last executing test programs:

3.79205432s ago: executing program 0 (id=6):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x2002, {0x0, 0x0, 0x0, r3, {0xa, 0x6}, {0x0, 0x7}, {0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xf2}, {0x3, 0x5, 0x7}}}]}]}]}}]}, 0x54}}, 0x0)

3.679810771s ago: executing program 3 (id=4):
socket$inet_udp(0x2, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)="c30f0c442b27e3ad28e0d033d8137a0cca3d347c9bdfcd183de11e56c830db1ebecce3d8de842648425483fbf199c8bd8775248304af52f32743b1", 0x3b}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x83, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
unshare(0x20180)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000200)='bridge0\x00')

3.633060232s ago: executing program 1 (id=2):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, 0x0, &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x82000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
io_destroy(0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
close(0xffffffffffffffff)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x560e, &(0x7f0000000140))
ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000000))

3.612896772s ago: executing program 2 (id=3):
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000180)=ANY=[@ANYBLOB="12011101000000407921770000000000000109022d00010000400909040003010300010009210b00820122040009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x4, {[@local=@item_012={0x2, 0x2, 0x4, "ecee"}, @global=@item_012={0x0, 0x1, 0x9}]}}, 0x0}, 0x0)

3.003847652s ago: executing program 0 (id=7):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l*'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0xa4)

2.894216884s ago: executing program 4 (id=5):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a00180003030303030300001c005a"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2.866354524s ago: executing program 0 (id=8):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x8000)

2.811849305s ago: executing program 0 (id=9):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r2, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000000001002)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x105042, 0x84)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

2.805296355s ago: executing program 4 (id=10):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
syz_usb_connect$uac1(0x2, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0})

2.699666597s ago: executing program 3 (id=11):
unshare(0x20000400)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10122)

2.683405727s ago: executing program 1 (id=12):
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc0102030109021b000100000000090444"], 0x0)

2.619636708s ago: executing program 3 (id=13):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb2361000000010902"], 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e29, 0xffffffff, @mcast2, 0xb}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

