last executing test programs:

3.068879028s ago: executing program 0 (id=1):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000280)=0xc)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000005180)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000000)="8252", 0x2}], 0x1}}], 0x1, 0x4404c000)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000700)=ANY=[@ANYBLOB="f8000000180001000000000000b0613872e3805800000000000000000000000000000000000000e000000100"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1e00010000000000000000000000000000000000000000fe88000000000000000000000000000100"/132], 0xf8}}, 0x0)

2.146020925s ago: executing program 0 (id=20):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$key(0xf, 0x3, 0x2)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x4004556a, 0x0)
fsopen(0x0, 0x0)
close(0xffffffffffffffff)
ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)

1.721004702s ago: executing program 2 (id=26):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"})
r1 = syz_open_pts(r0, 0x801)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)=0xd)
write$binfmt_elf64(r2, &(0x7f0000001400)=ANY=[], 0xfe00)

1.466246822s ago: executing program 2 (id=28):
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r0 = syz_io_uring_setup(0x24a3, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180), &(0x7f0000000140))
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
preadv(r1, &(0x7f0000000b80)=[{&(0x7f0000000580)=""/85, 0x69}], 0x1, 0x0, 0x0)

1.403941244s ago: executing program 2 (id=30):
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000005240)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/154, 0x9a}], 0x1, &(0x7f0000000400)=""/5, 0x5}, 0x5}, {{&(0x7f0000000440)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000980)=[{&(0x7f00000004c0)=""/141, 0x8d}, {0x0}, {&(0x7f0000000740)=""/119, 0x77}, {&(0x7f00000007c0)=""/251, 0xfb}], 0x4, &(0x7f0000002700)=""/235, 0xeb}, 0x9}, {{&(0x7f0000000ec0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000001180)=[{&(0x7f0000000f40)=""/72, 0x48}, {&(0x7f0000000fc0)=""/248, 0xf8}, {&(0x7f00000010c0)=""/102, 0x66}], 0x3, &(0x7f00000011c0)=""/114, 0x72}, 0x128}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000002340)=""/140, 0x8c}], 0x1}, 0x80000001}, {{&(0x7f0000002400)=@phonet, 0x80, &(0x7f00000026c0)=[{&(0x7f0000002480)=""/116, 0x74}, {&(0x7f0000002500)=""/106, 0x6a}, {&(0x7f0000002580)=""/138, 0x8a}, {&(0x7f0000002640)=""/104, 0x68}], 0x4, &(0x7f0000005440)=""/205, 0xcd}, 0x2}, {{&(0x7f0000002800)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000003f00)=[{0x0}, {&(0x7f0000002900)=""/187, 0xbb}, {&(0x7f00000029c0)=""/209, 0xd1}, {&(0x7f0000002ac0)=""/211, 0xd3}, {&(0x7f0000002bc0)=""/61, 0x3d}, {&(0x7f0000002c00)=""/206, 0xce}, {0x0}], 0x7, &(0x7f0000003fc0)=""/70, 0x46}, 0x3}, {{&(0x7f0000004040)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000005200)=[{&(0x7f00000040c0)=""/4096, 0x1000}, {&(0x7f00000050c0)=""/42, 0x2a}, {&(0x7f0000005100)=""/131, 0x83}, {&(0x7f00000051c0)=""/9, 0x9}], 0x4}, 0x8}], 0x7, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000180)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "2f01c4fd8eab3f09b5611b25b06bab7c64b45713d278a1fc4a8d718eb430fb655e5f65991c3e1e6f89550928b713582f37d43e4b35a9daa5b12d01438c9c4199"}, 0x48, r3)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000200)=@keyring={'key_or_keyring:', r4})

1.279953819s ago: executing program 3 (id=36):
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x2a060400)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000080)="240000005a001f001007f4f9002304000a04f51108000500020100020800038005000000", 0x24)

1.279829939s ago: executing program 3 (id=37):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r3, &(0x7f0000003e80)={0x0, 0x0, &(0x7f0000003e40)={&(0x7f00000002c0)=@newtaction={0x18, 0x32, 0x103, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

1.215322912s ago: executing program 0 (id=38):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"})
r1 = syz_open_pts(r0, 0x801)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)=0xd)
write$binfmt_elf64(r2, &(0x7f0000001400)=ANY=[], 0xfe00)

1.169985764s ago: executing program 1 (id=39):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000004c0)='blkio.bfq.time\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000002680)=""/4096, 0x1000, 0x0)

1.152585204s ago: executing program 1 (id=40):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/profiling', 0x22042, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0, @ANYRESDEC], 0x15)

