last executing test programs:

3.985513021s ago: executing program 4 (id=5):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = socket$inet(0x2, 0x1, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r7=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r7, 0x2, 0x6}, 0x10)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f00000000c0)={r7, 0x2, 0x6, @remote}, 0x10)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x89a1, &(0x7f0000000240)={'syzkaller0\x00'})
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x308, 0x0, 0xb, 0xd0e0011, 0x120, 0xc6, 0x270, 0x1d8, 0x190, 0x270, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'nr0\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x120, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0x0, 0xffffffff]}}]}, @unspec=@CT0={0x48}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'virt_wifi0\x00'}, 0x0, 0xe8, 0x150, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x1, 0x8, [0x4e22, 0x4e23, 0x4e23, 0x4e23, 0x4e23, 0x4e22, 0x4e24, 0x4e22, 0x4e23, 0x4e22, 0x4e24, 0x4e23, 0x4e23, 0x4e23, 0x4e22], [0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1]}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x20000, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x368)

2.615974237s ago: executing program 2 (id=9):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x14, 0x4, 0x0, 0x2, 0x50, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x24, 0xc0, 0x3, 0x1, [{@multicast1}, {@multicast1}, {@remote, 0x8000}, {@multicast1, 0xffd200}]}, @noop, @noop, @rr={0x7, 0xf, 0x33, [@multicast1, @remote, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000d0205000000000000010000050000000000839a9d"], &(0x7f0000000f40)=""/4089, 0x3e, 0xff9, 0xa, 0x0, 0x0, @void, @value}, 0x28)

2.041111745s ago: executing program 3 (id=15):
syz_usb_connect(0x5, 0x57, &(0x7f00000021c0)=ANY=[@ANYBLOB="1201000036b40f202104a000e1c80000000109024500010000000009040000020202ff00052406000105240000000d240f010000000000f2ff000006241a000000042402"], 0x0)

1.911510355s ago: executing program 1 (id=16):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58f04"])

1.891914195s ago: executing program 4 (id=17):
r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e2793f10d10501200028000000010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f00000006c0)={0x34, &(0x7f0000000480)={0x0, 0xb, 0x2, "6a10"}, 0x0, 0x0, 0x0, 0x0, 0x0})

1.833819815s ago: executing program 0 (id=18):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x200080c1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000020301"], 0x1c}}, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.788051995s ago: executing program 1 (id=19):
unshare(0x22020600)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x80047441, 0x20000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps\x00')
pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r3 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000003629394704563fd1b6c451f3c1a92234d2e4c861640dd397f169e7a6960804c25712a66d5e4d8d97d2d37dfba62352bfd84ab796c849592d12115"], 0x119)
writev(r3, 0x0, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[], 0x15)

1.423790333s ago: executing program 2 (id=20):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000100)="67660f7f955ee30d482e0f13709a0fb035d9ff66f30f21933e673e26650fe2791226660ff367a80f01d166b80500000066b9000000000f01d9b829010f00d0", 0x3f}], 0x1, 0x61, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000440)=0x2, 0x4)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth0_to_bridge\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ether_spec={@link_local, @remote}, {}, @esp_ip6_spec={@ipv4={'\x00', '\xff\xff', @local}, @private0}, {0x0, @remote}}}})
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000580)=0x831, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000005c0)={@broadcast, @random, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)

1.422038443s ago: executing program 1 (id=21):
socket$nl_route(0x10, 0x3, 0x0)
mkdir(0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mknod$loop(&(0x7f0000000240)='./file1\x00', 0x20, 0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000280)=0x1e51, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
preadv(r3, &(0x7f0000000340)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x0, 0x0)
clock_adjtime(0x0, 0x0)

1.320569423s ago: executing program 2 (id=22):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x9, 0x1a1300)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000014, 0x0, 0x0, 0x0, 0xd, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000e0ffffffffffffff00", "900600000000000f00070000000100cedfffffffffffffff000000000000f600", [0x6, 0x7f]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)

1.259312133s ago: executing program 2 (id=23):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xb2dd, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x41720, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_POWER(r3, 0x112, 0x9, 0x0, 0x0)
ioctl$KVM_GET_FPU(0xffffffffffffffff, 0x81a0ae8c, &(0x7f0000000100))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0xb4}}, 0x200000d4)

