzjy+w/Zbe8R+Z4/aY/a4PWFP2u/VpezMYz9hf7QXrLdASECSFAUUQ9kolrJTDrqKctLVlIuuoQhdS3F0HeWm6ykP5aV8lJ/iqQAVJE2GLBGFVIgKU5RuoEvTK04lyFFJKkU3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0NPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSIvWi3vQS9aG+1I/60wB6mQbSKzSIXqUkGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiZxtMEepsm0js0iSbTFJpKKTSNptO7NINm0ix6j2bT+zSH5tI8mk+p9AEtoIWURh/SIvqI0mkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pg76ig/Q1HaJv6DB963vSd3SUjtFxOkEn6Xs6RafpDJ2lc/QDnacf6QJ5ghBDEcpQhUEYE2YLY8PsYY7wqjBneHWYK7wmjITXhnHhdWHu8PowT5g3zBfmD+PDAmHBUIcmtCGFYVgoLBxGwxvCIuGNYdGwWFg8LBG6sGRYKrwpLB3eHJYJbwnLhreG5cLbwvJhhfCR+yqFt4eVwzvCKuGdYdXwrrBaWD2sEdYM7w5rhfeEtcN7wzrhfWGZ8P6wXvhAWD98MGwQPhQ2DB8OG4WPhI3DR8MmYdOwWdg8bBE+FrYMHw9bha3DNuETYdvwybBd+FSYED4dtg+f+an//oV/uT8x7BX2Dl8KXwq9v1fOi86PpkY/iC6ILoymRT+MLop+FE2PLo4uiS6NLosuj66Iroyuiq6Oromuja6Lro9uiG6Mel8zGzh0wkmnXOBiXDYX67K7HO4ql9Nd7XK5a1zEXevi3HUut7ve5XF5XT6X38W7Aq6g084468iFrpAr7KLuBlfE3eiKumKuuCvhnCvpSrnmroVr4Vq6x10r19q1cU+4J9yT7kn3lHvKPe3au2dcB/cn19E96zq559xz7nnXxXV13dwLrrsbn+vnczLR9Xa9XR/Xx/Vz/dwAN8ANdAPdIDfIJbkkN8QNcUPdUDfMDXPD3XA30o10o9woN9qNdmPdWJfskt0EN8FNdBPdJDfJTXFTXIpLcdPddDfDzXCVZ/68lzlujpvn5rlUl+oWuMx7xjS3yC1y6S7dLXFL3DK3zK1wK9wqt8qtcWvcOrfObXAb3Ca3yW1xW9w2t83tcDvcTrfT7fLX/Dyo2+v2uX1uv9vvDrgvXYb7yh10X7tD7ht32H3rjrjv3FF3zB13J9xJ97075U67M+6sO+d+cOfdj+6C8y45Mj4yIfJ2ZGLkncikyOTIlMjUSEpkWmR65N3IjMjMyKzIe5HZkfcjcyJzI/Mi8yOpkQ8iCyILI2mRDyOLIh9F0iOLI0siSyPLIssj3hfYEvpCvrCP+ht8EX+jL+qL+eK+hHe+pC/lb/Kl/c2+jL/Fl/W3+nL+Nl/eV/AV/aO+iW/qm/nmvoV/zLf0j/tWvrVv45/wbf2Tvp1/yif4p317/4zv4P/kO/pnfSf/nO/sn/ddfFffzb/gu/sXfQ/f0yf6Xr63f8n38X19P9/fD/Av+4H+FT/Iv+qT/GA/xL/mh/rX/TD/hh/uR/iRMW/6UZcekWGcT/bj/QT/tp/o3/GT/GQ/xU/1KX6an+7f9TP8TD/Lv+dn+/f9HD/Xz/Pzfar/wC/wC32a/9Av8h/5dL/40ktJv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+x3+k/8Lr/b7/Gf+r3+M7/Pf+73+y/8Af+lz/Bf+YP+a3/If+MP+2/9Ef+dP+qP+eP+hD/pv/en/Gl/xp/15/wP/rz/0V/g31ljjDHGGPtDxl9uil/3/Pw6v9fv5IhfbNwbAK7emj/jl/2Zd5Tr8vzc7ivi20YA4OmenR+6tFSrlpiYeHHbdAlB4bkAl34SlCkGLseLoQ08CQnQGkr/7vz7iq7n6G+MH70VIMcvcmLhcnx5/M8BMPF3xn/siZELyoVn4v7K+HMBiha+nJMdLseLoc1P71daQ5m/MP+8Lf/G/LN/kQzQ6hc5OeFyfHn+peBxeAYSfrXlX9H2j23GGGOMMcYYY+x/Q19RseOl58/g4rrfez6PV5dzssHl+G89nzPGGGOMMcYYY+zKe7Zrt6ceS0ho3fHvb1T5h7L+cKMx/F4XwL91p1m54T3ApTUKAP7JAQEyG/I/eRSb/yP7Srp46vz/rmVnfQD/HaX8xxtj/7zmCv/HxBhjjDHGGPuXu3z3/+v16kpNiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4L+E39X7EofI2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMXal/V8AAAD///9W/fM=") mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) chdir(&(0x7f0000000100)='./file0\x00') syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4, 0x0, 0x1, 0x0, &(0x7f0000000080)) syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000680)={0x40, 0x0, 0x4, "0c8ac451"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="201504000000"], 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], 0x0) 188.580515ms ago: executing program 0 (id=1): r0 = socket(0x10, 0x2, 0x0) unshare(0x62040200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x17, 0x5, &(0x7f00000040c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f00000000c0), 0xf00) setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES64, @ANYRES64, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r5, &(0x7f0000000240)="0b032200e35b90effa49ff25e40100475400f6a1080048030000000000000000", 0x20, 0x20008044, &(0x7f0000000140)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}}, 0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x29, 0xfb, 0x53, 0x7, 0x74, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @dev={0xfe, 0x80, '\x00', 0x38}, 0x10, 0x7, 0xe3de, 0xcfe}}) r8 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r8, &(0x7f0000001940)={0xa, 0x0, 0x200, @mcast1, 0x9}, 0x1c) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r8, 0x29, 0x37, &(0x7f0000000200)=ANY=[], 0x8) setrlimit(0x2, &(0x7f0000000200)={0x4849, 0x5}) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)) mlock2(&(0x7f0000009000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000009000/0x3000)=nil, 0x3000) ioctl$OCFS2_IOC_MOVE_EXT(r3, 0x40406f06, &(0x7f00000001c0)={0x7, 0x8, 0x0, 0x6, 0x1}) ioctl$AUTOFS_IOC_PROTOSUBVER(r8, 0x80049367, &(0x7f0000000000)) sendmmsg$inet6(r8, &(0x7f0000002200)=[{{0x0, 0x0, 0x0}}], 0x40000000000027f, 0x0) 43.206219ms ago: executing program 3 (id=4): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x4c00, 0x3) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1, 0x1, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0x90000014}) syz_emit_ethernet(0xcc, &(0x7f0000000300)={@local, @multicast, @void, {@llc_tr={0x11, {@llc={0xfc, 0xaa, "9fee", "0514b94d61d975358bf3b7f10d0f391209cf35aa9eb7fbb572612c610d2e394834c16627c138ba218b967cf9118c2dc70006c942e4df937c2ea5f3453f32a3230b44d18fcb434f1ee9110d59dacb85ba6d91327161d86f17940b756c0541eecd977f38c71d6f4b0fa55751dcc8213117ea7f1114673370294f1f3955c9699a3405ce917be525c5fef8c80af93332dacd9c71ad9bc5e59680c96fc060f01e417c21ee78ec3ea497cf79cd967eb3b7b230e4c834a2de4593e3b9e3"}}}}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) 12.92439ms ago: executing