last executing test programs: 49.312968315s ago: executing program 4 (id=2066): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffc00, 0x3, 0x2, 0xfffffffd, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sync() sync() 49.106511917s ago: executing program 4 (id=2072): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0) close(r0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 49.106081327s ago: executing program 4 (id=2073): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="137c0300231a0500340012800e0001006970366772657461700000001a4102800600"], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e0"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r1, 0x35, 0x0, 0x6, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0, 0x0], 0x0, &(0x7f0000000300), 0x0}, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48) write$cgroup_devices(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB='c *:'], 0xa) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffff, 0x4, 0x5, 0x1000, 0x1, 0xffff2d79, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x24, 0x2, 0x3}, 0x50) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x42, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@generic={0x88, 0x2}]}}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="09000000fdffffff83000000440d000020000000", @ANYRES32, @ANYBLOB="010000000000000000b001000000d57c43470015716dc08a1234000000000000ab005ea77004fda1802b2fb646760d0f4f0055f28c10db7b453eaff49ee805", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000003000000ff0100"/28], 0x50) socket$can_bcm(0x1d, 0x2, 0x2) r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@fallback=r6, 0xffffffffffffffff, 0x2b, 0x0, 0x0, @void, @value, @void, @void, r2}, 0x20) 49.105216547s ago: executing program 4 (id=2074): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x54, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x300}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "9f2b"}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 49.090310018s ago: executing program 4 (id=2076): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=@newtaction={0x14, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}}, 0x14}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@local, 0x0, 0x0, 0x4e20, 0x800, 0x2, 0x0, 0x0, 0x3b}, {0x0, 0x4, 0x1, 0x0, 0x0, 0xb}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x80001, 0x1, 0x0, 0x1, 0x1}, {{@in=@broadcast, 0x4d1, 0x32}, 0x2, @in=@remote, 0x3502, 0x1, 0x0, 0x0, 0xa, 0xfffffffd}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 48.949421276s ago: executing program 4 (id=2077): r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[], 0x10) (async) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[], 0x10) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x23) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x7}, 0x6) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.advise\x00', &(0x7f0000000140)=',$', 0x2, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)) pipe2(&(0x7f0000000200), 0x80000) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r5 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x9, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000340)=0x7) write$P9_RVERSION(r4, &(0x7f0000000280)=ANY=[], 0x15) (async) write$P9_RVERSION(r4, &(0x7f0000000280)=ANY=[], 0x15) 33.83751345s ago: executing program 32 (id=2077): r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[], 0x10) (async) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[], 0x10) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x23) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x7}, 0x6) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.advise\x00', &(0x7f0000000140)=',$', 0x2, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)) pipe2(&(0x7f0000000200), 0x80000) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r5 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x9, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000340)=0x7) write$P9_RVERSION(r4, &(0x7f0000000280)=ANY=[], 0x15) (async) write$P9_RVERSION(r4, &(0x7f0000000280)=ANY=[], 0x15) 21.112731965s ago: executing program 2 (id=2391): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff}, {}, {0x4}}, [@tmpl={0x84, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x80000000}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x6c}, 0x2, @in=@rand_addr=0x64010102, 0x0, 0x5}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x10}, 0x40800) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xfd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext, 0x4680, 0x9, 0x400000, 0x2, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e25, 0x400, @remote, 0x2}, 0x1c) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 21.073766797s ago: executing program 2 (id=2393): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) pipe(0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0) ioctl$TIOCSSOFTCAR(r3, 0x5453, 0x0) timerfd_create(0x0, 0x80800) 19.472784891s ago: executing program 2 (id=2408): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x4c, &(0x7f0000000040)={@multicast, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, '\x00\x00\x00\x00\x00\x00'}}}}}}}, 0x0) (fail_nth: 1) 19.152468159s ago: executing program 2 (id=2410): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000a000000000000000000000b02000000000000000300000d00000000000000000300000003000000030000000400000003000000000000000000000a00"], 0x0, 0x5e, 0x0, 0x1}, 0x28) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x1a08800, &(0x7f0000000080)=ANY=[@ANYBLOB="74732c6e6f64b27473033d5554092c00d300000000000000000060093219839e68009b1f0000"], 0x1, 0x261, &(0x7f0000000680)="$eJzs3cFqE0EYB/AvTdKGXtqzeFjw4imobxCkghgQIjnoyUD10oqwvURPeQyfwUfyBbz31Fuk3TVJu0Wxus6G/f0g7Ef+DPmGQGYPM9m39z+cHH88e7/89iUGgyx6EYu4iDiMnehGoVNed67q3di0iIp+9S0AoEkmk9kodQ/UK89Hs8ubsr1KMv2apCEAAAAAAAAAAAD+2h32/3c3x9+y/x8AaLjq/v/vB6l6oR55Pprtl/dv19n/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKRzsVweLH/xSt0fAPDvWf8BoH2s/wDQPtZ/AGifV6/fvBiNx0eTLBtEnC/m0/m0uBb5s+fjo0fZlcP1qPP5fNpd5Y+LPLue92O/zJ/cmu/GwwdFfpk9fTm+ke/Fcf3TBwAAAAAAAAAAAAAAAAAAgEYYZis/z/cvImJ1vn84rOTl+fyi2vh/gBvn93txr/c/ZwIAAAAAAAAAAAAAAAAAAADb6+zT55PZ6em7/M+L/p1GKX5TdMpvpo6P6DRhgttSdCOiAW2kKhL/MAEAAAAAAAAAAAAAAAAAQAutD/2m7gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0lk//7++IvUcAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHb4EQAA//9TRY5v") syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='sys_immutable,time_offset=-xfffffffffffffbc3,nodots,time_offset=0x0000000000\x00\x00\x00\x00bd,nodots,dots,check=relaxed,dots,\x00', @ANYRES32, @ANYRES32, @ANYBLOB="abce7722dd6424573d4d540d099f3cfb1ae627e939637188562338930e513e7c69a9b0f3fad0fa5d4eb3e5287e4e31d621085d5dfe0c8c378cd17b6372f8e4fa5477243bcc78a81c0479889e39f874b1cc7ae16e3fd25e591f28370527a02625222d073d8c57f5acedd2abd0a32e50a1dfea46c61cdbc6173b39711a8f81038c403969afee97536844c5d4212afd477906fbdc5e88a1cc151263a93efea628c9fecf19934b00ef9b5a405c987b86bf80d391f4153fd39ec67b81eb6cbc8892772f6c1f7804ceb9df48274e73feb925a6dbfe0c53f467013241acaea8d887d30e4f8eff2f813a09269320afd734b2f8758f45f347f9a6785831", @ANYRES8, @ANYRESHEX], 0x1, 0x556, &(0x7f0000002f40)="$eJzs2j9rGmEcB/BfEqPSpc4lw9EunULaqWOlGAgVChaHdspB7OKFwrmcTnk3hb62bi7ZLOYkxv4JDdWcTT8fkPvi9xF+j6B3w3N6cN6Iz6NPr759iebrpLYbEbuXEa2Yp9LO4rp7letx00UAAP+aXi9tVz0Dm5Xn7XT+DNf4qel/rWQgAAAAAAAAAAAA/trpwfnwbHn+P5z/B4CHz/n/hy/P22l98fy2yvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDqXs9nj2S2vqucDANbP/R8A/j/vP3x82+52O70kaUZML4p+0S+vZX980u0cJXP7reWnpkXR37vuXySl1X4/Hi36l7/s6/H8WdnPuzfvuj/0jTjb/PYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAGw6Ta63lu9Oi6O+V/eHv+jIdn3Q7R4sFq30tntTubRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGozGk2GaZYP8j8LTuMPijYSIW9fs3NMYe5V+CcvQiK0YQ9jq0Lzjz/wqVP3PBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVGU0ngzTLBvko6onAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2xWg8GaZZNsg3GKreIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr9z0AAP//zadcQQ==") syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000001200)='./file1\x00', 0x1008010, &(0x7f0000000440)={[{@nodots}, {@fat=@umask={'umask', 0x3d, 0x5}}, {@fat=@check_strict}, {@dots}, {@nodots}, {@nodots}]}, 0x1, 0x11b2, &(0x7f0000002440)="$eJzs201rY1UYB/DHvpia2hffrRsPutHNxXbhyk2RFqQBpW2EVhBuaaohMQm5WSTiouDOlZ9DXLoTxC/gJymC6KYrr7SRdjp0hpkObWDm99vkgX8OnIcLF87lPCcf/fhN66jIjvJBTD03GzO9iHSaIsVUTMfYcbz//eY/P+zs7W+t12ob2yltru+ufphSWnz7ty+++/md3wfzn/+y+Gsl/lj+8uSvtbMlKyf/7n7dLFKzSJ3uIOXpoNsd5AftRjpsFq0spc/ajbxopGanaPSv5Eftbq83SnnncKHa6zeKIuWdUWo1RmnQTYP+KOVf5c1OyrIsLVSDJ1H/6bQsy4iynI3noyzL8oWoxny8GAuxGEtRiYiX45V4NV6L1+ONeDNWzv816X0DAAAAAAAAAAAAAAAAAADA0+Xh8//L8ZL5fwAAAAAAAAAAAAAAAAAAALh15v8BAAAAAAAAAAAAAAAAAABg8sz/AwAAAAAAAAAAAAAAAAAAwOTt7O1vrddqG9spzUX8eTysD+vj33G++Ult44N0bvly1d/DYX36Il8d5+lqXonq//natflcvPfuOD/LPv60dl/+VhzefvsAAADwTMjShWvP91n2oHxc3fN94Or5fSkiZu6sDW6oGH3bytvtRl+hUCguikm/mbgLlw990jsBAAAAAAAAAADgcTzifcBKRNz4OuGkewQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+I8dOBYAAAAAEOZvnUbHBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABXBQAA///GWZIG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r2 = fsmount(r1, 0x0, 0x2) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x2, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x4000) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="b40500000000000071107c0000000000050000000000000095000000000000009c4d861ab9930f869aded94d79d5724bad823a7e76feb1eb2e492442c02f0d0e942d615784faaf61c0c1be20f2936baf1650e2c4ca783e9334b43f202edfd2b0d9714efea59179c615dd3108312632eaf5ae8b84bcd44487cd3c333a2ffdedd2ed6ce7b71006f09ec68afb419c6a40d2b09ba44e06e8b2a8cc1e103a8ce7050733ef335206d47fd34e8f9cdbe40ab00237708acf2eebd9bf75612c21f6da0ee92ca264383db670c96a64cd7398de31702ecb3a50d0d8554cc46b623d22a74e4380fb87d5a4764ce13c9a4b238f3e447edcaba77c084618a3ba7b712ef87bc8fca56e9329aea71ac99e73d64e4224c749e63ff57b221e4bb2b86a99dc1434b15f04547f5572f045cc8b6d22328016c77797a4c8c506ab03d7a4bdee47f151d496653dc9bf493e266013b3"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x2, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x1000, 0x20000003}, 0x0) setpgid(0x0, r3) fchdir(r2) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00') 18.820441369s ago: executing program 2 (id=2416): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x2) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x11, r2, 0x2000) socket$nl_route(0x10, 0x3, 0x0) r3 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x118, 0x0) mq_notify(r3, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mq_notify(r3, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x79, &(0x7f0000000040)=ANY=[@ANYBLOB="0000007164325e2fcf86b813cfd82d9e365f2141e21f0d7bc83dd39fda7eae2413e87cf7579f9579081373bd08000000fe7fc35ea629f4867a7accb42f4cc71f8d89ea5caadc428b3814b930a67b4ffb15f86b6acde2b088b46a1d6bc3c3c13c4c299b7a46ff53ee41dbb755d9fdd53a6f106ccd15ad918900"]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="180300000000000000000000000000808510000006000000180000000000000000000000000000006600020000000000180000000000000000000000000000009500000000000000870300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) fsmount(r0, 0x0, 0x2) (async) fchdir(r1) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) (async) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x11, r2, 0x2000) (async) socket$nl_route(0x10, 0x3, 0x0) (async) mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x118, 0x0) (async) mq_notify(r3, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) mq_notify(r3, 0x0) (async) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) (async) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x79, &(0x7f0000000040)=ANY=[@ANYBLOB="0000007164325e2fcf86b813cfd82d9e365f2141e21f0d7bc83dd39fda7eae2413e87cf7579f9579081373bd08000000fe7fc35ea629f4867a7accb42f4cc71f8d89ea5caadc428b3814b930a67b4ffb15f86b6acde2b088b46a1d6bc3c3c13c4c299b7a46ff53ee41dbb755d9fdd53a6f106ccd15ad918900"]) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="180300000000000000000000000000808510000006000000180000000000000000000000000000006600020000000000180000000000000000000000000000009500000000000000870300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) (async) 18.712869425s ago: executing program 2 (id=2418): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) pipe(0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0) ioctl$TIOCSSOFTCAR(r3, 0x5453, 0x0) timerfd_create(0x0, 0x80800) 18.712033775s ago: executing program 33 (id=2418): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) pipe(0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0) ioctl$TIOCSSOFTCAR(r3, 0x5453, 0x0) timerfd_create(0x0, 0x80800) 1.999967633s ago: executing program 1 (id=2682): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.930466117s ago: executing program 0 (id=2684): openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000f51000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3024000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a30"], 0xf0}}, 0x0) 1.918828868s ago: executing program 1 (id=2685): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r0, 0x1, 0x70bd29, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000600)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x98, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0xffff}, @TCA_SKBMOD_PARMS={0x24}]}, {0x4}, {0xc}, {0xc}}}, @m_mpls={0x38, 0x2, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x4000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x40, 0xc, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL, @IPSET_ATTR_SETNAME={0x0, 0x2, 'syz2\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000080}, 0x80) 1.835202732s ago: executing program 0 (id=2688): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, 0x0) 1.676316342s ago: executing program 0 (id=2691): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x4f, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x8) io_setup(0x200, 0x0) setresuid(0x0, 0x0, 