last executing test programs:

1.979187033s ago: executing program 0 (id=365):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x10000, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x30b923, 0x80000, {0x0, 0x0, 0x0, r3, {}, {0x2, 0xb}, {0xd, 0x7}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4008000)

1.950070694s ago: executing program 3 (id=366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d380012"], 0xc4}}, 0x2050890)

1.860713315s ago: executing program 3 (id=367):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

1.790410416s ago: executing program 0 (id=370):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x30}})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)

1.565973581s ago: executing program 0 (id=379):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000d80)={0x1, &(0x7f0000000040)=[{0x6, 0xe, 0x7f, 0x2003}]})
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x2003516, 0x0, 0x0, 0x0, 0x0)

1.509207092s ago: executing program 4 (id=382):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"})
r1 = syz_open_pts(r0, 0x0)
io_setup(0x7, &(0x7f0000000000)=<r2=>0x0)
r3 = eventfd(0x10)
io_submit(r2, 0x1, &(0x7f00000006c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, r1, &(0x7f00000003c0)='z', 0x1, 0xcead, 0x0, 0x5, r3}])
close_range(r0, 0xffffffffffffffff, 0x0)

1.342398975s ago: executing program 4 (id=385):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
fstat(0xffffffffffffffff, 0x0)

1.304385305s ago: executing program 4 (id=388):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8)
timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000044000)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000040fe0)={{}, {0x0, 0x9}}, 0x0)
rt_sigaction(0x12, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffffff, {[0x400]}}, 0x0, 0x8, &(0x7f0000000180))

1.107014979s ago: executing program 1 (id=393):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000180)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10)
connect$vsock_stream(r2, &(0x7f0000000600)={0x28, 0x0, 0x0, @local}, 0x10)

1.089007789s ago: executing program 1 (id=394):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000001010000fc7f0000cc", @ANYBLOB], 0x50)

1.088585199s ago: executing program 4 (id=395):
mount(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x6})
ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2c2, &(0x7f00000006c0)="$eJzs3T+LI2UYAPBndpNJ7iySwkoEB7SwOm6vtckiOThMpaRQC128O5AkCHew4CkGK1sbSz+BINj5JWwEP4DgB7DzioNXJpkh2btJsoHLrX9+vyL77Lzv877POzPZPyzz7sevziZ3i7j/9Ze/R7ebxdEgBvE4i34cRS2llGJl8G0AAP9mj1OKP9PSJVMG5UsWEd3DlgYAHMje3/9/OnhJAMCBvff+B++cjkbDd4uiG7dn35yPy9/sy4/L9tP78WlM417cjF48Wf4toP5poXy9nVKat4pSP96Yzc/HZebso1+q8U/riU6iF/1FdDH/zmh4Uiyt5c/LOq5X8w/K+W9FL15umP/OaHirIT/Gebz5+lr9N6IXv34Sn8U07i6KWOV/dVIUb6fv/vriw7K8Mj+bn487i34r6fjFXRUAAAAAAAAAAAAAAAAAAAAAAP7rblR753RisX9Peajaf+f4SflJO4pa/+L+PMv8rB7oqf2B5im+T6nTihgNbxZFkaqOq/xWvNKK1tWsGgAAAAAAAAAAAAAAAAAAAP5ZHn7+aHI2nd570BD8dj1iQ9OGoN4NoH6sf0fW8aamwdqR1+LR5KyzecC1pqMq3DJpHNd9soity4lWux65v9dJ2D+4tqnmH37cd8Du7j7tbefn+QT13TU5y6KxTyfqI936mv683iePS86Vb2pKu2+/tSBvbOrtvfb8pUUw39Insm2FvfXH8sxVR7KnV5EvzmpjenttN47me6P5Wmx6pzwjW7yt8+f3xQcAAAAAAAAAAAAAAAAAALhg9dDvM03XdqQepc7BygIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF2r1///3COZV8iU65/Hg4RUvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwMAAP//QSRWPA==")
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x202402, &(0x7f0000000600)={[{@jqfmt_vfsv0}, {@nouser_xattr}, {@jqfmt_vfsv0}, {@sb={'sb', 0x3d, 0x1}}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x0, 0x45d, &(0x7f00000009c0)="$eJzs28tvG8UfAPDvbl59/pJfKY8+gEBBRDySJi3QAxcQSL0gVYJDOYY0rUrdBjVBolVFA0LliPoXAEck/gJOcEHACcQV7qhShXqhcECL1l67xrHTOHbqtP58pE1mdsee+Xp37NkZO4C+NZ7/SSJ2RMSvETEaEQONBcYr/27euDT3141Lc0lk2Rt/JPnD4s8bl+aqRZPi//YiM5FGpB8nsa9JvYsXLp6ZLZXmzxf5qaWz704tXrj43Omzs6fmT82fmzly5PCh6RdfmHm+K3HuzNu694OF/XuOvnX19bnjV9/+4au8vTuK4/VxVIx1XOd4jNdek0ZPdvzsm8vOunQy2MOG0Ja8r+ena6jc/0djIG6dvNF47aOeNg7YUFmWZSMr9tZGAMsZcA9LotctAHqj+kGf3/9Wtzs4/Oi56y9XboDyuG8WW+XIYKRFmaGG+9tuGo+I48t/f5Zv0XQeAgCgu77Jxz/PNhv/pfFAXbn/FWtDYxHx/4jYFRH3RcTuiLg/olz2wYh4qM36xxvyK8c/P29dV2BrlI//XirWtv47/quO/mJsoMjtLMc/lJw8XZo/WLwmEzE0kuenV6nj21d/+bTVsfrxX77l9VfHghExHJFeG2yYoDsxuzTbYdg11z8szwFeXhl/UlsJSCJiT0TsXcfzb4mI009/ub/V8dvEv7ourDNlX0Q8VTn/y9EQf1Wy+vrk1JYozR+cql4VK/3405VjrervKP4uyM//tqbXfy3+saR+vXax/Tqu/PZJy3ua28ff/PofTt4sp4eLfe/PLi2dn44YTpZX7p+59dhqvlo+j3/iQPP+vyvin8+Lx+2LiPwifjgiHomIR4u2PxYRj0fEgVXi//6VJ95Zf/wbK4//RFvnv/3EwJnvvm5V/+3jP3ZtcORwOTVR7FnL+99aG9jJawcAAAB3i7T8Hfgknayl03RysvId/t2xLS0tLC49c3LhvXMnKt+VH4uhtDrTNVo3HzpdzA1X8zMN+UPleeMsy7Kt5fzk3EJpo9bUgbXZ3qL/534f6HXrgA3X1jpaq1+0AXclv9eE/qX/Q//S/6F/6f/Qv5r1/8sRN3vQFOAO8/kP/Uv/h/6l/0P/0v+hL3Xyu/7VEruObtQz32uJgc3RjLYTkW6KZqwvkW6OZlQSIxGx1sKX4041rNfvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//XrbsjQ==")