1.966135649s ago: executing program 0 (id=14):
pwritev(0xffffffffffffffff, &(0x7f0000001040)=[{&(0x7f0000000040)="d3ff13537e88c1af1a1bf8c54e508da8d9828d70895f16b81114513097fdddfbf34759bd3458a84e1c000c960b70f2f6f7847b69065aa9a0185639d5ada062e0eed77f546ed65bc8f4b8ed6fe738ab5f60da13916537ae43cd80d9fba42c833cb128a4a4c8868fa9bd077d3f1a566b1c09652eacda442b97193089bd1ed004ba104181167046b45e3bb281d84916fd769d09212d7e2405755a0a9c8f19bb90cdba6a1850ccf60d78f97970e6dfbcef59cd640c5fd630895097beee05567b2c80dc03ebe1a64dcf7161c6c1a7ae840d236b2b9af90f825087d55a00e808112e01be78b0aa37a9b593a648955cd752f1199678ab55aa96bef5afaa051fd501d9b8e8c874ddd4150daafecc5594f0fcd164df5d953f30f741291f0a3f2f78cbed900e28329a7aa25268c584d251e3dfceea23353330f42da0d1554e1d9b4c3e67d2797022b1612827258d87392d525238d6e4ecdde167ea6624a3a039e0b6db6c6b5b634cbaa09c4ae827ca58ac90e0d129e95e3f68f5e21c408e10f3cc9c3727856d847dcb93088f7b480fba738a1f34b4722215a815d1b612d96005054c70b110b73a906125b7d092215729879bd536311cb073eb144de3b1373173e2b6d3ff50abc2a764babbf1c2a0d15ba59ec26cb42cc6aaacac2a093389a560d9da563cb87c9228ee86f3fc4c0833feb7d59edeb00d780338c621ef09e18a42cfcb048b79bdc0d0c9f398fffa479ac847bcbac7281a2de11c315d4abed4121a42f46fced9b55a28ffbd436d9e8c281d0ae943a951d8878d84036b995288221a59fdeb808ad10a9268b06be187968cad4e0ef8fc2cf209206a0ee4d8e6643989ae68ad070cd5f8405c69289981409c658730438445eee9d4d51ab7545bfc79faefa96edcc571431b74c19d3038409ba6fe3d8e2e1f0ae8ed83253ca8a7d282e56714ed00238cf177837f7099abcbc6d0ec3ef8cf12ebcaccf598d3fb9d13fa52cdb41f11e75ac1553b72a3f7a0b9b4708d3922ef08b5d96e81a8e6530af2298f7a76a27c7df5addd1af2618845e60a7ea9efd8ccdac19ebfa6138b695756a5c31772656c991b26c9d02ed499e9825171218cbb5d58deca20a6f97ce896b836a01ec3e83ba42b050f886900ceab8595bac9c701933a044f5338810eca43f98d11261c184468ca8832c52db9ff3f9b1e7ef2acef0517027d5f3cff6f6090319bac8250e7b1e4f567e6f47f1b8ed7b3b9cd7aab3912e7696b377054ab51b98b7fccde521dd3936e21834e786c1f19e0cfcadece7759fffaa47410a2616e86865e37f23da460a7902c994fac4d61362f0baf38b94cc3e5106ad3df6de6953d4b04a686c8aa632b7637856c91e3bb23686ba6e3ae8648fb469a294a1e8fe485b1ac810cc561a75d8d33a4018a38619b1aac9c1a99ab57eea00a56f2eca97461a5eb10ca1aa0e984145100e45ee31e8aae802d5feca89789498f12dd1d1286d01af63427f58b0b081b862edb62eb3e896814dc3ee0309d676bd5b1bcb273345751e56e941f04b910cc2c3eda2b7e5bd377f744e6c5fac852e1cdc1f9e61dc2e0c9dded49f63769c2d8d24653d4fe6aa72bfae3683d1810cb12d7841752cada62eacefcc2ea7912c741926bf5b3c14adee1a98ab522fc6fac1bfca586b912bfa83bfb28c8c94f022a098d0d247b83e8041234ac45eb39d153b0b096a8338534c670b9ba17e5c15999dd50c73c070767d6dab18bd6ca4df052144a0d9f24e53fb89c625b50518b4bb93f620eeae74fc8252158aabe9bf380b2457ab6ca3e33e0341dff13b1079acee4e0178dd66386543f2876d84ec2eab2d44fe04699b859813185004ee17efe90f24a9fcb848114b33f858b846d49e594c1e18908d7c1b5f530b3f88e52e15dad921548f0a31d3bb81a62cf8f5d6decde7bae8cd3526595d5b2793a0fb74c3294e478aa9df0cd800644323afe7a045490478cf9783fcfbc9522decb18a75178bc3bd0225fee1820765ff7a497c3c47eb4171795caed047d05436bf3cfa6cd66643a354dc2d340b9525ac6baeed4b7ce6704a769c90c94dc141aa0bfb6fd2d9c1ec6bb97a516c4c25ce8803d346551f7a8c20415c01be859c0f356a690def49ee05f739898860c44fe208767402ac8aa8a465eb372b04b56d54e83584ae863fc9b10dedfca6317a0690f40cc38cdfdcb7fdf4fb3f7fbbcf8c4a044cefca1f82615290cd54dd87c747de99d2be3fc67c6fad68c73e9ea14659964eb079849cff14221f4868b920f235110dd501228fd394c4d9d6b3bdc4c929d5e06729aa9fe5670f2ccae703136841f8332a699fb5fe3bbdd738a87bb025451203b6662f405105cabcdbbd4da2a0d46fd36ba0af9d7eee0271181de11614d78c7446639b6c77d8e8044566ff66b60517c3ab0d994a196b94608f647a8f002991b38b403e50c209140d6edbc9d0bfe8340148427f4153d67319d3faff7e09e2446b67c001edf64bfea54700b74dd3238a29ce05bb2db644afb5b181f5298ccec3a1cb02f0a79cad594d36cd8ed34345be883309d3621344f4bc17588