last executing test programs:

14.397536159s ago: executing program 1 (id=2):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000140)={<r2=>0x0, 0x10, 0xe, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000c00)={<r3=>0x0, "f95904166905934fa23a9b8fd7b82f0f"})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000007c0)={0x9, 0x4, {0x7, @usage=0x5, r2, 0xdec2, 0xffffffffffffff8a, 0x0, 0xfffffffffffff704, 0xff8000000000000, 0x40, @struct={0x81}, 0xd2, 0x7, [0x4, 0x7fffffff, 0x6, 0xfffffffffffffff8, 0xe9dd, 0x8]}, {0x3, @usage=0xffffffffffffffd5, 0x0, 0x6, 0x2d0efb5, 0x7, 0x2, 0x40, 0x401, @usage=0xffff, 0xcec4, 0x1, [0x4, 0x6, 0x684, 0x8000, 0x4, 0x4]}, {0x8, @usage=0x5, r3, 0x4000, 0x9, 0x9, 0xffffffff7fffffff, 0x8, 0x58, @struct={0xffff, 0x400}, 0x9, 0x8, [0x5, 0x5, 0x4, 0x2, 0x1, 0x7]}, {0x0, 0x9, 0xdc}})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000540)=ANY=[@ANYRESOCT=r0], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2b}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000003340)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x18)
setresgid(0xffffffffffffffff, 0xffffffffffffffff, 0xee00)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r9 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)

14.380036439s ago: executing program 4 (id=5):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x0)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="89e7ee2c78dad9b4b473fec988ca58e8001d75d38e0d369bd7c50580", 0x1c}, {&(0x7f0000000000)="9c74dfbf77040000000009000056fa", 0xf}], 0x2)

9.727583359s ago: executing program 4 (id=8):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="89e7ee2c78dad9b4b473fec988ca58e8001d75d38e0d369bd7c50580", 0x1c}, {&(0x7f0000000000)="9c74dfbf77040000000009000056fa", 0xf}], 0x2)

9.476084324s ago: executing program 4 (id=10):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1, 0x0, 0x101}, 0x18)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000140)={<r3=>0x0, 0x10, 0xe, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000c00)={<r4=>0x0, "f95904166905934fa23a9b8fd7b82f0f"})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000007c0)={0x9, 0x4, {0x7, @usage=0x5, r3, 0xdec2, 0xffffffffffffff8a, 0x0, 0xfffffffffffff704, 0xff8000000000000, 0x40, @struct={0x81}, 0xd2, 0x7, [0x4, 0x7fffffff, 0x6, 0xfffffffffffffff8, 0xe9dd, 0x8]}, {0x3, @usage=0xffffffffffffffd5, 0x0, 0x6, 0x2d0efb5, 0x7, 0x2, 0x40, 0x401, @usage=0xffff, 0xcec4, 0x1, [0x4, 0x6, 0x684, 0x8000, 0x4, 0x4]}, {0x8, @usage=0x5, r4, 0x4000, 0x9, 0x9, 0xffffffff7fffffff, 0x8, 0x58, @struct={0xffff, 0x400}, 0x9, 0x8, [0x5, 0x5, 0x4, 0x2, 0x1, 0x7]}, {0x0, 0x9, 0xdc}})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000540)=ANY=[@ANYRESOCT=r0], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2b}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000003340)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r9}, 0x18)
setresgid(0xffffffffffffffff, 0xffffffffffffffff, 0xee00)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
r10 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r10, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)

849.965993ms ago: executing program 2 (id=38):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='cdg\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}, {&(0x7f00000002c0)}], 0x3}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385", 0x74}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f00000006c0)="f6b328c40d4cc969a0513b8ffd72381d4ef4a89954104d4a81db2fa3c0f906a33482e2821787ac54c0c62da54d1c77255c322358d0e272be2ccacf8f68", 0x3d}, {0x0}], 0x2}}], 0x3, 0xc0)

849.849803ms ago: executing program 2 (id=39):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@mcast2, 0x0, 0x32}, @in=@local, {0x200004, 0x0, 0xffffffffffff7fff}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)

849.732233ms ago: executing program 2 (id=40):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0x3, 0xff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4880)
sendto$inet(r0, &(0x7f00000002c0)="b401fcc8311bb8b66f7ee68e052af9c34b7d7494", 0x14, 0x0, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10)