1.009559731s ago: executing program 1 (id=396):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r0, &(0x7f0000001300)="92", 0x1, 0x10, &(0x7f0000000240)={0xa, 0x4e1c, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x4}, 0x8)

969.002332ms ago: executing program 2 (id=397):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x60000000, 0x0, 0xffffffffffffff1f, 0x0, 0x0, 0x7, 0x0, 0xfffffffe}, 0x50)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0)

945.988992ms ago: executing program 2 (id=398):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200082c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa3a000005"], 0x0)

945.069782ms ago: executing program 4 (id=399):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d40)={{r0}, &(0x7f0000000cc0), &(0x7f0000000d00)='%-5lx  \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000480)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8080)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)

921.859973ms ago: executing program 2 (id=400):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}})

921.275673ms ago: executing program 1 (id=401):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000903000000000000000000000d008d0f61"], &(0x7f0000000100)=""/223, 0x3e, 0xdf, 0x1}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000009500000000000000b7080000000000007b8af8", @ANYRES32, @ANYBLOB="0000000000002000b70500f7ffffff0085000000a5000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8"], 0x0, 0x1, 0x93, &(0x7f0000000480)=""/147, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000980)=[{0x40001, 0x1, 0x2000007}, {0x5, 0x0, 0xf, 0xa}, {0x5, 0x2, 0xe, 0x9}, {0x0, 0x3, 0x0, 0x7}], 0x10, 0x7}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b00000044"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000680), 0x2000006c, r2}, 0x38)

912.072633ms ago: executing program 3 (id=402):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)='%pi6   \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000200), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x204600)

893.212103ms ago: executing program 4 (id=403):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}}, 0x18)
setsockopt$SO_J1939_PROMISC(r2, 0x6b, 0x2, &(0x7f0000000340)=0x1, 0x4)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r1, {0x5, 0xb}, {0x5, 0xfff3}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4014}, 0xc4)

892.755773ms ago: executing program 1 (id=404):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3], 0x18, 0x10}, 0x0)
close(r2)

872.972644ms ago: executing program 2 (id=405):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r0}, &(0x7f00000003c0), &(0x7f0000000400)='%-5lx  \x00'}, 0x20)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

854.698204ms ago: executing program 1 (id=406):
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0xf1311, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0xc, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xa, 0x4000011, r0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x6}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0x4000c00)

854.204024ms ago: executing program 3 (id=407):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x1000000000003f}, 0x60)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610418000000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x62)

824.410925ms ago: executing program 3 (id=408):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8614, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x20000000000000ba, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfd71}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

751.215776ms ago: executing program 2 (id=409):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014)

701.141537ms ago: executing program 0 (id=410):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x6}, 0x18)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x0, 0x400, 0xb7, 0xc20022, r3})
sendto$packet(r2, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x9, r3, 0x1, 0xd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14)

664.504188ms ago: executing program 0 (id=411):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r1}, 0x10)
syz_clone3(&(0x7f00000005c0)={0x4000, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58)

320.494544ms ago: executing program 3 (id=412):
timer_create(0x0, 0x0, &(0x7f0000000300))
ioperm(0x3c, 0x1, 0x8)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ftruncate(r0, 0x2000009)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)

197.87µs ago: executing program 0 (id=413):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