0x0) syz_clone(0x1100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.374562089s ago: executing program 0 (id=2696): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x53a1bd79, 0x7, 0x9, 0x86, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000880)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000003000008000000180001801400020073797a5f74756e00000000000000000024000280040001001c0003800c0001"], 0x50}}, 0x0) 1.328610062s ago: executing program 5 (id=2697): pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$system_posix_acl(&(0x7f0000000480)='./file0/../file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f0000000a40)={{}, {0x1, 0x1}, [], {0x4, 0x4}, [], {}, {0x20, 0x3}}, 0x24, 0x0) llistxattr(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000140)=""/23, 0x17) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18) connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r4, 0x2285, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) syz_emit_ethernet(0x10d, &(0x7f0000000840)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60f4a30001d73a01fe00cd99b21976e138d565f6a40c00000000000000000000bb2001000000000000000000000000000187009078fe80000012afba6a0ecd0000000000000000000000bb031845c7c6d98230c9ffd690b3c78d2f34fab75506765e212e0e9dd4cada9fef9b498efc4f3659dadc334d04116cd698e830649f1afe6d7f97614846c686bf6e2aefd87e8ef81b6941c464da9fb10da9f37644fbe66a18e5251b128d0f11bb3238afa659e682512a3bfe2fbd233ff5dd1ca6c2db9073e6be8c0ea6208b21d4da9047ef0c8f6cf0fedc48f4e95ae3acd4bd2f7983b3c4aa17fe6cc96bb0d2e9086d8598f4bba18058430f67cd0123adf4239ab949714d6b892fe8dd916fad5a0000e7132049695cec0eeededba387075e030483aba6b81bae8a5db2faefa86cb75c2f3cc3e826b76aa2736d7fa8fb24285215939c334e8d248356afd9221ebd41104b36deb5ec7ca381f891c5106263b2f095"], 0x0) write$sndseq(r5, &(0x7f0000000100)=[{0x6, 0xfc, 0x2, 0x4, @tick=0x101, {0x1, 0x3}, {0x9, 0x7}, @note={0x40, 0x9d, 0x35, 0x1, 0xa84d}}], 0x1c) pipe(0x0) syz_emit_ethernet(0x3b6, &(0x7f0000000a80)=ANY=[@ANYBLOB="ffffffffffffec5b4e1c05ff86dd60122d9203803afffe8000000000000000000000000000bbff02000000000000000000000000000186009078ff0000000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c0500000000000000af736b41e5af030200010000000500000000260004000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177304c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b104185e6ecd9602ba95392343e9bbd447ef6bc1ba42399907ccd0a562db212baa39eb80600240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000000b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107b8a3e10090affa7e8600006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d9a0274500040000000013eaf4000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0005d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed71f584acf4dbbc355cc4e144ed2d29cdbf6a1fd23eb8183e6b5af454380c3691c6269961d297"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) setresuid(0xee00, 0xee01, 0x0) setuid(0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x61, &(0x7f0000000300)={'filter\x00', 0x4}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x294}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000003b0007010000000000000000047c00008dc0de000c0001"], 0x24}}, 0xc000) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.222113938s ago: executing program 0 (id=2699): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') lseek(r1, 0x4, 0x1) (async) lseek(r1, 0x4, 0x1) getdents64(r1, 0xffffffffffffffff, 0x43) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) (async) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a94000000060a010400000000000000000a00080154000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a32000000000900010073797a3100000000140005800800014000000000060002"], 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 1.168429621s ago: executing program 5 (id=2701): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, 0x0) 1.036977869s ago: executing program 1 (id=2702): r0 = socket(0x2b, 0x80801, 0x1) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0xd}, 0x1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000080)='c', 0x1}], 0x1, &(0x7f0000000a80)=ANY=[@ANYBLOB="480000000000000029000000370000002b0500000000000007280000000308480400030000000000000008000000000000000104000000000000080000000000000004010300000014000000000000002900000043000000080000000000000050"], 0xb0}}], 0x1, 0x4000801) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}]}, &(0x7f00000001c0)=0x10) shutdown(r1, 0x1) getsockopt$bt_hci(r1, 0x84, 0x6c, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x20000080) bind$packet(r0, &(0x7f0000001840)={0x11, 0xf8, 0x0, 0x1, 0x72, 0x6, @remote}, 0x14) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000000)={0x8001, 0x8, 0x8001, 0x6, 0x1, 0x1}) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0637bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd000000100001000c081000418e224e0004fcff", 0x58}], 0x1) 1.036479159s ago: executing program 3 (id=2703): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000300)=r5) write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 970.783033ms ago: executing program 5 (id=2704): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x1f4, 0xd50, 0x1000000, &(0x7f0000000100)="ff412f66b0833efc8864968781", 0x0, 0x300, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x2}, 0x50) (fail_nth: 1) 765.882835ms ago: executing program 5 (id=2705): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e1d, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r1 = epoll_create(0x7) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, @perf_bp={0x0, 0x6}, 0x9092, 0x0, 0x43a1bd76, 0x9, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) 765.295855ms ago: executing program 3 (id=2706): r0 = socket(0x80000000000000a, 0x2, 0x0) close(0xffffffffffffffff) open_tree(0xffffffffffffff9c, 0x0, 0x89901) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x8}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x54, 0x18, 0x1, 0x1070bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x8f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xb6}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4085}, 0x20040844) getsockopt$inet_int(r0, 0x0, 0x18, 0x0, &(0x7f0000000240)) socket(0x80000000000000a, 0x2, 0x0) (async) close(0xffffffffffffffff) (async) open_tree(0xffffffffffffff9c, 0x0, 0x89901) (async) socket(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'lo\x00'}) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0x8}]}}]}, 0x3c}}, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x54, 0x18, 0x1, 0x1070bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x8f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xb6}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4085}, 0x20040844) (async) getsockopt$inet_int(r0, 0x0, 0x18, 0x0, &(0x7f0000000240)) (async) 660.484421ms ago: executing program 3 (id=2708): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x301, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000801}, 0x40) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2006c08030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x7c}}, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, 0x500b8, 0x452bc}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}]}}}]}, 0x3c}, 0x1, 0x8100, 0x0, 0x20008010}, 0x24048800) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0009000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x44}}, 0x20008000) 660.147741ms ago: executing program 6 (id=2709): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB='c *:'], 0xa) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffff, 0x4, 0x5, 0x1000, 0x1, 0xffff2d79, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x24, 0x2, 0x3}, 0x50) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x42, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@generic={0x88, 0x2}]}}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="09000000fdffffff83000000440d000020000000", @ANYRES32, @ANYBLOB="010000000000000000b001000000d57c43470015716dc08a1234000000000000ab005ea77004fda1802b2fb646760d0f4f0055f28c10db7b453eaff49ee805", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000003000000ff0100"/28], 0x50) socket$can_bcm(0x1d, 0x2, 0x2) r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@fallback=r4, 0xffffffffffffffff, 0x2b}, 0x20) 635.689742ms ago: executing program 5 (id=2710): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="600000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="137c0300231a0500340012800e0001006970366772657461700000001a4102800600"], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e0"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r2, 0x35, 0x0, 0x6, 0x0, 0x0, 0x0, &(0x7f0000000180)=[0x0, 0x0], 0x0, &(0x7f0000000300), 0x0}, 0x40) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48) write$cgroup_devices(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB='c *:'], 0xa) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0xffff, 0x4, 0x5, 0x1000, 0x1, 0xffff2d79, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x24, 0x2, 0x3}, 0x50) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r9, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$inet_mreq(r8, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x42, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@generic={0x88, 0x2}]}}, @dest_unreach={0x3, 0x7, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r9, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={@map=r6, 0xffffffffffffffff, 0x24, 0x2000, 0xffffffffffffffff, @value, @void, @void, @void, r4}, 0x20) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYBLOB="010000000000000000b001000000d57c43470015716dc08a1234000000000000ab005ea77004fda1802b2fb646760d0f4f0055f28c10db7b453eaff49ee805", @ANYRES32], 0x50) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000740)={@map=r10, 0xffffffffffffffff, 0x33, 0x10, 0x0, @void, @value, @void, @void, r4}, 0x20) socket$can_bcm(0x1d, 0x2, 0x2) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r12 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000100)='./file0\x00', 0x0, 0x10, r0}, 0x18) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)=ANY=[@ANYRES32=r11, @ANYRES32=r1, @ANYBLOB="0a0000005300002c1f000000", @ANYRES32=r12, @ANYBLOB, @ANYRES64=r4], 0x20) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000300)={0x0, 0x882}, 0x8) r13 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@fallback=r13, 0xffffffffffffffff, 0x2b, 0x0, 0x0, @void, @value, @void, @void, r4}, 0x20) 587.953565ms ago: executing program 0 (id=2711): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e40)=ANY=[@ANYBLOB="900000000002010400000000000000000a000000040001803c0003802c0001801400030000000000000000000000ffffac1e000114000400ff01000000000000000000"], 0x90}, 0x1, 0x0, 0x0, 0x24000801}, 0x4054) r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4439, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x1, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x5, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x9) semget$private(0x0, 0x7, 0x191) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x11, @loopback, 0x0, 0x1, 'lblcr\x00', 0x32, 0x0, 0xfffffffc}, 0x2c) r6 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4261, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_bp={0x0, 0xa}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0xe, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) mmap$perf(&(0x7f000084c000/0xf000)=nil, 0xf000, 0x3800004, 0x4000010, r6, 0x3) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f000084c000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000440)=@nat={'nat\x00', 0x62, 0x5, 0x3e0, 0x0, 0x178, 0xffffffff, 0x0, 0x2a0, 0x348, 0x348, 0xffffffff, 0x348, 0x348, 0x5, 0x0, {[{{@uncond, 0x0, 0x98, 0xd0, 0x0, {0x22e}, [@common=@unspec=@state={{0x28}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x25, {0x3, @local, @broadcast}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @remote, @empty, @gre_key, @gre_key}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 'batadv0\x00', 'bond0\x00'}, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@addrtype={{0x30}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1, @multicast2, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @local, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x440) syz_usb_connect(0x2, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0xb5, 0x29, 0x91, 0x10, 0x4dd, 0x9032, 0x4346, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x16, 0x2, 0x60, 0x40, [{{0x9, 0x4, 0x74, 0xa, 0x1, 0x2, 0x6, 0x0, 0x7, [], [{{0x9, 0x5, 0xdd7221554e5ebcc3, 0x0, 0x400, 0x4, 0x4, 0x2}}]}}]}}]}}, 0x0) 560.922117ms ago: executing program 6 (id=2712): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)}, {&(0x7f0000001c00)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097385fb05cf8db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61210c410d799168ffc4b64677af924affd442035db81e18c2d2462d0bb25fff9d3b1ce9035979", 0xac}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de21450df098c113e179a0d340", 0x30}, {&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b943", 0xc5}], 0x4}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4dea184fd7a0a0f4d441763e30d1bc475502a1de1ffbc0e30cb196a2c508", 0x165}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442c", 0x10e}, {&(0x7f0000000840)="8d684aa45f4b69499d707f3c8d114132fee1eafdcbbc5a16cb7b2841192b5779f99579e5c788b15b023df831028b9e6b5e9edd61", 0x34}], 0x3}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 532.381088ms ago: executing program 6 (id=2713): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x110140, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r2 = epoll_create1(0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000280)={0x32, 0x17, '\x00', [@calipso={0x7, 0x48, {0x3, 0x10, 0x7e, 0x1, [0x1, 0xffffffffffffffff, 0x80, 0xf, 0x1, 0x3, 0x6, 0x7]}}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @calipso={0x7, 0x20, {0x0, 0x6, 0x2, 0x6, [0x400, 0x3, 0x3a79]}}, @hao={0xc9, 0x10, @loopback}, @enc_lim={0x4, 0x1, 