849.468263ms ago: executing program 2 (id=41):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000580)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x2c}, @local, {[], {{0x4e22, 0xe24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x6, 0x0, 0x3}}}}}}}, 0x0)

849.161263ms ago: executing program 2 (id=42):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='lp\x00', 0x3)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

256.823984ms ago: executing program 0 (id=52):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FLUSH_PMKSA(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

256.699944ms ago: executing program 0 (id=53):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f0000000280)={0x1f, 0xfffe}, 0xe)
listen(r0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000280)={0x1f, 0xfffe}, 0xe)
listen(r1, 0x0)

247.891944ms ago: executing program 0 (id=54):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1, 0x1, 0x3, {}, {0x0, 0x2710}, {0x3, 0x1, 0x1, 0x1}, 0x1, @can={{0x4, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "d467aef0f23fe738"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000)
close(0x4)

239.677585ms ago: executing program 0 (id=55):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x54dd5e54}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendto$inet6(r0, 0x0, 0x0, 0x20048014, &(0x7f0000000040)={0xa, 0x4e1f, 0x7d, @loopback, 0x80600000}, 0x1c)

189.264886ms ago: executing program 0 (id=56):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x200080d0)
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000100)=""/126, 0x7e}], 0x1}, 0x0)

97.218947ms ago: executing program 3 (id=60):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=@ipv6_delroute={0x1c, 0x19, 0x1, 0x70bd27, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1000}}, 0x1c}}, 0x0)

97.149727ms ago: executing program 3 (id=61):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x63, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x400c000)
close(r0)

80.893028ms ago: executing program 3 (id=62):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x1, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x28d41828b69a67d5, 0x12141, 0x0)

72.411868ms ago: executing program 3 (id=63):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56747, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000)

21.205819ms ago: executing program 3 (id=64):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x40, 0x68, 0x1, 0x70bd25, 0xfffffffe, {}, [@NHA_ENCAP={0x18, 0x8, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x2314e23f4e6332a4, {0x87, 0x0, 0x4, 0x0, 0x10, 0x48, 0xf5a2}}}}}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x7}, @NHA_OIF={0x8, 0x5, r1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000}, 0x40040d0)

21.065719ms ago: executing program 3 (id=65):
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080045"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)

4.693009ms ago: executing program 0 (id=66):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20040880}, 0x8c0)

0s ago: executing program 2 (id=67):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff1, 0xffff}, {0xb, 0xf}}}, 0x24}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x4, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)