0s ago: executing program 2 (id=414):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004"], 0xd4}}, 0x8818)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts.
[   25.477339][   T29] audit: type=1400 audit(1757263901.237:62): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.478296][ T3292] cgroup: Unknown subsys name 'net'
[   25.500110][   T29] audit: type=1400 audit(1757263901.237:63): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.527519][   T29] audit: type=1400 audit(1757263901.257:64): avc:  denied  { unmount } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   25.666343][ T3292] cgroup: Unknown subsys name 'cpuset'
[   25.672674][ T3292] cgroup: Unknown subsys name 'rlimit'
[   25.841778][   T29] audit: type=1400 audit(1757263901.597:65): avc:  denied  { setattr } for  pid=3292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.865091][   T29] audit: type=1400 audit(1757263901.597:66): avc:  denied  { create } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.885782][   T29] audit: type=1400 audit(1757263901.597:67): avc:  denied  { write } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.888286][ T3295] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.906317][   T29] audit: type=1400 audit(1757263901.597:68): avc:  denied  { read } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   25.935180][   T29] audit: type=1400 audit(1757263901.607:69): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   25.959127][ T3292] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   25.960505][   T29] audit: type=1400 audit(1757263901.607:70): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   25.992887][   T29] audit: type=1400 audit(1757263901.677:71): avc:  denied  { relabelto } for  pid=3295 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   27.750221][ T3302] chnl_net:caif_netlink_parms(): no params data found
[   27.784843][ T3308] chnl_net:caif_netlink_parms(): no params data found
[   27.809525][ T3303] chnl_net:caif_netlink_parms(): no params data found
[   27.866940][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.874034][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.881491][ T3302] bridge_slave_0: entered allmulticast mode
[   27.887877][ T3302] bridge_slave_0: entered promiscuous mode
[   27.894690][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.901811][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.909418][ T3302] bridge_slave_1: entered allmulticast mode
[   27.915848][ T3302] bridge_slave_1: entered promiscuous mode
[   27.928278][ T3312] chnl_net:caif_netlink_parms(): no params data found
[   27.977067][ T3310] chnl_net:caif_netlink_parms(): no params data found
[   27.985610][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.992672][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.999978][ T3303] bridge_slave_0: entered allmulticast mode
[   28.006516][ T3303] bridge_slave_0: entered promiscuous mode
[   28.016285][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.023416][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.030622][ T3308] bridge_slave_0: entered allmulticast mode
[   28.037069][ T3308] bridge_slave_0: entered promiscuous mode
[   28.044327][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.057492][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.064563][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.072205][ T3303] bridge_slave_1: entered allmulticast mode
[   28.078771][ T3303] bridge_slave_1: entered promiscuous mode
[   28.091494][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.104728][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.111887][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.119285][ T3308] bridge_slave_1: entered allmulticast mode
[   28.125990][ T3308] bridge_slave_1: entered promiscuous mode
[   28.159168][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.175297][ T3302] team0: Port device team_slave_0 added
[   28.183964][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.194574][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.211760][ T3302] team0: Port device team_slave_1 added
[   28.225013][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.254286][ T3308] team0: Port device team_slave_0 added
[   28.260177][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.267264][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.274383][ T3312] bridge_slave_0: entered allmulticast mode
[   28.280982][ T3312] bridge_slave_0: entered promiscuous mode
[   28.301337][ T3308] team0: Port device team_slave_1 added
[   28.307314][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.314397][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.322154][ T3312] bridge_slave_1: entered allmulticast mode
[   28.328766][ T3312] bridge_slave_1: entered promiscuous mode
[   28.335283][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.342289][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.368207][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   28.383827][ T3303] team0: Port device team_slave_0 added
[   28.399612][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1
[   28.406630][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.432700][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   28.443545][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.450638][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.457846][ T3310] bridge_slave_0: entered allmulticast mode
[   28.464244][ T3310] bridge_slave_0: entered promiscuous mode
[   28.471335][ T3303] team0: Port device team_slave_1 added
[   28.493867][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.501021][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.508253][ T3310] bridge_slave_1: entered allmulticast mode
[   28.514745][ T3310] bridge_slave_1: entered promiscuous mode
[   28.526094][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.533055][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.559092][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   28.570165][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.577128][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.603032][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   28.614785][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.625715][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.639547][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1
[   28.646588][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.672564][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   28.683569][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1
[   28.690605][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.716531][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   28.760394][ T3312] team0: Port device team_slave_0 added
[   28.767347][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.777767][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.799186][ T3302] hsr_slave_0: entered promiscuous mode
[   28.805302][ T3302] hsr_slave_1: entered promiscuous mode
[   28.812380][ T3312] team0: Port device team_slave_1 added
[   28.834066][ T3303] hsr_slave_0: entered promiscuous mode
[   28.840004][ T3303] hsr_slave_1: entered promiscuous mode
[   28.845961][ T3303] debugfs: 'hsr0' already exists in 'hsr'
[   28.851678][ T3303] Cannot create hsr debugfs directory
[   28.881122][ T3308] hsr_slave_0: entered promiscuous mode
