last executing test programs:

5.855381152s ago: executing program 0 (id=9):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000004f80), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={&(0x7f0000005040)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000011}, 0x48010)

5.822768373s ago: executing program 1 (id=2):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000001, 0x11, r0, 0xc10c3000)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20020009, 0x0, &(0x7f0000000240)={0x20, 0xf, 0xfffc, 0x360, 0x7}, 0x8, 0x7, 0x60000000, 0x0, 0x4, 0x101, 0x0})

5.760385165s ago: executing program 0 (id=10):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x4000)
setresuid(r1, r1, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, 0x0)

5.760045155s ago: executing program 1 (id=11):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r0 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff25, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x73, 0x2, 0x2, 0x4002804c4, 0x9, 0x8000000000000000, 0xc595, 0x0, 0x4, 0xefffffffffffffff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2002d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42282, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.759736455s ago: executing program 0 (id=13):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

5.639757619s ago: executing program 0 (id=16):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=ANY=[@ANYBLOB="120000000c0000000800000002"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000005c0)={r0, &(0x7f00000004c0), &(0x7f0000000680)=""/151}, 0x20)

4.900445133s ago: executing program 0 (id=17):
r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000f40)={0x44, &(0x7f0000000c80)={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
futex(0x0, 0x8c, 0x1, 0x0, &(0x7f00000000c0), 0x0)

4.706532479s ago: executing program 1 (id=24):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000000700000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r2, r1, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x32, &(0x7f0000001bc0)=ANY=[], 0x0)

4.648335301s ago: executing program 1 (id=26):
pipe2$watch_queue(0x0, 0x80)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00')
write$cgroup_int(r0, 0x0, 0x0)
recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)}, 0x40002000)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000380)={0x31, 0x4, 0x0, {0x3, 0x7, 0x9, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x31)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
open$dir(&(0x7f0000000240)='./file0\x00', 0x40033e, 0x2f)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

3.672369742s ago: executing program 0 (id=30):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a8230800090400bc6435fb4d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000a80)=""/188, 0xba)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)

2.729065502s ago: executing program 4 (id=36):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000000))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x2, 0x4, 0x4, 0x7fff0000}]})
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="1800040000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000000000000085000000cb0000009500"/88], &(0x7f0000000100)='syzkaller\x00', 0x7}, 0x94)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/power/pm_trace_dev_match', 0x5f9aaf05fcf03636, 0x49)
socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x2, 0x3, 0x3, 0x1, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x27}, 0x9}}}, 0x3a)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000019080)=0x30)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r8, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)
mmap(&(0x7f0000d61000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000d62000/0x3000)=nil, 0x3000, 0x0, 0x1, 0x10000)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfYno=', @ANYRESHEX=r0, @ANYBLOB=',\x00'])

2.676370484s ago: executing program 1 (id=38):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

2.147617121s ago: executing program 2 (id=43):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40000100)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa845942824251d7d17b5191584bcd4fbe40a23424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "642c72f67d5441f6e8da020400"}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000006000)=[{{0x0, 0x0, 0x0}, 0x7fffffff}], 0x1, 0x102, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000080)={0xa, 0x4e21, 0x10, @private2, 0xfffffffb}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.811589502s ago: executing program 4 (id=44):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$printer(0x4, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x8, 0x10, 0x1, "", [{{0x9, 0x4, 0x0, 0x40, 0x2, 0x7, 0x1, 0x3, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x5, 0x4, 0x1a}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x40085503, &(0x7f00000000c0)=0xc28)

1.390239335s ago: executing program 3 (id=45):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x400, 0x0)
mkdirat(r1, 0x0, 0x10b)
r2 = open(&(0x7f0000001440)='./file1\x00', 0x14d77e, 0xc2)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1.341876377s ago: executing program 3 (id=46):
getrandom(&(0x7f0000000140)=""/267, 0xffffffa2, 0x3)
r0 = syz_create_resource$binfmt(&(0x7f0000000100)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000)
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42200, 0x8)

1.26426121s ago: executing program 2 (id=47):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000009c0)={0x44, r1, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x6}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x40000)

1.26408271s ago: executing program 2 (id=48):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x6, 0x3a, '-{@-\xd8)+\\-^-!\x91#', 0x3a, '', 0x3a, './file0', 0x3a, [0x50]}, 0x36)

1.26164356s ago: executing program 2 (id=49):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4004014)
r1 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), 0x0}, 0x20)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
setsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000040)={@remote}, 0x14)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x10}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}}, 0x10c}}, 0x0)