1.152354785s ago: executing program 1 (id=41):
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={0x0, r0, r0}, 0x0, 0x0, 0x0)

1.142474835s ago: executing program 0 (id=42):
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x2})
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)

1.01601733s ago: executing program 0 (id=43):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{}]})
getpid()
ioctl$USBDEVFS_CONNECTINFO(r0, 0x4004550d, 0x0)

955.823312ms ago: executing program 1 (id=44):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000002c0)={0x1}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8)

945.824603ms ago: executing program 1 (id=45):
r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$USBDEVFS_CONTROL(r0, 0x80045515, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

804.991848ms ago: executing program 4 (id=50):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWCHAIN={0x8c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_FLAGS={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_USERDATA={0x56, 0xc, "2dc82cc38845da8c9391262783c875c698fd858482ef8940110c7a7d0c12f39ba2dffea3bcd940c3794ebf1ca5cf2b30d1cad3277e28c69f64eaba7177bdb25ba31963c84337992a88c0338ba96a69af2165"}]}], {0x14}}, 0xb4}}, 0x4008012)
write(r1, &(0x7f0000000000)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c)

702.420152ms ago: executing program 4 (id=51):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200))
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
getsockopt$bt_BT_SECURITY(r2, 0x12, 0x4, 0x0, 0xffffffffffffff67)

601.132737ms ago: executing program 4 (id=52):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/profiling', 0x22042, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0, @ANYRESDEC], 0x15)

600.766187ms ago: executing program 4 (id=53):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"})
r1 = syz_open_pts(r0, 0x801)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)=0xd)
write$binfmt_elf64(r2, &(0x7f0000001400)=ANY=[], 0xfe00)

578.711227ms ago: executing program 2 (id=54):
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x2})
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)

578.209697ms ago: executing program 2 (id=55):
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={0x0, r0, r0}, 0x0, 0x0, 0x0)

568.685178ms ago: executing program 2 (id=56):
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$key(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0xf, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}]}, 0x60}}, 0x0)

538.223209ms ago: executing program 4 (id=57):
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0)
read(r0, &(0x7f0000000240)=""/123, 0x7b)
clock_adjtime(0x0, &(0x7f0000000040)={0xd4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

423.836463ms ago: executing program 4 (id=58):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)={[{@nr_inodes={'nr_inodes', 0x3d, [0x78]}}]})

361.870736ms ago: executing program 3 (id=59):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x4b3d, 0x0)

322.561757ms ago: executing program 3 (id=60):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x4098000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
sendto$inet6(r0, &(0x7f0000001700)="81", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000005840)=[{{0x0, 0x0, 0x0}}], 0x5e, 0x10022, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

248.020731ms ago: executing program 3 (id=61):
socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0x6db6e559)
fallocate(r0, 0x20, 0x2, 0x1000)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040))
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0)

143.326885ms ago: executing program 0 (id=62):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240))
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWCHAIN={0x8c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_FLAGS={0x8}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_USERDATA={0x56, 0xc, "2dc82cc38845da8c9391262783c875c698fd858482ef8940110c7a7d0c12f39ba2dffea3bcd940c3794ebf1ca5cf2b30d1cad3277e28c69f64eaba7177bdb25ba31963c84337992a88c0338ba96a69af2165"}]}], {0x14}}, 0xb4}}, 0x4008012)
write(r1, &(0x7f0000000000)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c)

57.875348ms ago: executing program 1 (id=63):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200))
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
getsockopt$bt_BT_SECURITY(r2, 0x12, 0x4, 0x0, 0xffffffffffffff67)

