last executing test programs:

3.865601303s ago: executing program 4 (id=5):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0xc03, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x9})
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x65)
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000000)={0x50, 0x8, 0x101d, {0x2012, 0xcac}, {0x5b, 0x3}, @ramp={0x7, 0x0, {0x3, 0x1000, 0x8b50, 0x4}}})
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x6)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)

3.57227637s ago: executing program 0 (id=1):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x5, 0x4f, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000003}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$reject(0x13, 0x0, 0x3, 0x6, r4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r9 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x4e22, 0x1, @loopback, 0xbb76}}, 0x0, 0x0, 0x0, 0x0, "081be3af50c11f0540dffa2ad94716cda745753d21d8c4372741f816021b86bc697330174389ebfbecec86e452e822780024332400000000000000001d0100"}, 0xd8)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000005be1760a528e788dc155b4ee7cd395b0f8cabd529d7cfe4d6afd7ecbfa1c22122e9b60cbb9bc51f56ed89e71d59a5ba9e0"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x2d)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6020400)
r11 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000006300)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
lseek(r11, 0x7fffbffffffffffc, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x1}, 0x10)

3.198061984s ago: executing program 3 (id=4):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)

2.335870564s ago: executing program 4 (id=6):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="280000000306010800000000000000000200000305000100070000000900020073797a32"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x40080d0)

2.335679564s ago: executing program 2 (id=3):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
socket(0x2, 0x80805, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000380))

2.294008988s ago: executing program 4 (id=7):
syz_usb_connect(0x1, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67"], 0x0)

2.260964391s ago: executing program 2 (id=8):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="40000f0000000116"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.740383919s ago: executing program 1 (id=9):
getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
accept4(r3, 0x0, 0x0, 0x80000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r4, 0x0, 0x40)

1.737625409s ago: executing program 0 (id=10):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x44}]}, 0x28}}, 0x800)

1.706736382s ago: executing program 0 (id=11):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000001000)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f00000005c0)={0x1, &(0x7f00000000c0)=[{@none}]})

1.379837182s ago: executing program 1 (id=12):
syz_emit_ethernet(0x22, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f00000094c0)=[{&(0x7f0000000340)="298e0314d5147871ce94d60520e4011a047ff59f93c16ad25c42536d0e500752ad021fa47349ff078888821f841fb836eb084275eb0e495d11183b78c7823fadd29160f4353a82d3333b9d082deabcb26e21acb7633944969fd5ae6cb54ad515f16be79213e286cebba66d5a1ce63d67dd715b9f48197887a12db4dad511c1c65db3d29a7cc61cf6a572e51b9ea93d9e9082cc38", 0x94}], 0x1}}], 0x1, 0x8000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x104)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@x86={0x81, 0x7, 0x63, 0x0, 0x7, 0xa, 0x0, 0x3, 0x3, 0x92, 0x0, 0x7, 0x0, 0x81, 0x5ab, 0x2, 0x1, 0x9, 0x1, '\x00', 0x8, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x2, 0xfc, 0x7, '\x00', 0x1})

1.341274126s ago: executing program 1 (id=13):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
io_pgetevents(0x0, 0x4, 0x0, 0x0, &(0x7f0000000180), 0x0)

1.29944717s ago: executing program 1 (id=14):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x78, &(0x7f0000000600)=""/120}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2d8d}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)

955.763711ms ago: executing program 1 (id=15):
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x13}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

885.764537ms ago: executing program 3 (id=16):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40)
bpf$LINK_DETACH(0x22, &(0x7f0000000600)=r2, 0x4)

750.58066ms ago: executing program 0 (id=17):
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
timer_create(0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x46, 0x107, 0x70bd28, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x4, 0x0, 0x1, [@typed={0x4e, 0x7, 0x0, 0x0, @binary}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

687.870956ms ago: executing program 3 (id=18):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_clone(0x41000100, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x41000100, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpgid(0x0)
r1 = syz_pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0x21, 0x0, 0x4)

687.641696ms ago: executing program 1 (id=19):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x173)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x2d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @ipv4={'\x00', '\xff\xff', @empty}, [], [], 'ip_vti0\x00', 'macsec0\x00', {0xff}}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x74, 0x2}}, @common=@icmp6={{0x28}, {0xd, "ea9c", 0x1}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff, 0x0, 0xffffff00, 0xff000000], [0xff, 0xff000000, 0x0, 0xff], 'ipvlan1\x00', 'erspan0\x00', {}, {0xff}, 0x2b, 0x5, 0x6}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}, {{0x2, 0x0, 0x6}}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)