1.007495252s ago: executing program 1 (id=24):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x64, 0x0, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:udev_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller1\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x40004}, 0x200080c1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="0100"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)

969.345722ms ago: executing program 2 (id=25):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
close(r0)

881.463782ms ago: executing program 0 (id=26):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
close(r0)
socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x4}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

820.239742ms ago: executing program 2 (id=27):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c40)=ANY=[@ANYBLOB="1201000000000010f304550700000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000780)={0x2c, &(0x7f0000000540)={0x20, 0x22, 0x6, {0x6, 0x31, "8315e7c5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000680), 0x5c26, 0x0)
ioctl$HIDIOCGRAWINFO(r1, 0x80084803, &(0x7f0000000440)=""/251)

722.228861ms ago: executing program 0 (id=28):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@delsa={0x3c, 0x12, 0x1, 0x0, 0x0, {@in6=@loopback}, [@srcaddr={0x14, 0xd, @in=@private=0xa010102}]}, 0x3c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="15"], 0x15)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

442.246201ms ago: executing program 3 (id=29):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)

340.18816ms ago: executing program 0 (id=30):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000040)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008efebe", 0x3b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @pic={0x3, 0xa, 0x9, 0x10, 0x81, 0xa3, 0x7, 0xb5, 0x2, 0x78, 0x4, 0x2, 0x1, 0x6, 0xf2, 0x1}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x0, 0x2004c9, 0x0, 0x4], 0x0, 0x2c0710})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

227.51799ms ago: executing program 0 (id=31):
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f00000005c0)={0x20071026}, &(0x7f0000000600))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

218.7696ms ago: executing program 4 (id=32):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071105400000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
unshare(0x22020600)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r0)

182.85659ms ago: executing program 3 (id=33):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x800)

157.9017ms ago: executing program 0 (id=34):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, &(0x7f0000000300)='\x00\x00\x00\x00\x00\x00', 0x6, 0xffffffffffffffff)

78.26202ms ago: executing program 3 (id=35):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtaction={0x48, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0)

78.105619ms ago: executing program 3 (id=36):
ioperm(0x0, 0x3, 0x2)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

77.932419ms ago: executing program 4 (id=37):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

56.46805ms ago: executing program 3 (id=38):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r3, &(0x7f0000000300), 0x4)

45.110879ms ago: executing program 1 (id=39):
ioperm(0x0, 0x2, 0x7e)
clock_settime(0xb, 0x0)

364.69µs ago: executing program 1 (id=40):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x9, 0x3, 0x80000001}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

