last executing test programs:

778.039923ms ago: executing program 4 (id=15):
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)

717.017812ms ago: executing program 4 (id=17):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
pread64(r0, &(0x7f0000000180)=""/102391, 0x18ff7, 0x13)

705.468873ms ago: executing program 0 (id=21):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040084}, 0x4004810)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

701.185342ms ago: executing program 4 (id=22):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000480)={'bond_slave_0\x00', {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}})

600.674712ms ago: executing program 4 (id=23):
syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00')
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x3e)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r0], 0x30}}, 0x0)

600.293442ms ago: executing program 4 (id=25):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/timer\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0xffffffff, 0x0)

600.172882ms ago: executing program 4 (id=26):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000740)={0x24, &(0x7f00000029c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

583.520872ms ago: executing program 1 (id=27):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000200)={0x9, 0xff, 0xfffffffd}, 0xc)

564.984082ms ago: executing program 1 (id=28):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_BACKUP_PORT={0x8, 0x22, r2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x5814}, 0x0)

501.521632ms ago: executing program 1 (id=29):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x10, 0x803, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001b80)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r5, {0xfff3, 0x7}, {0x0, 0x2}, {0x7}}}, 0x24}}, 0x20000000)

440.285741ms ago: executing program 1 (id=30):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x28, 0x7, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40044}, 0x8000)

404.955392ms ago: executing program 1 (id=31):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)

333.548591ms ago: executing program 0 (id=32):
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='ed:cb2e')

333.257281ms ago: executing program 1 (id=33):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

333.134401ms ago: executing program 0 (id=34):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}], 0x1, 0x0)

292.816081ms ago: executing program 0 (id=35):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r0, 0x0, 0x0)

279.180511ms ago: executing program 0 (id=36):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x8)

208.637891ms ago: executing program 0 (id=38):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x86, 0x55, 0x21, 0x8, 0xccd, 0x69, 0x6e55, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, 0x0)

208.500821ms ago: executing program 2 (id=39):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000940)={0x28, 0xc, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}}, 0x810)

203.418571ms ago: executing program 2 (id=40):
r0 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, 0xee00}, {0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe4)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

128.35637ms ago: executing program 3 (id=45):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)

115.51903ms ago: executing program 2 (id=46):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x0, 0xffffffffffffffff}, 0x10)

97.4727ms ago: executing program 3 (id=47):
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0xf, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x6, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0xfffffffa, 0xffff2d33, 0x40, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x3, 0x3, 0x107fff, 0x4c74, 0xfbf5, 0x0, 0xb, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x6, 0x3, 0x5, 0x4, 0x8, 0x0, 0x7f, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x8, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x80000001, 0x8, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x0, 0x7ffc, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x801, 0x8, 0x4, 0x0, 0x106, 0x2, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x1, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xd, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0xfffffff9, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x8, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x805, 0xce5, 0x1fd, 0x6, 0x5, 0x5, 0x40000003, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0xfffffffc, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffb, 0x5, 0x8, 0xc8, 0x3, 0x3, 0x80ffff, 0x200003, 0x5, 0x80000000, 0x9602, 0xa, 0x2, 0x4, 0x10, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x3, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0x892]}, 0x45c)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

32.98577ms ago: executing program 3 (id=48):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
unshare(0x20000400)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)

32.59841ms ago: executing program 2 (id=49):
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
removexattr(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000080)=@random={'user.', '\\\x01'})

32.41611ms ago: executing program 3 (id=50):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x28, 0x0, 0x0, 0x6}, {0x6}]}, 0x8)
fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x1})
fcntl$lock(r0, 0x25, &(0x7f00000002c0)={0x1, 0x1, 0x6, 0x9})
fcntl$lock(r0, 0x26, &(0x7f0000000180)={0x0, 0x0, 0x1d18e})

32.32805ms ago: executing program 2 (id=51):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0)

32.25759ms ago: executing program 3 (id=52):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x15a, 0x40)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x80041270, 0x1003)

23.55113ms ago: executing program 3 (id=53):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x9, 0x3, 0x80000001}}]}, {0xfffffffffffffef7}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