[   28.887262][ T3308] hsr_slave_1: entered promiscuous mode
[   28.893090][ T3308] debugfs: 'hsr0' already exists in 'hsr'
[   28.898877][ T3308] Cannot create hsr debugfs directory
[   28.915132][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.922150][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.948300][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   28.960200][ T3310] team0: Port device team_slave_0 added
[   28.982454][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1
[   28.989513][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.016041][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.027497][ T3310] team0: Port device team_slave_1 added
[   29.089863][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.096916][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.122867][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.148725][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.155717][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.181650][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.194384][ T3312] hsr_slave_0: entered promiscuous mode
[   29.200324][ T3312] hsr_slave_1: entered promiscuous mode
[   29.206179][ T3312] debugfs: 'hsr0' already exists in 'hsr'
[   29.211913][ T3312] Cannot create hsr debugfs directory
[   29.284158][ T3310] hsr_slave_0: entered promiscuous mode
[   29.290359][ T3310] hsr_slave_1: entered promiscuous mode
[   29.296433][ T3310] debugfs: 'hsr0' already exists in 'hsr'
[   29.302158][ T3310] Cannot create hsr debugfs directory
[   29.323607][ T3303] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   29.341539][ T3303] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   29.363057][ T3303] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   29.380656][ T3303] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   29.417161][ T3302] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   29.425991][ T3302] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   29.445051][ T3302] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   29.454474][ T3302] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   29.494777][ T3308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   29.503604][ T3308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   29.512349][ T3308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   29.521856][ T3308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   29.537760][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.563070][ T3303] 8021q: adding VLAN 0 to HW filter on device team0
[   29.571434][ T3312] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   29.583777][ T3312] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   29.592879][ T3312] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   29.602781][ T3312] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   29.618518][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.625697][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.654280][  T781] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.661423][  T781] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.675794][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   29.684477][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   29.699996][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   29.710373][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   29.744371][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.777978][ T3302] 8021q: adding VLAN 0 to HW filter on device team0
[   29.794908][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.829905][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.839126][  T781] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.846302][  T781] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.854883][  T781] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.861985][  T781] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.878214][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.888247][ T3308] 8021q: adding VLAN 0 to HW filter on device team0
[   29.905093][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.912212][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.923472][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   29.933032][ T3310] 8021q: adding VLAN 0 to HW filter on device team0
[   29.943320][  T483] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.950650][  T483] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.959938][  T483] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.967021][  T483] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.978055][ T3302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   29.993049][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.005267][  T483] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.012464][  T483] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.021788][  T483] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.028935][  T483] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.048002][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.055138][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.085012][ T3308] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.095489][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.118943][ T3312] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.129485][ T3312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.152780][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.164882][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.175340][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.231687][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.259735][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.297277][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.344386][ T3303] veth0_vlan: entered promiscuous mode
[   30.358890][ T3303] veth1_vlan: entered promiscuous mode
[   30.417646][ T3303] veth0_macvtap: entered promiscuous mode
[   30.432978][ T3302] veth0_vlan: entered promiscuous mode
[   30.447198][ T3303] veth1_macvtap: entered promiscuous mode
[   30.458510][ T3302] veth1_vlan: entered promiscuous mode
[   30.471370][ T3308] veth0_vlan: entered promiscuous mode
[   30.492944][ T3302] veth0_macvtap: entered promiscuous mode
[   30.502673][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.511164][ T3310] veth0_vlan: entered promiscuous mode
[   30.524057][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1
[   30.535820][ T3302] veth1_macvtap: entered promiscuous mode
[   30.543015][ T3308] veth1_vlan: entered promiscuous mode
[   30.551517][  T483] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.560866][ T3310] veth1_vlan: entered promiscuous mode
[   30.570512][  T483] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.586578][  T483] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.601487][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.612488][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1
[   30.619992][  T483] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   30.631736][ T3312] veth0_vlan: entered promiscuous mode
[   30.647554][ T3308] veth0_macvtap: entered promiscuous mode
[   30.655459][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.665113][  T781] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.679218][ T3310] veth0_macvtap: entered promiscuous mode