fde84b66d9c9fbe41d8f57645c2f16f0ff0324cf9e52d0a5c7eee9792a73197571bebc2c194cf87c3487b38039389b5dd139dc8bbabc96c5333d4fa3889cab50c9c5f0586e10f10119c2cc1e2d652a429e63a1d2c5d4dec05d94b12bc0d31347288bb7b6a584808818faf0d6057c3f0f08cfb593d7abbfd4acd99ad13e34d5939590203ef9f6c50cec578581f5700124fc4d1a68da97d3c4a6a3a6f93c0c17a8d58b4012cab6496726c6357a31f0a6e61529f647cb56372e08399c681e394f2d8b5aa021620c2d2b796dd1783853fc2dc81756fe1ceb4d40c49c0200000000000000e275a3956c872919409e7f491deb5f0cea27b3f40a85e7d9e1ce7dfd9c786cca494ffba73a2dcad240fa0be3668b4cbf4533e617fd60351537196972f032d858c4172544e3af9a65ce48ecc30ca081b6bddcb4808c2244df12fadfecab4ba9270f2b0e13077e282fd85f8268660e68692fff983b48beffe441ac6de15d26fe9727411694d17fb884aada379521ebc49c08a153d0677defdff5c662796629246e69197ede4309a39e1cbbc6c4bf68a3b9e1301c4908ed0a25a4d31e61abde718eea786e4d327dc2fd1399c6eb7d49df5aabc445705045c60a8213eebc7861e8697b178232b92b3418954735da0e2a5799a09e581c172703684df98ab9320e8f15901e4283240408422b14bf2def15c870435eaf536f0129bfd286a67691c6dc61a5065f68f8ef91086a22a56aba3a846b4d896380cf2e42083a72974a925d6cebe48cea63171b3f99d4226ed97d650f0a9166b4069f958affafcaa305e25f394ea2f7f865b0969c0eb5a7ce4bc49980dd82f7ae3fb03da05c7f2421f7f064f7b4cf09c89320654d56499edc84d15c292366c594e739986ea1fdd44d510a93aa81c922ed4c4d9c05a35f2efffdd7376300f923d515a47746f242a4587215882d931150400d4a21afd744d13949a349411260af4d4d0d8f117428d46cd933a6d496105048c6f86840b7e088902ecc81309dfd52c342066604ceead47c0b6da4ba77d899941d29037e89e9436a8bde2e5ba97e6bb61647cba7af3b6721d7d6c5a008830d15f9ba95c85f3a04774c5ca6efd2a9715d969700282e70895cf4974694248db09691ab499b148172c594785a75c3e9017737a4dbb8d315aca28d368d57f18034fc208dc9aeca9e2f14c1f1426b247556ec03ea986f7edd32a46bc43163c92c7e9fe96d7b0fe0568a0887823c243ce8b621c5f4557b856fb310ccb6aab5ee3b8b097796d4fe3deaea985af28c49675e7ea37a6e917c189de8983fba083e1baa49805f722c0836dd93cca61f52c40cbe817ef25d93aa8c88cc4906f184b1b29670a2e1695477431ecdc614bb4e60698ec5f843dd386321af44e847357e4201f657f0ef99b77c31074baa05208ab1993c73105d9ca8f4e29c0b3429225c08a4156a4fbc4621ecb8e9940ac8bb4801539e20b51f4ccdc87e653f819f4a7329c0efad45106aea2ba317c2cb19be76a6636a1fefe035c3cfccadb8afb1e90e0b2bf7a3077005e22b849b3bad1de3e7d5d992a3fefe9b5030886c21b788815044a5a587cda4102ad4bee4f27ca0daa0839d5fa5489db15390fe6e17af834952eed59ae4ef2708c8d21939e134ef50a7de8d8e31c6b54654ef91a90d20d3ae078def7bb92bdaeb5e56e353110ba031bf6b89e043c95ee269db47e71a3329264473bbfc237833c1675c3dacee199f5090603684f29ac5472ee95e7db73b6811909cb274216f790cff26b06e4c4a8ca7647d40d82ebaf1e8bd8d91d57e919d47c5e223afc5a1a46eece8022dbebb0b6df49651485fac621df56e3ac578a57ef18fb5db8744f54c2f9c158f77ce7f3880d204578d70dee30dbdad6daa7ec69a0493f3b1d00ed967b8ce5704f5b037389b2c78970a26feb1ee719842cb67e35c594b08acb057440781a965294201e917c385c891024c77a04d82886b55e51bab1163fc7834a53a6c2b61e922aab8b3c405bc18834ef559b210093f0abe14990704fc4a6bc31c89b7357a51101f72bcea72dd1c4fe0bd244f4f424b5aceec80897e6364d64d12a6938b6109c4b4632a1480b04cfa3e3947b41b7788223202699f0f03a02ced2fa78800d23860f452b67852fb29f7a4006ad6d78aa2a01e00c8622ae67f2889598d2c1df0f46a24a224b1f00bd1a1a52eb7fe37187871ce76c5ac901ea62cc1ea4115b794398d078b8d61cd51f943a07f88d38493bec5d36015b5b7c2d3faae7d60789a8aeeb4b85583e724b62c2f24e16b750fadb1f40f29d95995a4d08e015ae244d2db2981d6d52f9ea45a9ea7cd657790d54a27ca69c4a1348aec45b73f485ce28a7826a02d21ffda21b8c7679724856f30112d96da59699cd210e7102655665f943c8edb466b327cefd9d5dc0ec21a24086502bd32d7fb3d3bb683c1d7ae61357a24b057e61c6078db64e774676e86e7df2d61507dee91c10366f1b947ed902f5e", 0xdfa}], 0x1, 0x80, 0x7)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(0x0, 0x0, 0x40)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000a00)={0x1, 0x200, 0x0, 0x0, 0x0, 0x40000000})