program 4 (id=5): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x200, 0x1, 0x25dedbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x8000) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x10, 0xb}, {0x4, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x5, 0x7, 0x40, 0x9, 0x0, 0xa}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000500), r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x24004040) io_uring_setup(0x4000026d, &(0x7f0000000300)={0x0, 0x4178, 0x200, 0x2, 0x175}) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x1a9b42, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x8) mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000009, 0x12, r5, 0x954c3000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r9, &(0x7f0000004200)='t', 0x1) r10 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x4, 0xfe, 0x53, 0x3, 0x58, @mcast2, @mcast2={0xff, 0x5}, 0x20, 0x40, 0xe3e1, 0xcff}}) sendfile(r9, r8, 0x0, 0x3ffff) write(r7, &(0x7f0000000200)="c788a5", 0x3) sendfile(r7, r6, 0x0, 0x3ffff) sendfile(r7, r6, 0x0, 0x7ffff000) 0s ago: executing program 2 (id=3): r0 = memfd_create(&(0x7f0000000580)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc5\x1d\xe7jDf\x87@\x8fg\x15RJw\x82\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7g\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x12, r0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000180)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}, 0x1}) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000309000/0x4000)=nil, 0x4000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='\f', 0x1, 0x8000c61) getsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000080), &(0x7f00000000c0)=0x8) munlockall() syz_read_part_table(0x104a, &(0x7f0000002100)="$eJzsz7EJAjEYBeCnnHcGucKRHMKBnMTKximsXMPSMSKc8dBeEOH7iuTPgzz4w08t5mmd+pZvXsOy3eO1S2ppr8N0XpL0p3uG8aOpuQ3Jrkz/t326Z3isq5S5e3/+9j4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8I8eAQAA//9Z8QnX") ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00003ba000/0x1000)=nil, 0x1000}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts. [ 21.567056][ T28] audit: type=1400 audit(1781267979.159:64): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.568264][ T279] cgroup: Unknown subsys name 'net' [ 21.589764][ T28] audit: type=1400 audit(1781267979.159:65): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.617059][ T28] audit: type=1400 audit(1781267979.189:66): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.617193][ T279] cgroup: Unknown subsys name 'devices' [ 21.760886][ T279] cgroup: Unknown subsys name 'hugetlb' [ 21.766482][ T279] cgroup: Unknown subsys name 'rlimit' [ 21.868891][ T28] audit: type=1400 audit(1781267979.459:67): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.892156][ T28] audit: type=1400 audit(1781267979.469:68): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.900580][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.916923][ T28] audit: type=1400 audit(1781267979.469:69): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.948560][ T28] audit: type=1400 audit(1781267979.529:70): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.973998][ T28] audit: type=1400 audit(1781267979.529:71): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.007422][ T28] audit: type=1400 audit(1781267979.599:72): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.033062][ T28] audit: type=1400 audit(1781267979.599:73): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.033121][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.379285][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.386340][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.393861][ T287] device bridge_slave_0 entered promiscuous mode [ 23.401964][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.409141][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.416469][ T287] device bridge_slave_1 entered promiscuous mode [ 23.476806][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.483935][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.491373][ T290] device bridge_slave_0 entered promiscuous mode [ 23.498274][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.505413][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.512760][ T290] device bridge_slave_1 entered promiscuous mode [ 23.566170][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.573323][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.580837][ T288] device bridge_slave_0 entered promiscuous mode [ 23.587846][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.594971][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.602334][ T288] device bridge_slave_1 entered promiscuous mode [ 23.653308][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.660403][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.667688][ T291] device bridge_slave_0 entered promiscuous mode [ 23.709506][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.716651][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.724063][ T291] device bridge_slave_1 entered promiscuous mode [ 