[   30.688146][ T3312] veth1_vlan: entered promiscuous mode
[   30.696101][  T781] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.705159][ T3308] veth1_macvtap: entered promiscuous mode
[   30.715157][   T29] kauditd_printk_skb: 9 callbacks suppressed
[   30.715171][   T29] audit: type=1400 audit(1757263906.467:81): avc:  denied  { mounton } for  pid=3303 comm="syz-executor" path="/root/syzkaller.76tNNq/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   30.746855][   T29] audit: type=1400 audit(1757263906.467:82): avc:  denied  { mount } for  pid=3303 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   30.749897][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   30.768922][   T29] audit: type=1400 audit(1757263906.467:83): avc:  denied  { mounton } for  pid=3303 comm="syz-executor" path="/root/syzkaller.76tNNq/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   30.802985][   T29] audit: type=1400 audit(1757263906.467:84): avc:  denied  { mount } for  pid=3303 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   30.806853][ T3312] veth0_macvtap: entered promiscuous mode
[   30.824775][   T29] audit: type=1400 audit(1757263906.467:85): avc:  denied  { mounton } for  pid=3303 comm="syz-executor" path="/root/syzkaller.76tNNq/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   30.836094][ T3312] veth1_macvtap: entered promiscuous mode
[   30.857348][   T29] audit: type=1400 audit(1757263906.467:86): avc:  denied  { mounton } for  pid=3303 comm="syz-executor" path="/root/syzkaller.76tNNq/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=5147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   30.869230][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.890481][   T29] audit: type=1400 audit(1757263906.467:87): avc:  denied  { unmount } for  pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   30.891396][   T29] audit: type=1400 audit(1757263906.507:88): avc:  denied  { mounton } for  pid=3303 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   30.900555][ T3310] veth1_macvtap: entered promiscuous mode
[   30.917363][   T29] audit: type=1400 audit(1757263906.507:89): avc:  denied  { mount } for  pid=3303 comm="syz-executor" name="/" dev="gadgetfs" ino=5148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   30.972729][ T3303] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   30.989664][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.999645][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.008727][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.020630][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.029684][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.043928][   T29] audit: type=1400 audit(1757263906.797:90): avc:  denied  { read write } for  pid=3303 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   31.047670][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.078225][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.098283][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.139928][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.164275][  T152] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.184836][ T3480] netlink: 'syz.1.6': attribute type 1 has an invalid length.
[   31.206808][  T152] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.270462][  T152] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.283839][  T152] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.317896][  T152] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.356690][  T152] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.368120][ T3488] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5'.
[   31.413600][ T3488] netem: change failed
[   31.421861][ T3493] loop1: detected capacity change from 0 to 512
[   31.421929][ T3494] loop0: detected capacity change from 0 to 512
[   31.431536][  T152] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.453194][ T3494] =======================================================
[   31.453194][ T3494] WARNING: The mand mount option has been deprecated and
[   31.453194][ T3494]          and is ignored by this kernel. Remove the mand
[   31.453194][ T3494]          option from the mount to silence this warning.
[   31.453194][ T3494] =======================================================
[   31.508386][  T152] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.570473][ T3498] loop3: detected capacity change from 0 to 128
[   31.585030][ T3500] mmap: syz.2.11 (3500) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   31.638379][ T3498] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   31.650941][ T3493] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #3: comm syz.1.8: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[   31.669051][ T3493] EXT4-fs error (device loop1): ext4_quota_enable:7131: comm syz.1.8: Bad quota inode: 3, type: 0
[   31.670129][ T3494] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.680936][ T3498] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   31.718044][ T3493] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   31.736560][ T3494] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   31.768177][ T3511] loop2: detected capacity change from 0 to 164
[   31.775154][ T3489] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.1: corrupted inode contents
[   31.788114][ T3493] EXT4-fs (loop1): mount failed
[   31.794368][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   31.807576][ T3489] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.1: mark_inode_dirty error
[   31.857656][ T3511] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[   31.864864][ T3489] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.1: corrupted inode contents
[   31.903219][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.910811][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.918290][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.925800][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.933344][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.940972][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.948428][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.956100][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.961723][ T3519] syz.1.16 uses obsolete (PF_INET,SOCK_PACKET)
[   31.963512][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.963534][ T3378] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   31.979342][ T3378] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz1
[   32.031500][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.050940][ T3522] fido_id[3522]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   32.067663][ T3525] netlink: 36 bytes leftover after parsing attributes in process `syz.4.19'.
[   32.139908][ T3533] loop4: detected capacity change from 0 to 4096
[   32.152025][ T3533] EXT4-fs: Ignoring removed nomblk_io_submit option
[   32.181476][ T3533] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.224528][ T3538] vlan2: entered allmulticast mode
[   32.545765][ T3555] netlink: 256 bytes leftover after parsing attributes in process `gtp'.
[   32.606237][ T3559] loop1: detected capacity change from 0 to 1024
[   32.623715][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.668025][ T3559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.681471][ T3559] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.697749][ T3559] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm syz.1.32: lblock 1 mapped to illegal pblock 1 (length 15)