1.012916514s ago: executing program 2 (id=15):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
gettid()
sched_setscheduler(0x0, 0x0, &(0x7f0000000280)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000040)='timerslack_ns\x00')
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000100)={0x30}, 0x30)

935.301185ms ago: executing program 2 (id=16):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x30}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x0, 0xa5, 0xbd, 0x9, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x4005, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x0, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

924.144015ms ago: executing program 1 (id=17):
r0 = socket(0x1d, 0x2, 0x6)
getsockname$netlink(r0, 0x0, &(0x7f0000000100))

890.559806ms ago: executing program 1 (id=18):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

827.862147ms ago: executing program 1 (id=19):
iopl(0x3)
unshare(0x1e81488c03a8ba1)

827.322177ms ago: executing program 1 (id=20):
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x54}}, 0x24000000)
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x34, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bind$bt_rfcomm(r4, &(0x7f0000000080)={0x1f, @none, 0xff}, 0xa)
connect$bt_rfcomm(r4, &(0x7f00000000c0)={0x1f, @none, 0x6}, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
syz_open_procfs(0xffffffffffffffff, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)

815.697437ms ago: executing program 2 (id=21):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000280)=0x27fe, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3654}]}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e00220085"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

0s ago: executing program 0 (id=22):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_emit_ethernet(0x8c, &(0x7f0000000280)=ANY=[@ANYBLOB="bbbbbbbbbb"], 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xb, 0xf, 0x9, '\x00', 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 2 (id=24):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac13000100000000000000000000000000000000000000000a0042"], 0xb8}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts.
[   19.135511][   T23] audit: type=1400 audit(1745227878.740:66): avc:  denied  { mounton } for  pid=342 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   19.137079][  T342] cgroup1: Unknown subsys name 'net'
[   19.143104][   T23] audit: type=1400 audit(1745227878.740:67): avc:  denied  { mount } for  pid=342 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.145866][  T342] cgroup1: Unknown subsys name 'net_prio'
[   19.154407][  T342] cgroup1: Unknown subsys name 'devices'
[   19.156898][   T23] audit: type=1400 audit(1745227878.760:68): avc:  denied  { unmount } for  pid=342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.292522][  T342] cgroup1: Unknown subsys name 'hugetlb'
[   19.298235][  T342] cgroup1: Unknown subsys name 'rlimit'
[   19.463203][   T23] audit: type=1400 audit(1745227879.070:69): avc:  denied  { read } for  pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   19.524449][   T23] audit: type=1400 audit(1745227879.130:70): avc:  denied  { setattr } for  pid=342 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9552 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   19.550891][   T23] audit: type=1400 audit(1745227879.130:71): avc:  denied  { mounton } for  pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   19.575761][   T23] audit: type=1400 audit(1745227879.130:72): avc:  denied  { mount } for  pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   19.580751][  T346] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   19.607289][   T23] audit: type=1400 audit(1745227879.210:73): avc:  denied  { relabelto } for  pid=346 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.632792][   T23] audit: type=1400 audit(1745227879.210:74): avc:  denied  { write } for  pid=346 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.658389][   T23] audit: type=1400 audit(1745227879.240:75): avc:  denied  { read } for  pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.683875][  T342] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.236482][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.243554][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.250935][  T353] device bridge_slave_0 entered promiscuous mode
[   20.257863][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.264764][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.271914][  T353] device bridge_slave_1 entered promiscuous mode
[   20.289073][  T354] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.296222][  T354] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.303457][  T354] device bridge_slave_0 entered promiscuous mode
[   20.326284][  T354] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.333354][  T354] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.340772][  T354] device bridge_slave_1 entered promiscuous mode
[   20.405175][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.412158][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.419407][  T357] device bridge_slave_0 entered promiscuous mode
[   20.426256][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.433121][  T355] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.440498][  T355] device bridge_slave_0 entered promiscuous mode
[   20.452545][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.459379][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.466865][  T357] device bridge_slave_1 entered promiscuous mode