1.098715375s ago: executing program 4 (id=50):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448e1, &(0x7f00000004c0))

1.021011927s ago: executing program 4 (id=51):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, 0x0, 0x24008004)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
clock_gettime(0x17, 0x0)
ioctl$KDGKBTYPE(r4, 0x4b33, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
keyctl$join(0x1, 0x0)
keyctl$session_to_parent(0x12)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32323b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdc69c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d9560ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f733b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000002c0)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x7, 0x6661, 0x6d, @loopback, @mcast1, 0x20, 0x7800, 0x2, 0x81}})
sendmsg$nl_generic(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r7, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}], 0x1}}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000fcf142525f0000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)

974.364108ms ago: executing program 3 (id=52):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1)
recvfrom$inet6(r0, 0x0, 0x0, 0x7, 0x0, 0x0)

973.258819ms ago: executing program 3 (id=53):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x60, 0xe, 0xf1, 0x1ff8, 0x22, 0x2, 0x0})

966.355119ms ago: executing program 3 (id=54):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r1, 0x0, 0x24008004)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
clock_gettime(0x17, 0x0)
ioctl$KDGKBTYPE(r4, 0x4b33, 0x0)
keyctl$join(0x1, 0x0)
keyctl$session_to_parent(0x12)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32323b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdc69c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d9560ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f733b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

392.985667ms ago: executing program 2 (id=55):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="0f013d000001000f3566b842000f1c0e00a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x0, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

392.026407ms ago: executing program 2 (id=56):
r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev2(r1, &(0x7f0000002600)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)

124.355226ms ago: executing program 4 (id=57):
openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00')
preadv(r0, 0x0, 0x0, 0x800, 0x78)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xe4}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})

117.313346ms ago: executing program 3 (id=58):
pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00')
recvmsg$can_bcm(r0, &(0x7f0000001480)={&(0x7f00000000c0)=@ieee802154, 0x80, &(0x7f00000013c0)}, 0x40002000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f00005f8000/0x3000)=nil, 0x3000, 0x1000000, 0x810, r1, 0x5)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
open$dir(&(0x7f0000000240)='./file0\x00', 0x40033e, 0x2f)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2400)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