0s ago: executing program 4 (id=41):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4020aeb2, &(0x7f0000000040)={0x3, 0xffffffffffffffff, 0xfffffffe})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.107' (ED25519) to the list of known hosts.
[   21.233246][   T24] audit: type=1400 audit(1737463875.389:66): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.234218][  T275] cgroup: Unknown subsys name 'net'
[   21.255706][   T24] audit: type=1400 audit(1737463875.389:67): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.282573][   T24] audit: type=1400 audit(1737463875.419:68): avc:  denied  { unmount } for  pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.282732][  T275] cgroup: Unknown subsys name 'devices'
[   21.457748][  T275] cgroup: Unknown subsys name 'hugetlb'
[   21.463131][  T275] cgroup: Unknown subsys name 'rlimit'
[   21.570433][   T24] audit: type=1400 audit(1737463875.729:69): avc:  denied  { setattr } for  pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.593443][   T24] audit: type=1400 audit(1737463875.729:70): avc:  denied  { mounton } for  pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.598479][  T278] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.618098][   T24] audit: type=1400 audit(1737463875.729:71): avc:  denied  { mount } for  pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.649222][   T24] audit: type=1400 audit(1737463875.789:72): avc:  denied  { relabelto } for  pid=278 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.674470][   T24] audit: type=1400 audit(1737463875.789:73): avc:  denied  { write } for  pid=278 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.702387][   T24] audit: type=1400 audit(1737463875.859:74): avc:  denied  { read } for  pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.727677][   T24] audit: type=1400 audit(1737463875.859:75): avc:  denied  { open } for  pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.753462][  T275] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.823699][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.830596][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.837750][  T285] device bridge_slave_0 entered promiscuous mode
[   22.845150][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.852052][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.859158][  T285] device bridge_slave_1 entered promiscuous mode
[   22.923593][  T288] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.930480][  T288] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.937640][  T288] device bridge_slave_0 entered promiscuous mode
[   22.948152][  T288] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.954982][  T288] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.962308][  T288] device bridge_slave_1 entered promiscuous mode
[   22.983025][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.989927][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.997025][  T286] device bridge_slave_0 entered promiscuous mode
[   23.004114][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.010978][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.018137][  T286] device bridge_slave_1 entered promiscuous mode
[   23.039900][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.046745][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.053867][  T289] device bridge_slave_0 entered promiscuous mode
[   23.060494][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.067458][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.074476][  T289] device bridge_slave_1 entered promiscuous mode
[   23.101621][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.108498][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.115509][  T287] device bridge_slave_0 entered promiscuous mode
[   23.139073][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.145912][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.153365][  T287] device bridge_slave_1 entered promiscuous mode
[   23.234141][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.241012][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.248096][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.254873][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.272934][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.279791][  T286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.286866][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.293658][  T286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.315454][  T288] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.322306][  T288] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.329393][  T288] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.336196][  T288] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.349168][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.356003][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.363112][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.369900][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.388868][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.395868][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.402947][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.410112][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.417233][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.424143][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.431205][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.438119][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.445451][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.452739][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.466934][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.474863][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.481701][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.489132][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