[   20.478588][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.485531][  T355] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.492696][  T355] device bridge_slave_1 entered promiscuous mode
[   20.526669][  T356] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.533610][  T356] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.540860][  T356] device bridge_slave_0 entered promiscuous mode
[   20.560488][  T356] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.567447][  T356] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.574757][  T356] device bridge_slave_1 entered promiscuous mode
[   20.675044][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.681914][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.689078][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.696712][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.719277][  T354] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.726231][  T354] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.733345][  T354] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.740284][  T354] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.762541][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.769616][  T355] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.776854][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.783624][  T355] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.792715][  T356] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.799566][  T356] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.806709][  T356] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.813460][  T356] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.826202][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.833157][  T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.840253][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.847023][  T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.859271][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.866532][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.873562][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.880923][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.887933][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.895232][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.902380][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.909410][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.916572][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.924018][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.931921][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   20.939134][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.955453][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.971113][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.979421][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.986291][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.994010][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.002064][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.009139][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.019461][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.027506][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.034452][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.058870][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.067368][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.074217][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.081966][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.089859][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.110558][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.122912][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.137188][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.171457][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.178854][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.186824][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.195142][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.203626][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.211910][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.218813][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.226219][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.234138][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.240974][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.248109][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.256136][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.262993][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.270540][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.278486][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.285335][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.292716][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.300841][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.307755][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.315148][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.323286][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.330140][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.347750][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.355752][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.386251][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.394403][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.402669][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.410910][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.418816][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.427263][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.436003][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.444077