0s ago: executing program 3 (id=64):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.66' (ED25519) to the list of known hosts.
[   19.351436][   T23] audit: type=1400 audit(1719846557.000:66): avc:  denied  { mounton } for  pid=325 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   19.352900][  T325] cgroup1: Unknown subsys name 'net'
[   19.354914][   T23] audit: type=1400 audit(1719846557.000:67): avc:  denied  { mount } for  pid=325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.355801][  T325] cgroup1: Unknown subsys name 'net_prio'
[   19.359230][   T23] audit: type=1400 audit(1719846557.010:68): avc:  denied  { read } for  pid=144 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   19.360220][  T325] cgroup1: Unknown subsys name 'devices'
[   19.365144][   T23] audit: type=1400 audit(1719846557.010:69): avc:  denied  { unmount } for  pid=325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.550008][  T325] cgroup1: Unknown subsys name 'hugetlb'
[   19.555613][  T325] cgroup1: Unknown subsys name 'rlimit'
[   19.659612][   T23] audit: type=1400 audit(1719846557.310:70): avc:  denied  { setattr } for  pid=325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9888 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   19.686420][   T23] audit: type=1400 audit(1719846557.310:71): avc:  denied  { mounton } for  pid=325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   19.711376][   T23] audit: type=1400 audit(1719846557.310:72): avc:  denied  { mount } for  pid=325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   19.715748][  T342] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   19.743146][   T23] audit: type=1400 audit(1719846557.390:73): avc:  denied  { relabelto } for  pid=342 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.768416][   T23] audit: type=1400 audit(1719846557.390:74): avc:  denied  { write } for  pid=342 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.794244][   T23] audit: type=1400 audit(1719846557.430:75): avc:  denied  { read } for  pid=325 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   19.819609][  T325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.083533][  T349] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.090388][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.097826][  T349] device bridge_slave_0 entered promiscuous mode
[   20.123526][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.130475][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.137953][  T349] device bridge_slave_1 entered promiscuous mode
[   20.181963][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.188843][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.196174][  T353] device bridge_slave_0 entered promiscuous mode
[   20.203208][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.210170][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.217583][  T353] device bridge_slave_1 entered promiscuous mode
[   20.286321][  T351] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.293249][  T351] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.300594][  T351] device bridge_slave_0 entered promiscuous mode
[   20.320517][  T351] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.327724][  T351] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.335367][  T351] device bridge_slave_1 entered promiscuous mode
[   20.342057][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.348908][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.356078][  T350] device bridge_slave_0 entered promiscuous mode
[   20.368297][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.375127][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.382550][  T350] device bridge_slave_1 entered promiscuous mode
[   20.444831][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.451700][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.458997][  T352] device bridge_slave_0 entered promiscuous mode
[   20.485743][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.492605][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.499946][  T352] device bridge_slave_1 entered promiscuous mode
[   20.612449][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.619294][  T353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.626410][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.633195][  T353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.648198][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.655031][  T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.662197][  T349] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.669027][  T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.689481][  T351] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.696308][  T351] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.703477][  T351] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.710454][  T351] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.749895][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.756733][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.763876][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.770625][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.802330][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.809432][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.816326][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.824660][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.831759][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.838779][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   20.846012][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.853377][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[   20.860476][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.867529][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[   20.889769][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.897853][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.904662][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.912484][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   20.920710][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   20.927652][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   20.934771][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.942808][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.949645][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.974097][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   20.982688][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   20.989524][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   20.997496][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.017470][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.025083][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.038243][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.084044][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.093319][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.100179][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.108342][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.116369][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.123319][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.130653][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.138557][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   