615.702773ms ago: executing program 3 (id=20):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC], 0xf8}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f00000002c0)=@buf={0x70, &(0x7f0000000200)="cbfd1c09e56375d7032686fd420b28b6172ae272e548df6f4a5cfbb4a20ece62a81aafa668261f0c4bb29af010eb92ecf5f32adf3cc5e4afa0a95efa29edbb1675f95322fe528340047a410dd61bf6d7bfdcc9b6e2c129affb827401830a326837fc492d618701454382584749d4543c"})
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r2)
tkill(r2, 0x12)
ptrace(0x4208, r2)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f00000000c0)={0x7, 0x0, [{0xa, 0x9, 0x0, 0x81, 0x69, 0xdd, 0x7f}, {0x0, 0xfffffff8, 0x4, 0x76f, 0x6, 0xa, 0x4}, {0x80000001, 0x2, 0x4, 0x6206, 0x80000000, 0xfff, 0x81}, {0x0, 0x7f, 0x4, 0xffff, 0x844e, 0x6, 0x1ff}, {0xc0000000, 0x62d4ba21, 0x4, 0x80, 0x5, 0x4}, {0x1, 0x3ff, 0x4, 0x3032, 0x7, 0x6, 0x9}, {0x6, 0xef, 0x0, 0xfffffff7, 0x9, 0xfffffffb, 0x8}]})
ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x5, 0xfffffffffffffffe, &(0x7f0000000040)=0x7bc})