0s ago: executing program 0 (id=68):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0xffffffffffffffff, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts.
[   29.638683][   T30] audit: type=1400 audit(1757060317.434:64): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   29.639794][  T273] cgroup: Unknown subsys name 'net'
[   29.661332][   T30] audit: type=1400 audit(1757060317.434:65): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   29.688535][   T30] audit: type=1400 audit(1757060317.464:66): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   29.688689][  T273] cgroup: Unknown subsys name 'devices'
[   29.861004][  T273] cgroup: Unknown subsys name 'hugetlb'
[   29.866591][  T273] cgroup: Unknown subsys name 'rlimit'
[   30.062341][   T30] audit: type=1400 audit(1757060317.864:67): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   30.085553][   T30] audit: type=1400 audit(1757060317.864:68): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   30.090574][  T275] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   30.110394][   T30] audit: type=1400 audit(1757060317.864:69): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   30.141990][   T30] audit: type=1400 audit(1757060317.914:70): avc:  denied  { relabelto } for  pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   30.154076][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   30.167662][   T30] audit: type=1400 audit(1757060317.914:71): avc:  denied  { write } for  pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   30.202075][   T30] audit: type=1400 audit(1757060317.954:72): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   30.227582][   T30] audit: type=1400 audit(1757060317.954:73): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   31.218144][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.225413][  T281] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.232868][  T281] device bridge_slave_0 entered promiscuous mode
[   31.240701][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.247724][  T281] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.255100][  T281] device bridge_slave_1 entered promiscuous mode
[   31.350631][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.357673][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.365015][  T283] device bridge_slave_0 entered promiscuous mode
[   31.371634][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.378654][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.386021][  T282] device bridge_slave_0 entered promiscuous mode
[   31.393382][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.400495][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.407840][  T282] device bridge_slave_1 entered promiscuous mode
[   31.420333][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.427356][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.434690][  T283] device bridge_slave_1 entered promiscuous mode
[   31.502951][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.510216][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.517623][  T285] device bridge_slave_0 entered promiscuous mode
[   31.535528][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.542591][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.550013][  T285] device bridge_slave_1 entered promiscuous mode
[   31.571008][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.578050][  T281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.585342][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.592371][  T281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.603496][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.610586][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.617975][  T284] device bridge_slave_0 entered promiscuous mode
[   31.624972][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.632380][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.639755][  T284] device bridge_slave_1 entered promiscuous mode
[   31.765268][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.772603][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.781823][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   31.789179][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.826615][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.835310][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.842349][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.849738][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.857789][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.864807][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.888838][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.896239][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.911665][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.920321][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.928364][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.935378][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.942873][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.951081][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.958084][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.965482][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.973591][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.980610][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.987904][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   31.995507][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   32.004077][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   32.012240][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.019262][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.031113][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   32.038895][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.046855][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.054714][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.081302][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   32.089518][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.096529][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.103953][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.111972][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.120004][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   32.128047][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.135059][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.142400][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.150311][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.158117][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.167362][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.184571][  T284] device veth0_vlan entered promiscuous mode