21.145782][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.153159][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.161207][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.168042][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.175266][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.183569][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.190411][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.197835][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   21.205083][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.212527][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   21.220665][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.228909][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.235905][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.243301][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   21.251909][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.259963][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.266776][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.273994][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.281864][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.289902][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.297794][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.306617][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   21.327628][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.335861][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.344797][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.352783][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.361162][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.369601][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.383246][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.391428][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.418254][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   21.426386][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.435067][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.443148][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.451091][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.459258][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.467287][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.475078][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.488668][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.496821][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.504841][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   21.513995][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.547582][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.555912][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.564975][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.572851][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.580728][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.588775][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.596689][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.605128][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.613388][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.621472][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.629859][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   21.638251][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.666067][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.675160][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.689872][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.698393][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.706710][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.715165][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.776931][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.786622][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.795908][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   21.805050][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   21.814029][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   21.822478][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   21.831957][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   21.841313][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.886272][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   21.896125][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   21.920216][  T380] kernel profiling enabled (shift: 25)
[   21.998214][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.006266][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.030550][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.045334][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.062487][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.100048][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.114588][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.216261][  T391] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.231863][  T391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.731630][  T418] cgroup: syz.3.17 (418) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[   22.748128][  T418] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[   22.863536][  T425] tc_dump_action: action bad kind
[   23.050412][  T422] netlink: 'syz.4.18': attribute type 3 has an invalid length.
[   23.058015][  T422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18'.
[   23.892714][  T461] netlink: 'syz.1.32': attribute type 3 has an invalid length.
[   23.900179][  T461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.32'.
[   24.084923][  T486] tc_dump_action: action bad kind
[   24.425143][  T504] netlink: 'syz.4.50': attribute type 3 has an invalid length.
[   24.432717][  T504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.50'.
[   24.514641][   T23] kauditd_printk_skb: 44 callbacks suppressed
[   24.514649][   T23] audit: type=1400 audit(1719846562.160:120): avc:  denied  { create } for  pid=505 comm="syz.4.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   24.540434][   T23] audit: type=1400 audit(1719846562.160:121): avc:  denied  { getopt } for  pid=505 comm="syz.4.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   24.760625][   T23] audit: type=1400 audit(1719846562.409:122): avc:  denied  { write } for  pid=515 comm="syz.2.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   24.811790][  T526] tmpfs: Bad value for 'nr_inodes'
[   24.813107][   T23] audit: type=1400 audit(1719846562.459:123): avc:  denied  { mounton } for  pid=521 comm="syz.4.58" path="/root/syzkaller.mSNqax/21/file0" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   24.853524][   T23] audit: type=1400 audit(1719846562.499:124): avc:  denied  { name_bind } for  pid=529 comm="syz.3.60" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   25.177328][    C1] ==================================================================
[   25.185317][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   25.192252][    C1] Read of size 8 at addr ffff8881ead97a40 by task syz.0.62/536