0s ago: executing program 4 (id=59):
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0x4}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x48814)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4, 0xffffff00, 0x4, 0xc31, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts.
[   21.583186][   T24] audit: type=1400 audit(1779835002.209:64): avc:  denied  { mounton } for  pid=271 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.584228][  T271] cgroup: Unknown subsys name 'net'
[   21.605856][   T24] audit: type=1400 audit(1779835002.209:65): avc:  denied  { mount } for  pid=271 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.633546][   T24] audit: type=1400 audit(1779835002.239:66): avc:  denied  { unmount } for  pid=271 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.633763][  T271] cgroup: Unknown subsys name 'devices'
[   21.750123][  T271] cgroup: Unknown subsys name 'hugetlb'
[   21.755728][  T271] cgroup: Unknown subsys name 'rlimit'
[   21.893508][   T24] audit: type=1400 audit(1779835002.519:67): avc:  denied  { setattr } for  pid=271 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.905919][  T273] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   21.917081][   T24] audit: type=1400 audit(1779835002.519:68): avc:  denied  { mounton } for  pid=271 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.950452][   T24] audit: type=1400 audit(1779835002.519:69): avc:  denied  { mount } for  pid=271 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.974297][   T24] audit: type=1400 audit(1779835002.559:70): avc:  denied  { relabelto } for  pid=273 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.974546][  T271] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.999693][   T24] audit: type=1400 audit(1779835002.559:71): avc:  denied  { write } for  pid=273 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.999708][   T24] audit: type=1400 audit(1779835002.559:72): avc:  denied  { read } for  pid=271 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.999729][   T24] audit: type=1400 audit(1779835002.559:73): avc:  denied  { open } for  pid=271 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.848226][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.855454][  T279] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.863143][  T279] device bridge_slave_0 entered promiscuous mode
[   22.871162][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.878278][  T279] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.885663][  T279] device bridge_slave_1 entered promiscuous mode
[   22.961026][  T280] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.968070][  T280] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.975724][  T280] device bridge_slave_0 entered promiscuous mode
[   22.983939][  T280] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.991007][  T280] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.998367][  T280] device bridge_slave_1 entered promiscuous mode
[   23.060643][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.067689][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.075141][  T282] device bridge_slave_0 entered promiscuous mode
[   23.082220][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.089361][  T281] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.096598][  T281] device bridge_slave_0 entered promiscuous mode
[   23.104321][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.111387][  T281] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.119087][  T281] device bridge_slave_1 entered promiscuous mode
[   23.132157][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.139669][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.146974][  T282] device bridge_slave_1 entered promiscuous mode
[   23.182379][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.189455][  T279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.196808][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.204034][  T279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.230490][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.237540][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.244890][  T283] device bridge_slave_0 entered promiscuous mode
[   23.253465][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.260618][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.268366][  T283] device bridge_slave_1 entered promiscuous mode
[   23.357290][  T280] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.364368][  T280] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.371623][  T280] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.378652][  T280] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.396583][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.403646][  T281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.410906][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.417914][  T281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.439226][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.446271][  T282] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.453551][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.460571][  T282] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.468858][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.477110][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.485671][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.492822][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.500013][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.507147][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.514355][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.521493][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.529280][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.536611][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.566734][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.575243][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.600763][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.608378][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.616296][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.624602][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.631663][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.639080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.647176][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.654214][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.661614][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.669958][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.676965][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.684386][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.692543][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.699575][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.715355][  T279] device veth0_vlan entered promiscuous mode