.497111][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.503922][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.530956][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.538469][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.545918][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.554621][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.562504][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.570762][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.577594][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.584693][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.592596][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.599421][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.606638][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.614515][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.621289][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.635786][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.643689][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.650443][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.657796][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.669990][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.686694][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.694895][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.702683][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.711044][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.719047][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.725856][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.733025][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.740873][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.747703][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.761056][  T285] device veth0_vlan entered promiscuous mode
[   23.772650][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.780828][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.788915][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.796458][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.803851][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.812196][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.819037][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.826440][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.834320][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.841092][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.848259][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.855927][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.863653][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.872355][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.888452][  T285] device veth1_macvtap entered promiscuous mode
[   23.898709][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.906874][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.914541][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.923015][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.930826][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.938925][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.946906][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   23.954188][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.962362][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.973269][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.981483][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.999144][  T287] device veth0_vlan entered promiscuous mode
[   24.006359][  T288] device veth0_vlan entered promiscuous mode
[   24.012871][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.021859][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.029773][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.037890][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.045889][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.053679][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.062460][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.069751][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.076931][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.084085][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.091620][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.099791][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.112307][  T289] device veth0_vlan entered promiscuous mode
[   24.122285][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.130626][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.138788][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.146814][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.154568][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.162764][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.171067][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.178361][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.191599][  T288] device veth1_macvtap entered promiscuous mode
[   24.200066][  T287] device veth1_macvtap entered promiscuous mode
[   24.206745][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.214673][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.222956][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.230865][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.238908][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.246937][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.254282][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.262334][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.270914][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.279182][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.289673][  T289] device veth1_macvtap entered promiscuous mode
[   24.299126][  T286] device veth0_vlan entered promiscuous mode