23.737882][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.744994][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.752416][ T289] device bridge_slave_0 entered promiscuous mode [ 23.760904][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.767933][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.775393][ T289] device bridge_slave_1 entered promiscuous mode [ 23.826256][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.833323][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.840619][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.847641][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.856943][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.864007][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.871401][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.878425][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.942150][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.949211][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.956552][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.963674][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.001776][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.009426][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.016542][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.024869][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.032290][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.039513][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.046759][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.068656][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.076876][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.084050][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.091649][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.099286][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.106720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.115104][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.122148][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.129540][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.137642][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.144674][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.163323][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.171629][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.178636][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.201239][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.213339][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.221721][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.228747][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.236251][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.244522][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.251583][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.270003][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.277940][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.286102][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.294078][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.319983][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.327582][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.335971][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.343014][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.351972][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.367416][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.375089][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.382594][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.390872][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.399553][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.408049][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.416299][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.423328][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.430793][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.439069][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.447141][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.454159][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.461535][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.469843][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.477956][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.485001][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.504123][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.511977][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.520270][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.528215][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.536794][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.545365][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.553823][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.562526][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.570577][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.579702][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.587423][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.597004][ T290] device veth0_vlan entered promiscuous mode [ 24.604490][ T287] device veth0_vlan entered promiscuous mode [ 24.617441][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.625766][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.633809][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.642214][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.650401][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.658391][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.667624][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.675143][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.687475][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.696183][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.706870][ T287] device veth1_macvtap entered promiscuous mode [ 24.716426][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.724776][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.733235][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.741407][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.749436][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.757367][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.764936][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.773445][ T288] device veth0_vlan entered promiscuous mode [ 24.791051][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.799328][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.807301][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.815698][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.824266][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.832614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.841091][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.849504][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.857805][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.866116][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.880325][ T290] device veth1_macvtap entered promiscuous mode [ 24.892565][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.900483][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.900704][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 24.909563][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.924720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.933261][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.943651][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.952231][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.964826][ T291] device veth0_vlan entered promiscuous mode [ 24.979649][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.988588][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.997922][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.006821][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.016027][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.023757][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.033096][ T289] device veth0_vlan entered promiscuous mode [ 25.044245][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.052188][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.060199][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.067626][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.077178][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.087871][ T291] device veth1_macvtap entered promiscuous mode [ 25.097524][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.105846][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.116645][ T288] device veth1_macvtap entered promiscuous mode [ 25.131434][ T289] device veth1_macvtap entered promiscuous mode [ 25.138749][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.148136][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.169811][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.178242][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.186669][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.195528][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.204066][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.212562][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.220995][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.229490][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.234544][ T318] xt_hashlimit: size too large, truncated to 1048576 [ 25.260270][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.271910][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.282225][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.291252][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.311438][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.808889][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 25.815857][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.847186][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.858631][ T325] loop4: detected capacity change from 0 to 4096 [ 25.867909][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 25.899321][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.907561][ T325] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 25.917837][ T24] usb 2-1: config 0 descriptor?? [ 25.927563][ T24] hub 