][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.452563][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.460740][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.468512][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.476695][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.484606][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.492507][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.515742][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.523943][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.531823][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.539694][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.548416][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.556827][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.565863][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.574210][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.582543][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.591493][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.611454][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.619935][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.628308][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.636903][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.645560][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.653710][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.662008][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.669970][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.691352][  T353] request_module fs-gadgetfs succeeded, but still no fs?
[   21.702151][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.713135][  T376] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   21.717093][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.772080][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.780889][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.792079][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.803404][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.811792][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.819982][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.829009][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.837256][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.845094][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.853579][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.861739][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.870629][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.879286][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.887863][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.923370][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.934128][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.085614][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.094162][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.102662][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.111525][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.401286][  T389] bridge0: port 3(gretap0) entered blocking state
[   22.407647][  T389] bridge0: port 3(gretap0) entered disabled state
[   22.414586][  T389] device gretap0 entered promiscuous mode
[   22.420227][  T389] bridge0: port 3(gretap0) entered blocking state
[   22.426363][  T389] bridge0: port 3(gretap0) entered forwarding state
[   22.900219][  T379] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   23.220287][  T108] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   23.300174][  T379] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   23.314703][  T379] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   23.330172][  T394] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   23.337836][  T379] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[   23.357552][  T379] usb 3-1: config 0 interface 0 has no altsetting 0
[   23.371656][  T379] usb 3-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[   23.380844][  T379] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   23.393174][  T379] usb 3-1: config 0 descriptor??
[   23.460093][  T108] usb 2-1: Using ep0 maxpacket: 16
[   23.580054][  T394] usb 4-1: Using ep0 maxpacket: 8
[   23.581805][  T108] usb 2-1: config 0 has an invalid interface number: 68 but max is 0
[   23.610053][  T108] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   23.640072][  T108] usb 2-1: config 0 has no interface number 0
[   23.700085][  T394] usb 4-1: config 0 has no interfaces?
[   23.705487][  T394] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   23.724938][  T394] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   23.746092][  T394] usb 4-1: config 0 descriptor??
[   23.830377][  T108] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[   23.844187][  T108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   23.854212][  T379] uclogic 0003:2179:0077.0001: No inputs registered, leaving
[   23.867815][  T379] uclogic 0003:2179:0077.0001: hidraw0: USB HID v0.0b Device [HID 2179:0077] on usb-dummy_hcd.2-1/input0
[   23.881465][  T108] usb 2-1: Product: syz
[   23.885449][  T108] usb 2-1: Manufacturer: syz
[   23.898373][  T108] usb 2-1: SerialNumber: syz
[   23.911514][  T108] usb 2-1: config 0 descriptor??
[   23.920152][   T18] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   24.059906][  T394] usb 3-1: USB disconnect, device number 2
[   24.162397][  T405] usb 2-1: USB disconnect, device number 2
[   24.280147][   T18] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 82, changing to 10
[   24.291201][   T18] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1816, setting to 1024