0x10}, @jumbo={0xc2, 0x4, 0x7}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}]}, 0xc8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001}) epoll_wait(r5, &(0x7f0000000140)=[{}], 0x1, 0xffffffff) r6 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}], 0x0, 0x1}, 0x20) 531.386329ms ago: executing program 5 (id=2714): syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000740)='./file0\x00', 0x759, &(0x7f0000000880)={[{@noload}, {@acl}, {@resuid={'resuid', 0x3d, 0xee00}}, {@errors_remount}, {@init_itable, 0x0}, {}, {@journal_dev={'journal_dev', 0x3d, 0x400000000000010}}, {@i_version}, {@nobarrier}, {@min_batch_time={'min_batch_time', 0x3d, 0x7fffffff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xb6a}}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==") r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, &(0x7f0000000080), 0x4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x10) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x1, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf40000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = creat(&(0x7f0000000040)='./bus\x00', 0xa) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800) fcntl$setstatus(r3, 0x4, 0x6000) io_setup(0x1ff, &(0x7f00000001c0)=0x0) ptrace(0x11, 0x0) ftruncate(r3, 0x81fe) io_submit(r5, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x4000, 0xa00}]) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 296.631052ms ago: executing program 6 (id=2715): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xb}, {0xffff, 0xfff3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x440e0}, 0x4890) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0", 0x64}, {&(0x7f0000000880)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000000640)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f646c2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d7887d00cb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1db22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf10701000000bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323c8d3900a65b788e99ddf9d9a2383f1730c78631034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3d336bda45335a68c185e0ca79792cc1a9253da5271d1c9", 0x17f}], 0x3}, 0x0) 296.118682ms ago: executing program 3 (id=2716): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4261, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_bp={0x0, 0xa}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0xe, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r0, &(0x7f0000000c80)="e8", 0x6200, 0x12000378, 0x0, 0x0) 285.237663ms ago: executing program 1 (id=2717): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f00000001c0)={'geneve0\x00', @local}) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x7) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e000000000000003ed95bdc0000008040000000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000100"/28], 0x50) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x75, 0x14, 0xae, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1181, 0x2, @perf_bp={0x0, 0x8}, 0xc04, 0x0, 0xfffe, 0x6, 0x2, 0x8d, 0x1, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/arp\x00') pread64(r3, 0x0, 0x0, 0x3) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40440b0) sigaltstack(&(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0xfafe}, 0x0) gettid() r4 = socket(0x2, 0x800, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, 0x0, &(0x7f0000000680)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000440)={0x0}, &(0x7f00000005c0)=0xc) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) epoll_pwait(r3, &(0x7f0000000880)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x1, &(0x7f0000000900), 0x8) r6 = syz_clone3(&(0x7f00000002c0)={0x2020200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xc}, &(0x7f00000000c0)=""/82, 0x52, &(0x7f0000000180)=""/232, &(0x7f0000000280)=[0x0, r5, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0], 0x8}, 0x58) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x8000000, 0x4, 0x370, 0xffffffff, 0x0, 0xe8, 0x0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'ip6gre0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x3, 0x5, {0x2000010}}}}, {{@ipv6={@private2, @private2={0xfc, 0x2, '\x00', 0x1}, [0x0, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xf97f1f27bc0fd003, 0xff000000], 'bridge_slave_0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x11, 0x80, 0x7, 0x6a}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0) sigaltstack(&(0x7f00000004c0)={0x0, 0x80000001}, &(0x7f0000000600)={&(0x7f0000000540)=""/96, 0x0, 0x60}) prlimit64(r6, 0x0, &(0x7f0000000140)={0x1, 0xffffffffffffffff}, 0x0) bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14) connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000500)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0002}}}, 0x14) 191.031449ms ago: executing program 6 (id=2718): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x600, 0x30000}}], 0x400000000000284, 0xf00) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x4, 0x0, 0x0) 160.45343ms ago: executing program 3 (id=2719): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0x9}, 0x6000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x8, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x1}, 0x2190, 0x8000000000000001, 0x8, 0x1, 0x8, 0x2020005, 0x100b, 0x0, 0xd000000, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) 159.84958ms ago: executing program 1 (id=2720): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e1d, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r1 = epoll_create(0x7) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, @perf_bp={0x0, 0x6}, 0x9092, 0x0, 0x43a1bd76, 0x9, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) 112.579333ms ago: executing program 6 (id=2721): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) eventfd(0xc2) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private1, @in6=@dev={0xfe, 0x80, '\x00', 0x26}, 0x0, 0x0, 0x0, 0xfffe, 0xa, 0x0, 0x0, 0x5c}, {0x0, 0x7, 0xfffffffffffffffc, 0x0, 0x7, 0x2, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x20000000) socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000c00)=@raw={'raw\x00', 0x8, 0x3, 0x268, 0xd8, 0x43, 0xa0, 0x0, 0x98, 0x1d0, 0x178, 0x178, 0x1d0, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0xff000000, 'veth0_to_bond\x00', 'netpci0\x00', {}, {}, 0x0, 0x0, 0x60}, 0x12a, 0x70, 0xd8, 0x0, {0x0, 0x7a010000}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x0, 0x7, '\x00', 'syz1\x00', {0xd063}}}}, {{@ip={@rand_addr=0x64010101, @broadcast, 0x0, 0xff, 'ip6erspan0\x00', 'veth0_to_bond\x00', {}, {}, 0x6, 0x1}, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast2, [0x0, 0xff000000, 0x0, 0xffffff00], 0x1000, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x16b}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2c8) setrlimit(0x7, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000140)={'vxcan0\x00', 0x0}) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000200)={0xffffffff80000000, r2, 0x5450e38a9b123bed, {0x3, 0x5}, 0xf3}, 0x1) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@deltclass={0x60, 0x29, 0x20, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x7, 0xfff1}, {0x0, 0xa}, {0x0, 0xf}}, [@tclass_kind_options=@c_fq_codel={0xd}, @TCA_RATE={0x6, 0x5, {0x4, 0x8}}, @tclass_kind_options=@c_mqprio={0xb}, @tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_ingress={0xc}]}, 0x60}}, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x20083e, &(0x7f0000000180)={[{}, {@min_batch_time={'min_batch_time', 0x3d, 0x7ffe}}, {@min_batch_time={'min_batch_time', 0x3d, 0x401}}]}, 0x3, 0x416, &(0x7f0000000a40)="$eJzs3c9rHFUcAPDvTH60TX8kBQ/+QAgqGBCTJm3VgkKDFw/tyR48GpK0hm4aSSLYErSieFNQ/ANUUP8Ej3rwf9CzetBCkBxMvUVmdmYz7mbTJN1ka/P5wGPfmze7782+fbOzL29eAji0hiPiYkT0RMSZiBgstqdFiNv1kO23vrYy/c/aynQSGxuv/5VEUmwrXyspHo8XLzCSRqQfJfHEFuUu3bx1fapWm10s0mPL82+PLd289fzc/NS12WuzNyZeOHvu/PmXLky82LFjXZ1PPnnm20u/f/bxzOc///nDUFbfE0Ve9Tg6ZTiGG+9JswudLqzLjlbiSW8XKwIAwLbS4tq/N7/+H4ye2Lx4G4xPf+pq5QAAAICO2NgoHwEAAICHV7Kj3/49rXv1GTYAAACA/4dyHsD62sp0Gbo4HYEDtjoZEUP19r9bhHpOb+Oe3r6m+3s7aTgiXjt6eSILsU/3YQMAAAAcZj9O1hf+ax3/S+PRyn7HImKgXNuvg4ab0q3jP+mdDhdJxepkxMsRcbdl/C8tdxnqKVIn86HCvuTqXG32TEScioiR6DuSpce3KeO9p65/1y6vOv735W9vjGflZ4+be6R3eo/89zkzU8tT93PMbFr9IOLx3q3aP2mM+VbXydyLN+fWX2mXl7V/1t5laG1/9tPGVxHPbtn/N1cuTbZfn3UsPx+MFWeFI61l/Hrimw/blV/t/1nIyi//FsD+y/r/wLbt35+vk9tYr3dp92V8//flX9rl3bv9tz7/9ydX8gr2F9venVpeXhyP6E8uVbZf/Drf7tPUUL4f5fuVtf/I01t//5fXf0nx3X+qsj70brz6/ukr7fKq7X+y+Bzq/wcna/+Z7c//Tf1/95G3Bh4baVf+zvr/ubwy5Yu4/ru3nTZQt+sJAAAAAAAAQGek+dy+JB1txNN0dLQ+z/eRGEhrC0vLz11deOfGTH0O4FD0peX8z8HKfNDx+m3kjfREU/psRJyOiC8Gj+Xp0emF2ky3Dx4AAAAOieNtfv9n/tjLzR4AAADAg2mo2xUAAAAA9p3f/wAAAPBQu591/Wuzi+W/CNrj0w848mRR2welPiI7ityOiOasHk25z5EunZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyP0bAAD//6/sseI=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4042, 0x0) r5 = syz_io_uring_setup(0x8d6, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) keyctl$restrict_keyring(0xb, 0xfffffffffffffffc, 0x0, 0x0) io_uring_enter(r5, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r8, 0x10c, 0x5, &(0x7f0000000080), &(0x7f0000000040)=0x4) 110.878024ms ago: executing program 1 (id=2722): r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x74, &(0x7f0000000200)={r3, 0x5, 0x20}, &(0x7f00000001c0)=0x18) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={r3, 0x5}, 0x8) 0s ago: executing program 3 (id=2723): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) fcntl$setlease(r0, 0x400, 0x2) write$binfmt_elf64(r0, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x9, 0x47, 0x1, 0x81, 0x2, 0x3e, 0xfffffff9, 0x1f9, 0x40, 0x103, 0x0, 0x5, 0x38, 0x1, 0x78, 0x5, 0x7}, [{0x70000000, 0x5d9, 0x7, 0x0, 0x1, 0x9, 0x7ffffffd, 0x1200}]}, 0x78) lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0) close(r0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): 4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8275 comm="syz.3.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f18dd01ada7 code=0x7ffc0000 [ 159.839854][ T29] audit: type=1326 audit(1770683194.699:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8275 comm="syz.3.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f18dcfdb84e code=0x7ffc0000 [ 160.065252][ T8281] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1665'. [ 160.110791][ T8283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1667'. [ 160.132265][ T8283] siw: device registration error -23 [ 160.210944][ T8290] siw: device registration error -23 [ 160.426846][ T8310] capability: warning: `syz.0.1679' uses 32-bit capabilities (legacy support in use) [ 160.453913][ T3663] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 160.484183][ T3663] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 160.517755][ T8318] fido_id[8318]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 160.593665][ T8329] __nla_validate_parse: 7 callbacks suppressed [ 160.593687][ T8329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1684'. [ 160.608968][ T8329] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1684'. [ 160.657113][ T8334] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1686'. [ 160.667612][ T8334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1686'. [ 160.692452][ T8339] sctp: [Deprecated]: syz.4.1685 (pid 8339) Use of int in max_burst socket option. [ 160.692452][ T8339] Use struct sctp_assoc_value instead [ 161.124130][ T8382] syzkaller0: entered promiscuous mode [ 161.129741][ T8382] syzkaller0: entered allmulticast mode [ 161.154832][ T8385] lo speed is unknown, defaulting to 1000 [ 161.495918][ T8422] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1715'. [ 161.505007][ T8422] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1715'. [ 162.194852][ T8444] syzkaller0: entered promiscuous mode [ 162.200466][ T8444] syzkaller0: entered allmulticast mode [ 162.478597][ T8456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1728'. [ 162.487638][ T8456] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1728'. [ 162.605652][ T8459] loop4: detected capacity change from 0 to 512 [ 162.639881][ T8459] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 162.649000][ T8459] EXT4-fs (loop4): filesystem is read-only [ 162.968872][ T8459] netlink: 'syz.4.1729': attribute type 1 has an invalid length. [ 163.030784][ T8475] bond2: (slave geneve2): making interface the new active one [ 163.040285][ T8475] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 163.049247][ T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 163.061177][ T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 163.080753][ T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 163.094925][ T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 163.196082][ T8478] netlink: 'syz.2.1735': attribute type 32 has an invalid length. [ 163.203964][ T8478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1735'. [ 163.250838][ T8475] syz.4.1729 (8475) used greatest stack depth: 10360 bytes left [ 163.287554][ T8478] bond2: Setting coupled_control to off (0) [ 163.648908][ T8491] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1741'. [ 163.695659][ T8491] siw: device registration error -23 [ 163.905198][ T8499] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8499 comm=syz.3.1746 [ 163.977980][ T8515] netlink: 'syz.2.1750': attribute type 1 has an invalid length. [ 164.190734][ T8534] xt_TPROXY: Can be used only with -p tcp or -p udp [ 164.212961][ T8509] netlink: 'syz.4.1742': attribute type 1 has an invalid length. [ 164.313770][ T8509] 9pnet_fd: Insufficient options for proto=fd [ 164.515260][ T8545] syzkaller0: entered promiscuous mode [ 164.520820][ T8545] syzkaller0: entered allmulticast mode [ 164.552850][ T8547] loop2: detected capacity change from 0 to 1024 [ 164.575228][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 164.575243][ T29] audit: type=1400 audit(1770683199.589:407): avc: denied { read } for pid=8543 comm="syz.2.1759" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 164.604386][ T29] audit: type=1400 audit(1770683199.589:408): avc: denied { open } for pid=8543 comm="syz.2.1759" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 164.627788][ T29] audit: type=1400 audit(1770683199.589:409): avc: denied { ioctl } for pid=8543 comm="syz.2.1759" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x7004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 165.062519][ T8554] netlink: 'syz.1.1762': attribute type 13 has an invalid length. [ 165.225044][ T8554] gretap0: refused to change device tx_queue_len [ 165.233254][ T29] audit: type=1400 audit(1770683200.179:410): avc: denied { create } for pid=8557 comm="syz.4.1765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 165.253251][ T29] audit: type=1400 audit(1770683200.189:411): avc: denied { write } for pid=8557 comm="syz.4.1765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 165.273160][ T29] audit: type=1326 audit(1770683200.189:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8557 comm="syz.4.