[   32.718510][ T3559] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   32.731083][ T3559] EXT4-fs (loop1): This should not happen!! Data will be lost
[   32.731083][ T3559] 
[   32.743787][ T3572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.36'.
[   32.746171][ T3558] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 1: comm syz.1.32: lblock 1 mapped to illegal pblock 1 (length 3)
[   32.766824][ T3558] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 1: comm syz.1.32: lblock 1 mapped to illegal pblock 1 (length 3)
[   32.781145][ T3558] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 1: comm syz.1.32: lblock 1 mapped to illegal pblock 1 (length 3)
[   32.797398][ T3559] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.32: lblock 4 mapped to illegal pblock 4 (length 4)
[   32.811984][ T3559] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.32: lblock 4 mapped to illegal pblock 4 (length 4)
[   32.826389][ T3559] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.32: lblock 4 mapped to illegal pblock 4 (length 4)
[   32.848578][ T3559] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 4: comm syz.1.32: lblock 4 mapped to illegal pblock 4 (length 4)
[   32.880183][ T3564] syz.3.35 (3564) used greatest stack depth: 9696 bytes left
[   32.923720][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.006960][ T3594] loop1: detected capacity change from 0 to 1024
[   33.050087][ T3594] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.075131][ T3603] process 'syz.3.50' launched './file1' with NULL argv: empty string added
[   33.084521][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.125018][ T3607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.52'.
[   33.399364][ T3635] netlink: 24 bytes leftover after parsing attributes in process `syz.1.66'.
[   33.469963][ T3637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.67'.
[   33.478933][ T3637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.67'.
[   33.656176][ T3665] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in;
[   33.656176][ T3665]    program syz.3.76 not setting count and/or reply_len properly
[   33.658860][ T3669] loop4: detected capacity change from 0 to 512
[   33.687850][ T3669] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   33.709183][ T3669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.733246][ T3669] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.762036][ T3669] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   33.778255][ T3669] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 28
[   33.790624][ T3669] EXT4-fs (loop4): This should not happen!! Data will be lost
[   33.790624][ T3669] 
[   33.800490][ T3669] EXT4-fs (loop4): Total free blocks count 0
[   33.806533][ T3669] EXT4-fs (loop4): Free/Dirty block details
[   33.812436][ T3669] EXT4-fs (loop4): free_blocks=39626
[   33.817875][ T3669] EXT4-fs (loop4): dirty_blocks=16
[   33.823136][ T3669] EXT4-fs (loop4): Block reservation details
[   33.829345][ T3669] EXT4-fs (loop4): i_reserved_data_blocks=16
[   33.959686][ T3698] netlink: 16 bytes leftover after parsing attributes in process `syz.1.91'.
[   33.994927][ T3682] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32768 with max blocks 2048 with error 28
[   34.107251][ T3706] netlink: 'syz.1.95': attribute type 13 has an invalid length.
[   34.114955][ T3706] netlink: 'syz.1.95': attribute type 17 has an invalid length.
[   34.148976][ T3706] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   34.169191][ T3715] netlink: 80 bytes leftover after parsing attributes in process `syz.0.99'.
[   34.557264][ T3760] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   35.033595][ T3783] loop3: detected capacity change from 0 to 128
[   35.051100][ T3773] Set syz1 is full, maxelem 65536 reached
[   35.053833][ T3783] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   35.075966][ T3783] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   35.110861][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   35.167902][ T3796] IPv6: Can't replace route, no match found
[   35.208492][ T3794] infiniband syz!: set active
[   35.213270][ T3794] infiniband syz!: added team_slave_0
[   35.225550][ T3794] RDS/IB: syz!: added
[   35.229669][ T3794] smc: adding ib device syz! with port count 1
[   35.236120][ T3794] smc:    ib device syz! port 1 has pnetid 
[   35.259588][ T3802] Zero length message leads to an empty skb
[   35.310053][ T3809] loop3: detected capacity change from 0 to 128
[   35.367442][ T3809] syz.3.139: attempt to access beyond end of device
[   35.367442][ T3809] loop3: rw=0, sector=2072, nr_sectors = 1 limit=128
[   35.447044][ T3821] Driver unsupported XDP return value 0 on prog  (id 119) dev N/A, expect packet loss!
[   35.471385][ T3823] loop2: detected capacity change from 0 to 1024
[   35.480451][ T3819] loop4: detected capacity change from 0 to 1024
[   35.491835][ T3823] EXT4-fs: Ignoring removed bh option
[   35.507596][ T3829] loop0: detected capacity change from 0 to 128
[   35.514349][ T3829] EXT4-fs: test_dummy_encryption option not supported
[   35.517173][ T3823] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.544405][ T3819] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.592467][ T3302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.614698][ T3819] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.145: Allocating blocks 497-513 which overlap fs metadata
[   35.642515][ T3819] EXT4-fs (loop4): pa ffff888106ee9070: logic 288, phys. 449, len 4
[   35.650773][ T3819] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   35.713839][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.727738][   T29] kauditd_printk_skb: 631 callbacks suppressed
[   35.727797][   T29] audit: type=1400 audit(1757263911.546:722): avc:  denied  { execute_no_trans } for  pid=3843 comm="syz.0.154" path="/21/file0" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   35.782144][ T3848] loop1: detected capacity change from 0 to 512
[   35.789332][   T29] audit: type=1400 audit(1757263911.606:723): avc:  denied  { mounton } for  pid=3847 comm="syz.1.156" path="/35/bus" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   35.813928][ T3848] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   35.827013][ T3848] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   35.856127][ T3848] EXT4-fs (loop1): 1 truncate cleaned up
[   35.871189][ T3848] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.884514][ T3848] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.901605][   T29] audit: type=1326 audit(1757263911.716:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   35.925315][   T29] audit: type=1326 audit(1757263911.716:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   35.948863][   T29] audit: type=1326 audit(1757263911.716:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   35.972230][   T29] audit: type=1326 audit(1757263911.716:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   35.996065][   T29] audit: type=1326 audit(1757263911.716:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   36.019640][   T29] audit: type=1326 audit(1757263911.716:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   36.042932][   T29] audit: type=1326 audit(1757263911.716:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92a29ebe9 code=0x7ffc0000