[   23.729770][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.738253][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.746357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.754392][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.762465][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.770456][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.780009][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.790876][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.802409][  T279] device veth1_macvtap entered promiscuous mode
[   23.816798][  T281] device veth0_vlan entered promiscuous mode
[   23.823563][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.831273][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.839525][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.846903][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.854403][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.862671][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.870946][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.879156][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.886161][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.893561][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.901692][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.908731][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.916649][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.929750][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.937864][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.946329][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.954651][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.963064][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.970105][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.977661][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.986209][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.994443][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.001565][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.016573][  T281] device veth1_macvtap entered promiscuous mode
[   24.025269][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.033435][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.041381][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.050116][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.057972][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.066320][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.074805][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.085378][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.093792][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.102283][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.110678][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.132105][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.140454][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.149360][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.157343][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.165486][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.174108][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.182423][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.190615][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.205903][  T281] request_module fs-gadgetfs succeeded, but still no fs?
[   24.211769][  T280] device veth0_vlan entered promiscuous mode
[   24.223641][  T279] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   24.226481][  T282] device veth0_vlan entered promiscuous mode
[   24.245090][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.258503][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.267279][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.275674][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.283797][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.292149][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.300755][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.308700][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.316772][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.325341][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.333915][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.341546][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.349059][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.356414][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.369257][  T283] device veth0_vlan entered promiscuous mode
[   24.382544][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.383909][  T307] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.390631][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.418133][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.426060][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.434004][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.442680][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.453069][  T280] device veth1_macvtap entered promiscuous mode
[   24.461793][  T282] device veth1_macvtap entered promiscuous mode
[   24.468505][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.476439][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.485439][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.494990][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.508943][  T283] device veth1_macvtap entered promiscuous mode
[   24.518942][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.527381][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.535951][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.556392][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.565309][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.573826][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.583333][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.592395][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.600981][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.609778][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.618140][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.649580][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.659747][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.668297][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.676749][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.757379][  T336] mip6: mip6_rthdr_init_state: spi is not 0: 1
[   26.463621][  T375] hub 8-0:1.0: USB hub found