2-1:0.0: USB hub found [ 25.934578][ T330] loop2: detected capacity change from 0 to 8192 [ 25.992000][ T330] loop2: p1 p2 p4 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 [ 25.992963][ T330] loop2: p2 size 515840 extends beyond EOD, [ 26.081933][ T316] ================================================================== [ 26.082064][ T330] truncated [ 26.087926][ T316] BUG: KASAN: use-after-free in mutex_lock+0x86/0x1b0 [ 26.087969][ T316] Write of size 8 at addr ffff888112e03150 by task syz.0.1/316 [ 26.098387][ T330] loop2: p6 size 515840 extends beyond EOD, [ 26.099103][ T316] [ 26.099118][ T316] CPU: 0 PID: 316 Comm: syz.0.1 Not tainted syzkaller #0 [ 26.099135][ T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 26.099151][ T316] Call Trace: [ 26.106228][ T330] truncated [ 26.113411][ T316] [ 26.113424][ T316] __dump_stack+0x21/0x24 [ 26.113447][ T316] dump_stack_lvl+0x110/0x170 [ 26.113462][ T316] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.113479][ T316] ? mutex_lock+0x86/0x1b0 [ 26.121553][ T330] loop2: p8 size 515840 extends beyond EOD, [ 26.121764][ T316] print_address_description+0x71/0x200 [ 26.130987][ T24] hub 2-1:0.0: 1 port detected [ 26.138828][ T316] print_report+0x4a/0x60 [ 26.138855][ T316] kasan_report+0x122/0x150 [ 26.142484][ T330] truncated [ 26.145263][ T316] ? mutex_lock+0x86/0x1b0 [ 26.145292][ T316] kasan_check_range+0x249/0x2a0 [ 26.149701][ T330] loop2: p10 size 515840 extends beyond EOD, [ 26.152532][ T316] __kasan_check_write+0x14/0x20 [ 26.152557][ T316] mutex_lock+0x86/0x1b0 [ 26.207746][ T330] truncated [ 26.210787][ T316] ? __cfi_mutex_lock+0x10/0x10 [ 26.210819][ T316] ? l2tp_session_put+0xaf/0x1a0 [ 26.217285][ T330] loop2: p12 size 515840 extends beyond EOD, [ 26.219959][ T316] ? l2tp_session_delete+0x3f0/0x4e0 [ 26.219984][ T316] pppol2tp_release+0x194/0x2d0 [ 26.220001][ T316] sock_close+0xf1/0x290 [ 26.223443][ T330] truncated [ 26.227927][ T316] ? __cfi_sock_close+0x10/0x10 [ 26.246633][ T330] loop2: p14 size 515840 extends beyond EOD, [ 26.248998][ T316] __fput+0x1fc/0x8f0 [ 26.249027][ T316] ____fput+0x15/0x20 [ 26.253615][ T330] truncated [ 26.256345][ T316] task_work_run+0x1e1/0x250 [ 26.256370][ T316] ? __cfi_task_work_run+0x10/0x10 [ 26.262694][ T330] loop2: p16 size 515840 extends beyond EOD, [ 26.267261][ T316] ? __cfi___close_range+0x10/0x10 [ 26.271512][ T330] truncated [ 26.275370][ T316] ? do_user_addr_fault+0x9ac/0x1050 [ 26.275398][ T316] exit_to_user_mode_loop+0x9b/0xb0 [ 26.282013][ T330] loop2: p18 size 515840 extends beyond EOD, [ 26.283051][ T316] exit_to_user_mode_prepare+0x87/0xd0 [ 26.288166][ T330] truncated [ 26.294200][ T316] syscall_exit_to_user_mode+0x1a/0x30 [ 26.294217][ T316] do_syscall_64+0x58/0xa0 [ 26.294233][ T316] ? clear_bhb_loop+0x30/0x80 [ 26.294247][ T316] ? clear_bhb_loop+0x30/0x80 [ 26.294261][ T316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.301016][ T330] loop2: p20 size 515840 extends beyond EOD, [ 26.302446][ T316] RIP: 0033:0x7f4866f9ce59 [ 26.307736][ T330] truncated [ 26.312903][ T316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 26.312915][ T316] RSP: 002b:00007fff83a119d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.312931][ T316] RAX: 0000000000000000 RBX: 00007f4867217da0 RCX: 00007f4866f9ce59 [ 26.312941][ T316] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 26.312950][ T316] RBP: 00007f4867217da0 R08: 0000000000000006 R09: 0000000000000000 [ 26.312960][ T316] R10: 00000000005e4020 R11: 0000000000000246 R12: 0000000000006589 [ 26.312971][ T316] R13: 00007f4867215fac R14: 0000000000006528 R15: 00007f4867215fa0 [ 26.320792][ T330] loop2: p22 size 515840 extends beyond EOD, [ 26.324531][ T316] [ 26.324539][ T316] [ 26.324542][ T316] Allocated by task 319: [ 26.327652][ T330] truncated [ 26.333074][ T316] kasan_set_track+0x4b/0x70 [ 26.333095][ T316] kasan_save_alloc_info+0x25/0x30 [ 26.333106][ T316] __kasan_kmalloc+0x95/0xb0 [ 26.333121][ T316] __kmalloc+0xb1/0x1e0 [ 26.333133][ T316] l2tp_session_create+0x38/0xbe0 [ 26.333148][ T316] pppol2tp_connect+0xbef/0x1620 [ 26.333165][ T316] __sys_connect+0x3da/0x460 [ 26.333179][ T316] __x64_sys_connect+0x7a/0x90 [ 26.333192][ T316] x64_sys_call+0x88d/0x9a0 [ 26.333209][ T316] do_syscall_64+0x4c/0xa0 [ 26.340348][ T330] loop2: p24 size 515840 extends beyond EOD, [ 26.342260][ T316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.347440][ T330] truncated [ 26.352809][ T316] [ 26.352814][ T316] Freed by task 316: [ 26.352821][ T316] kasan_set_track+0x4b/0x70 [ 26.352840][ T316] kasan_save_free_info+0x31/0x50 [ 26.352853][ T316] ____kasan_slab_free+0x132/0x180 [ 26.352869][ T316] __kasan_slab_free+0x11/0x20 [ 26.360770][ T330] loop2: p26 size 515840 extends beyond EOD, [ 26.363346][ T316] slab_free_freelist_hook+0xc2/0x190 [ 26.366475][ T330] truncated [ 26.387354][ T316] __kmem_cache_free+0xb7/0x1b0 [ 26.387383][ T316] kfree+0x6f/0xf0 [ 26.387393][ T316] l2tp_session_put+0xaf/0x1a0 [ 26.387405][ T316] l2tp_session_delete+0x3f0/0x4e0 [ 26.387418][ T316] pppol2tp_release+0x185/0x2d0 [ 26.387433][ T316] sock_close+0xf1/0x290 [ 