0s ago: executing program 4 (id=21):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x1000, 0x5, 0xfffffffc, 0x8}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts.
[   18.053513][   T30] audit: type=1400 audit(1767015859.176:64): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   18.054645][  T273] cgroup: Unknown subsys name 'net'
[   18.057278][   T30] audit: type=1400 audit(1767015859.176:65): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   18.061040][   T30] audit: type=1400 audit(1767015859.186:66): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   18.061170][  T273] cgroup: Unknown subsys name 'devices'
[   18.185878][  T273] cgroup: Unknown subsys name 'hugetlb'
[   18.191478][  T273] cgroup: Unknown subsys name 'rlimit'
[   18.358735][   T30] audit: type=1400 audit(1767015859.486:67): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   18.381960][   T30] audit: type=1400 audit(1767015859.486:68): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   18.387406][  T275] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   18.407582][   T30] audit: type=1400 audit(1767015859.486:69): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   18.438708][   T30] audit: type=1400 audit(1767015859.546:70): avc:  denied  { relabelto } for  pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   18.464416][   T30] audit: type=1400 audit(1767015859.546:71): avc:  denied  { write } for  pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   18.501323][   T30] audit: type=1400 audit(1767015859.626:72): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   18.527181][   T30] audit: type=1400 audit(1767015859.626:73): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   18.527273][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.043731][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.050820][  T281] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.058306][  T281] device bridge_slave_0 entered promiscuous mode
[   20.066232][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.073246][  T281] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.080696][  T281] device bridge_slave_1 entered promiscuous mode
[   20.139340][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.146584][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.153981][  T282] device bridge_slave_0 entered promiscuous mode
[   20.160924][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.167986][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.175441][  T282] device bridge_slave_1 entered promiscuous mode
[   20.248337][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.255495][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.262867][  T284] device bridge_slave_0 entered promiscuous mode
[   20.277642][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.284699][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.292183][  T284] device bridge_slave_1 entered promiscuous mode
[   20.318066][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.325175][  T287] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.332452][  T287] device bridge_slave_0 entered promiscuous mode
[   20.342251][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.349285][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.356638][  T283] device bridge_slave_0 entered promiscuous mode
[   20.366373][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.373402][  T287] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.380814][  T287] device bridge_slave_1 entered promiscuous mode
[   20.390197][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.397295][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.404626][  T283] device bridge_slave_1 entered promiscuous mode
[   20.468600][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.475685][  T281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.482958][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.490009][  T281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.567173][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.574528][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.583616][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   20.591192][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.609481][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.617885][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.624925][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.633420][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.641740][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.648781][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.692974][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   20.701100][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   20.724662][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   20.732948][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   20.741157][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   20.748752][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   20.765088][  T281] device veth0_vlan entered promiscuous mode
[   20.776017][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.783682][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.792119][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.799151][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.807395][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   20.827038][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.834505][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.842196][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.850648][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.857708][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.865204][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.873291][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.880324][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.887678][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.895915][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.902916][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.910326][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   20.921993][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   20.932594][  T281] device veth1_macvtap entered promiscuous mode