[   26.468349][  T375] hub 8-0:1.0: 1 port detected
[   26.900010][   T24] kauditd_printk_skb: 68 callbacks suppressed
[   26.900021][   T24] audit: type=1400 audit(1779835007.519:142): avc:  denied  { create } for  pid=380 comm="syz.4.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   27.093763][  T387] xt_TPROXY: Can be used only with -p tcp or -p udp
[   27.503530][   T24] audit: type=1400 audit(1779835007.559:143): avc:  denied  { read write } for  pid=384 comm="syz.0.30" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.541508][   T24] audit: type=1400 audit(1779835007.559:144): avc:  denied  { open } for  pid=384 comm="syz.0.30" path="/dev/raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.570166][   T24] audit: type=1400 audit(1779835007.559:145): avc:  denied  { ioctl } for  pid=384 comm="syz.0.30" path="/dev/raw-gadget" dev="devtmpfs" ino=253 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.610064][   T24] audit: type=1400 audit(1779835008.159:146): avc:  denied  { nlmsg_read } for  pid=380 comm="syz.4.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   27.704183][   T51] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   27.735223][   T24] audit: type=1400 audit(1779835008.329:147): avc:  denied  { write } for  pid=391 comm="syz.2.31" name="uinput" dev="devtmpfs" ino=257 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   27.762459][   T24] audit: type=1400 audit(1779835008.359:148): avc:  denied  { unmount } for  pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   27.798414][  T401] netlink: 36 bytes leftover after parsing attributes in process `syz.4.36'.
[   27.921752][   T24] audit: type=1400 audit(1779835008.549:149): avc:  denied  { write } for  pid=406 comm="syz.3.39" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   27.994277][   T51] usb 1-1: Using ep0 maxpacket: 8
[   28.174310][  T412] mmap: syz.4.36 (412) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[   28.301034][   T24] audit: type=1400 audit(1779835008.929:150): avc:  denied  { ioctl } for  pid=414 comm="syz.3.42" path="socket:[15204]" dev="sockfs" ino=15204 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.338673][   T51] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   28.352314][   T51] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[   28.367638][   T51] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[   28.379635][   T51] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[   28.390840][   T51] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[   28.404548][   T51] usb 1-1: config 168 interface 0 has no altsetting 0
[   28.488629][   T51] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   28.496264][   T51] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[   28.507762][   T51] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[   28.519642][   T51] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[   28.530921][   T51] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[   28.544687][   T51] usb 1-1: config 168 interface 0 has no altsetting 0
[   28.598597][   T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   28.628600][   T51] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   28.636043][   T51] usb 1-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[   28.668585][   T51] usb 1-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[   28.688570][   T51] usb 1-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[   28.718909][   T51] usb 1-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[   28.732621][   T51] usb 1-1: config 168 interface 0 has no altsetting 0
[   28.958891][   T20] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[   28.968236][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.977140][   T20] usb 2-1: config 0 descriptor??
[   28.982459][   T51] usb 1-1: string descriptor 0 read error: -22
[   28.988928][   T51] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   28.998181][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   29.128599][   T24] audit: type=1400 audit(1779835009.749:151): avc:  denied  { mount } for  pid=425 comm="syz.3.45" name="/" dev="ramfs" ino=15887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   29.216693][  T429] process 'syz.3.46' launched './file1' with NULL argv: empty string added
[   29.870714][   T51] usb 1-1: USB disconnect, device number 2
[   30.520089][  T465] ==================================================================
[   30.528222][  T465] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x32b0
[   30.536380][  T465] Read of size 8 at addr ffff888111e362c0 by task syz.4.59/465
[   30.543913][  T465] 
[   30.546272][  T465] CPU: 1 PID: 465 Comm: syz.4.59 Not tainted syzkaller #0
[   30.553379][  T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   30.563448][  T465] Call Trace:
[   30.566757][  T465]  __dump_stack+0x21/0x24
[   30.571273][  T465]  dump_stack_lvl+0x1a7/0x208
[   30.575969][  T465]  ? show_regs_print_info+0x18/0x18
[   30.581188][  T465]  ? thaw_kernel_threads+0x220/0x220
[   30.586483][  T465]  print_address_description+0x7f/0x2c0
[   30.592039][  T465]  ? tc_setup_flow_action+0x842/0x32b0
[   30.597509][  T465]  kasan_report+0xe2/0x130
[   30.601936][  T465]  ? flow_action_cookie_create+0x28/0x90
[   30.607578][  T465]  ? tc_setup_flow_action+0x842/0x32b0
[   30.613054][  T465]  __asan_report_load8_noabort+0x14/0x20
[   30.618690][  T465]  tc_setup_flow_action+0x842/0x32b0
[   30.623982][  T465]  ? __kmalloc+0x1a4/0x330
[   30.628423][  T465]  ? flow_rule_alloc+0x32/0x2c0
[   30.633281][  T465]  mall_replace_hw_filter+0x2cc/0x8a0
[   30.638662][  T465]  ? pcpu_block_update_hint_alloc+0x8bf/0xc50
[   30.644737][  T465]  ? mall_set_parms+0x410/0x410
[   30.649596][  T465]  ? tcf_exts_destroy+0xb0/0xb0
[   30.654462][  T465]  ? pcpu_alloc+0xf9b/0x16b0
[   30.659064][  T465]  ? mall_set_parms+0x19d/0x410
[   30.663929][  T465]  mall_change+0x546/0x760
[   30.668362][  T465]  ? __kasan_check_write+0x14/0x20
[   30.673569][  T465]  ? mall_get+0xa0/0xa0
[   30.677743][  T465]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[   30.683727][  T465]  ? nla_strcmp+0xf4/0x140
[   30.688152][  T465]  tc_new_tfilter+0x1452/0x1a90
[   30.693024][  T465]  ? mall_get+0xa0/0xa0
[   30.697277][  T465]  ? tcf_gate_entry_destructor+0x20/0x20
[   30.702922][  T465]  ? security_capable+0x87/0xb0
[   30.707791][  T465]  ? ns_capable+0x8c/0xf0
[   30.712130][  T465]  ? netlink_net_capable+0x125/0x160
[   30.717420][  T465]  ? tcf_gate_entry_destructor+0x20/0x20
[   30.723064][  T465]  rtnetlink_rcv_msg+0x845/0xcc0
[   30.728010][  T465]  ? rtnetlink_bind+0x80/0x80
[   30.732685][  T465]  ? arch_stack_walk+0xee/0x140