0s ago: executing program 2 (id=54):
r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
request_key(&(0x7f0000000240)='big_key\x00', &(0x7f0000000480)={'syz', 0x1}, 0x0, r0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts.
[   21.520932][   T30] audit: type=1400 audit(1737370805.337:66): avc:  denied  { integrity } for  pid=280 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   21.544611][   T30] audit: type=1400 audit(1737370805.357:67): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.545908][  T280] cgroup: Unknown subsys name 'net'
[   21.567621][   T30] audit: type=1400 audit(1737370805.357:68): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.594360][  T280] cgroup: Unknown subsys name 'devices'
[   21.594432][   T30] audit: type=1400 audit(1737370805.387:69): avc:  denied  { unmount } for  pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.768521][  T280] cgroup: Unknown subsys name 'hugetlb'
[   21.774027][  T280] cgroup: Unknown subsys name 'rlimit'
[   21.914326][   T30] audit: type=1400 audit(1737370805.727:70): avc:  denied  { setattr } for  pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.937340][   T30] audit: type=1400 audit(1737370805.727:71): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.961866][   T30] audit: type=1400 audit(1737370805.727:72): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.968893][  T283] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   21.993586][   T30] audit: type=1400 audit(1737370805.807:73): avc:  denied  { relabelto } for  pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.018816][   T30] audit: type=1400 audit(1737370805.807:74): avc:  denied  { write } for  pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.072279][   T30] audit: type=1400 audit(1737370805.887:75): avc:  denied  { read } for  pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.097859][  T280] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   24.292727][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.299618][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.306874][  T293] device bridge_slave_0 entered promiscuous mode
[   24.314470][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.321389][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.328489][  T293] device bridge_slave_1 entered promiscuous mode
[   24.432120][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.439014][  T294] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.446117][  T294] device bridge_slave_0 entered promiscuous mode
[   24.459734][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.466721][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.473812][  T292] device bridge_slave_0 entered promiscuous mode
[   24.483539][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.490407][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.497637][  T294] device bridge_slave_1 entered promiscuous mode
[   24.510459][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.517310][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.524521][  T292] device bridge_slave_1 entered promiscuous mode
[   24.534465][  T296] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.541410][  T296] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.548526][  T296] device bridge_slave_0 entered promiscuous mode
[   24.565173][  T296] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.572058][  T296] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.579244][  T296] device bridge_slave_1 entered promiscuous mode
[   24.675465][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.682354][  T295] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.689616][  T295] device bridge_slave_0 entered promiscuous mode
[   24.707141][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.713985][  T295] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.721283][  T295] device bridge_slave_1 entered promiscuous mode
[   24.773055][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.779919][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.787032][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.793786][  T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.840547][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.847519][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.854616][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.861413][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.874750][  T296] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.881627][  T296] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.888706][  T296] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.895485][  T296] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.911932][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.918795][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.925871][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.932679][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.972234][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.979428][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.986415][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.993812][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.000811][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.007920][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.014897][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.022053][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.029652][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