[   36.075292][   T29] audit: type=1400 audit(1757263911.886:731): avc:  denied  { unmount } for  pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   36.103044][ T3857] loop4: detected capacity change from 0 to 1024
[   36.121601][ T3857] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.187400][ T3857] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   36.249718][ T3877] hub 6-0:1.0: USB hub found
[   36.254624][ T3877] hub 6-0:1.0: 8 ports detected
[   36.285410][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.356677][ T3898] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3898 comm=syz.1.173
[   36.538809][ T3913] __nla_validate_parse: 1 callbacks suppressed
[   36.538828][ T3913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.178'.
[   36.560057][ T3913] netem: change failed
[   36.577186][ T3917] loop1: detected capacity change from 0 to 256
[   36.593945][ T3917] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   36.613628][ T3917] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   36.645797][ T3929] loop4: detected capacity change from 0 to 164
[   36.653289][ T3929] Unable to read rock-ridge attributes
[   36.665168][ T3929] veth0_to_team: entered promiscuous mode
[   36.748899][ T3936] netlink: 12 bytes leftover after parsing attributes in process `syz.2.189'.
[   36.757978][ T3936] netlink: 'syz.2.189': attribute type 15 has an invalid length.
[   36.775238][   T31] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0
[   36.784485][ T3936] netlink: 12 bytes leftover after parsing attributes in process `syz.2.189'.
[   36.789160][ T3937] capability: warning: `syz.4.188' uses 32-bit capabilities (legacy support in use)
[   36.793424][ T3936] netlink: 'syz.2.189': attribute type 15 has an invalid length.
[   36.812250][   T31] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0
[   36.829182][ T3939] cgroup: Invalid name
[   36.833240][   T31] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0
[   36.857502][   T31] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0
[   36.922853][ T3947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.194'.
[   37.154298][ T3967] openvswitch: netlink: Message has 6 unknown bytes.
[   37.176954][ T3969] hub 9-0:1.0: USB hub found
[   37.183060][ T3969] hub 9-0:1.0: 8 ports detected
[   37.249887][ T3983] netlink: 204 bytes leftover after parsing attributes in process `syz.1.208'.
[   37.267833][ T3981] loop3: detected capacity change from 0 to 8192
[   37.306406][ T3981]  loop3: p1 p2 p3 p4
[   37.311909][ T3981] loop3: p3 start 331777 is beyond EOD, truncated
[   37.318458][ T3981] loop3: p4 size 262144 extends beyond EOD, truncated
[   37.373919][ T3994] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3994 comm=syz.3.213
[   37.443852][ T3998] netlink: 'syz.3.215': attribute type 83 has an invalid length.
[   37.506481][ T4008] loop1: detected capacity change from 0 to 128
[   37.519092][ T4008] FAT-fs (loop1): Directory bread(block 32) failed
[   37.526299][ T4008] FAT-fs (loop1): Directory bread(block 33) failed
[   37.532976][ T4008] FAT-fs (loop1): Directory bread(block 34) failed
[   37.533082][ T4000] loop0: detected capacity change from 0 to 256
[   37.540636][ T4008] FAT-fs (loop1): Directory bread(block 35) failed
[   37.552597][ T4008] FAT-fs (loop1): Directory bread(block 36) failed
[   37.554554][ T4000] /dev/loop0: Can't open blockdev
[   37.561856][ T4008] FAT-fs (loop1): Directory bread(block 37) failed
[   37.584065][ T4008] FAT-fs (loop1): Directory bread(block 38) failed
[   37.591738][ T4008] FAT-fs (loop1): Directory bread(block 39) failed
[   37.598706][ T4008] FAT-fs (loop1): Directory bread(block 40) failed
[   37.606545][ T4008] FAT-fs (loop1): Directory bread(block 41) failed
[   37.654591][ T4008] syz.1.220: attempt to access beyond end of device
[   37.654591][ T4008] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128
[   37.667958][ T4008] Buffer I/O error on dev loop1, logical block 1028, async page read
[   37.676441][ T4008] syz.1.220: attempt to access beyond end of device
[   37.676441][ T4008] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128
[   37.689820][ T4008] Buffer I/O error on dev loop1, logical block 41991, async page read
[   37.698133][ T4008] FAT-fs (loop1): Filesystem has been set read-only
[   37.704803][ T4008] syz.1.220: attempt to access beyond end of device
[   37.704803][ T4008] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128
[   37.718082][ T4008] Buffer I/O error on dev loop1, logical block 1028, async page read
[   37.740086][ T4008] syz.1.220: attempt to access beyond end of device
[   37.740086][ T4008] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128
[   37.753570][ T4008] Buffer I/O error on dev loop1, logical block 41991, async page read
[   37.765921][ T4008] syz.1.220: attempt to access beyond end of device
[   37.765921][ T4008] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128
[   37.779350][ T4008] Buffer I/O error on dev loop1, logical block 1028, async page read
[   37.788687][ T4008] syz.1.220: attempt to access beyond end of device
[   37.788687][ T4008] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128
[   37.802161][ T4008] Buffer I/O error on dev loop1, logical block 41991, async page read
[   37.812101][ T4008] syz.1.220: attempt to access beyond end of device
[   37.812101][ T4008] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128
[   37.825527][ T4008] Buffer I/O error on dev loop1, logical block 1028, async page read
[   37.836266][ T4008] syz.1.220: attempt to access beyond end of device
[   37.836266][ T4008] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128
[   37.849666][ T4008] Buffer I/O error on dev loop1, logical block 41991, async page read
[   37.859534][ T4008] syz.1.220: attempt to access beyond end of device
[   37.859534][ T4008] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128
[   37.872867][ T4008] Buffer I/O error on dev loop1, logical block 1028, async page read
[   37.882212][ T4008] Buffer I/O error on dev loop1, logical block 41991, async page read
[   38.057712][   T10] IPVS: starting estimator thread 0...
[   38.145491][ T4049] IPVS: using max 2736 ests per chain, 136800 per kthread
[   38.823978][ T4101] syzkaller1: entered promiscuous mode
[   38.829588][ T4101] syzkaller1: entered allmulticast mode
[   38.957866][ T4108] loop4: detected capacity change from 0 to 1024
[   38.982975][ T4108] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.015353][ T4108] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.263: Allocating blocks 497-513 which overlap fs metadata
[   39.078992][ T4117] netlink: 12 bytes leftover after parsing attributes in process `syz.0.267'.
[   39.082269][ T4106] EXT4-fs (loop4): pa ffff888106ee90e0: logic 16, phys. 129, len 24
[   39.096096][ T4106] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   39.119200][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.130340][ T4121] loop0: detected capacity change from 0 to 256
[   39.143615][ T4121] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   39.250474][ T4134] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   39.333021][ T4130] loop4: detected capacity change from 0 to 8192
[   39.385813][ T4130]  loop4: p1 p2 p3 p4