[   20.943130][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.951445][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.958500][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.966332][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   20.974344][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.982443][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.989470][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.996918][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   21.009778][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.017857][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.041016][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.049936][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.057874][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.066021][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.073847][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   21.081540][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.089121][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.097277][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.105199][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.113131][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.121064][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.129228][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.148438][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.156823][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.165877][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   21.174476][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.182564][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.189599][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.197028][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.205365][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.213582][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.221909][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.230186][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   21.238656][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.246887][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.253889][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.261378][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   21.277604][  T282] device veth0_vlan entered promiscuous mode
[   21.285849][  T284] device veth0_vlan entered promiscuous mode
[   21.292235][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.300483][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.308671][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.317312][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.325968][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.333751][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.341808][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.349716][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.357878][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   21.365401][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   21.372761][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   21.380358][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   21.387763][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   21.395327][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   21.403896][  T287] device veth0_vlan entered promiscuous mode
[   21.413204][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.421428][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.438724][  T281] request_module fs-gadgetfs succeeded, but still no fs?
[   21.445250][  T283] device veth0_vlan entered promiscuous mode
[   21.455717][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.464379][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.472409][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.481319][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.489835][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.497755][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.505740][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.513761][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.522057][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   21.529766][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   21.540836][  T282] device veth1_macvtap entered promiscuous mode
[   21.557645][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.565923][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.574882][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   21.582567][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.591588][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.605052][  T284] device veth1_macvtap entered promiscuous mode
[   21.630695][  T283] device veth1_macvtap entered promiscuous mode
[   21.638576][  T287] device veth1_macvtap entered promiscuous mode
[   21.645512][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   21.653076][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.661433][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.669818][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   21.677470][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.685786][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.694892][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.703673][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.712924][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.721616][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.730574][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   21.772384][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.782243][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.809620][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.819202][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.868245][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.877862][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.903843][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.942051][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.975234][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.981671][  T348] loop1: detected capacity change from 0 to 512
[   22.007562][  T348] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   22.014382][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.180845][  T348] EXT4-fs (loop1): invalid journal inode
[   22.186748][  T348] EXT4-fs (loop1): can't get journal size