.037011][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.059496][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.066931][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.074882][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.081737][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.089016][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.097280][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.104100][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.126820][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.134546][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.142373][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.150419][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.158579][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.165411][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.172644][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.180632][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.187478][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.207064][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.215772][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.223846][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.230683][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.238025][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.245939][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.252791][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.260090][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.267974][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.275891][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.282651][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.289912][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.297779][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.305687][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.312540][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.325062][  T293] device veth0_vlan entered promiscuous mode
[   25.339877][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.348166][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.355903][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.363730][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.371893][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.391604][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.399806][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.408100][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.416058][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.424275][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.432539][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.440663][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.448045][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.471460][  T293] device veth1_macvtap entered promiscuous mode
[   25.478041][  T292] device veth0_vlan entered promiscuous mode
[   25.484566][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.492409][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.500502][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.508557][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.516354][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.524200][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.531552][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.538953][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.546883][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.565591][  T294] device veth0_vlan entered promiscuous mode
[   25.575847][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   25.584017][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   25.592055][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.598901][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.606137][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   25.614628][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   25.622646][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.629485][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.636709][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.644784][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.652978][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.660770][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.668685][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.676299][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.684107][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.692255][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.700436][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   25.708117][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.715386][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.733188][  T296] device veth0_vlan entered promiscuous mode
[   25.745531][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.753335][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.762333][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.769795][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.777232][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.785211][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.794596][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.804214][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.812332][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.823988][  T296] device veth1_macvtap entered promiscuous mode