[   32.197037][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.206274][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.214545][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.222614][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.230532][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.237945][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   32.246075][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.253088][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.260455][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   32.268516][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.275529][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.283327][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   32.299131][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   32.307235][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.315159][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   32.323858][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.331821][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   32.340060][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.348210][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   32.356138][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.364063][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.372213][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.380466][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.387862][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.396088][  T281] device veth0_vlan entered promiscuous mode
[   32.408376][  T285] device veth0_vlan entered promiscuous mode
[   32.417051][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   32.425522][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.434030][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   32.442021][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.450129][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.457471][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.466980][  T283] device veth0_vlan entered promiscuous mode
[   32.473732][  T284] device veth1_macvtap entered promiscuous mode
[   32.481081][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.488802][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   32.497124][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.505129][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.512646][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.522400][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   32.531083][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.545290][  T285] device veth1_macvtap entered promiscuous mode
[   32.554857][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.563056][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.571263][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.578973][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.587247][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.595460][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.603783][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.616531][  T281] device veth1_macvtap entered promiscuous mode
[   32.626108][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.634371][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.642756][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.650445][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.658581][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.666924][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.675301][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.684557][  T283] device veth1_macvtap entered promiscuous mode
[   32.694496][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.702213][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.710773][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.718956][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.727334][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.742190][  T282] device veth0_vlan entered promiscuous mode
[   32.752637][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.761074][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.761152][  T284] request_module fs-gadgetfs succeeded, but still no fs?
[   32.770145][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   32.784170][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.792475][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   32.799939][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   32.810078][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.818278][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.826578][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.835050][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   32.850406][  T282] device veth1_macvtap entered promiscuous mode