[   24.302111][   T18] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   24.310919][   T18] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   24.319257][   T18] usb 1-1: config 0 descriptor??
[   24.340126][  T421] raw-gadget gadget: fail, usb_ep_enable returned -22
[   24.585488][   T23] kauditd_printk_skb: 42 callbacks suppressed
[   24.585499][   T23] audit: type=1400 audit(1745227884.190:118): avc:  denied  { mounton } for  pid=422 comm="syz.2.15" path="/proc/4/task" dev="proc" ino=12261 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   24.676719][   T23] audit: type=1400 audit(1745227884.280:119): avc:  denied  { create } for  pid=429 comm="syz.1.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   24.810417][   T18] hid (null): global environment stack underflow
[   24.817773][   T18] hid-generic 0003:0D8C:0022.0002: unknown main item tag 0x0
[   24.825474][   T18] hid-generic 0003:0D8C:0022.0002: global environment stack underflow
[   24.833650][   T18] hid-generic 0003:0D8C:0022.0002: item 0 0 1 11 parsing failed
[   24.841549][   T18] hid-generic: probe of 0003:0D8C:0022.0002 failed with error -22
[   24.850816][   T23] audit: type=1400 audit(1745227884.410:120): avc:  denied  { name_bind } for  pid=437 comm="syz.2.21" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   24.872753][   T23] audit: type=1400 audit(1745227884.410:121): avc:  denied  { node_bind } for  pid=437 comm="syz.2.21" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   25.074503][  T125] usb 1-1: USB disconnect, device number 2
[   25.208193][   T23] audit: type=1400 audit(1745227884.810:122): avc:  denied  { read } for  pid=435 comm="syz.1.20" name="msr" dev="devtmpfs" ino=9392 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   25.232082][   T23] audit: type=1400 audit(1745227884.810:123): avc:  denied  { open } for  pid=435 comm="syz.1.20" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9392 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   25.261166][   T23] audit: type=1400 audit(1745227884.870:124): avc:  denied  { create } for  pid=435 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   25.281460][   T23] audit: type=1400 audit(1745227884.870:125): avc:  denied  { bind } for  pid=435 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   25.300955][   T23] audit: type=1400 audit(1745227884.870:126): avc:  denied  { connect } for  pid=435 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   25.421090][   T23] audit: type=1400 audit(1745227885.030:127): avc:  denied  { bind } for  pid=435 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   25.637641][  T441] syz.2.21 (441) used greatest stack depth: 20808 bytes left
[   25.660847][  T450] ==================================================================
[   25.668738][  T450] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   25.677760][  T450] Read of size 1 at addr ffff8881ea4a33d8 by task syz.2.24/450
[   25.685132][  T450] 
[   25.687310][  T450] CPU: 1 PID: 450 Comm: syz.2.24 Not tainted 5.4.290-syzkaller #0
[   25.694939][  T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   25.704837][  T450] Call Trace:
[   25.707973][  T450]  dump_stack+0x1d8/0x241
[   25.712140][  T450]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   25.717771][  T450]  ? vprintk_func+0x189/0x1d0
[   25.722286][  T450]  ? printk+0xd1/0x111
[   25.726340][  T450]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   25.732664][  T450]  print_address_description+0x8c/0x600
[   25.738291][  T450]  ? panic+0x89d/0x89d
[   25.742248][  T450]  ? stack_trace_save+0x118/0x1c0
[   25.747151][  T450]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   25.753687][  T450]  __kasan_report+0xf3/0x120
[   25.758111][  T450]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   25.764468][  T450]  kasan_report+0x30/0x60
[   25.768602][  T450]  __asan_report_load1_noabort+0x14/0x20
[   25.774072][  T450]  xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[   25.780235][  T450]  ? __kasan_kmalloc+0x171/0x210
[   25.785008][  T450]  ? kasan_kmalloc+0x9/0x10
[   25.789352][  T450]  ? xfrm_policy_addr_delta+0x252/0x350
[   25.794729][  T450]  xfrm_policy_inexact_insert_node+0x923/0xb10
[   25.800840][  T450]  ? xfrm_policy_inexact_alloc_bin+0x5b7/0x1410
[   25.806997][  T450]  xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0
[   25.812987][  T450]  xfrm_policy_inexact_insert+0x6a/0x1160
[   25.818690][  T450]  ? __kasan_check_write+0x14/0x20
[   25.823725][  T450]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   25.828872][  T450]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[   25.833892][  T450]  ? policy_hash_bysel+0x137/0x700
[   25.838835][  T450]  ? memcpy+0x49/0x60
[   25.842653][  T450]  xfrm_policy_insert+0xe7/0x940
[   25.847435][  T450]  xfrm_add_policy+0x4f2/0x980
[   25.852025][  T450]  ? cap_capable+0x1ce/0x270
[   25.856450][  T450]  ? xfrm_dump_sa_done+0xc0/0xc0
[   25.861225][  T450]  ? __nla_parse+0x41/0x50
[   25.865480][  T450]  xfrm_user_rcv_msg+0x689/0x9b0
[   25.870346][  T450]  ? xfrm_netlink_rcv+0x90/0x90
[   25.875034][  T450]  ? avc_has_perm+0x16f/0x260
[   25.879627][  T450]  ? __kmalloc_track_caller+0x10d/0x2c0
[   25.885006][  T450]  ? __alloc_skb+0xbc/0x4f0
[   25.889350][  T450]  netlink_rcv_skb+0x1d5/0x420
[   25.894033][  T450]  ? xfrm_netlink_rcv+0x90/0x90
[   25.898725][  T450]  ? nla_put_string+0x40/0x40
[   25.903252][  T450]  ? mutex_trylock+0xa0/0xa0
[   25.907753][  T450]  ? __netlink_lookup+0x385/0x3b0
[   25.912615][  T450]  xfrm_netlink_rcv+0x72/0x90
[   25.917135][  T450]  netlink_unicast+0x936/0xb20
[   25.921726][  T450]  ? netlink_detachskb+0x90/0x90