[   25.835321][  T295] device veth0_vlan entered promiscuous mode
[   25.842819][  T294] device veth1_macvtap entered promiscuous mode
[   25.852466][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.860424][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.867666][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.874904][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.883140][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.891217][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.898800][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.906807][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.914701][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.922982][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.931903][  T292] device veth1_macvtap entered promiscuous mode
[   25.950037][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.957606][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.965690][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.966065][  T293] request_module fs-gadgetfs succeeded, but still no fs?
[   25.974882][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.988851][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.022912][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.031109][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.039301][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.048433][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.056481][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.064598][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.072857][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.080948][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.099054][  T295] device veth1_macvtap entered promiscuous mode
[   26.119235][  T320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'.
[   26.139950][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.153421][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.164927][  T322] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   26.172451][  T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.199895][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.229359][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.276595][  T337] tipc: Started in network mode
[   26.295602][  T337] tipc: Node identity 4, cluster identity 4711
[   26.316586][  T337] tipc: Node number set to 4
[   26.473838][  T360] netlink: 44 bytes leftover after parsing attributes in process `syz.3.18'.
[   26.592463][   T30] kauditd_printk_skb: 44 callbacks suppressed
[   26.592479][   T30] audit: type=1400 audit(1737370810.407:120): avc:  denied  { create } for  pid=372 comm="syz.1.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   26.666391][   T30] audit: type=1400 audit(1737370810.437:121): avc:  denied  { read write } for  pid=376 comm="syz.4.26" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.694565][   T30] audit: type=1400 audit(1737370810.437:122): avc:  denied  { open } for  pid=376 comm="syz.4.26" path="/dev/raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.726170][   T30] audit: type=1400 audit(1737370810.437:123): avc:  denied  { ioctl } for  pid=376 comm="syz.4.26" path="/dev/raw-gadget" dev="devtmpfs" ino=250 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.788310][   T30] audit: type=1400 audit(1737370810.437:124): avc:  denied  { write } for  pid=372 comm="syz.1.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   26.830791][   T30] audit: type=1400 audit(1737370810.477:125): avc:  denied  { ioctl } for  pid=380 comm="syz.1.28" path="socket:[16529]" dev="sockfs" ino=16529 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   26.866085][   T30] audit: type=1400 audit(1737370810.507:126): avc:  denied  { relabelfrom } for  pid=382 comm="syz.1.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   26.885956][   T30] audit: type=1400 audit(1737370810.507:127): avc:  denied  { relabelto } for  pid=382 comm="syz.1.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   26.906727][   T60] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   26.916004][   T30] audit: type=1400 audit(1737370810.717:128): avc:  denied  { confidentiality } for  pid=333 comm="syz.2.3" lockdown_reason="use of bpf to read kernel RAM" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   26.944604][   T30] audit: type=1400 audit(1737370810.727:129): avc:  denied  { prog_run } for  pid=333 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.093728][  T419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'.
[   27.146599][  T324] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   27.210215][  T437] netlink: 28 bytes leftover after parsing attributes in process `syz.3.53'.
[   27.218933][  T437] netlink: 28 bytes leftover after parsing attributes in process `syz.3.53'.
[   27.228587][  T437] ==================================================================
[   27.236462][  T437] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xb9d/0x3430
[   27.244447][  T437] Read of size 8 at addr ffff88811261d4c0 by task syz.3.53/437
[   27.251949][  T437] 
[   27.254112][  T437] CPU: 1 PID: 437 Comm: syz.3.53 Not tainted 5.15.176-syzkaller-00972-g829d9f138569 #0
[   27.263574][  T437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   27.273471][  T437] Call Trace:
[   27.276595][  T437]  <TASK>
[   27.279371][  T437]  dump_stack_lvl+0x151/0x1c0
[   27.283884][  T437]  ? io_uring_drop_tctx_refs+0x190/0x190