[   32.863483][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   32.872336][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   32.881479][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   32.896599][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   32.906233][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   32.946712][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   32.965149][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   33.013841][  T349] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   33.136889][  T346] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[   33.769249][  T357] syz.0.1 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   37.574030][   T45] Bluetooth: hci0: Frame reassembly failed (-84)
[   37.672663][   T30] kauditd_printk_skb: 38 callbacks suppressed
[   37.672679][   T30] audit: type=1400 audit(1757060325.414:112): avc:  denied  { create } for  pid=364 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   37.709599][  T357] syz.0.1 (357) used greatest stack depth: 22272 bytes left
[   37.774416][  T367] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[   37.799712][   T30] audit: type=1326 audit(1757060325.604:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=340 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54fbc68be9 code=0x7ffc0000
[   37.851565][   T30] audit: type=1326 audit(1757060325.604:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=340 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54fbc68be9 code=0x7ffc0000
[   37.890500][  T372] loop3: detected capacity change from 0 to 128
[   37.910292][   T30] audit: type=1400 audit(1757060325.714:115): avc:  denied  { prog_run } for  pid=369 comm="syz.4.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   37.947646][   T30] audit: type=1326 audit(1757060325.734:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   37.970796][   T30] audit: type=1326 audit(1757060325.734:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   37.997846][   T30] audit: type=1326 audit(1757060325.734:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   38.022984][   T30] audit: type=1326 audit(1757060325.734:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   38.046128][   T30] audit: type=1326 audit(1757060325.734:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   38.072660][   T30] audit: type=1326 audit(1757060325.734:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=369 comm="syz.4.10" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc6250dbe9 code=0x7ffc0000
[   38.200503][  T388] loop0: detected capacity change from 0 to 128
[   42.520967][  T333] Bluetooth: hci0: command 0x1003 tx timeout
[   42.539329][  T377] Bluetooth: hci0: sending frame failed (-49)
[   42.689241][   T30] kauditd_printk_skb: 21 callbacks suppressed
[   42.689255][   T30] audit: type=1400 audit(1757060330.484:143): avc:  denied  { create } for  pid=392 comm="syz.0.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   43.902588][   T30] audit: type=1400 audit(1757060331.704:144): avc:  denied  { create } for  pid=401 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   44.005243][   T30] audit: type=1400 audit(1757060331.804:145): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   45.375523][  T406] loop0: detected capacity change from 0 to 4096
[   45.376043][   T26] Bluetooth: hci0: command 0x1001 tx timeout
[   45.388679][  T377] Bluetooth: hci0: sending frame failed (-49)
[   45.443295][  T406] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[   45.451069][  T406] EXT4-fs (loop0): Test dummy encryption mode enabled
[   45.457922][  T406] EXT4-fs (loop0): Ignoring removed orlov option
[   45.465091][  T406] EXT4-fs (loop0): can't mount with journal_checksum, fs mounted w/o journal
[   45.643843][  T416] loop2: detected capacity change from 0 to 512
[   45.658003][   T30] audit: type=1400 audit(1757060333.454:146): avc:  denied  { create } for  pid=417 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.680046][  T416] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[   45.687502][  T416] EXT4-fs (loop2): Test dummy encryption mode enabled
[   45.694310][  T416] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   45.707358][  T416] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   45.733035][  T416] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   45.746406][  T416] EXT4-fs (loop2): 1 truncate cleaned up
[   45.752073][  T416] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,nomblk_io_submit,quota,test_dummy_encryption,,errors=continue. Quota mode: writeback.
[   45.790753][   T30] audit: type=1400 audit(1757060333.524:147): avc:  denied  { bind } for  pid=417 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.811601][   T30] audit: type=1400 audit(1757060333.524:148): avc:  denied  { connect } for  pid=417 comm="syz.0.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.831139][   T30] audit: type=1400 audit(1757060333.574:149): avc:  denied  { mount } for  pid=413 comm="syz.2.20" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   45.854058][   T30] audit: type=1400 audit(1757060333.574:150): avc:  denied  { create } for  pid=413 comm="syz.2.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   45.895218][   T30] audit: type=1400 audit(1757060333.574:151): avc:  denied  { write } for  pid=413 comm="syz.2.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   45.915661][  T423] 9pnet: Insufficient options for proto=fd
[   46.027215][   T30] audit: type=1400 audit(1757060333.824:152): avc:  denied  { create } for  pid=427 comm="syz.0.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   46.466327][  T479] syz.2.41 (479) used greatest stack depth: 20864 bytes left
[   47.172609][  T515] netlink: 32 bytes leftover after parsing attributes in process `syz.3.58'.
[   47.273433][  T529] tipc: Started in network mode
[   47.278344][  T529] tipc: Node identity 4208bd5311f3, cluster identity 4711
[   47.285579][  T529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   47.301147][  T529] device syzkaller0 entered promiscuous mode