[   23.064552][  T348] EXT4-fs (loop1): 1 truncate cleaned up
[   23.083159][  T348] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: none.
[   23.094420][   T30] kauditd_printk_skb: 35 callbacks suppressed
[   23.094434][   T30] audit: type=1400 audit(1767015864.216:109): avc:  denied  { read } for  pid=360 comm="syz.2.3" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   23.114339][  T361] binder: 360:361 ioctl c018620c 200000000380 returned -1
[   23.130829][   T30] audit: type=1400 audit(1767015864.216:110): avc:  denied  { open } for  pid=360 comm="syz.2.3" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   23.207710][   T30] audit: type=1400 audit(1767015864.246:111): avc:  denied  { ioctl } for  pid=360 comm="syz.2.3" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   23.233225][   T30] audit: type=1400 audit(1767015864.306:112): avc:  denied  { read write } for  pid=364 comm="syz.2.8" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.256773][   T30] audit: type=1400 audit(1767015864.306:113): avc:  denied  { open } for  pid=364 comm="syz.2.8" path="/dev/raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.280144][   T30] audit: type=1400 audit(1767015864.306:114): avc:  denied  { ioctl } for  pid=364 comm="syz.2.8" path="/dev/raw-gadget" dev="devtmpfs" ino=254 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.330575][   T30] audit: type=1400 audit(1767015864.436:115): avc:  denied  { write } for  pid=346 comm="syz.1.2" name="igmp" dev="proc" ino=4026532499 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   23.485129][   T30] audit: type=1400 audit(1767015864.606:116): avc:  denied  { write } for  pid=346 comm="syz.1.2" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   23.535910][   T30] audit: type=1400 audit(1767015864.606:117): avc:  denied  { add_name } for  pid=346 comm="syz.1.2" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   23.578276][   T39] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   23.585786][   T30] audit: type=1400 audit(1767015864.606:118): avc:  denied  { create } for  pid=346 comm="syz.1.2" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[   23.727803][    T6] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   24.004653][  T380] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.204077][    T6] usb 3-1: Using ep0 maxpacket: 8
[   24.344178][    T6] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[   24.358608][    T6] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   24.385767][    T6] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   24.411987][    T6] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   24.428242][    T6] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   24.441546][    T6] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   24.451069][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   24.575611][  T378] syz.0.11 (378) used greatest stack depth: 21216 bytes left
[   24.584252][   T39] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   24.594464][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 10
[   24.605685][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[   24.615926][   T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   24.628975][   T39] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[   24.638279][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   24.647215][   T39] usb 5-1: config 0 descriptor??
[   24.873874][  T411] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[   24.911621][    T6] usb 5-1: USB disconnect, device number 2
[   25.435370][  T417] ==================================================================
[   25.443725][  T417] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240
[   25.451903][  T417] Read of size 8 at addr ffff88810df5b0c0 by task syz.4.21/417
[   25.459449][  T417] 
[   25.461775][  T417] CPU: 1 PID: 417 Comm: syz.4.21 Not tainted syzkaller #0
[   25.468879][  T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   25.478955][  T417] Call Trace:
[   25.482230][  T417]  <TASK>
[   25.485167][  T417]  __dump_stack+0x21/0x30
[   25.489500][  T417]  dump_stack_lvl+0xee/0x150
[   25.494071][  T417]  ? show_regs_print_info+0x20/0x20
[   25.499253][  T417]  ? load_image+0x3a0/0x3a0
[   25.503734][  T417]  print_address_description+0x7f/0x2c0
[   25.509262][  T417]  ? tc_setup_flow_action+0x870/0x3240
[   25.514702][  T417]  kasan_report+0xf1/0x140
[   25.519108][  T417]  ? tc_setup_flow_action+0x870/0x3240
[   25.524548][  T417]  __asan_report_load8_noabort+0x14/0x20
[   25.530164][  T417]  tc_setup_flow_action+0x870/0x3240
[   25.535521][  T417]  mall_replace_hw_filter+0x293/0x820
[   25.540880][  T417]  ? pcpu_block_update_hint_alloc+0x8c1/0xc50
[   25.547026][  T417]  ? mall_set_parms+0x520/0x520
[   25.551909][  T417]  ? tcf_exts_destroy+0xb0/0xb0
[   25.556740][  T417]  ? mall_set_parms+0x1e8/0x520
[   25.561572][  T417]  mall_change+0x526/0x740
[   25.565969][  T417]  ? __kasan_check_write+0x14/0x20
[   25.571068][  T417]  ? mall_get+0xa0/0xa0
[   25.575240][  T417]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[   25.581128][  T417]  tc_new_tfilter+0x12a2/0x1870
[   25.585968][  T417]  ? tcf_gate_entry_destructor+0x20/0x20
[   25.591581][  T417]  ? security_capable+0x87/0xb0
[   25.596413][  T417]  ? ns_capable+0x8c/0xf0
[   25.600725][  T417]  ? netlink_net_capable+0x125/0x160
[   25.605997][  T417]  ? tcf_gate_entry_destructor+0x20/0x20
[   25.611623][  T417]  rtnetlink_rcv_msg+0x81b/0xb90
[   25.616556][  T417]  ? rtnetlink_bind+0x80/0x80
[   25.621250][  T417]  ? memcpy+0x56/0x70
[   25.625222][  T417]  ? avc_has_perm_noaudit+0x2f4/0x460
[   25.630718][  T417]  ? arch_stack_walk+0xee/0x140
[   25.635566][  T417]  ? avc_denied+0x1b0/0x1b0
[   25.640055][  T417]  ? stack_trace_save+0x98/0xe0
[   25.644945][  T417]  ? avc_has_perm+0x158/0x240
[   25.649606][  T417]  ? avc_has_perm_noaudit+0x460/0x460
[   25.654957][  T417]  ? x64_sys_call+0x4b/0x9a0
[   25.659534][  T417]  ? selinux_nlmsg_lookup+0x416/0x4c0
[   25.664916][  T417]  netlink_rcv_skb+0x1e0/0x430
[   25.669663][  T417]  ? rtnetlink_bind+0x80/0x80
[   25.674407][  T417]  ? netlink_ack+0xb60/0xb60
[   25.679060][  T417]  ? __netlink_lookup+0x387/0x3b0
[   25.684066][  T417]  rtnetlink_rcv+0x1c/0x20
[   25.688479][  T417]  netlink_unicast+0x876/0xa40
[   25.693235][  T417]  netlink_sendmsg+0x86a/0xb70