[   27.289354][  T437]  ? panic+0x760/0x760
[   27.293258][  T437]  print_address_description+0x87/0x3b0
[   27.296579][  T323] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   27.298637][  T437]  kasan_report+0x179/0x1c0
[   27.310270][  T437]  ? tc_setup_flow_action+0xb9d/0x3430
[   27.315562][  T437]  ? tc_setup_flow_action+0xb9d/0x3430
[   27.320944][  T437]  __asan_report_load8_noabort+0x14/0x20
[   27.326412][  T437]  tc_setup_flow_action+0xb9d/0x3430
[   27.331546][  T437]  mall_replace_hw_filter+0x394/0xc20
[   27.336748][  T437]  ? mall_set_parms+0x4b0/0x4b0
[   27.341434][  T437]  ? tcf_exts_destroy+0xb0/0xb0
[   27.346115][  T437]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[   27.351850][  T437]  ? pcpu_alloc+0xda0/0x13e0
[   27.356269][  T437]  ? mall_set_parms+0x1c3/0x4b0
[   27.360957][  T437]  mall_change+0x56e/0x780
[   27.365209][  T437]  ? mall_get+0xb0/0xb0
[   27.369202][  T437]  ? tcf_chain_tp_insert_unique+0xa90/0xbb0
[   27.374929][  T437]  ? nla_strcmp+0xed/0x120
[   27.379181][  T437]  ? mall_get+0xb0/0xb0
[   27.383172][  T437]  tc_new_tfilter+0x151a/0x1c00
[   27.387865][  T437]  ? tcf_gate_entry_destructor+0x20/0x20
[   27.393330][  T437]  ? security_capable+0x87/0xb0
[   27.398016][  T437]  ? ns_capable+0x89/0xe0
[   27.402182][  T437]  ? netlink_net_capable+0x125/0x160
[   27.407308][  T437]  ? tcf_gate_entry_destructor+0x20/0x20
[   27.412779][  T437]  rtnetlink_rcv_msg+0x776/0xc40
[   27.417546][  T437]  ? rtnetlink_bind+0x80/0x80
[   27.422146][  T437]  ? stack_trace_save+0x1c0/0x1c0
[   27.427003][  T437]  ? __kernel_text_address+0x9b/0x110
[   27.432213][  T437]  ? unwind_get_return_address+0x4d/0x90
[   27.437681][  T437]  ? avc_has_perm_noaudit+0x348/0x430
[   27.442886][  T437]  ? memcpy+0x56/0x70
[   27.446800][  T437]  ? avc_has_perm_noaudit+0x2dd/0x430
[   27.452096][  T437]  ? avc_denied+0x1b0/0x1b0
[   27.456433][  T437]  ? avc_has_perm+0x16f/0x260
[   27.460952][  T437]  ? ____kasan_kmalloc+0xed/0x110
[   27.465808][  T437]  ? avc_has_perm_noaudit+0x430/0x430
[   27.471014][  T437]  ? x64_sys_call+0x16a/0x9a0
[   27.475527][  T437]  netlink_rcv_skb+0x1cf/0x410
[   27.480130][  T437]  ? rtnetlink_bind+0x80/0x80
[   27.484639][  T437]  ? netlink_ack+0xb10/0xb10
[   27.489069][  T437]  ? __netlink_lookup+0x37b/0x3a0
[   27.493931][  T437]  rtnetlink_rcv+0x1c/0x20
[   27.498183][  T437]  netlink_unicast+0x8df/0xac0
[   27.502792][  T437]  ? netlink_detachskb+0x90/0x90
[   27.507556][  T437]  ? security_netlink_send+0x7b/0xa0
[   27.512689][  T437]  netlink_sendmsg+0xa0a/0xd20
[   27.517277][  T437]  ? netlink_getsockopt+0x560/0x560
[   27.522334][  T437]  ? security_socket_sendmsg+0x82/0xb0
[   27.527604][  T437]  ? netlink_getsockopt+0x560/0x560
[   27.532640][  T437]  ____sys_sendmsg+0x59e/0x8f0
[   27.537240][  T437]  ? __sys_sendmsg_sock+0x40/0x40
[   27.542100][  T437]  ? import_iovec+0xe5/0x120
[   27.546524][  T437]  ___sys_sendmsg+0x252/0x2e0
[   27.551039][  T437]  ? __sys_sendmsg+0x260/0x260
[   27.555639][  T437]  ? check_stack_object+0xf4/0x130
[   27.560590][  T437]  ? __fdget+0x1bc/0x240
[   27.564669][  T437]  __se_sys_sendmsg+0x19a/0x260
[   27.569353][  T437]  ? __x64_sys_sendmsg+0x90/0x90
[   27.574130][  T437]  ? __kasan_check_write+0x14/0x20
[   27.579071][  T437]  ? switch_fpu_return+0x15f/0x2e0
[   27.584024][  T437]  __x64_sys_sendmsg+0x7b/0x90
[   27.588632][  T437]  x64_sys_call+0x16a/0x9a0
[   27.592965][  T437]  do_syscall_64+0x3b/0xb0
[   27.597214][  T437]  ? clear_bhb_loop+0x35/0x90
[   27.601738][  T437]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   27.607459][  T437] RIP: 0033:0x7f2ee0b7bd29
[   27.611716][  T437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   27.631150][  T437] RSP: 002b:00007f2edf1ed038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.639394][  T437] RAX: ffffffffffffffda RBX: 00007f2ee0d6bfa0 RCX: 00007f2ee0b7bd29
[   27.647204][  T437] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004
[   27.655015][  T437] RBP: 00007f2ee0bf7b08 R08: 0000000000000000 R09: 0000000000000000
[   27.662857][  T437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.670636][  T437] R13: 0000000000000000 R14: 00007f2ee0d6bfa0 R15: 00007ffc01598948
[   27.678453][  T437]  </TASK>
[   27.681314][  T437] 
[   27.683521][  T437] Allocated by task 437:
[   27.687044][  T323] usb 1-1: Using ep0 maxpacket: 8
[   27.687571][  T437]  ____kasan_kmalloc+0xdb/0x110
[   27.687598][  T437]  __kasan_kmalloc+0x9/0x10
[   27.701538][  T437]  __kmalloc+0x13f/0x2c0
[   27.705619][  T437]  tcf_idr_create+0x5f/0x780
[   27.710042][  T437]  tcf_idr_create_from_flags+0x5f/0x70
[   27.715336][  T437]  tcf_gact_init+0x3cd/0x6e0
[   27.719766][  T437]  tcf_action_init_1+0x50f/0x7f0
[   27.724538][  T437]  tcf_action_init+0x306/0x840
[   27.729136][  T437]  tcf_exts_validate+0x236/0x520
[   27.733912][  T437]  mall_set_parms+0x44/0x4b0
[   27.738353][  T437]  mall_change+0x495/0x780
[   27.742597][  T437]  tc_new_tfilter+0x151a/0x1c00
[   27.747282][  T437]  rtnetlink_rcv_msg+0x776/0xc40
[   27.752050][  T437]  netlink_rcv_skb+0x1cf/0x410
[   27.756652][  T437]  rtnetlink_rcv+0x1c/0x20
[   27.760903][  T437]  netlink_unicast+0x8df/0xac0
[   27.765513][  T437]  netlink_sendmsg+0xa0a/0xd20
[   27.770101][  T437]  ____sys_sendmsg+0x59e/0x8f0
[   27.774704][  T437]  ___sys_sendmsg+0x252/0x2e0
[   27.779213][  T437]  __se_sys_sendmsg+0x19a/0x260
[   27.783902][  T437]  __x64_sys_sendmsg+0x7b/0x90