[   47.338356][  T533] ==================================================================
[   47.346442][  T533] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240
[   47.354605][  T533] Read of size 8 at addr ffff8881173c9fc0 by task syz.0.68/533
[   47.362121][  T533] 
[   47.364452][  T533] CPU: 0 PID: 533 Comm: syz.0.68 Not tainted syzkaller #0
[   47.371530][  T533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   47.381562][  T533] Call Trace:
[   47.384818][  T533]  <TASK>
[   47.387723][  T533]  __dump_stack+0x21/0x30
[   47.392030][  T533]  dump_stack_lvl+0xee/0x150
[   47.396601][  T533]  ? show_regs_print_info+0x20/0x20
[   47.401798][  T533]  ? load_image+0x3a0/0x3a0
[   47.406291][  T533]  print_address_description+0x7f/0x2c0
[   47.411809][  T533]  ? tc_setup_flow_action+0x870/0x3240
[   47.417241][  T533]  kasan_report+0xf1/0x140
[   47.421630][  T533]  ? tc_setup_flow_action+0x870/0x3240
[   47.427062][  T533]  __asan_report_load8_noabort+0x14/0x20
[   47.432670][  T533]  tc_setup_flow_action+0x870/0x3240
[   47.437929][  T533]  mall_replace_hw_filter+0x293/0x820
[   47.443277][  T533]  ? pcpu_block_update_hint_alloc+0x8c1/0xc50
[   47.449331][  T533]  ? mall_set_parms+0x520/0x520
[   47.454180][  T533]  ? tcf_exts_destroy+0xb0/0xb0
[   47.459005][  T533]  ? mall_set_parms+0x1e8/0x520
[   47.463832][  T533]  mall_change+0x526/0x740
[   47.468223][  T533]  ? __kasan_check_write+0x14/0x20
[   47.473310][  T533]  ? mall_get+0xa0/0xa0
[   47.477448][  T533]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[   47.483331][  T533]  tc_new_tfilter+0x12a2/0x1870
[   47.488166][  T533]  ? tcf_gate_entry_destructor+0x20/0x20
[   47.493780][  T533]  ? security_capable+0x87/0xb0
[   47.498615][  T533]  ? ns_capable+0x8c/0xf0
[   47.502929][  T533]  ? netlink_net_capable+0x125/0x160
[   47.508201][  T533]  ? tcf_gate_entry_destructor+0x20/0x20
[   47.513830][  T533]  rtnetlink_rcv_msg+0x81b/0xb90
[   47.518747][  T533]  ? rtnetlink_bind+0x80/0x80
[   47.523902][  T533]  ? memcpy+0x56/0x70
[   47.527872][  T533]  ? avc_has_perm_noaudit+0x2f4/0x460
[   47.533263][  T533]  ? arch_stack_walk+0xee/0x140
[   47.538097][  T533]  ? avc_denied+0x1b0/0x1b0
[   47.542580][  T533]  ? stack_trace_save+0x98/0xe0
[   47.547413][  T533]  ? avc_has_perm+0x158/0x240
[   47.552073][  T533]  ? avc_has_perm_noaudit+0x460/0x460
[   47.557419][  T533]  ? x64_sys_call+0x4b/0x9a0
[   47.561989][  T533]  ? selinux_nlmsg_lookup+0x416/0x4c0
[   47.567340][  T533]  netlink_rcv_skb+0x1e0/0x430
[   47.572086][  T533]  ? rtnetlink_bind+0x80/0x80
[   47.576770][  T533]  ? netlink_ack+0xb60/0xb60
[   47.581342][  T533]  ? __netlink_lookup+0x387/0x3b0
[   47.586346][  T533]  rtnetlink_rcv+0x1c/0x20
[   47.590742][  T533]  netlink_unicast+0x876/0xa40
[   47.595485][  T533]  netlink_sendmsg+0x86a/0xb70
[   47.600225][  T533]  ? netlink_getsockopt+0x530/0x530
[   47.605399][  T533]  ? security_socket_sendmsg+0x82/0xa0
[   47.610836][  T533]  ? netlink_getsockopt+0x530/0x530
[   47.616032][  T533]  ____sys_sendmsg+0x5a2/0x8c0
[   47.620779][  T533]  ? __sys_sendmsg_sock+0x40/0x40
[   47.625781][  T533]  ? import_iovec+0x7c/0xb0
[   47.630260][  T533]  ___sys_sendmsg+0x1f0/0x260
[   47.634918][  T533]  ? __sys_sendmsg+0x250/0x250
[   47.639660][  T533]  ? sock_show_fdinfo+0xa0/0xa0
[   47.644493][  T533]  ? __fdget+0x1a1/0x230
[   47.648717][  T533]  __x64_sys_sendmsg+0x1e2/0x2a0
[   47.653631][  T533]  ? ___sys_sendmsg+0x260/0x260
[   47.658462][  T533]  ? __kasan_check_write+0x14/0x20
[   47.663551][  T533]  ? switch_fpu_return+0x15d/0x2c0
[   47.668640][  T533]  x64_sys_call+0x4b/0x9a0
[   47.673032][  T533]  do_syscall_64+0x4c/0xa0
[   47.677427][  T533]  ? clear_bhb_loop+0x50/0xa0
[   47.682090][  T533]  ? clear_bhb_loop+0x50/0xa0
[   47.686741][  T533]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   47.692614][  T533] RIP: 0033:0x7fca08ffcbe9
[   47.697022][  T533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.716621][  T533] RSP: 002b:00007fca07a65038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   47.725027][  T533] RAX: ffffffffffffffda RBX: 00007fca09233fa0 RCX: 00007fca08ffcbe9
[   47.732983][  T533] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[   47.740938][  T533] RBP: 00007fca0907fe19 R08: 0000000000000000 R09: 0000000000000000
[   47.748895][  T533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   47.756844][  T533] R13: 00007fca09234038 R14: 00007fca09233fa0 R15: 00007ffd7fc123d8
[   47.764796][  T533]  </TASK>
[   47.767797][  T533] 
[   47.770096][  T533] Allocated by task 533:
[   47.774309][  T533]  __kasan_kmalloc+0xda/0x110
[   47.778962][  T533]  __kmalloc+0x13d/0x2c0
[   47.783183][  T533]  tcf_idr_create+0x5f/0x790
[   47.787749][  T533]  tcf_idr_create_from_flags+0x61/0x70
[   47.793182][  T533]  tcf_gact_init+0x346/0x580
[   47.797752][  T533]  tcf_action_init_1+0x3f7/0x6a0
[   47.802671][  T533]  tcf_action_init+0x1e9/0x710
[   47.807407][  T533]  tcf_exts_validate+0x217/0x520
[   47.812320][  T533]  mall_set_parms+0x48/0x520
[   47.816884][  T533]  mall_change+0x45a/0x740
[   47.821274][  T533]  tc_new_tfilter+0x12a2/0x1870
[   47.826105][  T533]  rtnetlink_rcv_msg+0x81b/0xb90
[   47.831017][  T533]  netlink_rcv_skb+0x1e0/0x430
[   47.835753][  T533]  rtnetlink_rcv+0x1c/0x20
[   47.840144][  T533]  netlink_unicast+0x876/0xa40
[   47.844880][  T533]  netlink_sendmsg+0x86a/0xb70
[   47.849615][  T533]  ____sys_sendmsg+0x5a2/0x8c0
[   47.854354][  T533]  ___sys_sendmsg+0x1f0/0x260
[   47.859005][  T533]  __x64_sys_sendmsg+0x1e2/0x2a0
[   47.863915][  T533]  x64_sys_call+0x4b/0x9a0
[   47.868303][  T533]  do_syscall_64+0x4c/0xa0
[   47.872692][  T533]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   47.878559][  T533] 
[   47.880857][  T533] The buggy address belongs to the object at ffff8881173c9f00