[   25.926587][  T450]  ? security_netlink_send+0x7b/0xa0
[   25.931795][  T450]  netlink_sendmsg+0xa46/0xd00
[   25.936394][  T450]  ? netlink_getsockopt+0x550/0x550
[   25.941424][  T450]  ? import_iovec+0x1bb/0x380
[   25.945940][  T450]  ? security_socket_sendmsg+0x82/0xb0
[   25.951251][  T450]  ? netlink_getsockopt+0x550/0x550
[   25.956357][  T450]  ____sys_sendmsg+0x5ac/0x8f0
[   25.961043][  T450]  ? _copy_from_user+0xaa/0xe0
[   25.965645][  T450]  ? __sys_sendmsg_sock+0x2b0/0x2b0
[   25.970881][  T450]  ? kmem_cache_alloc+0xe0/0x260
[   25.975645][  T450]  __sys_sendmsg+0x28b/0x380
[   25.980157][  T450]  ? ____sys_sendmsg+0x8f0/0x8f0
[   25.984936][  T450]  ? check_preemption_disabled+0x153/0x320
[   25.990589][  T450]  ? __do_page_fault+0x736/0xb90
[   25.995352][  T450]  ? __kasan_check_read+0x11/0x20
[   26.000208][  T450]  __x64_sys_sendmsg+0x7f/0x90
[   26.004919][  T450]  do_syscall_64+0xd8/0x170
[   26.009270][  T450]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   26.014976][  T450] RIP: 0033:0x7f5349d3f169
[   26.019229][  T450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   26.038657][  T450] RSP: 002b:00007f53483a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   26.047086][  T450] RAX: ffffffffffffffda RBX: 00007f5349f66fa0 RCX: 00007f5349d3f169
[   26.054889][  T450] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[   26.062701][  T450] RBP: 00007f5349dc1a68 R08: 0000000000000000 R09: 0000000000000000
[   26.070608][  T450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.078412][  T450] R13: 0000000000000000 R14: 00007f5349f66fa0 R15: 00007ffd7fdae0e8
[   26.086319][  T450] 
[   26.088482][  T450] Allocated by task 450:
[   26.092566][  T450]  __kasan_kmalloc+0x171/0x210
[   26.097162][  T450]  kasan_kmalloc+0x9/0x10
[   26.101539][  T450]  __kmalloc+0x129/0x2e0
[   26.105615][  T450]  sk_prot_alloc+0xc2/0x440
[   26.109953][  T450]  sk_alloc+0x39/0x310
[   26.113858][  T450]  pfkey_create+0x12c/0x650
[   26.118197][  T450]  __sock_create+0x3ce/0x790
[   26.122711][  T450]  __sys_socket+0x132/0x370
[   26.127142][  T450]  __x64_sys_socket+0x7a/0x90
[   26.131653][  T450]  do_syscall_64+0xd8/0x170
[   26.136092][  T450]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   26.141809][  T450] 
[   26.143984][  T450] Freed by task 0:
[   26.147540][  T450] (stack is not available)
[   26.151795][  T450] 
[   26.153972][  T450] The buggy address belongs to the object at ffff8881ea4a3000
[   26.153972][  T450]  which belongs to the cache kmalloc-1k of size 1024
[   26.167861][  T450] The buggy address is located 984 bytes inside of
[   26.167861][  T450]  1024-byte region [ffff8881ea4a3000, ffff8881ea4a3400)
[   26.181307][  T450] The buggy address belongs to the page:
[   26.186785][  T450] page:ffffea0007a92800 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0
[   26.198243][  T450] flags: 0x8000000000010200(slab|head)
[   26.203538][  T450] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02280
[   26.212139][  T450] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   26.220546][  T450] page dumped because: kasan: bad access detected
[   26.226884][  T450] page_owner tracks the page as allocated
[   26.232795][  T450] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL)
[   26.249464][  T450]  prep_new_page+0x192/0x370
[   26.253976][  T450]  get_page_from_freelist+0x2d13/0x2d90
[   26.259452][  T450]  __alloc_pages_nodemask+0x393/0x840
[   26.264645][  T450]  alloc_slab_page+0x3b/0x400
[   26.269166][  T450]  new_slab+0x98/0x430
[   26.273071][  T450]  ___slab_alloc+0x2e0/0x460
[   26.277490][  T450]  __slab_alloc+0x63/0xa0
[   26.281661][  T450]  __kmalloc+0x175/0x2e0
[   26.285733][  T450]  kvmalloc_node+0x7e/0xe0
[   26.289988][  T450]  xt_alloc_table_info+0x42/0xb0
[   26.294763][  T450]  do_ip6t_set_ctl+0x299/0x600
[   26.299374][  T450]  nf_setsockopt+0x26b/0x290
[   26.303787][  T450]  ipv6_setsockopt+0x148/0x180
[   26.308392][  T450]  tcp_setsockopt+0xb1/0xc0
[   26.312730][  T450]  sock_common_setsockopt+0x99/0xb0
[   26.317860][  T450]  __sys_setsockopt+0x4b4/0x840
[   26.322548][  T450] page last free stack trace:
[   26.327074][  T450]  __free_pages_ok+0x847/0x950
[   26.331660][  T450]  __free_pages+0x91/0x140
[   26.335924][  T450]  put_task_stack+0x21d/0x260
[   26.340514][  T450]  finish_task_switch+0x24a/0x590
[   26.345372][  T450]  __schedule+0xb0d/0x1320
[   26.349625][  T450]  schedule+0x130/0x1c0
[   26.353620][  T450]  do_nanosleep+0x1c3/0x690
[   26.357963][  T450]  hrtimer_nanosleep+0x245/0x450
[   26.362733][  T450]  common_nsleep+0x28/0x30
[   26.366995][  T450]  __se_sys_clock_nanosleep+0x33c/0x3d0
[   26.372544][  T450]  __x64_sys_clock_nanosleep+0x9b/0xb0
[   26.378098][  T450]  do_syscall_64+0xd8/0x170
[   26.382442][  T450]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   26.388348][  T450] 
[   26.390637][  T450] Memory state around the buggy address:
[   26.396123][  T450]  ffff8881ea4a3280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.404639][  T450]  ffff8881ea4a3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.412526][  T450] >ffff8881ea4a3380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   26.420424][  T450]                                                     ^
[   26.427315][  T450]  ffff8881ea4a3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.435280][  T450]  ffff8881ea4a3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.443166][  T450] ==================================================================
[   26.451061][  T450] Disabling lock debugging due to kernel taint
[   26.489706][  T125] usb 4-1: USB disconnect, device number 2