[   27.788513][  T437]  x64_sys_call+0x16a/0x9a0
[   27.792841][  T437]  do_syscall_64+0x3b/0xb0
[   27.797093][  T437]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   27.802839][  T437] 
[   27.804994][  T437] The buggy address belongs to the object at ffff88811261d400
[   27.804994][  T437]  which belongs to the cache kmalloc-192 of size 192
[   27.819092][  T437] The buggy address is located 0 bytes to the right of
[   27.819092][  T437]  192-byte region [ffff88811261d400, ffff88811261d4c0)
[   27.832545][  T437] The buggy address belongs to the page:
[   27.838014][  T437] page:ffffea0004498740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811261d000 pfn:0x11261d
[   27.849403][  T437] flags: 0x4000000000000200(slab|zone=1)
[   27.854858][  T437] raw: 4000000000000200 ffffea00044986c0 0000000a0000000a ffff888100042c00
[   27.863274][  T437] raw: ffff88811261d000 000000008010000d 00000001ffffffff 0000000000000000
[   27.871691][  T437] page dumped because: kasan: bad access detected
[   27.877945][  T437] page_owner tracks the page as allocated
[   27.883527][  T437] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 109, ts 5024552682, free_ts 5020113983
[   27.899119][  T437]  post_alloc_hook+0x1a3/0x1b0
[   27.903713][  T437]  prep_new_page+0x1b/0x110
[   27.908055][  T437]  get_page_from_freelist+0x3550/0x35d0
[   27.913438][  T437]  __alloc_pages+0x27e/0x8f0
[   27.917863][  T437]  new_slab+0x9a/0x4e0
[   27.921859][  T437]  ___slab_alloc+0x39e/0x830
[   27.926279][  T437]  __slab_alloc+0x4a/0x90
[   27.930445][  T437]  kmem_cache_alloc_trace+0x147/0x270
[   27.935653][  T437]  kernfs_fop_open+0x324/0xab0
[   27.940254][  T437]  do_dentry_open+0x81c/0xfd0
[   27.944776][  T437]  vfs_open+0x73/0x80
[   27.948591][  T437]  path_openat+0x26f0/0x2f40
[   27.953012][  T437]  do_filp_open+0x21c/0x460
[   27.957358][  T437]  do_sys_openat2+0x13f/0x820
[   27.961871][  T437]  __x64_sys_openat+0x243/0x290
[   27.966556][  T437]  x64_sys_call+0x6bf/0x9a0
[   27.970894][  T437] page last free stack trace:
[   27.975404][  T437]  free_unref_page_prepare+0x7c8/0x7d0
[   27.980714][  T437]  free_unref_page+0xe8/0x750
[   27.985213][  T437]  __free_pages+0x61/0xf0
[   27.989377][  T437]  free_pages+0x7c/0x90
[   27.993367][  T437]  selinux_genfs_get_sid+0x24d/0x2a0
[   27.998495][  T437]  inode_doinit_with_dentry+0x8d2/0x1070
[   28.003959][  T437]  selinux_d_instantiate+0x27/0x40
[   28.008912][  T437]  security_d_instantiate+0x9f/0x100
[   28.014025][  T437]  d_splice_alias+0x6d/0x390
[   28.018544][  T437]  kernfs_iop_lookup+0x29e/0x2f0
[   28.023328][  T437]  __lookup_slow+0x2b9/0x400
[   28.027741][  T437]  lookup_slow+0x5a/0x80
[   28.031819][  T437]  walk_component+0x48c/0x610
[   28.036337][  T437]  path_lookupat+0x16d/0x450
[   28.040762][  T437]  filename_lookup+0x230/0x5c0
[   28.045359][  T437]  user_path_at_empty+0x43/0x1a0
[   28.050134][  T437] 
[   28.052304][  T437] Memory state around the buggy address:
[   28.057775][  T437]  ffff88811261d380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   28.065669][  T437]  ffff88811261d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.073571][  T437] >ffff88811261d480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   28.081465][  T437]                                            ^
[   28.087456][  T437]  ffff88811261d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.095369][  T437]  ffff88811261d580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   28.103252][  T437] ==================================================================
[   28.111147][  T437] Disabling lock debugging due to kernel taint
[   28.156658][   T60] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   28.164050][  T437] syz.3.53 (437) used greatest stack depth: 21792 bytes left
[   28.169136][   T60] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping
[   28.184143][   T60] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   28.266657][  T323] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55
[   28.275589][  T323] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   28.283365][  T323] usb 1-1: Product: syz
[   28.287348][  T323] usb 1-1: Manufacturer: syz
[   28.291744][  T323] usb 1-1: SerialNumber: syz
[   28.297404][  T323] usb 1-1: config 0 descriptor??
[   28.356668][   T60] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[   28.365701][   T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[   28.373629][  T324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.384482][   T60] usb 5-1: Product: syz
[   28.388821][   T60] usb 5-1: Manufacturer: syz
[   28.393282][   T60] usb 5-1: SerialNumber: syz
[   28.397719][  T324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.407492][  T324] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   28.416332][  T324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.424430][   T60] usb 5-1: config 0 descriptor??
[   28.429880][  T324] usb 2-1: config 0 descriptor??
[   28.467129][   T60] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[   28.538358][   T60] usb 1-1: USB disconnect, device number 2
[   29.366653][  T324] uclogic 0003:256C:006D.0001: failed retrieving Huion firmware version: -71
[   29.375498][  T324] uclogic 0003:256C:006D.0001: failed probing parameters: -71
[   29.382867][  T324] uclogic: probe of 0003:256C:006D.0001 failed with error -71
[   29.391226][  T324] usb 2-1: USB disconnect, device number 2
[   29.672788][  T323] usb 5-1: USB disconnect, device number 2