[   47.880857][  T533]  which belongs to the cache kmalloc-192 of size 192
[   47.894885][  T533] The buggy address is located 0 bytes to the right of
[   47.894885][  T533]  192-byte region [ffff8881173c9f00, ffff8881173c9fc0)
[   47.908478][  T533] The buggy address belongs to the page:
[   47.914088][  T533] page:ffffea00045cf240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1173c9
[   47.924296][  T533] flags: 0x4000000000000200(slab|zone=1)
[   47.929912][  T533] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100042c00
[   47.938469][  T533] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   47.947022][  T533] page dumped because: kasan: bad access detected
[   47.953404][  T533] page_owner tracks the page as allocated
[   47.959089][  T533] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 4670128931, free_ts 0
[   47.974075][  T533]  post_alloc_hook+0x192/0x1b0
[   47.978816][  T533]  prep_new_page+0x1c/0x110
[   47.983292][  T533]  get_page_from_freelist+0x2cc5/0x2d50
[   47.988814][  T533]  __alloc_pages+0x18f/0x440
[   47.993377][  T533]  new_slab+0xa1/0x4d0
[   47.997426][  T533]  ___slab_alloc+0x381/0x810
[   48.002009][  T533]  __slab_alloc+0x49/0x90
[   48.006343][  T533]  kmem_cache_alloc_trace+0x146/0x270
[   48.011717][  T533]  kernfs_fop_open+0x343/0xb30
[   48.016481][  T533]  do_dentry_open+0x834/0x1010
[   48.021242][  T533]  vfs_open+0x73/0x80
[   48.025225][  T533]  path_openat+0x2646/0x2f10
[   48.029819][  T533]  do_filp_open+0x1b3/0x3e0
[   48.034324][  T533]  do_sys_openat2+0x14c/0x7b0
[   48.039005][  T533]  __x64_sys_openat+0x136/0x160
[   48.043860][  T533]  x64_sys_call+0x219/0x9a0
[   48.048366][  T533] page_owner free stack trace missing
[   48.053727][  T533] 
[   48.056041][  T533] Memory state around the buggy address:
[   48.061659][  T533]  ffff8881173c9e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   48.069715][  T533]  ffff8881173c9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.077776][  T533] >ffff8881173c9f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   48.085831][  T533]                                            ^
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   48.091970][  T533]  ffff8881173ca000: fa fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   48.100008][  T533]  ffff8881173ca080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[   48.108039][  T533] ==================================================================
[   48.116075][  T533] Disabling lock debugging due to kernel taint
[   48.125489][   T30] kauditd_printk_skb: 33 callbacks suppressed
[   48.125500][   T30] audit: type=1400 audit(1757060335.924:186): avc:  denied  { write } for  pid=273 comm="syz-executor" path="pipe:[14549]" dev="pipefs" ino=14549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   48.161202][  T528] tipc: Resetting bearer <eth:syzkaller0>
[   48.188382][   T30] audit: type=1400 audit(1757060335.974:187): avc:  denied  { read } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   48.210175][   T30] audit: type=1400 audit(1757060335.974:188): avc:  denied  { search } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.216033][  T528] tipc: Disabling bearer <eth:syzkaller0>
[   48.231964][   T30] audit: type=1400 audit(1757060335.974:189): avc:  denied  { write } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.258488][   T30] audit: type=1400 audit(1757060335.974:190): avc:  denied  { add_name } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   48.279170][   T30] audit: type=1400 audit(1757060335.974:191): avc:  denied  { create } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   48.299695][   T30] audit: type=1400 audit(1757060335.974:192): avc:  denied  { append open } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   48.322570][   T30] audit: type=1400 audit(1757060335.974:193): avc:  denied  { getattr } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   49.469691][   T10] device bridge_slave_1 left promiscuous mode
[   49.475812][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.483321][   T10] device bridge_slave_0 left promiscuous mode
[   49.489465][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.497025][   T10] device veth1_macvtap left promiscuous mode
[   49.503031][   T10] device veth0_vlan left promiscuous mode
[   50.073559][   T10] tipc: Left network mode
[   50.990323][   T10] device bridge_slave_1 left promiscuous mode
[   50.996446][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.003936][   T10] device bridge_slave_0 left promiscuous mode
[   51.010108][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.017831][   T10] device bridge_slave_1 left promiscuous mode
[   51.023991][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.031391][   T10] device bridge_slave_0 left promiscuous mode
[   51.037488][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.045299][   T10] device bridge_slave_1 left promiscuous mode
[   51.051416][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.059117][   T10] device bridge_slave_0 left promiscuous mode
[   51.065304][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.072973][   T10] device bridge_slave_1 left promiscuous mode
[   51.079044][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.086484][   T10] device bridge_slave_0 left promiscuous mode
[   51.092609][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.100971][   T10] device veth1_macvtap left promiscuous mode
[   51.106952][   T10] device veth0_vlan left promiscuous mode
[   51.112907][   T10] device veth1_macvtap left promiscuous mode
[   51.118882][   T10] device veth0_vlan left promiscuous mode
[   51.124781][   T10] device veth1_macvtap left promiscuous mode
[   51.130783][   T10] device veth0_vlan left promiscuous mode
[   51.136620][   T10] device veth1_macvtap left promiscuous mode
[   51.142768][   T10] device veth0_vlan left promiscuous mode