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711af9af79 code=0x7ffc0000 [ 165.296532][ T29] audit: type=1326 audit(1770683200.189:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8557 comm="syz.4.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f711af9af79 code=0x7ffc0000 [ 165.319895][ T29] audit: type=1326 audit(1770683200.189:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8557 comm="syz.4.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711af9af79 code=0x7ffc0000 [ 165.343468][ T29] audit: type=1326 audit(1770683200.189:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8557 comm="syz.4.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f711af9af79 code=0x7ffc0000 [ 165.366808][ T29] audit: type=1326 audit(1770683200.189:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8557 comm="syz.4.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f711af9af79 code=0x7ffc0000 [ 165.415545][ T8559] netlink: 'syz.1.1762': attribute type 1 has an invalid length. [ 165.438362][ T8554] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 165.698613][ T8570] lo speed is unknown, defaulting to 1000 [ 165.766588][ T8579] syzkaller0: entered promiscuous mode [ 165.772111][ T8579] syzkaller0: entered allmulticast mode [ 165.875719][ T8583] netlink: 'syz.2.1771': attribute type 1 has an invalid length. [ 166.065364][ T8590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.099162][ T8590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.225380][ T8600] __nla_validate_parse: 5 callbacks suppressed [ 166.225397][ T8600] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1778'. [ 166.412842][ T8615] sctp: [Deprecated]: syz.0.1781 (pid 8615) Use of struct sctp_assoc_value in delayed_ack socket option. [ 166.412842][ T8615] Use struct sctp_sack_info instead [ 166.430454][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1781'. [ 166.666289][ T8618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1782'. [ 166.675299][ T8618] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1782'. [ 166.684922][ T8618] siw: device registration error -23 [ 166.850068][ T8625] loop2: detected capacity change from 0 to 128 [ 166.881560][ T8625] EXT4-fs: Ignoring removed nobh option [ 166.908614][ T8625] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.926454][ T8625] ext4 filesystem being mounted at /341/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 167.114619][ T8633] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1786'. [ 167.123739][ T8633] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1786'. [ 167.298263][ T8633] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1786'. [ 167.387770][ T8640] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1789'. [ 167.404680][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1786'. [ 167.481951][ T8646] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8646 comm=syz.4.1786 [ 167.721539][ T3678] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 168.165505][ T3677] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 168.798239][ T3320] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 168.938174][ T8677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1802'. [ 169.000485][ T8674] team0 (unregistering): Port device team_slave_0 removed [ 169.035392][ T8674] team0 (unregistering): Port device team_slave_1 removed [ 169.129248][ T8683] siw: device registration error -23 [ 169.536100][ T3677] lo speed is unknown, defaulting to 1000 [ 169.565597][ T8715] loop2: detected capacity change from 0 to 8192 [ 169.597315][ T8715] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 169.654634][ T8725] siw: device registration error -23 [ 169.766798][ T8733] siw: device registration error -23 [ 169.800034][ T8737] syzkaller0: entered promiscuous mode [ 169.805748][ T8737] syzkaller0: entered allmulticast mode [ 169.849814][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 169.849851][ T29] audit: type=1400 audit(1770683204.899:441): avc: denied { firmware_load } for pid=8734 comm="syz.0.1824" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 170.098098][ T29] audit: type=1400 audit(1770683205.149:442): avc: denied { setopt } for pid=8769 comm="syz.2.1837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 170.219807][ T29] audit: type=1400 audit(1770683205.269:443): avc: denied { bind } for pid=8773 comm="syz.4.1839" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 170.255027][ T29] audit: type=1400 audit(1770683205.269:444): avc: denied { node_bind } for pid=8773 comm="syz.4.1839" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 170.278377][ T8778] syzkaller0: entered promiscuous mode [ 170.283927][ T8778] syzkaller0: entered allmulticast mode [ 170.502233][ T29] audit: type=1400 audit(1770683205.549:445): avc: denied { setopt } for pid=8790 comm="syz.3.1846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 170.540142][ T79] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 170.613799][ T29] audit: type=1326 audit(1770683205.659:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8796 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2674aaf79 code=0x7ffc0000 [ 170.642287][ T29] audit: type=1326 audit(1770683205.659:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8796 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fc2674aaf79 code=0x7ffc0000 [ 170.676708][ T8745] syz.0.1824 (8745) used greatest stack depth: 10224 bytes left [ 170.705300][ T29] audit: type=1326 audit(1770683205.759:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8796 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2674aaf79 code=0x7ffc0000 [ 170.728813][ T29] audit: type=1326 audit(1770683205.759:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8796 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2674aaf79 code=0x7ffc0000 [ 170.755562][ T29] audit: type=1326 audit(1770683205.799:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8796 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc2674aaf79 code=0x7ffc0000 [ 171.289584][ T8846] syzkaller0: entered promiscuous mode [ 171.295240][ T8846] syzkaller0: entered allmulticast mode [ 171.345041][ T8848] __nla_validate_parse: 15 callbacks suppressed [ 171.345062][ T8848] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1866'. [ 171.419919][ T8850] lo speed is unknown, defaulting to 1000 [ 171.441451][ T8854] bridge0: entered promiscuous mode [ 171.447007][ T8854] macsec0: entered promiscuous mode [ 171.452359][ T8854] macsec0: entered allmulticast mode [ 171.457820][ T8854] bridge0: entered allmulticast mode [ 171.639217][ T8875] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1877'. [ 171.660252][ T8871] lo speed is unknown, defaulting to 1000 [ 171.715711][ T8882] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1881'. [ 171.724770][ T8882] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1881'. [ 171.750435][ T8882] siw: device registration error -23 [ 171.757528][ T8885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1880'. [ 171.766615][ T8885] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1880'. [ 171.807680][ T8885] siw: device registration error -23 [ 171.998570][ T8905] Illegal XDP return value 4294967274 on prog (id 237) dev N/A, expect packet loss! [ 172.150369][ T8890] lo speed is unknown, defaulting to 1000 [ 172.188037][ T8922] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1897'. [ 172.197101][ T8922] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1897'. [ 172.229448][ T8922] siw: device registration error -23 [ 172.283866][ T8926] loop4: detected capacity change from 0 to 128 [ 172.288107][ T8924] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1898'. [ 172.299288][ T8924] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1898'. [ 172.419868][ T8934] netlink: 'syz.4.1901': attribute type 6 has an invalid length. [ 172.445436][ T8890] mmap: syz.1.1884 (8890) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 172.582098][ T8949] siw: device registration error -23 [ 172.896081][ T8978] siw: device registration error -23 [ 173.125831][ T8976] netem: change failed [ 173.522008][ T3662] IPVS: starting estimator thread 0... [ 173.593370][ T8998] x_tables: duplicate underflow at hook 3 [ 173.615005][ T8994] IPVS: using max 2160 ests per chain, 108000 per kthread [ 173.851027][ T9027] netlink: 'syz.0.1937': attribute type 1 has an invalid length. [ 173.938588][ T9031] lo speed is unknown, defaulting to 1000 [ 174.908068][ T9070] syz_tun (unregistering): left allmulticast mode [ 175.373900][ T9074] netlink: 'syz.0.1951': attribute type 1 has an invalid length. [ 175.610461][ T9081] syz_tun (unregistering): left allmulticast mode [ 175.702810][ T9087] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9087 comm=syz.4.1957 [ 175.837352][ T9097] syzkaller0: entered promiscuous mode [ 175.842887][ T9097] syzkaller0: entered allmulticast mode [ 175.895407][ T3662] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 175.944033][ T9109] loop2: detected capacity change from 0 to 128 [ 176.004955][ T9117] netlink: 'syz.3.1962': attribute type 1 has an invalid length. [ 176.047846][ T9122] FAULT_INJECTION: forcing a failure. [ 176.047846][ T9122] name failslab, interval 1, probability 0, space 0, times 1 [ 176.060634][ T9122] CPU: 1 UID: 0 PID: 9122 Comm: syz.2.1968 Not tainted syzkaller #0 PREEMPT(voluntary) [ 176.060728][ T9122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 176.060746][ T9122] Call Trace: [ 176.060754][ T9122] [ 176.060763][ T9122] __dump_stack+0x1d/0x30 [ 176.060870][ T9122] dump_stack_lvl+0x95/0xd0 [ 176.060917][ T9122] dump_stack+0x15/0x1b [ 176.060944][ T9122] should_fail_ex+0x263/0x280 [ 176.061010][ T9122] should_failslab+0x8c/0xb0 [ 176.061040][ T9122] __kmalloc_noprof+0xb8/0x580 [ 176.061127][ T9122] ? genl_family_rcv_msg_attrs_parse+0x75/0x190 [ 176.061162][ T9122] genl_family_rcv_msg_attrs_parse+0x75/0x190 [ 176.061199][ T9122] genl_family_rcv_msg_doit+0x4b/0x1f0 [ 176.061232][ T9122] ? selinux_capable+0x31/0x40 [ 176.061327][ T9122] ? security_capable+0x7b/0x90 [ 176.061376][ T9122] ? ns_capable+0x7c/0xb0 [ 176.061415][ T9122] genl_rcv_msg+0x432/0x470 [ 176.061449][ T9122] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 176.061480][ T9122] netlink_rcv_skb+0x123/0x220 [ 176.061586][ T9122] ? __pfx_genl_rcv_msg+0x10/0x10 [ 176.061622][ T9122] genl_rcv+0x28/0x40 [ 176.061650][ T9122] netlink_unicast+0x5c0/0x690 [ 176.061697][ T9122] netlink_sendmsg+0x5c8/0x6f0 [ 176.061804][ T9122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.061829][ T9122] ____sys_sendmsg+0x5af/0x600 [ 176.061852][ T9122] ___sys_sendmsg+0x195/0x1e0 [ 176.061960][ T9122] __x64_sys_sendmsg+0xd4/0x160 [ 176.062038][ T9122] x64_sys_call+0x17ba/0x3000 [ 176.062072][ T9122] do_syscall_64+0xc0/0x2a0 [ 176.062112][ T9122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.062139][ T9122] RIP: 0033:0x7fc2674aaf79 [ 176.062159][ T9122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 176.062203][ T9122] RSP: 002b:00007fc265f07028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.062225][ T9122] RAX: ffffffffffffffda RBX: 00007fc267725fa0 RCX: 00007fc2674aaf79 [ 176.062248][ T9122] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 176.062265][ T9122] RBP: 00007fc265f07090 R08: 0000000000000000 R09: 0000000000000000 [ 176.062281][ T9122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.062297][ T9122] R13: 00007fc267726038 R14: 00007fc267725fa0 R15: 00007fff353e7fd8 [ 176.062323][ T9122] [ 176.225255][ T3662] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 176.316718][ T9129] siw: device registration error -23 [ 176.323633][ T9128] netlink: 'syz.2.1971': attribute type 10 has an invalid length. [ 176.341967][ T9128] 8021q: adding VLAN 0 to HW filter on device bond5 [ 176.369134][ T9128] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 176.377761][ T9128] bond5: (slave macvlan2): Enslaving as a backup interface with a down link [ 176.442956][ T9133] __nla_validate_parse: 14 callbacks suppressed [ 176.442975][ T9133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1973'. [ 176.447406][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 176.447473][ T29] audit: type=1400 audit(1770683211.489:499): avc: denied { read } for pid=9132 comm="syz.4.1972" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 176.449542][ T9133] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1973'. [ 176.458285][ T29] audit: type=1400 audit(1770683211.489:500): avc: denied { open } for pid=9132 comm="syz.4.1972" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 176.493896][ T9134] loop4: detected capacity change from 0 to 512 [ 176.526860][ T9133] siw: device registration error -23 [ 176.532993][ T9133] lo: entered allmulticast mode [ 176.539112][ T9131] lo: left allmulticast mode [ 176.550845][ T9134] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1972: iget: bad extended attribute block 1 [ 176.563712][ T9134] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1972: couldn't read orphan inode 15 (err -117) [ 176.576206][ T9134] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.602054][ T29] audit: type=1400 audit(1770683211.649:501): avc: denied { bind } for pid=9137 comm="syz.2.