[   39.401652][ T4130] loop4: p3 start 331777 is beyond EOD, truncated
[   39.408740][ T4130] loop4: p4 size 262144 extends beyond EOD, truncated
[   39.794180][ T4172] loop0: detected capacity change from 0 to 8192
[   39.868103][ T4172]  loop0: p1 p2 p3 p4
[   39.879522][ T4172] loop0: p3 start 331777 is beyond EOD, truncated
[   39.886191][ T4172] loop0: p4 size 262144 extends beyond EOD, truncated
[   40.013846][ T4197] loop3: detected capacity change from 0 to 512
[   40.032364][ T4201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'.
[   40.041373][ T4201] netlink: 'syz.0.302': attribute type 30 has an invalid length.
[   40.055263][   T41] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   40.070423][   T41] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   40.075953][ T4197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.080807][   T41] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   40.101768][   T41] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   40.111573][ T4197] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   40.153192][ T4197] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.300: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1
[   40.174795][ T4197] EXT4-fs (loop3): Remounting filesystem read-only
[   40.419459][ T4224] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   40.743703][   T29] kauditd_printk_skb: 480 callbacks suppressed
[   40.743719][   T29] audit: type=1400 audit(1757263916.556:1212): avc:  denied  { name_bind } for  pid=4246 comm="syz.2.323" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   40.794857][   T29] audit: type=1400 audit(1757263916.606:1213): avc:  denied  { validate_trans } for  pid=4248 comm="syz.2.324" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   40.945675][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.965313][   T29] audit: type=1326 audit(1757263916.776:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   40.988778][   T29] audit: type=1326 audit(1757263916.776:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.012092][   T29] audit: type=1326 audit(1757263916.776:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.048248][   T29] audit: type=1326 audit(1757263916.786:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.071679][   T29] audit: type=1326 audit(1757263916.786:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.095280][   T29] audit: type=1326 audit(1757263916.786:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.118802][   T29] audit: type=1326 audit(1757263916.786:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.142659][   T29] audit: type=1326 audit(1757263916.786:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4260 comm="syz.3.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea7092ebe9 code=0x7ffc0000
[   41.541672][ T4290] netlink: 96 bytes leftover after parsing attributes in process `syz.4.342'.
[   41.818301][ T4303] geneve2: entered promiscuous mode
[   42.356106][ T4342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.366'.
[   42.397153][ T4346] SELinux: failed to load policy
[   42.609032][ T4357] netlink: 8 bytes leftover after parsing attributes in process `syz.1.371'.
[   42.682514][ T4365] loop4: detected capacity change from 0 to 4096
[   42.691590][ T4365] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.708741][ T4365] capability: warning: `syz.4.375' uses deprecated v2 capabilities in a way that may be insecure
[   42.727176][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.771802][ T4381] Falling back ldisc for ptm1.
[   43.203465][ T4412] loop4: detected capacity change from 0 to 256
[   43.213701][ T4412] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   43.227725][ T4412] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   43.250359][ T4412] loop4: detected capacity change from 0 to 512
[   43.350586][ T4427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.403'.
[   43.381437][ T4434] netlink: 'syz.1.406': attribute type 13 has an invalid length.
[   43.572071][ T4434] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.579396][ T4434] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.655404][    C1] hrtimer: interrupt took 40041 ns
[   43.787226][ T4434] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   43.845097][ T4434] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   44.060994][ T4456] loop3: detected capacity change from 0 to 8192
[   44.074807][  T483] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   44.095123][  T483] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   44.150170][  T483] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   44.160442][  T483] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   44.212710][ T4459] ==================================================================
[   44.220919][ T4459] BUG: KCSAN: data-race in fat16_ent_put / fat_mirror_bhs
[   44.228124][ T4459] 
[   44.230439][ T4459] write to 0xffff88811cb043f2 of 2 bytes by task 4456 on cpu 1:
[   44.238071][ T4459]  fat16_ent_put+0x28/0x60
[   44.242501][ T4459]  fat_ent_write+0x6c/0xe0
[   44.246932][ T4459]  fat_chain_add+0x15d/0x440
[   44.251525][ T4459]  fat_get_block+0x46c/0x5e0
[   44.256113][ T4459]  __block_write_begin_int+0x400/0xf90
[   44.261594][ T4459]  cont_write_begin+0x5fc/0x970
[   44.266465][ T4459]  fat_write_begin+0x4f/0xe0
[   44.271062][ T4459]  cont_write_begin+0x1b0/0x970
[   44.275917][ T4459]  fat_write_begin+0x4f/0xe0
[   44.280501][ T4459]  generic_cont_expand_simple+0xad/0x150
[   44.286137][ T4459]  fat_cont_expand+0x3e/0x170
[   44.290827][ T4459]  fat_setattr+0x2a5/0x8a0
[   44.295258][ T4459]  notify_change+0x806/0x890
[   44.299848][ T4459]  do_ftruncate+0x34b/0x450
[   44.304353][ T4459]  __x64_sys_ftruncate+0x68/0xc0
[   44.309297][ T4459]  x64_sys_call+0x2d52/0x2ff0
[   44.313979][ T4459]  do_syscall_64+0xd2/0x200
[   44.318502][ T4459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.324690][ T4459] 
[   44.327012][ T4459] read to 0xffff88811cb04200 of 512 bytes by task 4459 on cpu 0:
[   44.334728][ T4459]  fat_mirror_bhs+0x1df/0x320
[   44.339441][ T4459]  fat_alloc_clusters+0x98b/0xa80
[   44.344495][ T4459]  fat_get_block+0x258/0x5e0
[   44.349090][ T4459]  __block_write_begin_int+0x400/0xf90
[   44.354552][ T4459]  cont_write_begin+0x5fc/0x970
[   44.359414][ T4459]  fat_write_begin+0x4f/0xe0
[   44.364021][ T4459]  generic_perform_write+0x181/0x490
[   44.369322][ T4459]  __generic_file_write_iter+0x9e/0x120
[   44.374888][ T4459]  generic_file_write_iter+0x8d/0x2f0
[   44.380385][ T4459]  do_iter_readv_writev+0x49c/0x540
[   44.385613][ T4459]  vfs_writev+0x2df/0x8b0
[   44.389959][ T4459]  __se_sys_pwritev2+0xfc/0x1c0
[   44.394831][ T4459]  __x64_sys_pwritev2+0x67/0x80
[   44.399688][ T4459]  x64_sys_call+0x2c55/0x2ff0
[   44.404378][ T4459]  do_syscall_64+0xd2/0x200
[   44.408896][ T4459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.414811][ T4459] 
[   44.417305][ T4459] Reported by Kernel Concurrency Sanitizer on:
[   44.423561][ T4459] CPU: 0 UID: 0 PID: 4459 Comm: syz.3.412 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   44.433292][ T4459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   44.443452][ T4459] ==================================================================
[   44.516862][ T4464] netlink: 36 bytes leftover after parsing attributes in process `syz.2.414'.