[   24.306639][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.314238][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.321583][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.334526][  T285] request_module fs-gadgetfs succeeded, but still no fs?
[   24.345911][  T285] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   24.361616][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.370560][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.378894][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.387608][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.407273][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.408743][  T315] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.415246][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.439377][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.447542][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.456052][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.464352][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.472705][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.481575][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.490187][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.498653][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.510035][  T286] device veth1_macvtap entered promiscuous mode
[   24.557293][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.567964][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.576045][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.584758][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.594140][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.036872][  T334] kvm [333]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[   26.062851][  T334] kvm [333]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[   26.074344][  T348] netlink: 52 bytes leftover after parsing attributes in process `syz.3.10'.
[   26.082966][  T348] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10'.
[   26.091907][  T348] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10'.
[   26.118889][  T334] kvm [333]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[   26.176893][  T350] overlayfs: invalid redirect ((null))
[   26.248268][   T24] kauditd_printk_skb: 53 callbacks suppressed
[   26.248278][   T24] audit: type=1400 audit(1737463880.409:129): avc:  denied  { read } for  pid=355 comm="syz.3.13" name="ppp" dev="devtmpfs" ino=149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   26.351457][  T359] netlink: 248 bytes leftover after parsing attributes in process `syz.3.13'.
[   26.378318][  T358] netlink: 48 bytes leftover after parsing attributes in process `syz.1.12'.
[   26.396500][   T24] audit: type=1400 audit(1737463880.409:130): avc:  denied  { open } for  pid=355 comm="syz.3.13" path="/dev/ppp" dev="devtmpfs" ino=149 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   26.456437][  T359] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13'.
[   26.500537][   T24] audit: type=1400 audit(1737463880.439:131): avc:  denied  { ioctl } for  pid=355 comm="syz.3.13" path="/dev/ppp" dev="devtmpfs" ino=149 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   26.616761][   T24] audit: type=1400 audit(1737463880.439:132): avc:  denied  { read } for  pid=353 comm="syz.1.12" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   26.691160][   T24] audit: type=1400 audit(1737463880.439:133): avc:  denied  { open } for  pid=353 comm="syz.1.12" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   26.761185][  T345] kvm: emulating exchange as write
[   26.776944][   T24] audit: type=1400 audit(1737463880.489:134): avc:  denied  { create } for  pid=353 comm="syz.1.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   26.807683][   T24] audit: type=1400 audit(1737463880.529:135): avc:  denied  { ioctl } for  pid=353 comm="syz.1.12" path="socket:[15520]" dev="sockfs" ino=15520 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   26.832657][   T24] audit: type=1400 audit(1737463880.819:136): avc:  denied  { read write } for  pid=363 comm="syz.3.15" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.861475][   T24] audit: type=1400 audit(1737463880.819:137): avc:  denied  { open } for  pid=363 comm="syz.3.15" path="/dev/raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.898617][   T24] audit: type=1400 audit(1737463880.819:138): avc:  denied  { ioctl } for  pid=363 comm="syz.3.15" path="/dev/raw-gadget" dev="devtmpfs" ino=249 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   26.946242][  T307] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   27.046198][   T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   27.196156][  T307] usb 4-1: Using ep0 maxpacket: 32
[   27.200309][  T372] kvm [371]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xe2f2
[   27.217096][  T372] kvm [371]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0xa2f3
[   27.242169][  T372] kvm [371]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x50fe
[   27.251445][  T372] kvm [371]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x10ff
[   27.286241][   T25] usb 5-1: Using ep0 maxpacket: 16
[   27.286549][  T372] kvm [371]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x9686
[   27.313561][  T372] kvm [371]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0xd687
[   27.322712][  T307] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   27.333310][  T307] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   27.346872][  T307] usb 4-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1
[   27.355807][  T307] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   27.366782][  T307] usb 4-1: config 0 descriptor??
[   27.406816][   T25] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=28.00
[   27.417278][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   27.441074][   T25] usb 5-1: config 0 descriptor??