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 176.624622][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.637302][ T29] audit: type=1400 audit(1770683211.669:502): avc: denied { listen } for pid=9137 comm="syz.2.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 176.657257][ T29] audit: type=1400 audit(1770683211.669:503): avc: denied { setopt } for pid=9137 comm="syz.2.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 176.753603][ T29] audit: type=1400 audit(1770683211.749:504): avc: denied { create } for pid=9140 comm="syz.2.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 176.773390][ T29] audit: type=1400 audit(1770683211.749:505): avc: denied { ioctl } for pid=9140 comm="syz.2.1977" path="socket:[24900]" dev="sockfs" ino=24900 ioctlcmd=0x9408 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 176.826019][ T9150] loop2: detected capacity change from 0 to 512 [ 176.869681][ T9150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.885986][ T9163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1982'. [ 176.895097][ T9163] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1982'. [ 176.911695][ T9166] sctp: [Deprecated]: syz.4.1980 (pid 9166) Use of struct sctp_assoc_value in delayed_ack socket option. [ 176.911695][ T9166] Use struct sctp_sack_info instead [ 176.928592][ T9150] ext4 filesystem being mounted at /393/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 176.946795][ T9150] EXT4-fs error (device loop2): ext4_generic_delete_entry:2666: inode #2: block 3: comm syz.2.1978: bad entry in directory: inode out of bounds - offset=12, inode=4294443010, rec_len=12, size=2048 fake=1 [ 176.973659][ T29] audit: type=1400 audit(1770683211.999:506): avc: denied { remove_name } for pid=9149 comm="syz.2.1978" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 176.998170][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1980'. [ 177.010712][ T9166] loop4: detected capacity change from 0 to 512 [ 177.020210][ T9163] siw: device registration error -23 [ 177.026638][ T9163] lo: entered allmulticast mode [ 177.033504][ T9162] lo: left allmulticast mode [ 177.042128][ T9150] EXT4-fs (loop2): Remounting filesystem read-only [ 177.065959][ T9166] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 177.112585][ T9181] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1987'. [ 177.122367][ T9166] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1980: couldn't read orphan inode 26 (err -116) [ 177.127454][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.154143][ T9181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1987'. [ 177.167003][ T9166] EXT4-fs (loop4): Remounting filesystem read-only [ 177.174409][ T9166] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.187681][ T9166] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.240116][ T29] audit: type=1400 audit(1770683212.279:507): avc: denied { add_name } for pid=9157 comm="syz.4.1980" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 177.499803][ T9191] netem: change failed [ 177.552459][ T29] audit: type=1326 audit(1770683212.599:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9205 comm="syz.1.1994" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x0 [ 177.695488][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.734021][ T9211] loop4: detected capacity change from 0 to 1024 [ 177.743381][ T9211] EXT4-fs: inline encryption not supported [ 177.749640][ T9211] EXT4-fs: old and new quota format mixing [ 177.769442][ T9213] tmpfs: Bad value for 'mpol' [ 177.787792][ T9213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1997'. [ 177.804426][ T9216] FAULT_INJECTION: forcing a failure. [ 177.804426][ T9216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.818198][ T9216] CPU: 1 UID: 0 PID: 9216 Comm: syz.4.1998 Not tainted syzkaller #0 PREEMPT(voluntary) [ 177.818230][ T9216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 177.818247][ T9216] Call Trace: [ 177.818256][ T9216] [ 177.818267][ T9216] __dump_stack+0x1d/0x30 [ 177.818300][ T9216] dump_stack_lvl+0x95/0xd0 [ 177.818399][ T9216] dump_stack+0x15/0x1b [ 177.818439][ T9216] should_fail_ex+0x263/0x280 [ 177.818480][ T9216] should_fail+0xb/0x20 [ 177.818518][ T9216] should_fail_usercopy+0x1a/0x20 [ 177.818558][ T9216] _copy_from_user+0x1c/0xb0 [ 177.818579][ T9216] ___sys_recvmsg+0xaa/0x3b0 [ 177.818624][ T9216] do_recvmmsg+0x1ef/0x560 [ 177.818661][ T9216] __x64_sys_recvmmsg+0xe5/0x170 [ 177.818685][ T9216] x64_sys_call+0x2b75/0x3000 [ 177.818719][ T9216] do_syscall_64+0xc0/0x2a0 [ 177.818788][ T9216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.818884][ T9216] RIP: 0033:0x7f711af9af79 [ 177.818902][ T9216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.818983][ T9216] RSP: 002b:00007f71199ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 177.819009][ T9216] RAX: ffffffffffffffda RBX: 00007f711b215fa0 RCX: 00007f711af9af79 [ 177.819026][ T9216] RDX: 0000000000000001 RSI: 0000200000003680 RDI: 0000000000000003 [ 177.819043][ T9216] RBP: 00007f71199ef090 R08: 0000000000000000 R09: 0000000000000000 [ 177.819126][ T9216] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001 [ 177.819140][ T9216] R13: 00007f711b216038 R14: 00007f711b215fa0 R15: 00007ffe1e072b98 [ 177.819162][ T9216] [ 178.049365][ T9224] loop2: detected capacity change from 0 to 512 [ 178.060793][ T9224] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 178.080326][ T9224] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 178.097383][ T9224] EXT4-fs (loop2): 1 truncate cleaned up [ 178.103791][ T9224] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.134329][ T9224] EXT4-fs warning (device loop2): verify_group_input:137: Cannot add at group 9 (only 1 groups) [ 178.192043][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.252110][ T9247] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2010'. [ 178.362141][ T9263] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 178.441919][ T9271] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9271 comm=syz.0.2016 [ 178.496855][ T9274] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2020'. [ 178.507993][ T9274] siw: device registration error -23 [ 178.534626][ T9276] siw: device registration error -23 [ 179.651978][ T9355] netem: change failed [ 179.691876][ T9360] netem: change failed [ 179.775410][ T9369] netlink: 'syz.3.2057': attribute type 1 has an invalid length. [ 179.790470][ T9369] 8021q: adding VLAN 0 to HW filter on device bond3 [ 179.804825][ T9369] bond3: (slave dummy0): making interface the new active one [ 179.815358][ T9369] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 179.839211][ T9372] loop2: detected capacity change from 0 to 128 [ 179.849355][ T9372] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 179.862020][ T9372] ext4 filesystem being mounted at /407/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 179.905213][ T9369] syz.3.2057 (9369) used greatest stack depth: 9888 bytes left [ 179.929358][ T3320] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 180.436263][ T9411] siw: device registration error -23 [ 181.085838][ T9439] tmpfs: Bad value for 'mpol' [ 181.164545][ T9443] siw: device registration error -23 [ 181.469702][ T9462] loop2: detected capacity change from 0 to 512 [ 181.517132][ T9462] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.531474][ T9464] bond4: entered promiscuous mode [ 181.536797][ T9464] bond4: entered allmulticast mode [ 181.536920][ T9462] ext4 filesystem being mounted at /418/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.553483][ T9464] 8021q: adding VLAN 0 to HW filter on device bond4 [ 181.560808][ T9454] 9p: Bad value for 'wfdno' [ 181.571793][ T9462] __nla_validate_parse: 10 callbacks suppressed [ 181.571847][ T9462] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2090'. [ 181.603521][ T9462] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2090'. [ 181.641566][ T9462] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2090'. [ 181.719954][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.761841][ T9480] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2097'. [ 181.770861][ T9480] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2097'. [ 181.802036][ T9480] siw: device registration error -23 [ 181.820386][ T9480] lo: entered allmulticast mode [ 181.901610][ T29] kauditd_printk_skb: 118 callbacks suppressed [ 181.901652][ T29] audit: type=1326 audit(1770683216.949:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9484 comm="syz.2.2099" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2674aaf79 code=0x0 [ 182.026688][ T9499] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2104'. [ 182.117340][ T29] audit: type=1326 audit(1770683217.169:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.140858][ T29] audit: type=1326 audit(1770683217.169:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.164236][ T29] audit: type=1326 audit(1770683217.169:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.187769][ T29] audit: type=1326 audit(1770683217.169:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.211059][ T29] audit: type=1326 audit(1770683217.169:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.234426][ T29] audit: type=1326 audit(1770683217.169:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9511 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f235b6caf79 code=0x7ffc0000 [ 182.503639][ T29] audit: type=1400 audit(1770683217.549:634): avc: denied { bind } for pid=9514 comm="syz.1.2110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 182.523196][ T29] audit: type=1400 audit(1770683217.549:635): avc: denied { listen } for pid=9514 comm="syz.1.2110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 182.542937][ T29] audit: type=1400 audit(1770683217.549:636): avc: denied { write } for pid=9514 comm="syz.1.2110" path="socket:[27846]" dev="sockfs" ino=27846 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 182.751749][ T9519] loop2: detected capacity change from 0 to 512 [ 182.758753][ T9519] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 182.801819][ T9519] loop2: detected capacity change from 0 to 8192 [ 182.977443][ T9529] macvlan0: entered allmulticast mode [ 182.982961][ T9529] veth1_vlan: entered allmulticast mode [ 183.144458][ T9545] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2123'. [ 183.153622][ T9545] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2123'. [ 183.175538][ T9545] siw: device registration error -23 [ 183.485796][ T9519] syz.2.2112 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 183.500002][ T9519] CPU: 0 UID: 0 PID: 9519 Comm: syz.2.2112 Not tainted syzkaller #0 PREEMPT(voluntary) [ 183.500096][ T9519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 183.500112][ T9519] Call Trace: [ 183.500120][ T9519] [ 183.500128][ T9519] __dump_stack+0x1d/0x30 [ 183.500164][ T9519] dump_stack_lvl+0x95/0xd0 [ 183.500189][ T9519] dump_stack+0x15/0x1b [ 183.500223][ T9519] dump_header+0x80/0x240 [ 183.500251][ T9519] oom_kill_process+0x295/0x350 [ 183.500317][ T9519] out_of_memory+0x97d/0xb80 [ 183.500402][ T9519] try_charge_memcg+0x62e/0xa10 [ 183.500439][ T9519] obj_cgroup_charge_pages+0x23/0xc0 [ 183.500474][ T9519] __memcg_kmem_charge_page+0x9e/0x170 [ 183.500546][ T9519] __alloc_frozen_pages_noprof+0x18a/0x350 [ 183.500581][ T9519] alloc_pages_mpol+0xb3/0x260 [ 183.500670][ T9519] alloc_pages_noprof+0x8f/0x130 [ 183.500764][ T9519] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 183.500838][ T9519] __kvmalloc_node_noprof+0x471/0x680 [ 183.500877][ T9519] ? ip_set_alloc+0x24/0x30 [ 183.500993][ T9519] ? ip_set_alloc+0x24/0x30 [ 183.501035][ T9519] ? __kmalloc_cache_noprof+0x3cd/0x4a0 [ 183.501073][ T9519] ip_set_alloc+0x24/0x30 [ 183.501133][ T9519] hash_netiface_create+0x282/0x740 [ 183.501167][ T9519] ? __pfx_hash_netiface_create+0x10/0x10 [ 183.501258][ T9519] ip_set_create+0x3cf/0x970 [ 183.501318][ T9519] ? __nla_parse+0x40/0x60 [ 183.501350][ T9519] nfnetlink_rcv_msg+0x509/0x5d0 [ 183.501404][ T9519] netlink_rcv_skb+0x123/0x220 [ 183.501447][ T9519] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 183.501574][ T9519] nfnetlink_rcv+0x167/0x1720 [ 183.501629][ T9519] ? __kfree_skb+0x109/0x150 [ 183.501663][ T9519] ? nlmon_xmit+0x4f/0x60 [ 183.501704][ T9519] ? consume_skb+0x49/0x140 [ 183.501750][ T9519] ? nlmon_xmit+0x4f/0x60 [ 183.501786][ T9519] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 183.501826][ T9519] ? __dev_queue_xmit+0x139a/0x1f20 [ 183.501888][ T9519] ? __dev_queue_xmit+0x148/0x1f20 [ 183.501924][ T9519] ? strlen+0x19/0x40 [ 183.501986][ T9519] ? ref_tracker_free+0x37d/0x3e0 [ 183.502025][ T9519] ? __netlink_deliver_tap+0x4dc/0x500 [ 183.502066][ T9519] netlink_unicast+0x5c0/0x690 [ 183.502144][ T9519] netlink_sendmsg+0x5c8/0x6f0 [ 183.502168][ T9519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 183.502188][ T9519] ____sys_sendmsg+0x5af/0x600 [ 183.502216][ T9519] ___sys_sendmsg+0x195/0x1e0 [ 183.502250][ T9519] __x64_sys_sendmsg+0xd4/0x160 [ 183.502275][ T9519] x64_sys_call+0x17ba/0x3000 [ 183.502433][ T9519] do_syscall_64+0xc0/0x2a0 [ 183.502466][ T9519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.502490][ T9519] RIP: 0033:0x7fc2674aaf79 [ 183.502519][ T9519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.502602][ T9519] RSP: 002b:00007fc265f07028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.502627][ T9519] RAX: ffffffffffffffda RBX: 00007fc267725fa0 RCX: 00007fc2674aaf79 [ 183.502642][ T9519] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000007 [ 183.502656][ T9519] RBP: 00007fc2675416e0 R08: 0000000000000000 R09: 0000000000000000 [ 183.502670][ T9519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.502683][ T9519] R13: 00007fc267726038 R14: 00007fc267725fa0 R15: 