[   30.737547][  T465]  ? stack_trace_save+0xa6/0xf0
[   30.742418][  T465]  ? stack_trace_snprint+0xf0/0xf0
[   30.747620][  T465]  ? avc_has_perm+0x168/0x3d0
[   30.752297][  T465]  ? memcpy+0x56/0x70
[   30.756269][  T465]  ? avc_has_perm+0x27f/0x3d0
[   30.760946][  T465]  ? __kasan_slab_alloc+0xbd/0xf0
[   30.765960][  T465]  ? slab_post_alloc_hook+0x5d/0x2f0
[   30.771362][  T465]  ? avc_has_perm_noaudit+0x260/0x260
[   30.777353][  T465]  ? selinux_nlmsg_lookup+0x3fb/0x4a0
[   30.782717][  T465]  netlink_rcv_skb+0x1f5/0x440
[   30.787468][  T465]  ? rtnetlink_bind+0x80/0x80
[   30.792131][  T465]  ? netlink_ack+0xb70/0xb70
[   30.796699][  T465]  ? __netlink_lookup+0x387/0x3b0
[   30.801719][  T465]  rtnetlink_rcv+0x1c/0x20
[   30.806125][  T465]  netlink_unicast+0x876/0xa40
[   30.810872][  T465]  netlink_sendmsg+0x89c/0xb50
[   30.815617][  T465]  ? __kasan_check_read+0x11/0x20
[   30.820627][  T465]  ? netlink_getsockopt+0x530/0x530
[   30.825812][  T465]  ? security_socket_sendmsg+0x82/0xa0
[   30.831262][  T465]  ? netlink_getsockopt+0x530/0x530
[   30.836454][  T465]  ____sys_sendmsg+0x5b7/0x8f0
[   30.841208][  T465]  ? __sys_sendmsg_sock+0x40/0x40
[   30.846216][  T465]  ? import_iovec+0x7c/0xb0
[   30.850705][  T465]  ___sys_sendmsg+0x236/0x2e0
[   30.855387][  T465]  ? __sys_sendmsg+0x280/0x280
[   30.860158][  T465]  ? alloc_file+0x82/0x540
[   30.864564][  T465]  ? __fdget+0x1a1/0x230
[   30.868797][  T465]  __x64_sys_sendmsg+0x1f9/0x2c0
[   30.873813][  T465]  ? __kasan_check_write+0x14/0x20
[   30.878907][  T465]  ? ___sys_sendmsg+0x2e0/0x2e0
[   30.883754][  T465]  ? __kasan_check_read+0x11/0x20
[   30.888759][  T465]  ? exit_to_user_mode_prepare+0x9a/0xa0
[   30.894372][  T465]  do_syscall_64+0x31/0x40
[   30.898782][  T465]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   30.904656][  T465] RIP: 0033:0x7fde5a1b9e59
[   30.909065][  T465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   30.928773][  T465] RSP: 002b:00007fde58c14028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   30.937179][  T465] RAX: ffffffffffffffda RBX: 00007fde5a432fa0 RCX: 00007fde5a1b9e59
[   30.945132][  T465] RDX: 0000000000000004 RSI: 0000200000000580 RDI: 0000000000000006
[   30.953088][  T465] RBP: 00007fde5a24fd6f R08: 0000000000000000 R09: 0000000000000000
[   30.961043][  T465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.969015][  T465] R13: 00007fde5a433038 R14: 00007fde5a432fa0 R15: 00007ffedc158078
[   30.976970][  T465] 
[   30.979280][  T465] Allocated by task 465:
[   30.983505][  T465]  __kasan_kmalloc+0xda/0x110
[   30.988176][  T465]  __kmalloc+0x1a4/0x330
[   30.992399][  T465]  tcf_idr_create+0x5f/0x790
[   30.996968][  T465]  tcf_idr_create_from_flags+0x61/0x70
[   31.002403][  T465]  tcf_gact_init+0x2e6/0x560
[   31.006974][  T465]  tcf_action_init_1+0x443/0x6e0
[   31.011888][  T465]  tcf_action_init+0x227/0x780
[   31.016632][  T465]  tcf_exts_validate+0x248/0x570
[   31.021550][  T465]  mall_set_parms+0x4b/0x410
[   31.026129][  T465]  mall_change+0x47a/0x760
[   31.030523][  T465]  tc_new_tfilter+0x1452/0x1a90
[   31.035350][  T465]  rtnetlink_rcv_msg+0x845/0xcc0
[   31.040265][  T465]  netlink_rcv_skb+0x1f5/0x440
[   31.045005][  T465]  rtnetlink_rcv+0x1c/0x20
[   31.049406][  T465]  netlink_unicast+0x876/0xa40
[   31.054145][  T465]  netlink_sendmsg+0x89c/0xb50
[   31.058979][  T465]  ____sys_sendmsg+0x5b7/0x8f0
[   31.063720][  T465]  ___sys_sendmsg+0x236/0x2e0
[   31.068371][  T465]  __x64_sys_sendmsg+0x1f9/0x2c0
[   31.073296][  T465]  do_syscall_64+0x31/0x40
[   31.077699][  T465]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   31.083574][  T465] 
[   31.085887][  T465] The buggy address belongs to the object at ffff888111e36200
[   31.085887][  T465]  which belongs to the cache kmalloc-192 of size 192
[   31.100008][  T465] The buggy address is located 0 bytes to the right of
[   31.100008][  T465]  192-byte region [ffff888111e36200, ffff888111e362c0)
[   31.113612][  T465] The buggy address belongs to the page:
[   31.119249][  T465] page:ffffea0004478d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111e36
[   31.129461][  T465] flags: 0x4000000000000200(slab)
[   31.134472][  T465] raw: 4000000000000200 ffffea0004478c00 0000000c0000000c ffff888100043380
[   31.143045][  T465] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   31.151695][  T465] page dumped because: kasan: bad access detected
[   31.158529][  T465] page_owner tracks the page as allocated
[   31.164245][  T465] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 4451960511, free_ts 0
[   31.179326][  T465]  prep_new_page+0x179/0x180
[   31.183901][  T465]  get_page_from_freelist+0x223b/0x23d0
[   31.189429][  T465]  __alloc_pages_nodemask+0x290/0x620
[   31.194782][  T465]  new_slab+0x84/0x3f0
[   31.198833][  T465]  ___slab_alloc+0x2a6/0x450
[   31.203406][  T465]  __slab_alloc+0x63/0xa0
[   31.207716][  T465]  kmem_cache_alloc_trace+0x1b0/0x2e0
[   31.213596][  T465]  kernfs_fop_open+0x343/0xb30
[   31.218355][  T465]  do_dentry_open+0x793/0x1090
[   31.223203][  T465]  vfs_open+0x73/0x80
[   31.227167][  T465]  path_openat+0x280f/0x31c0
[   31.231736][  T465]  do_filp_open+0x1e2/0x410
[   31.236244][  T465]  do_sys_openat2+0x19f/0x750
[   31.240908][  T465]  __x64_sys_openat+0x136/0x160
[   31.245761][  T465]  do_syscall_64+0x31/0x40
[   31.250172][  T465]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   31.256042][  T465] page_owner free stack trace missing
[   31.261392][  T465] 
[   31.263701][  T465] Memory state around the buggy address:
[   31.269312][  T465]  ffff888111e36180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.277456][  T465]  ffff888111e36200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.285500][  T465] >ffff888111e36280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   31.293541][  T465]                                            ^
[   31.299699][  T465]  ffff888111e36300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.307839][  T465]  ffff888111e36380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.316001][  T465] ==================================================================
[   31.324073][  T465] Disabling lock debugging due to kernel taint
May 26 22:36:51 syzkaller kern.a[   31.337512][  T347] usb 2-1: USB disconnect, device number 2
lert kernel: [   31.158529][  T465] page_owner tracks the page as allocated
May 26 22:36:51 syzkaller kern.alert kernel: [   31.164245][  T465] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 4451960511, free_ts 0
May 26 22:36:51 syzkaller kern.alert kernel: [   31.256042][  T465] page_owner free stack trace missing