[   27.475144][  T307] usb 4-1: bad CDC descriptors
[   27.543870][   T25] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[   27.559879][   T25] usb 5-1: Detected FT-X
[   27.665223][  T378] usb 4-1: USB disconnect, device number 2
[   27.736695][  T397] device syzkaller0 entered promiscuous mode
[   27.916895][   T25] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[   27.936260][   T25] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[   27.946876][   T25] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   27.966017][   T25] usb 5-1: USB disconnect, device number 2
[   27.976846][   T25] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   27.996684][   T25] ftdi_sio 5-1:0.0: device disconnected
[   28.166226][  T307] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   28.174107][  T406] kvm [405]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[   28.197864][  T406] kvm [405]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[   28.212014][  T406] kvm [405]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[   28.227476][  T406] kvm [405]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[   28.245135][  T406] kvm [405]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[   28.368434][  T413] kvm: pic: level sensitive irq not supported
[   28.368496][  T413] kvm: pic: non byte read
[   28.416153][  T307] usb 3-1: Using ep0 maxpacket: 16
[   28.434678][  T416] capability: warning: `syz.0.31' uses deprecated v2 capabilities in a way that may be insecure
[   28.536948][  T307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.564192][  T307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.587223][  T307] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   28.596460][  T307] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.607350][  T307] usb 3-1: config 0 descriptor??
[   28.641853][  T437] ==================================================================
[   28.649765][  T437] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xbb8/0x3630
[   28.657744][  T437] Read of size 8 at addr ffff8881134ef8c0 by task syz.1.40/437
[   28.665090][  T437] 
[   28.667268][  T437] CPU: 0 PID: 437 Comm: syz.1.40 Not tainted 5.10.233-syzkaller-00881-gfbe98d68b6b3 #0
[   28.676724][  T437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   28.686617][  T437] Call Trace:
[   28.689754][  T437]  dump_stack_lvl+0x1e2/0x24b
[   28.694256][  T437]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   28.699551][  T437]  ? panic+0x812/0x812
[   28.703457][  T437]  print_address_description+0x81/0x3b0
[   28.708836][  T437]  kasan_report+0x179/0x1c0
[   28.713176][  T437]  ? tc_setup_flow_action+0xbb8/0x3630
[   28.718470][  T437]  ? tc_setup_flow_action+0xbb8/0x3630
[   28.723767][  T437]  __asan_report_load8_noabort+0x14/0x20
[   28.729233][  T437]  tc_setup_flow_action+0xbb8/0x3630
[   28.734356][  T437]  ? __kmalloc+0x1aa/0x330
[   28.738607][  T437]  ? flow_rule_alloc+0x30/0x2b0
[   28.743297][  T437]  mall_replace_hw_filter+0x394/0xc10
[   28.748503][  T437]  ? mall_set_parms+0x440/0x440
[   28.753186][  T437]  ? tcf_exts_destroy+0xb0/0xb0
[   28.757878][  T437]  ? pcpu_memcg_post_alloc_hook+0x1c8/0x360
[   28.763603][  T437]  ? pcpu_alloc+0xfa0/0x1420
[   28.768033][  T437]  ? mall_set_parms+0x4b/0x440
[   28.772629][  T437]  ? mall_set_parms+0x1a2/0x440
[   28.777319][  T437]  mall_change+0x573/0x7a0
[   28.781574][  T437]  ? __kasan_check_write+0x14/0x20
[   28.786515][  T437]  ? mall_get+0xb0/0xb0
[   28.790510][  T437]  ? tcf_chain_tp_insert_unique+0xa90/0xbb0
[   28.796241][  T437]  tc_new_tfilter+0x168e/0x1dc0
[   28.800925][  T437]  ? mall_get+0xb0/0xb0
[   28.804917][  T437]  ? tcf_gate_entry_destructor+0x20/0x20
[   28.810388][  T437]  ? security_capable+0x87/0xb0
[   28.815076][  T437]  ? ns_capable+0x89/0xe0
[   28.819241][  T437]  ? netlink_net_capable+0x125/0x160
[   28.824359][  T437]  ? tcf_gate_entry_destructor+0x20/0x20
[   28.829831][  T437]  rtnetlink_rcv_msg+0x77a/0xc50
[   28.834604][  T437]  ? is_bpf_text_address+0x172/0x190
[   28.839729][  T437]  ? rtnetlink_bind+0x80/0x80
[   28.844234][  T437]  ? arch_stack_walk+0xf3/0x140
[   28.848924][  T437]  ? stack_trace_save+0x113/0x1c0
[   28.853782][  T437]  ? __kasan_check_write+0x14/0x20
[   28.858733][  T437]  ? stack_trace_snprint+0xf0/0xf0
[   28.863675][  T437]  ? avc_has_perm+0x14d/0x400
[   28.868189][  T437]  ? memcpy+0x56/0x70
[   28.872008][  T437]  ? avc_has_perm+0x275/0x400
[   28.876520][  T437]  ? __kasan_slab_alloc+0xb1/0xe0
[   28.881380][  T437]  ? slab_post_alloc_hook+0x61/0x2f0
[   28.886521][  T437]  ? kmem_cache_alloc+0x168/0x2e0
[   28.891367][  T437]  ? avc_has_perm_noaudit+0x240/0x240
[   28.896577][  T437]  ? iov_iter_advance+0x258/0xb20
[   28.901435][  T437]  netlink_rcv_skb+0x1cf/0x410
[   28.906033][  T437]  ? rtnetlink_bind+0x80/0x80
[   28.910559][  T437]  ? netlink_ack+0xb30/0xb30
[   28.914976][  T437]  ? __netlink_lookup+0x37b/0x3a0
[   28.919838][  T437]  rtnetlink_rcv+0x1c/0x20
[   28.924088][  T437]  netlink_unicast+0x8df/0xac0
[   28.928692][  T437]  ? netlink_detachskb+0x90/0x90
[   28.933461][  T437]  ? security_netlink_send+0x7b/0xa0
[   28.938579][  T437]  netlink_sendmsg+0xa46/0xd00
[   28.943180][  T437]  ? netlink_getsockopt+0x5c0/0x5c0
[   28.948215][  T437]  ? security_socket_sendmsg+0x82/0xb0
[   28.953505][  T437]  ? netlink_getsockopt+0x5c0/0x5c0
[   28.958543][  T437]  ____sys_sendmsg+0x59e/0x8f0
[   28.963141][  T437]  ? __sys_sendmsg_sock+0x40/0x40
[   28.968006][  T437]  ? import_iovec+0xe5/0x120
[   28.972428][  T437]  ___sys_sendmsg+0x252/0x2e0
[   28.976942][  T437]  ? __sys_sendmsg+0x280/0x280
[   28.981548][  T437]  ? __fdget+0x1bc/0x240
[   28.985620][  T437]  __se_sys_sendmsg+0x1b1/0x280
[   28.990314][  T437]  ? __x64_sys_sendmsg+0x90/0x90
[   28.995084][  T437]  ? fpu__clear_all+0x20/0x20