00007fff353e7fd8 [ 183.502703][ T9519] [ 183.502717][ T9519] memory: usage 307196kB, limit 307200kB, failcnt 333 [ 183.833517][ T9519] memory+swap: usage 311632kB, limit 9007199254740988kB, failcnt 0 [ 183.841469][ T9519] kmem: usage 307080kB, limit 9007199254740988kB, failcnt 0 [ 183.848815][ T9519] Memory cgroup stats for /syz2: [ 183.852782][ T9553] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 183.869285][ T9519] cache 110592 [ 183.872720][ T9519] rss 4096 [ 183.875817][ T9519] shmem 0 [ 183.878784][ T9519] mapped_file 0 [ 183.882258][ T9519] dirty 0 [ 183.885244][ T9519] writeback 0 [ 183.888557][ T9519] workingset_refault_anon 71 [ 183.893177][ T9519] workingset_refault_file 289 [ 183.897899][ T9519] swap 4599808 [ 183.901303][ T9519] swapcached 12288 [ 183.905172][ T9519] pgpgin 184565 [ 183.908658][ T9519] pgpgout 184535 [ 183.912235][ T9519] pgfault 91219 [ 183.915823][ T9519] pgmajfault 42 [ 183.919312][ T9519] inactive_anon 8192 [ 183.923327][ T9519] active_anon 4096 [ 183.927181][ T9519] inactive_file 12288 [ 183.931191][ T9519] active_file 36864 [ 183.935067][ T9519] unevictable 0 [ 183.938540][ T9519] hierarchical_memory_limit 314572800 [ 183.943916][ T9519] hierarchical_memsw_limit 9223372036854771712 [ 183.950528][ T9519] total_cache 110592 [ 183.954498][ T9519] total_rss 4096 [ 183.958090][ T9519] total_shmem 0 [ 183.961571][ T9519] total_mapped_file 0 [ 183.965681][ T9519] total_dirty 0 [ 183.969169][ T9519] total_writeback 0 [ 183.972995][ T9519] total_workingset_refault_anon 71 [ 183.978175][ T9519] total_workingset_refault_file 289 [ 183.983408][ T9519] total_swap 4599808 [ 183.987356][ T9519] total_swapcached 12288 [ 183.991632][ T9519] total_pgpgin 184565 [ 183.995683][ T9519] total_pgpgout 184535 [ 183.999822][ T9519] total_pgfault 91219 [ 184.003862][ T9519] total_pgmajfault 42 [ 184.007890][ T9519] total_inactive_anon 8192 [ 184.012324][ T9519] total_active_anon 4096 [ 184.016629][ T9519] total_inactive_file 12288 [ 184.021204][ T9519] total_active_file 36864 [ 184.025631][ T9519] total_unevictable 0 [ 184.029634][ T9519] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2112,pid=9518,uid=0 [ 184.044338][ T9519] Memory cgroup out of memory: Killed process 9518 (syz.2.2112) total-vm:94180kB, anon-rss:1212kB, file-rss:22536kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 184.089870][ T9519] syz.2.2112 (9519) used greatest stack depth: 7272 bytes left [ 184.155872][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2130'. [ 184.169483][ T9563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2130'. [ 184.205349][ T9565] netlink: 'syz.0.2131': attribute type 16 has an invalid length. [ 184.213266][ T9565] netlink: 'syz.0.2131': attribute type 17 has an invalid length. [ 184.269313][ T9565] erspan0: entered promiscuous mode [ 184.287501][ T9565] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.297573][ T9565] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 184.581296][ T9613] program syz.2.2145 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 184.690219][ T9626] loop2: detected capacity change from 0 to 128 [ 184.862702][ T9636] batadv1: entered promiscuous mode [ 185.522823][ T9662] ..0{X: renamed from gretap0 (while UP) [ 185.531129][ T9662] ..0{X: entered allmulticast mode [ 185.537477][ T9662] A link change request failed with some changes committed already. Interface ..0{X may have been left with an inconsistent configuration, please check. [ 185.594967][ T9666] siw: device registration error -23 [ 185.606476][ T9666] lo: entered allmulticast mode [ 185.639155][ T9668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.665286][ T9668] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.933119][ T3677] IPVS: starting estimator thread 0... [ 186.025073][ T9695] IPVS: using max 2160 ests per chain, 108000 per kthread [ 187.304995][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 187.358649][ T9735] __nla_validate_parse: 12 callbacks suppressed [ 187.358671][ T9735] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2195'. [ 187.373973][ T9735] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2195'. [ 187.430190][ T9735] siw: device registration error -23 [ 188.043491][ T9749] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2199'. [ 188.309755][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 188.309773][ T29] audit: type=1400 audit(1770683223.359:650): avc: denied { connect } for pid=9763 comm="syz.0.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 188.313685][ T9765] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2207'. [ 188.458786][ T9765] loop2: detected capacity change from 0 to 8192 [ 188.653881][ T9783] lo speed is unknown, defaulting to 1000 [ 189.012548][ T9792] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9792 comm=syz.0.2212 [ 189.311235][ T9792] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 190.349005][ T29] audit: type=1400 audit(1770683225.399:651): avc: denied { write } for pid=9814 comm="syz.1.2220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 190.548532][ T29] audit: type=1400 audit(1770683225.599:652): avc: denied { write } for pid=9807 comm="syz.3.2218" path="socket:[27504]" dev="sockfs" ino=27504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 190.584642][ T9821] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2222'. [ 190.593842][ T9821] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2222'. [ 190.666138][ T9821] siw: device registration error -23 [ 190.806130][ T9825] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2223'. [ 190.845637][ T29] audit: type=1400 audit(1770683225.889:653): avc: denied { mounton } for pid=9822 comm="syz.2.2224" path="/438/file0" dev="tmpfs" ino=2263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 191.007403][ T9833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2227'. [ 191.016463][ T9833] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2227'. [ 191.089165][ T9833] siw: device registration error -23 [ 191.162294][ T9838] sctp: [Deprecated]: syz.2.2229 (pid 9838) Use of struct sctp_assoc_value in delayed_ack socket option. [ 191.162294][ T9838] Use struct sctp_sack_info instead [ 191.395741][ T9841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2229'. [ 191.831578][ T9843] lo speed is unknown, defaulting to 1000 [ 191.881024][ T9841] loop2: detected capacity change from 0 to 512 [ 192.013656][ T9841] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2229: couldn't read orphan inode 26 (err -116) [ 192.181849][ T9841] EXT4-fs (loop2): Remounting filesystem read-only [ 192.227796][ T9841] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.296442][ T9841] ext4 filesystem being mounted at /439/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.373978][ T29] audit: type=1326 audit(1770683227.419:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9850 comm="syz.0.2232" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f235b6caf79 code=0x0 [ 192.530753][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.670225][ T9860] loop2: detected capacity change from 0 to 1024 [ 192.697760][ T9860] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.761355][ T29] audit: type=1400 audit(1770683227.809:655): avc: denied { setattr } for pid=9859 comm="syz.2.2234" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 192.818062][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.952397][ T29] audit: type=1400 audit(1770683227.999:656): avc: denied { setopt } for pid=9866 comm="syz.2.2236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 193.416066][ T9878] FAULT_INJECTION: forcing a failure. [ 193.416066][ T9878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.429202][ T9878] CPU: 0 UID: 0 PID: 9878 Comm: syz.2.2240 Not tainted syzkaller #0 PREEMPT(voluntary) [ 193.429232][ T9878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 193.429315][ T9878] Call Trace: [ 193.429325][ T9878] [ 193.429335][ T9878] __dump_stack+0x1d/0x30 [ 193.429407][ T9878] dump_stack_lvl+0x95/0xd0 [ 193.429437][ T9878] dump_stack+0x15/0x1b [ 193.429472][ T9878] should_fail_ex+0x263/0x280 [ 193.429513][ T9878] should_fail+0xb/0x20 [ 193.429629][ T9878] should_fail_usercopy+0x1a/0x20 [ 193.429667][ T9878] _copy_to_user+0x20/0xa0 [ 193.429689][ T9878] simple_read_from_buffer+0xb5/0x130 [ 193.429735][ T9878] proc_fail_nth_read+0x10e/0x150 [ 193.429793][ T9878] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 193.429828][ T9878] vfs_read+0x1ab/0x7f0 [ 193.429862][ T9878] ? __rcu_read_unlock+0x4e/0x70 [ 193.429918][ T9878] ? __fget_files+0x184/0x1c0 [ 193.429945][ T9878] ? mutex_lock+0x57/0x90 [ 193.429976][ T9878] ksys_read+0xdc/0x1a0 [ 193.430038][ T9878] __x64_sys_read+0x40/0x50 [ 193.430057][ T9878] x64_sys_call+0x2889/0x3000 [ 193.430147][ T9878] do_syscall_64+0xc0/0x2a0 [ 193.430179][ T9878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.430200][ T9878] RIP: 0033:0x7fc26746b84e [ 193.430218][ T9878] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 193.430242][ T9878] RSP: 002b:00007fc265f06fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 193.430318][ T9878] RAX: ffffffffffffffda RBX: 00007fc265f076c0 RCX: 00007fc26746b84e [ 193.430339][ T9878] RDX: 000000000000000f RSI: 00007fc265f070a0 RDI: 0000000000000005 [ 193.430352][ T9878] RBP: 00007fc265f07090 R08: 0000000000000000 R09: 0000000000000000 [ 193.430364][ T9878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.430380][ T9878] R13: 00007fc267726038 R14: 00007fc267725fa0 R15: 00007fff353e7fd8 [ 193.430406][ T9878] [ 193.740490][ T9874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2239'. [ 193.761393][ T9874] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.941409][ T9874] ..0{X: left allmulticast mode [ 194.020804][ T9874] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 194.088032][ T9889] lo speed is unknown, defaulting to 1000 [ 194.328665][ T9894] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2245'. [ 194.337700][ T9894] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2245'. [ 194.593429][ T9905] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2248'. [ 195.029977][ T9920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2252'. [ 195.039101][ T9920] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2252'. [ 195.340979][ T9922] lo speed is unknown, defaulting to 1000 [ 195.435433][ T9925] siw: device registration error -23 [ 195.507648][ T9928] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2254'. [ 195.926384][ T29] audit: type=1400 audit(1770683230.979:657): avc: denied { getopt } for pid=9931 comm="syz.0.2255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 196.225487][ T9954] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2261'. [ 196.236368][ T9957] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2262'. [ 196.283910][ T9940] lo speed is unknown, defaulting to 1000 [ 196.698702][ T9971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2265'. [ 196.737412][ T9940] chnl_net:caif_netlink_parms(): no params data found [ 196.749248][ T9973] siw: device registration error -23 [ 196.914108][ T9940] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.921407][ T9940] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.961002][ T9940] bridge_slave_0: entered allmulticast mode [ 196.967847][ T9940] bridge_slave_0: entered promiscuous mode [ 196.975696][ T9940] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.982781][ T9940] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.990105][ T9940] bridge_slave_1: entered allmulticast mode [ 196.997075][ T9940] bridge_slave_1: entered promiscuous mode [ 197.015423][ T9940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.026557][ T9940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.049730][ T29] audit: type=1400 audit(1770683232.099:658): avc: denied { mount } for pid=9985 comm="syz.3.2271" name="/" dev="ramfs" ino=28187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 197.068305][ T9940] team0: Port device team_slave_0 added [ 197.102523][ T9940] team0: Port device team_slave_1 added [ 197.127397][ T29] audit: type=1326 audit(1770683232.159:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 197.150965][ T29] audit: type=1326 audit(1770683232.159:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 197.152413][ T9940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.174972][ T29] audit: type=1326 audit(1770683232.159:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f31bf1eace2 code=0x7ffc0000 [ 197.181493][ T9940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 197.204813][ T29] audit: type=1326 audit(1770683232.159:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 197.230800][ T9940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.236310][ T9940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.254050][ T29] audit: type=1326 audit(1770683232.169:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f31bf1eada7 code=0x7ffc0000 [ 197.264607][ T9940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 197.271576][ T29] audit: type=1326 audit(1770683232.169:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 197.294790][ T9940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.333210][ T9940] hsr_slave_0: entered promiscuous mode [ 197.344271][ T29] audit: type=1326 audit(1770683232.169:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 197.362346][ T9940] hsr_slave_1: entered promiscuous mode [ 197.383633][ T29] audit: type=1326 audit(1770683232.169:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9989 comm="syz.1.