26.387451][ T316] __fput+0x1fc/0x8f0 [ 26.398740][ T330] loop2: p28 size 515840 extends beyond EOD, [ 26.403834][ T316] ____fput+0x15/0x20 [ 26.403859][ T316] task_work_run+0x1e1/0x250 [ 26.403876][ T316] exit_to_user_mode_loop+0x9b/0xb0 [ 26.412213][ T330] truncated [ 26.419876][ T316] exit_to_user_mode_prepare+0x87/0xd0 [ 26.419900][ T316] syscall_exit_to_user_mode+0x1a/0x30 [ 26.419915][ T316] do_syscall_64+0x58/0xa0 [ 26.429870][ T330] loop2: p30 size 515840 extends beyond EOD, [ 26.435909][ T316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.444644][ T330] truncated [ 26.444970][ T316] [ 26.444976][ T316] The buggy address belongs to the object at ffff888112e03000 [ 26.444976][ T316] which belongs to the cache kmalloc-512 of size 512 [ 26.448570][ T330] loop2: p32 size 515840 extends beyond EOD, [ 26.451518][ T316] The buggy address is located 336 bytes inside of [ 26.451518][ T316] 512-byte region [ffff888112e03000, ffff888112e03200) [ 26.451535][ T316] [ 26.451538][ T316] The buggy address belongs to the physical page: [ 26.451559][ T316] page:ffffea00044b8000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112e00 [ 26.455307][ T330] truncated [ 26.459222][ T316] head:ffffea00044b8000 order:2 compound_mapcount:0 compound_pincount:0 [ 26.459236][ T316] flags: 0x4000000000010200(slab|head|zone=1) [ 26.459265][ T316] raw: 4000000000010200 ffffea0004480500 dead000000000002 ffff888100042f00 [ 26.466089][ T330] loop2: p34 size 515840 extends beyond EOD, [ 26.468924][ T316] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 26.468933][ T316] page dumped because: kasan: bad access detected [ 26.468949][ T316] page_owner tracks the page as allocated [ 26.468955][ T316] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 110, tgid 110 (udevd), ts 3927089932, free_ts 0 [ 26.474619][ T330] truncated [ 26.478888][ T316] post_alloc_hook+0x1f5/0x210 [ 26.478917][ T316] prep_new_page+0x1c/0x110 [ 26.478932][ T316] get_page_from_freelist+0x2d12/0x2d80 [ 26.478950][ T316] __alloc_pages+0x1fa/0x610 [ 26.478967][ T316] alloc_slab_page+0x6e/0xf0 [ 26.485491][ T330] loop2: p36 size 515840 extends beyond EOD, [ 26.488459][ T316] new_slab+0x98/0x3d0 [ 26.488478][ T316] ___slab_alloc+0x6bd/0xb20 [ 26.493642][ T330] truncated [ 26.497697][ T316] __slab_alloc+0x5e/0xa0 [ 26.497722][ T316] __kmem_cache_alloc_node+0x203/0x2c0 [ 26.503638][ T330] loop2: p38 size 515840 extends beyond EOD, [ 26.508190][ T316] __kmalloc_node_track_caller+0xa0/0x1e0 [ 26.514373][ T330] truncated [ 26.517168][ T316] __alloc_skb+0x236/0x4b0 [ 26.520844][ T330] loop2: p40 size 515840 extends beyond EOD, [ 26.523394][ T316] alloc_skb_with_frags+0xa8/0x620 [ 26.523417][ T316] sock_alloc_send_pskb+0x87f/0x9a0 [ 26.528094][ T330] truncated [ 26.532979][ T316] unix_dgram_sendmsg+0x539/0x16f0 [ 26.533000][ T316] sock_write_iter+0x2ee/0x3f0 [ 26.533020][ T316] vfs_write+0x603/0xce0 [ 26.540486][ T330] loop2: p42 size 515840 extends beyond EOD, [ 26.542845][ T316] page_owner free stack trace missing [ 26.542851][ T316] [ 26.542854][ T316] Memory state around the buggy address: [ 26.542864][ T316] ffff888112e03000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.549149][ T330] truncated [ 26.554257][ T316] ffff888112e03080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.554268][ T316] >ffff888112e03100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.554273][ T316] ^ [ 26.554281][ T316] ffff888112e03180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.554291][ T316] ffff888112e03200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.560591][ T330] loop2: p44 size 515840 extends beyond EOD, [ 26.562205][ T316] ================================================================== [ 26.580822][ T316] Disabling lock debugging due to kernel taint [ 26.780765][ T312] loop1: detected capacity change from 0 to 256 [ 26.794015][ T330] truncated [ 26.806687][ T312] exfat: Deprecated parameter 'utf8' [ 26.859685][ T330] loop2: p46 size 515840 extends beyond EOD, [ 26.981897][ T312] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x72bddf51, utbl_chksum : 0xe619d30d) [ 26.985704][ T330] truncated [ 27.009303][ T330] loop2: p48 size 515840 extends beyond EOD, truncated [ 27.033464][ T330] loop2: p50 size 515840 extends beyond EOD, truncated [ 27.043887][ T330] loop2: p52 size 515840 extends beyond EOD, truncated [ 27.051415][ T28] kauditd_printk_skb: 63 callbacks suppressed [ 27.051427][ T28] audit: type=1400 audit(1781267984.659:137): avc: denied { mounton } for pid=310 comm="syz.1.2" path="/0/file1/file0" dev="loop1" ino=1048600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.053806][ T312] incfs_lookup_dentry err:-22 [ 27.057806][ T28] audit: type=1400 audit(1781267984.659:138): avc: denied { write } for pid=310 comm="syz.1.2" name="file0" dev="loop1" ino=1048600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.082722][ T330] loop2: p54 size 515840 extends beyond EOD, [ 27.086687][ T28] audit: type=1400 audit(1781267984.659:139): avc: denied { add_name } for pid=310 comm="syz.1.2" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.133879][ T330] truncated [ 27.144467][ T28] audit: type=1400 audit(1781267984.659:140): avc: denied { create } for pid=310 comm="syz.1.2" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 27.145190][ T304] hub 2-1:0.0: activate --> -90 [ 27.164805][ T28] audit: type=1400 audit(1781267984.659:141): avc: denied { associate } for pid=310 comm="syz.1.2" name=".index" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 27.173980][ T330] loop2: p56 size 515840 extends beyond EOD, truncated [ 27.198672][ T330] loop2: p58 size 515840 extends beyond EOD, truncated [ 27.199562][ T289] EXT4-fs (loop4): unmounting filesystem. [ 27.206391][ T330] loop2: p60 size 515840 extends beyond EOD, truncated [ 27.218972][ T330] loop2: p62 size 515840 extends beyond EOD, truncated [ 27.232913][ T330] loop2: p64 size 515840 extends beyond EOD, truncated [ 27.241885][ T330] loop2: p66 size 515840 extends beyond EOD, truncated [ 27.249665][ T330] loop2: p68 size 515840 extends beyond EOD, truncated [ 27.257520][ T330] loop2: p70 size 515840 extends beyond EOD, truncated [ 27.265535][ T330] loop2: p72 size 515840 extends beyond EOD, truncated [ 27.273418][ T330] loop2: p74 size 515840 extends beyond EOD, truncated [ 27.281893][ T330] loop2: p76 size 515840 extends beyond EOD, truncated [ 27.289685][ T330] loop2: p78 size 515840 extends beyond EOD, truncated [ 27.297369][ T330] loop2: p80 size 515840 extends beyond EOD, truncated [ 27.305299][ T330] loop2: p82 size 515840 extends beyond EOD, truncated [ 27.313016][ T330] loop2: p84 size 515840 extends beyond EOD, truncated [ 27.321333][ T330] loop2: p86 size 515840 extends beyond EOD, truncated [ 27.329071][ T330] loop2: p88 size 515840 extends beyond EOD, truncated [ 27.336779][ T330] loop2: p90 size 515840 extends beyond EOD, truncated [ 27.344454][ T330] loop2: p92 size 515840 extends beyond EOD, truncated [ 27.352481][ T330] loop2: p94 size 515840 extends beyond EOD, truncated [ 27.360339][ T330] loop2: p96 size 515840 extends beyond EOD, truncated [ 27.368071][ T330] loop2: p98 size 515840 extends beyond EOD, truncated [ 27.376292][ T330] loop2: p100 size 515840 extends beyond EOD, truncated [ 27.384165][ T330] loop2: p102 size 515840 extends beyond EOD, truncated [ 27.391963][ T330] loop2: p104 size 515840 extends beyond EOD, truncated [ 27.399965][ T330] loop2: p106 size 515840 extends beyond EOD, truncated [ 27.407692][ T330] loop2: p108 size 515840 extends beyond EOD, truncated [ 27.415512][ T330] loop2: p110 size 515840 extends beyond EOD, truncated [ 27.423850][ T330] loop2: p112 size 515840 extends beyond EOD, truncated [ 27.431821][ T330] loop2: p114 size 515840 extends beyond EOD, truncated [ 27.439796][ T330] loop2: p116 size 515840 extends beyond EOD, truncated [ 27.447654][ T330] loop2: p118 size 515840 extends beyond EOD, truncated [ 27.455499][ T330] loop2: p120 size 515840 extends beyond EOD, truncated [ 27.463417][ T330] loop2: p122 size 515840 extends beyond EOD, truncated [ 27.471279][ T330] loop2: p124 size 515840 extends beyond EOD, truncated [ 27.479187][ T330] loop2: p126 size 515840 extends beyond EOD, truncated [ 27.486905][ T330] loop2: p128 size 515840 extends beyond EOD, truncated [ 27.494910][ T330] loop2: p130 size 515840 extends beyond EOD, truncated [ 27.503441][ T330] loop2: p132 size 515840 extends beyond EOD, truncated [ 27.511267][ T330] loop2: p134 size 515840 extends beyond EOD, truncated [ 27.519100][ T330] loop2: p136 size 515840 extends beyond EOD, truncated [ 27.526868][ T330] loop2: p138 size 515840 extends beyond EOD, truncated [ 27.534689][ T330] loop2: p140 size 515840 extends beyond EOD, truncated [ 27.542503][ T330] loop2: p142 size 515840 extends beyond EOD, truncated [ 27.550868][ T330] loop2: p144 size 515840 extends beyond EOD, truncated [ 27.558727][ T330] loop2: p146 size 515840 extends beyond EOD, truncated [ 27.566712][ T330] loop2: p148 size 515840 extends beyond EOD, truncated [ 27.574585][ T330] loop2: p150 size 515840 extends beyond EOD, truncated [ 27.582396][ T330] loop2: p152 size 515840 extends beyond EOD, truncated [ 27.590574][ T330] loop2: p154 size 515840 extends beyond EOD, truncated [ 27.598101][ T312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 27.599105][ T330] loop2: p156 size 515840 extends beyond EOD, truncated [ 27.607211][ T312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 27.615147][ T330] loop2: p158 size 515840 extends beyond EOD, truncated [ 27.629733][ T330] loop2: p160 size 515840 extends beyond EOD, truncated [ 27.637979][ T330] loop2: p162 size 515840 extends beyond EOD, truncated [ 27.647721][ T24] usb 2-1: USB disconnect, device number 2 [ 27.655273][ T330] loop2: p164 size 515840 extends beyond EOD, truncated [ 27.663071][ T330] loop2: p166 size 515840 extends beyond EOD, truncated [ 27.670836][ T330] loop2: p168 size 515840 extends beyond EOD, truncated [ 27.678502][ T330] loop2: p170 size 515840 extends beyond EOD, truncated [ 27.686355][ T330] loop2: p172 size 515840 extends beyond EOD, truncated [ 27.694300][ T330] loop2: p174 size 515840 extends beyond EOD, truncated [ 27.702157][ T330] loop2: p176 size 515840 extends beyond EOD, truncated [ 27.709927][ T330] loop2: p178 size 515840 extends beyond EOD, truncated [ 27.717588][ T330] loop2: p180 size 515840 extends beyond EOD, truncated [ 27.725511][ T330] loop2: p182 size 515840 extends beyond EOD, truncated [ 27.733255][ T330] loop2: p184 size 515840 extends beyond EOD, truncated [ 27.741012][ T330] loop2: p186 size 515840 extends beyond EOD, truncated [ 27.748740][ T330] loop2: p188 size 515840 extends beyond EOD, truncated [ 27.756938][ T330] loop2: p190 size 515840 extends beyond EOD, truncated [ 27.764673][ T330] loop2: p192 size 515840 extends beyond EOD, truncated [ 27.772339][ T330] loop2: p194 size 515840 extends beyond EOD, truncated [ 27.780084][ T330] loop2: p196 size 515840 extends beyond EOD, truncated [ 27.787703][ T330] loop2: p198 size 515840 extends beyond EOD, truncated [ 27.795614][ T330] loop2: p200 size 515840 extends beyond EOD, truncated [ 27.803494][ T330] loop2: p202 size 515840 extends beyond EOD, truncated [ 27.811220][ T330] loop2: p204 size 515840 extends beyond EOD, truncated [ 27.819037][ T330] loop2: p206 size 515840 extends beyond EOD, truncated [ 27.826692][ T330] loop2: p208 size 515840 extends beyond EOD, truncated [ 27.835362][ T330] loop2: p210 size 515840 extends beyond EOD, truncated [ 27.843297][ T330] loop2: p212 size 515840 extends beyond EOD, truncated [ 27.851010][ T330] loop2: p214 size 515840 extends beyond EOD, truncated [ 27.858645][ T330] loop2: p216 size 515840 extends beyond EOD, truncated [ 27.866361][ T330] loop2: p218 size 515840 extends beyond EOD, truncated [ 27.874613][ T330] loop2: p220 size 515840 extends beyond EOD, truncated [ 27.881809][ T304] usb 2-1-port1: config error [ 27.882871][ T330] loop2: p222 size 515840 extends beyond EOD, truncated [ 27.894204][ T330] loop2: p224 size 515840 extends beyond EOD, truncated [ 27.901958][ T330] loop2: p226 size 515840 extends beyond EOD, truncated [ 27.910071][ T330] loop2: p228 size 515840 extends beyond EOD, truncated [ 27.917709][ T330] loop2: p230 size 515840 extends beyond EOD, truncated [ 27.925381][ T330] loop2: p232 size 515840 extends beyond EOD, truncated [ 27.933162][ T330] loop2: p234 size 515840 extends beyond EOD, truncated [ 27.940907][ T330] loop2: p236 size 515840 extends beyond EOD, truncated [ 27.949240][ T330] loop2: p238 size 515840 extends beyond EOD, truncated [ 27.956954][ T330] loop2: p240 size 515840 extends beyond EOD, truncated [ 27.965423][ T330] loop2: p242 size 515840 extends beyond EOD, truncated [ 27.973223][ T330] loop2: p244 size 515840 extends beyond EOD, truncated [ 27.980995][ T330] loop2: p246 size 515840 extends beyond EOD, truncated [ 27.988670][ T330] loop2: p248 size 515840 extends beyond EOD, truncated [ 27.996507][ T330] loop2: p250 size 515840 extends beyond EOD, truncated [ 28.004230][ T330] loop2: p252 size 515840 extends beyond EOD, truncated [ 28.012027][ T330] loop2: p254 size 515840 extends beyond EOD, truncated [ 28.115989][ T311] udevd[311]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 28.116481][ T313] udevd[313]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 28.127186][ T314] udevd[314]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 28.137271][ T341] udevd[341]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 28.166298][ T28] audit: type=1400 audit(1781267985.759:142): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 28.212669][ T311] udevd[311]: inotify_add_watch(7, /dev/loop2p14, 10) failed: No such file or directory [ 28.224309][ T347] udevd[347]: inotify_add_watch(7, /dev/loop2p11, 10) failed: No such file or directory [ 28.234871][ T345] udevd[345]: inotify_add_watch(7, /dev/loop2p9, 10) failed: No such file or directory [ 28.237774][ T344] udevd[344]: inotify_add_watch(7, /dev/loop2p8, 10) failed: No such file or directory [ 28.245171][ T343] udevd[343]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 28.263953][ T28] audit: type=1400 audit(1781267985.789:143): avc: denied { remove_name } for pid=287 comm="syz-executor" name=".index" dev="loop1" ino=1048601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.270062][ T314] udevd[314]: inotify_add_watch(7, /dev/loop2p16, 10) failed: No such file or directory [ 28.291044][ T28] audit: type=1400 audit(1781267985.789:144): avc: denied { rmdir } for pid=287 comm="syz-executor" name=".index" dev="loop1" ino=1048601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.331075][ T28] audit: type=1400 audit(1781267985.789:145): avc: denied { unlink } for pid=287 comm="syz-executor" name="file0" dev="loop1" ino=1048607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.384508][ T287] syz-executor (287) used greatest stack depth: 21312 bytes left [ 28.849659][ T10] device bridge_slave_1 left promiscuous mode [ 28.855830][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.863631][ T10] device bridge_slave_0 left promiscuous mode [ 28.869870][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.878051][ T10] device veth1_macvtap left promiscuous mode [ 28.884124][ T10] device veth0_vlan left promiscuous mode