[   25.199606][    C1] 
[   25.201810][    C1] CPU: 1 PID: 536 Comm: syz.0.62 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0
[   25.211154][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   25.221047][    C1] Call Trace:
[   25.224175][    C1]  <IRQ>
[   25.226873][    C1]  dump_stack+0x1d8/0x241
[   25.231052][    C1]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   25.236676][    C1]  ? printk+0xd1/0x111
[   25.240582][    C1]  ? profile_pc+0xa4/0xe0
[   25.244747][    C1]  ? wake_up_klogd+0xb2/0xf0
[   25.249173][    C1]  ? profile_pc+0xa4/0xe0
[   25.253341][    C1]  print_address_description+0x8c/0x600
[   25.258723][    C1]  ? panic+0x89d/0x89d
[   25.262629][    C1]  ? profile_pc+0xa4/0xe0
[   25.266792][    C1]  __kasan_report+0xf3/0x120
[   25.271246][    C1]  ? profile_pc+0xa4/0xe0
[   25.275387][    C1]  ? _raw_spin_lock+0x8a/0x1b0
[   25.280077][    C1]  kasan_report+0x30/0x60
[   25.284246][    C1]  profile_pc+0xa4/0xe0
[   25.288239][    C1]  profile_tick+0xb9/0x100
[   25.292485][    C1]  tick_sched_timer+0x237/0x3c0
[   25.297167][    C1]  ? tick_setup_sched_timer+0x460/0x460
[   25.302553][    C1]  __hrtimer_run_queues+0x3e9/0xb90
[   25.307592][    C1]  ? hrtimer_interrupt+0x890/0x890
[   25.312529][    C1]  ? sched_clock+0x36/0x40
[   25.316785][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   25.321469][    C1]  ? ktime_get+0xf9/0x130
[   25.325639][    C1]  ? ktime_get_update_offsets_now+0x26c/0x280
[   25.331544][    C1]  hrtimer_interrupt+0x38a/0x890
[   25.336330][    C1]  smp_apic_timer_interrupt+0x110/0x460
[   25.341711][    C1]  apic_timer_interrupt+0xf/0x20
[   25.346466][    C1]  </IRQ>
[   25.349257][    C1] RIP: 0010:_raw_spin_lock+0x8a/0x1b0
[   25.354453][    C1] Code: 4a 89 04 23 bf 01 00 00 00 e8 72 c9 f3 fc 4d 89 fe 49 c1 ee 03 43 0f b6 04 26 84 c0 0f 85 bb 00 00 00 c7 44 24 20 00 00 00 00 <4c> 89 ef be 04 00 00 00 e8 39 dc 42 fd 4c 89 ff be 04 00 00 00 e8
[   25.373895][    C1] RSP: 0018:ffff8881ead97a40 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff13
[   25.382136][    C1] RAX: 0000000000000004 RBX: 1ffff1103d5b2f48 RCX: 00000000ead97a03
[   25.389948][    C1] RDX: ffffea0000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   25.397935][    C1] RBP: ffff8881ead97ac8 R08: ffffffff818a5385 R09: ffffed103d6049d9
[   25.405744][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   25.413557][    C1] R13: ffffea0007be9328 R14: 1ffff1103d5b2f4c R15: ffff8881ead97a60
[   25.421376][    C1]  ? follow_page_pte+0x195/0xcc0
[   25.426146][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[   25.431354][    C1]  ? mark_page_accessed+0x263/0x640
[   25.436384][    C1]  ? vm_normal_page+0x93/0x1d0
[   25.440989][    C1]  follow_page_pte+0x1d9/0xcc0
[   25.445588][    C1]  __get_user_pages+0xbd1/0x13b0
[   25.450362][    C1]  ? populate_vma_page_range+0xf0/0xf0
[   25.455653][    C1]  ? memset+0x1f/0x40
[   25.459469][    C1]  ? vmacache_update+0x9f/0xf0
[   25.464074][    C1]  __mm_populate+0x369/0x510
[   25.468498][    C1]  ? __get_user_pages+0x13b0/0x13b0
[   25.473539][    C1]  vm_mmap_pgoff+0x20d/0x260
[   25.478167][    C1]  ? account_locked_vm+0x1b0/0x1b0
[   25.483110][    C1]  ? fpu__clear+0x3c0/0x3c0
[   25.487452][    C1]  ? ksys_mmap_pgoff+0xd6/0x1e0
[   25.492139][    C1]  do_syscall_64+0xca/0x1c0
[   25.496480][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   25.502214][    C1] RIP: 0033:0x7fd7b38b1b99
[   25.506458][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.526157][    C1] RSP: 002b:00007fd7b2b33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   25.534492][    C1] RAX: ffffffffffffffda RBX: 00007fd7b3a3ffa0 RCX: 00007fd7b38b1b99
[   25.542298][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[   25.550113][    C1] RBP: 00007fd7b393277e R08: ffffffffffffffff R09: 0000000000000000
[   25.558540][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[   25.566343][    C1] R13: 000000000000000b R14: 00007fd7b3a3ffa0 R15: 00007fff43de8e78
[   25.574250][    C1] 
[   25.576407][    C1] The buggy address belongs to the page:
[   25.581894][    C1] page:ffffea0007ab65c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   25.591175][    C1] flags: 0x8000000000000000()
[   25.595684][    C1] raw: 8000000000000000 0000000000000000 ffffea0007ab65c8 0000000000000000
[   25.604098][    C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   25.612601][    C1] page dumped because: kasan: bad access detected
[   25.618857][    C1] page_owner tracks the page as allocated
[   25.624405][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   25.635965][    C1]  prep_new_page+0x18f/0x370
[   25.640376][    C1]  get_page_from_freelist+0x2d13/0x2d90
[   25.645759][    C1]  __alloc_pages_nodemask+0x393/0x840
[   25.650971][    C1]  dup_task_struct+0x85/0x600
[   25.655477][    C1]  copy_process+0x56d/0x3230
[   25.659903][    C1]  _do_fork+0x197/0x900
[   25.664155][    C1]  __x64_sys_clone3+0x2da/0x300
[   25.669016][    C1]  do_syscall_64+0xca/0x1c0
[   25.673360][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   25.679083][    C1] page last free stack trace:
[   25.683607][    C1]  __free_pages_ok+0x847/0x950
[   25.688214][    C1]  __free_pages+0x91/0x140
[   25.692461][    C1]  __free_slab+0x221/0x2e0
[   25.696703][    C1]  unfreeze_partials+0x14e/0x180
[   25.701774][    C1]  put_cpu_partial+0x44/0x180
[   25.706307][    C1]  __slab_free+0x297/0x360
[   25.710538][    C1]  qlist_free_all+0x43/0xb0
[   25.714875][    C1]  quarantine_reduce+0x1d9/0x210
[   25.719648][    C1]  __kasan_kmalloc+0x41/0x210
[   25.724163][    C1]  kmem_cache_alloc+0xd9/0x250
[   25.728763][    C1]  getname_flags+0xb8/0x4e0
[   25.733099][    C1]  user_path_at_empty+0x28/0x50
[   25.737786][    C1]  vfs_statx+0x115/0x210
[   25.741871][    C1]  __se_sys_newfstatat+0xce/0x770
[   25.746726][    C1]  do_syscall_64+0xca/0x1c0
[   25.751068][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   25.756792][    C1] 
[   25.758963][    C1] addr ffff8881ead97a40 is located in stack of task syz.0.62/536 at offset 0 in frame:
[   25.768437][    C1]  _raw_spin_lock+0x0/0x1b0
[   25.772761][    C1] 
[   25.774929][    C1] this frame has 1 object:
[   25.779183][    C1]  [32, 36) 'val.i.i.i'
[   25.779185][    C1] 
[   25.785344][    C1] Memory state around the buggy address:
[   25.790816][    C1]  ffff8881ead97900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.798805][    C1]  ffff8881ead97980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.806699][    C1] >ffff8881ead97a00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3
[   25.814596][    C1]                                            ^
[   25.820588][    C1]  ffff8881ead97a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.828484][    C1]  ffff8881ead97b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.836470][    C1] ==================================================================
[   25.844374][    C1] Disabling lock debugging due to kernel taint
[   25.937204][  T536] netlink: 'syz.0.62': attribute type 3 has an invalid length.
[   25.944777][  T536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.62'.