[   28.999597][  T437]  ? __kasan_check_read+0x11/0x20
[   29.004456][  T437]  __x64_sys_sendmsg+0x7b/0x90
[   29.009063][  T437]  do_syscall_64+0x34/0x70
[   29.013308][  T437]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.019037][  T437] RIP: 0033:0x7f7c6a73dd29
[   29.023291][  T437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   29.042734][  T437] RSP: 002b:00007f7c68daf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   29.050974][  T437] RAX: ffffffffffffffda RBX: 00007f7c6a92dfa0 RCX: 00007f7c6a73dd29
[   29.058788][  T437] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004
[   29.066595][  T437] RBP: 00007f7c6a7b9b08 R08: 0000000000000000 R09: 0000000000000000
[   29.074407][  T437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   29.082220][  T437] R13: 0000000000000000 R14: 00007f7c6a92dfa0 R15: 00007fff1881f2a8
[   29.090032][  T437] 
[   29.092197][  T437] Allocated by task 437:
[   29.096298][  T437]  ____kasan_kmalloc+0xdb/0x110
[   29.100973][  T437]  __kasan_kmalloc+0x9/0x10
[   29.105308][  T437]  __kmalloc+0x1aa/0x330
[   29.109388][  T437]  tcf_idr_create+0x5f/0x770
[   29.113813][  T437]  tcf_idr_create_from_flags+0x5f/0x70
[   29.119108][  T437]  tcf_gact_init+0x373/0x6e0
[   29.123532][  T437]  tcf_action_init_1+0x584/0x830
[   29.128308][  T437]  tcf_action_init+0x2b5/0x800
[   29.132905][  T437]  tcf_exts_validate+0x232/0x540
[   29.137683][  T437]  mall_set_parms+0x4b/0x440
[   29.142107][  T437]  mall_change+0x49e/0x7a0
[   29.146360][  T437]  tc_new_tfilter+0x168e/0x1dc0
[   29.151047][  T437]  rtnetlink_rcv_msg+0x77a/0xc50
[   29.155822][  T437]  netlink_rcv_skb+0x1cf/0x410
[   29.160435][  T437]  rtnetlink_rcv+0x1c/0x20
[   29.164675][  T437]  netlink_unicast+0x8df/0xac0
[   29.169278][  T437]  netlink_sendmsg+0xa46/0xd00
[   29.173881][  T437]  ____sys_sendmsg+0x59e/0x8f0
[   29.178478][  T437]  ___sys_sendmsg+0x252/0x2e0
[   29.182991][  T437]  __se_sys_sendmsg+0x1b1/0x280
[   29.187677][  T437]  __x64_sys_sendmsg+0x7b/0x90
[   29.192275][  T437]  do_syscall_64+0x34/0x70
[   29.196529][  T437]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.202249][  T437] 
[   29.204424][  T437] The buggy address belongs to the object at ffff8881134ef800
[   29.204424][  T437]  which belongs to the cache kmalloc-192 of size 192
[   29.218315][  T437] The buggy address is located 0 bytes to the right of
[   29.218315][  T437]  192-byte region [ffff8881134ef800, ffff8881134ef8c0)
[   29.231772][  T437] The buggy address belongs to the page:
[   29.237252][  T437] page:ffffea00044d3bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1134ef
[   29.247301][  T437] flags: 0x4000000000000200(slab)
[   29.252165][  T437] raw: 4000000000000200 ffffea00044d3a00 0000000500000005 ffff888100043380
[   29.260583][  T437] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   29.268994][  T437] page dumped because: kasan: bad access detected
[   29.275253][  T437] page_owner tracks the page as allocated
[   29.280807][  T437] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 108, ts 4327924178, free_ts 4327904294
[   29.296430][  T437]  prep_new_page+0x166/0x180
[   29.300851][  T437]  get_page_from_freelist+0x2d8c/0x2f30
[   29.306235][  T437]  __alloc_pages_nodemask+0x435/0xaf0
[   29.311439][  T437]  new_slab+0x80/0x400
[   29.315345][  T437]  ___slab_alloc+0x302/0x4b0
[   29.319772][  T437]  __slab_alloc+0x63/0xa0
[   29.323940][  T437]  kmem_cache_alloc_trace+0x1bd/0x2e0
[   29.329145][  T437]  kernfs_fop_open+0x324/0xab0
[   29.333747][  T437]  do_dentry_open+0x7c1/0x10d0
[   29.338344][  T437]  vfs_open+0x73/0x80
[   29.342165][  T437]  path_openat+0x2660/0x3000
[   29.346591][  T437]  do_filp_open+0x21c/0x460
[   29.350929][  T437]  do_sys_openat2+0x13f/0x710
[   29.355445][  T437]  __x64_sys_openat+0x243/0x290
[   29.360134][  T437]  do_syscall_64+0x34/0x70
[   29.364384][  T437]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.370108][  T437] page last free stack trace:
[   29.374626][  T437]  free_unref_page_prepare+0x2ae/0x2d0
[   29.379925][  T437]  free_the_page+0x9e/0x370
[   29.384258][  T437]  __free_pages+0x67/0xc0
[   29.388425][  T437]  free_pages+0x7c/0x90
[   29.392421][  T437]  selinux_genfs_get_sid+0x24d/0x2a0
[   29.397555][  T437]  inode_doinit_with_dentry+0x86f/0x1050
[   29.403010][  T437]  selinux_d_instantiate+0x27/0x40
[   29.407957][  T437]  security_d_instantiate+0x9f/0x100
[   29.413078][  T437]  d_splice_alias+0x6d/0x390
[   29.417506][  T437]  kernfs_iop_lookup+0x2a4/0x2f0
[   29.422282][  T437]  path_openat+0x11ab/0x3000
[   29.426703][  T437]  do_filp_open+0x21c/0x460
[   29.431045][  T437]  do_sys_openat2+0x13f/0x710
[   29.435553][  T437]  __x64_sys_openat+0x243/0x290
[   29.440245][  T437]  do_syscall_64+0x34/0x70
[   29.444494][  T437]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.450217][  T437] 
[   29.452386][  T437] Memory state around the buggy address:
[   29.457861][  T437]  ffff8881134ef780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.465760][  T437]  ffff8881134ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.473657][  T437] >ffff8881134ef880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   29.481551][  T437]                                            ^
[   29.487545][  T437]  ffff8881134ef900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.495440][  T437]  ffff8881134ef980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.503335][  T437] ==================================================================
[   29.511232][  T437] Disabling lock debugging due to kernel taint
[   29.747207][  T307] hid-generic 0003:04F3:0755.0001: failed to start in urb: -90
[   29.754921][  T307] hid-generic 0003:04F3:0755.0001: hidraw0: USB HID v0.00 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[   29.949974][    T5] usb 3-1: USB disconnect, device number 2