[   25.697986][  T417]  ? netlink_getsockopt+0x530/0x530
[   25.703371][  T417]  ? security_socket_sendmsg+0x82/0xa0
[   25.708812][  T417]  ? netlink_getsockopt+0x530/0x530
[   25.713995][  T417]  ____sys_sendmsg+0x5a2/0x8c0
[   25.718750][  T417]  ? __sys_sendmsg_sock+0x40/0x40
[   25.723758][  T417]  ? import_iovec+0x7c/0xb0
[   25.728249][  T417]  ___sys_sendmsg+0x1f0/0x260
[   25.732920][  T417]  ? __sys_sendmsg+0x250/0x250
[   25.737677][  T417]  ? sock_show_fdinfo+0xa0/0xa0
[   25.742665][  T417]  ? __fdget+0x1a1/0x230
[   25.746918][  T417]  __x64_sys_sendmsg+0x1e2/0x2a0
[   25.751864][  T417]  ? ___sys_sendmsg+0x260/0x260
[   25.756708][  T417]  ? __kasan_check_write+0x14/0x20
[   25.761837][  T417]  ? switch_fpu_return+0x15d/0x2c0
[   25.766962][  T417]  x64_sys_call+0x4b/0x9a0
[   25.771383][  T417]  do_syscall_64+0x4c/0xa0
[   25.775793][  T417]  ? clear_bhb_loop+0x50/0xa0
[   25.780455][  T417]  ? clear_bhb_loop+0x50/0xa0
[   25.785121][  T417]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   25.791178][  T417] RIP: 0033:0x7f5cd1d33749
[   25.795597][  T417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.815450][  T417] RSP: 002b:00007f5cd079b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.824050][  T417] RAX: ffffffffffffffda RBX: 00007f5cd1f89fa0 RCX: 00007f5cd1d33749
[   25.832218][  T417] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000004
[   25.840916][  T417] RBP: 00007f5cd1db7f91 R08: 0000000000000000 R09: 0000000000000000
[   25.848883][  T417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.856847][  T417] R13: 00007f5cd1f8a038 R14: 00007f5cd1f89fa0 R15: 00007ffc607635d8
[   25.864812][  T417]  </TASK>
[   25.867820][  T417] 
[   25.870127][  T417] Allocated by task 417:
[   25.874344][  T417]  __kasan_kmalloc+0xda/0x110
[   25.879278][  T417]  __kmalloc+0x13d/0x2c0
[   25.883506][  T417]  tcf_idr_create+0x5f/0x790
[   25.888092][  T417]  tcf_idr_create_from_flags+0x61/0x70
[   25.893571][  T417]  tcf_gact_init+0x346/0x580
[   25.898151][  T417]  tcf_action_init_1+0x3f7/0x6a0
[   25.903080][  T417]  tcf_action_init+0x1e9/0x710
[   25.907832][  T417]  tcf_exts_validate+0x217/0x520
[   25.912754][  T417]  mall_set_parms+0x48/0x520
[   25.917767][  T417]  mall_change+0x45a/0x740
[   25.922181][  T417]  tc_new_tfilter+0x12a2/0x1870
[   25.927034][  T417]  rtnetlink_rcv_msg+0x81b/0xb90
[   25.932318][  T417]  netlink_rcv_skb+0x1e0/0x430
[   25.937272][  T417]  rtnetlink_rcv+0x1c/0x20
[   25.941868][  T417]  netlink_unicast+0x876/0xa40
[   25.946620][  T417]  netlink_sendmsg+0x86a/0xb70
[   25.951375][  T417]  ____sys_sendmsg+0x5a2/0x8c0
[   25.956128][  T417]  ___sys_sendmsg+0x1f0/0x260
[   25.960790][  T417]  __x64_sys_sendmsg+0x1e2/0x2a0
[   25.965728][  T417]  x64_sys_call+0x4b/0x9a0
[   25.970144][  T417]  do_syscall_64+0x4c/0xa0
[   25.974580][  T417]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   25.980472][  T417] 
[   25.982783][  T417] The buggy address belongs to the object at ffff88810df5b000
[   25.982783][  T417]  which belongs to the cache kmalloc-192 of size 192
[   25.997946][  T417] The buggy address is located 0 bytes to the right of
[   25.997946][  T417]  192-byte region [ffff88810df5b000, ffff88810df5b0c0)
[   26.011559][  T417] The buggy address belongs to the page:
[   26.017167][  T417] page:ffffea000437d6c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df5b
[   26.027396][  T417] flags: 0x4000000000000200(slab|zone=1)
[   26.033041][  T417] raw: 4000000000000200 ffffea000437d540 0000000300000003 ffff888100042c00
[   26.041972][  T417] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   26.050553][  T417] page dumped because: kasan: bad access detected
[   26.057036][  T417] page_owner tracks the page as allocated
[   26.062770][  T417] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 3930466808, free_ts 3930447560
[   26.078558][  T417]  post_alloc_hook+0x192/0x1b0
[   26.083313][  T417]  prep_new_page+0x1c/0x110
[   26.087799][  T417]  get_page_from_freelist+0x2cc5/0x2d50
[   26.093340][  T417]  __alloc_pages+0x18f/0x440
[   26.097913][  T417]  new_slab+0xa1/0x4d0
[   26.101973][  T417]  ___slab_alloc+0x381/0x810
[   26.106545][  T417]  __slab_alloc+0x49/0x90
[   26.110859][  T417]  kmem_cache_alloc_trace+0x146/0x270
[   26.116213][  T417]  kernfs_fop_open+0x343/0xb30
[   26.120962][  T417]  do_dentry_open+0x834/0x1010
[   26.125708][  T417]  vfs_open+0x73/0x80
[   26.129681][  T417]  path_openat+0x2646/0x2f10
[   26.134257][  T417]  do_filp_open+0x1b3/0x3e0
[   26.138742][  T417]  do_sys_openat2+0x14c/0x7b0
[   26.143486][  T417]  __x64_sys_openat+0x136/0x160
[   26.148431][  T417]  x64_sys_call+0x219/0x9a0
[   26.152916][  T417] page last free stack trace:
[   26.157575][  T417]  free_unref_page_prepare+0x542/0x550
[   26.163020][  T417]  free_unref_page+0xa2/0x550
[   26.167682][  T417]  __free_pages+0x6c/0x100
[   26.172086][  T417]  free_pages+0x82/0x90
[   26.176221][  T417]  selinux_genfs_get_sid+0x20b/0x250
[   26.181485][  T417]  inode_doinit_with_dentry+0x86e/0xd70
[   26.187016][  T417]  selinux_d_instantiate+0x27/0x40
[   26.192108][  T417]  security_d_instantiate+0x9e/0xf0
[   26.197291][  T417]  d_splice_alias+0x6d/0x390
[   26.201864][  T417]  kernfs_iop_lookup+0x2c2/0x310
[   26.206783][  T417]  path_openat+0xfcf/0x2f10
[   26.211276][  T417]  do_filp_open+0x1b3/0x3e0
[   26.215769][  T417]  do_sys_openat2+0x14c/0x7b0
[   26.220436][  T417]  __x64_sys_openat+0x136/0x160
[   26.225269][  T417]  x64_sys_call+0x219/0x9a0
[   26.229763][  T417]  do_syscall_64+0x4c/0xa0
[   26.234250][  T417] 
[   26.236551][  T417] Memory state around the buggy address:
[   26.242513][  T417]  ffff88810df5af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.250580][  T417]  ffff88810df5b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.258631][  T417] >ffff88810df5b080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   26.267126][  T417]                                            ^
[   26.273254][  T417]  ffff88810df5b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.281291][  T417]  ffff88810df5b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   26.289325][  T417] ==================================================================
[   26.297359][  T417] Disabling lock debugging due to kernel taint
[   26.333396][   T26] usb 3-1: USB disconnect, device number 2