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 197.500316][T10002] sctp: [Deprecated]: syz.0.2274 (pid 10002) Use of struct sctp_assoc_value in delayed_ack socket option. [ 197.500316][T10002] Use struct sctp_sack_info instead [ 197.554133][T10003] loop2: detected capacity change from 0 to 512 [ 197.593586][T10003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.637421][ T9940] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 197.647676][T10003] ext4 filesystem being mounted at /454/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.667428][ T9940] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 197.678013][ T9940] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 197.688394][ T9940] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 197.752081][ T9940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.770957][ T9940] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.788260][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.795385][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.817714][ T1666] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.824919][ T1666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.864284][ T9940] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 197.874802][ T9940] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 197.918274][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.973166][ T9940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.077434][T10039] lo speed is unknown, defaulting to 1000 [ 198.450523][T10053] lo speed is unknown, defaulting to 1000 [ 198.665992][ T9940] veth0_vlan: entered promiscuous mode [ 198.706699][ T9940] veth1_vlan: entered promiscuous mode [ 198.786032][ T9940] veth0_macvtap: entered promiscuous mode [ 198.847289][ T9940] veth1_macvtap: entered promiscuous mode [ 198.887662][T10070] veth1_vlan (unregistering): left allmulticast mode [ 198.914228][T10072] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 198.925606][T10070] macvlan0 (unregistering): left allmulticast mode [ 198.979819][ T9940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.003706][ T9940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.169497][ T9793] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.314788][ T9793] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.997701][T10094] loop5: detected capacity change from 0 to 512 [ 200.108236][T10124] sctp: [Deprecated]: syz.2.2298 (pid 10124) Use of struct sctp_assoc_value in delayed_ack socket option. [ 200.108236][T10124] Use struct sctp_sack_info instead [ 200.375446][ T52] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.388905][T10094] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.421878][ T52] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.441648][T10124] __nla_validate_parse: 2 callbacks suppressed [ 200.441664][T10124] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2298'. [ 200.470656][T10094] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.513880][T10169] loop2: detected capacity change from 0 to 512 [ 200.546226][T10169] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2298: couldn't read orphan inode 26 (err -116) [ 200.546442][T10169] EXT4-fs (loop2): Remounting filesystem read-only [ 200.546915][T10169] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.546991][T10169] ext4 filesystem being mounted at /457/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.732501][ T9940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.782546][T10178] FAULT_INJECTION: forcing a failure. [ 200.782546][T10178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.795805][T10178] CPU: 0 UID: 0 PID: 10178 Comm: syz.5.2303 Not tainted syzkaller #0 PREEMPT(voluntary) [ 200.795834][T10178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 200.795848][T10178] Call Trace: [ 200.795857][T10178] [ 200.795871][T10178] __dump_stack+0x1d/0x30 [ 200.795944][T10178] dump_stack_lvl+0x95/0xd0 [ 200.795973][T10178] dump_stack+0x15/0x1b [ 200.795997][T10178] should_fail_ex+0x263/0x280 [ 200.796074][T10178] should_fail+0xb/0x20 [ 200.796105][T10178] should_fail_usercopy+0x1a/0x20 [ 200.796148][T10178] _copy_from_user+0x1c/0xb0 [ 200.796251][T10178] do_tcp_setsockopt+0x432/0x1630 [ 200.796360][T10178] ? kstrtoull+0x111/0x140 [ 200.796396][T10178] ? __rcu_read_unlock+0x4e/0x70 [ 200.796436][T10178] ? avc_has_perm_noaudit+0xab/0x130 [ 200.796511][T10178] tcp_setsockopt+0x51/0xb0 [ 200.796550][T10178] tls_setsockopt+0x179/0xe70 [ 200.796578][T10178] ? selinux_socket_setsockopt+0x1ce/0x200 [ 200.796643][T10178] sock_common_setsockopt+0x69/0x80 [ 200.796673][T10178] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 200.796742][T10178] __sys_setsockopt+0x184/0x200 [ 200.796777][T10178] __x64_sys_setsockopt+0x64/0x80 [ 200.796815][T10178] x64_sys_call+0x21d5/0x3000 [ 200.796895][T10178] do_syscall_64+0xc0/0x2a0 [ 200.797015][T10178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.797048][T10178] RIP: 0033:0x7f68763faf79 [ 200.797068][T10178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 200.797166][T10178] RSP: 002b:00007f6874e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 200.797187][T10178] RAX: ffffffffffffffda RBX: 00007f6876675fa0 RCX: 00007f68763faf79 [ 200.797215][T10178] RDX: 0000000000000014 RSI: 0000000000000006 RDI: 0000000000000003 [ 200.797229][T10178] RBP: 00007f6874e4f090 R08: 0000000000000004 R09: 0000000000000000 [ 200.797247][T10178] R10: 00002000000007c0 R11: 0000000000000246 R12: 0000000000000001 [ 200.797265][T10178] R13: 00007f6876676038 R14: 00007f6876675fa0 R15: 00007ffd1e7aa718 [ 200.797291][T10178] [ 201.021587][T10178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2303'. [ 201.041595][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.053287][T10178] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2303'. [ 202.102004][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2314'. [ 202.111084][T10208] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2314'. [ 202.183568][T10208] siw: device registration error -23 [ 202.421589][T10219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2319'. [ 202.430728][T10219] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2319'. [ 202.894171][T10219] siw: device registration error -23 [ 203.028939][T10228] FAULT_INJECTION: forcing a failure. [ 203.028939][T10228] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 203.042139][T10228] CPU: 1 UID: 0 PID: 10228 Comm: syz.5.2323 Not tainted syzkaller #0 PREEMPT(voluntary) [ 203.042171][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 203.042219][T10228] Call Trace: [ 203.042225][T10228] [ 203.042232][T10228] __dump_stack+0x1d/0x30 [ 203.042272][T10228] dump_stack_lvl+0x95/0xd0 [ 203.042301][T10228] dump_stack+0x15/0x1b [ 203.042328][T10228] should_fail_ex+0x263/0x280 [ 203.042382][T10228] should_fail+0xb/0x20 [ 203.042411][T10228] should_fail_usercopy+0x1a/0x20 [ 203.042444][T10228] _copy_from_user+0x1c/0xb0 [ 203.042470][T10228] __sys_bpf+0x183/0x7b0 [ 203.042540][T10228] __x64_sys_bpf+0x41/0x50 [ 203.042571][T10228] x64_sys_call+0x28e1/0x3000 [ 203.042674][T10228] do_syscall_64+0xc0/0x2a0 [ 203.042774][T10228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.042803][T10228] RIP: 0033:0x7f68763faf79 [ 203.042823][T10228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.042848][T10228] RSP: 002b:00007f6874e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 203.042922][T10228] RAX: ffffffffffffffda RBX: 00007f6876675fa0 RCX: 00007f68763faf79 [ 203.042940][T10228] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000003 [ 203.042958][T10228] RBP: 00007f6874e4f090 R08: 0000000000000000 R09: 0000000000000000 [ 203.042975][T10228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.042992][T10228] R13: 00007f6876676038 R14: 00007f6876675fa0 R15: 00007ffd1e7aa718 [ 203.043018][T10228] [ 203.351710][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 203.351725][ T29] audit: type=1400 audit(1770683238.399:673): avc: denied { bind } for pid=10233 comm="syz.1.2325" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 203.471712][ T29] audit: type=1326 audit(1770683238.429:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10231 comm="syz.5.2324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68763faf79 code=0x7ffc0000 [ 203.495220][ T29] audit: type=1326 audit(1770683238.429:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10231 comm="syz.5.2324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68763faf79 code=0x7ffc0000 [ 203.518954][ T29] audit: type=1326 audit(1770683238.429:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10231 comm="syz.5.2324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f68763faf79 code=0x7ffc0000 [ 203.542999][ T29] audit: type=1326 audit(1770683238.469:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10231 comm="syz.5.2324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68763faf79 code=0x7ffc0000 [ 203.566469][ T29] audit: type=1326 audit(1770683238.469:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10231 comm="syz.5.2324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68763faf79 code=0x7ffc0000 [ 203.693004][T10248] sctp: [Deprecated]: syz.3.2328 (pid 10248) Use of struct sctp_assoc_value in delayed_ack socket option. [ 203.693004][T10248] Use struct sctp_sack_info instead [ 203.717471][T10242] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.724794][T10242] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.745965][T10248] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2328'. [ 203.831245][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.853162][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.908066][ T310] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.916889][ T310] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.933913][ T310] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.971956][ T310] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.996512][ T29] audit: type=1326 audit(1770683239.039:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10250 comm="syz.5.2329" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f68763faf79 code=0x0 [ 204.058643][T10199] loop2: detected capacity change from 0 to 695 [ 204.113436][T10256] lo speed is unknown, defaulting to 1000 [ 204.130225][T10256] lo speed is unknown, defaulting to 1000 [ 204.138580][T10199] EXT4-fs (loop2): blocks per group (8192) and clusters per group (2304) inconsistent [ 204.151310][T10256] lo speed is unknown, defaulting to 1000 [ 204.182842][ T29] audit: type=1400 audit(1770683239.229:680): avc: denied { create } for pid=10255 comm="syz.1.2331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 204.221307][ T29] audit: type=1400 audit(1770683239.269:681): avc: denied { read } for pid=10255 comm="iou-wrk-10257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 204.241526][T10257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2331'. [ 204.256119][T10256] infiniband syz0: set down [ 204.260732][T10256] infiniband syz0: added lo [ 204.266029][ T3679] lo speed is unknown, defaulting to 1000 [ 204.275670][T10257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2331'. [ 204.319358][T10256] RDS/IB: syz0: added [ 204.329916][T10256] smc: adding ib device syz0 with port count 1 [ 204.336351][T10256] smc: ib device syz0 port 1 has no pnetid [ 204.342530][ T3679] lo speed is unknown, defaulting to 1000 [ 204.351273][T10256] lo speed is unknown, defaulting to 1000 [ 204.392757][T10256] lo speed is unknown, defaulting to 1000 [ 204.435690][T10256] lo speed is unknown, defaulting to 1000 [ 204.491691][T10256] lo speed is unknown, defaulting to 1000 [ 204.541013][ T29] audit: type=1400 audit(1770683239.589:682): avc: denied { execute } for pid=10262 comm="syz.3.2333" name="file0" dev="tmpfs" ino=2911 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 204.596572][T10256] lo speed is unknown, defaulting to 1000 [ 204.681559][T10256] lo speed is unknown, defaulting to 1000 [ 204.998764][T10301] loop2: detected capacity change from 0 to 512 [ 205.147529][T10301] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2344: couldn't read orphan inode 26 (err -116) [ 205.160200][T10301] EXT4-fs (loop2): Remounting filesystem read-only [ 205.167481][T10301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.180619][T10301] ext4 filesystem being mounted at /462/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.489666][ T1666] Bluetooth: hci0: Frame reassembly failed (-84) [ 205.528579][T10323] Bluetooth: hci0: Frame reassembly failed (-84) [ 205.620042][T10326] tipc: Failed to obtain node identity [ 205.625695][T10326] tipc: Enabling of bearer rejected, failed to enable media [ 205.796889][T10323] loop5: detected capacity change from 0 to 2048 [ 205.807613][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.896168][T10336] netlink: 'syz.0.2357': attribute type 1 has an invalid length. [ 205.931769][T10336] 8021q: adding VLAN 0 to HW filter on device bond2 [ 206.155063][T10323] loop5: p1 p2 p3 p4 [ 206.179252][T10323] loop5: p2 start 117440512 is beyond EOD, truncated [ 206.220324][T10323] loop5: p4 size 589824 extends beyond EOD, truncated [ 206.480910][T10360] sctp: [Deprecated]: syz.0.2363 (pid 10360) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.480910][T10360] Use struct sctp_sack_info instead [ 206.582837][T10363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2363'. [ 207.254973][T10394] sctp: [Deprecated]: syz.3.2373 (pid 10394) Use of struct sctp_assoc_value in delayed_ack socket option. [ 207.254973][T10394] Use struct sctp_sack_info instead [ 207.303678][T10397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2373'. [ 207.343329][T10402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2376'. [ 207.352402][T10402] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2376'. [ 207.545299][ T3573] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 207.595824][T10407] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2379'. [ 208.103653][T10430] FAULT_INJECTION: forcing a failure. [ 208.103653][T10430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.116849][T10430] CPU: 1 UID: 0 PID: 10430 Comm: syz.5.2386 Not tainted syzkaller #0 PREEMPT(voluntary) [ 208.116879][T10430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 208.116894][T10430] Call Trace: [ 208.116902][T10430] [ 208.116911][T10430] __dump_stack+0x1d/0x30 [ 208.116998][T10430] dump_stack_lvl+0x95/0xd0 [ 208.117025][T10430] dump_stack+0x15/0x1b [ 208.117048][T10430] should_fail_ex+0x263/0x280 [ 208.117142][T10430] should_fail+0xb/0x20 [ 208.117179][T10430] should_fail_usercopy+0x1a/0x20 [ 208.117287][T10430] _copy_from_iter+0xcf/0xea0 [ 208.117306][T10430] ? selinux_file_open+0x2e6/0x330 [ 208.117337][T10430] ? __rcu_read_unlock+0x4e/0x70 [ 208.117379][T10430] rawv6_sendmsg+0x98c/0x1210 [ 208.117478][T10430] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 208.117564][T10430] inet_sendmsg+0xc5/0xd0 [ 208.117591][T10430] sock_write_iter+0x2e0/0x360 [ 208.117629][T10430] ? __pfx_sock_write_iter+0x10/0x10 [ 208.117707][T10430] vfs_write+0x5a6/0x9f0 [ 208.117741][T10430] ksys_write+0xdc/0x1a0 [ 208.117769][T10430] __x64_sys_write+0x40/0x50 [ 208.117796][T10430] x64_sys_call+0x2847/0x3000 [ 208.117859][T10430] do_syscall_64+0xc0/0x2a0 [ 208.117902][T10430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.117930][T10430] RIP: 0033:0x7f68763faf79 [ 208.117951][T10430] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.118051][T10430] RSP: 002b:00007f6874e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.118080][T10430] RAX: ffffffffffffffda RBX: 00007f6876675fa0 RCX: 00007f68763faf79 [ 208.118099][T10430] RDX: 0000000000000009 RSI: 0000200000000180 RDI: 0000000000000003 [ 208.118126][T10430] RBP: 00007f6874e4f090 R08: 0000000000000000 R09: 0000000000000000 [ 208.118144][T10430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.118232][T10430] R13: 00007f6876676038 R14: 00007f6876675fa0 R15: 00007ffd1e7aa718 [ 208.118258][T10430] [ 208.377399][T10440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2388'. [ 208.386475][T10440] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2388'. [ 208.707334][T10451] sctp: [Deprecated]: syz.0.2394 (pid 10451) Use of struct sctp_assoc_value in delayed_ack socket option. [ 208.707334][T10451] Use struct sctp_sack_info instead [ 208.725215][T10451] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2394'. [ 209.158031][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 209.158046][ T29] audit: type=1326 audit(1770683244.209:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2398" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18dd01af79 code=0x0 [ 209.361724][T10469] loop5: detected capacity change from 0 to 164 [ 209.374152][T10469] SELinux: security_context_str_to_sid (a`yv-|J+0l8G[kT_|nU5 [ 209.374152][T10469] M9) failed with errno=-22 [ 209.401300][T10469] SELinux: security_context_str_to_sid (--^$-) failed with errno=-22 [ 209.489292][T10475] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2401'. [ 209.498372][T10475] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2401'. [ 209.650819][T10484] loop5: detected capacity change from 0 to 128 [ 209.659549][T10484] EXT4-fs: Ignoring removed nobh option [ 209.715392][T10484] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 209.727976][T10484] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 210.045743][T10491] lo speed is unknown, defaulting to 1000 [ 210.051756][T10491] lo speed is unknown, defaulting to 1000 [ 210.141193][T10495] FAULT_INJECTION: forcing a failure. [ 210.141193][T10495] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.154388][T10495] CPU: 1 UID: 0 PID: 10495 Comm: syz.2.2408 Not tainted syzkaller #0 PREEMPT(voluntary) [ 210.154415][T10495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 210.154427][T10495] Call Trace: [ 210.154433][T10495] [ 210.154441][T10495] __dump_stack+0x1d/0x30 [ 210.154463][T10495] dump_stack_lvl+0x95/0xd0 [ 210.154539][T10495] dump_stack+0x15/0x1b [ 210.154575][T10495] should_fail_ex+0x263/0x280 [ 210.154621][T10495] should_fail+0xb/0x20 [ 210.154660][T10495] should_fail_usercopy+0x1a/0x20 [ 210.154801][T10495] _copy_to_user+0x20/0xa0 [ 210.154820][T10495] simple_read_from_buffer+0xb5/0x130 [ 210.154875][T10495] proc_fail_nth_read+0x10e/0x150 [ 210.154957][T10495] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.154989][T10495] vfs_read+0x1ab/0x7f0 [ 210.155005][T10495] ? __rcu_read_unlock+0x4e/0x70 [ 210.155101][T10495] ? __fget_files+0x184/0x1c0 [ 210.155122][T10495] ? mutex_lock+0x57/0x90 [ 210.155186][T10495] ksys_read+0xdc/0x1a0 [ 210.155269][T10495] __x64_sys_read+0x40/0x50 [ 210.155309][T10495] x64_sys_call+0x2889/0x3000 [ 210.155331][T10495] do_syscall_64+0xc0/0x2a0 [ 210.155404][T10495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.155423][T10495] RIP: 0033:0x7fc26746b84e [ 210.155437][T10495] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 210.155453][T10495] RSP: 002b:00007fc265f06fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 210.155471][T10495] RAX: ffffffffffffffda RBX: 00007fc265f076c0 RCX: 00007fc26746b84e [ 210.155486][T10495] RDX: 000000000000000f RSI: 00007fc265f070a0 RDI: 0000000000000005 [ 210.155498][T10495] RBP: 00007fc265f07090 R08: 0000000000000000 R09: 0000000000000000 [ 210.155509][T10495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.155520][T10495] R13: 00007fc267726038 R14: 00007fc267725fa0 R15: 00007fff353e7fd8 [ 210.155537][T10495] [ 210.426320][T10499] loop2: detected capacity change from 0 to 512 [ 210.433239][T10499] msdos: Unknown parameter 'ts' [ 210.532244][T10507] sctp: [Deprecated]: syz.0.2411 (pid 10507) Use of struct sctp_assoc_value in delayed_ack socket option. [ 210.532244][T10507] Use struct sctp_sack_info instead [ 210.550471][T10499] loop2: detected capacity change from 0 to 2048 [ 210.561132][T10499] msdos: Bad value for 'time_offset' [ 210.700165][T10499] loop2: detected capacity change from 0 to 8192 [ 211.060845][T10526] lo speed is unknown, defaulting to 1000 [ 211.075344][T10526] lo speed is unknown, defaulting to 1000 [ 211.204802][T10526] chnl_net:caif_netlink_parms(): no params data found [ 211.257623][T10526] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.264836][T10526] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.282411][T10526] bridge_slave_0: entered allmulticast mode [ 211.294692][T10526] bridge_slave_0: entered promiscuous mode [ 211.302159][T10526] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.309331][T10526] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.316696][T10526] bridge_slave_1: entered allmulticast mode [ 211.323267][T10526] bridge_slave_1: entered promiscuous mode [ 211.342816][T10526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.362337][T10526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.391684][T10526] team0: Port device team_slave_0 added [ 211.406453][T10526] team0: Port device team_slave_1 added [ 211.459313][T10526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.466366][T10526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.492353][T10526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.555921][T10526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.562926][T10526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.588938][T10526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.684568][T10526] hsr_slave_0: entered promiscuous mode [ 211.701229][T10526] hsr_slave_1: entered promiscuous mode [ 211.711188][T10526] debugfs: 'hsr0' already exists in 'hsr' [ 211.716989][T10526] Cannot create hsr debugfs directory [ 211.887636][T10526] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 211.911808][T10526] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 211.935461][T10526] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 211.962643][T10526] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 212.003971][T10526] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.011126][T10526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.018550][T10526] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.025693][T10526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.066475][T10647] __nla_validate_parse: 1 callbacks suppressed [ 212.066493][T10647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2435'. [ 212.220314][T10526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.243275][T10148] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.251716][T10148] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.267275][T10526] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.283188][ T1666] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.290349][ T1666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.316722][T10143] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.323926][T10143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.332455][T10690] sctp: [Deprecated]: syz.0.2439 (pid 10690) Use of struct sctp_assoc_value in delayed_ack socket option. [ 212.332455][T10690] Use struct sctp_sack_info instead [ 212.357369][T10690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2439'. [ 212.508135][T10526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.641796][T10694] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2441'. [ 212.770256][T10526] veth0_vlan: entered promiscuous mode [ 212.781365][T10526] veth1_vlan: entered promiscuous mode [ 212.802780][T10526] veth0_macvtap: entered promiscuous mode [ 212.817198][T10526] veth1_macvtap: entered promiscuous mode [ 212.840387][T10526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.858742][T10526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.883032][T10130] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.917120][T10130] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.917924][ T29] audit: type=1400 audit(1770683247.969:717): avc: denied { mounton } for pid=10526 comm="syz-executor" path="/root/syzkaller.wmBFVD/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=30540 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 212.949137][T10130] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.014043][T10130] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.075190][T10724] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2444'. [ 213.084269][T10724] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2444'. [ 213.094895][T10724] siw: device registration error -23 [ 213.101114][T10724] syz_tun: entered allmulticast mode [ 213.223295][T10740] 9p: Bad value for 'rfdno' [ 213.588742][T10782] sctp: [Deprecated]: syz.6.2457 (pid 10782) Use of struct sctp_assoc_value in delayed_ack socket option. [ 213.588742][T10782] Use struct sctp_sack_info instead [ 213.625219][T10782] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2457'. [ 213.657992][T10782] loop6: detected capacity change from 0 to 512 [ 213.755439][T10782] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.2457: couldn't read orphan inode 26 (err -116) [ 213.774814][T10782] EXT4-fs (loop6): Remounting filesystem read-only [ 213.783347][T10782] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.799652][T10782] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.851308][T10806] netlink: 'syz.0.2461': attribute type 16 has an invalid length. [ 213.859377][T10806] netlink: 'syz.0.2461': attribute type 17 has an invalid length. [ 213.954182][ T29] audit: type=1326 audit(1770683248.999:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 213.987052][T10806] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 213.999230][ T29] audit: type=1326 audit(1770683249.029:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.025904][ T29] audit: type=1326 audit(1770683249.029:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.034616][ T9940] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 214.049675][ T29] audit: type=1326 audit(1770683249.029:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.049744][ T29] audit: type=1326 audit(1770683249.029:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.105567][ T29] audit: type=1326 audit(1770683249.029:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 214.129001][ T29] audit: type=1326 audit(1770683249.029:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 214.152592][ T29] audit: type=1326 audit(1770683249.029:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f31bf1ab84e code=0x7ffc0000 [ 214.175876][ T29] audit: type=1326 audit(1770683249.029:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10815 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.242584][T10835] loop5: detected capacity change from 0 to 128 [ 214.360212][T10835] EXT4-fs: Ignoring removed nobh option [ 214.395441][T10526] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.438148][T10835] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 214.461160][ T29] audit: type=1326 audit(1770683249.469:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.484795][ T29] audit: type=1326 audit(1770683249.469:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.508296][ T29] audit: type=1326 audit(1770683249.479:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.531727][ T29] audit: type=1326 audit(1770683249.479:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.555503][ T29] audit: type=1326 audit(1770683249.479:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.569940][T10835] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 214.578925][ T29] audit: type=1326 audit(1770683249.479:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.612534][ T29] audit: type=1326 audit(1770683249.479:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.635971][ T29] audit: type=1326 audit(1770683249.479:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.659441][ T29] audit: type=1326 audit(1770683249.479:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10863 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 214.957133][T10883] lo speed is unknown, defaulting to 1000 [ 214.963642][T10883] lo speed is unknown, defaulting to 1000 [ 215.731031][T10884] Process accounting resumed [ 216.013643][T10934] netlink: 'syz.1.2481': attribute type 16 has an invalid length. [ 216.021602][T10934] netlink: 'syz.1.2481': attribute type 17 has an invalid length. [ 216.137160][T10934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.147857][T10936] loop6: detected capacity change from 0 to 512 [ 216.177498][T10934] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.220124][T10934] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 216.235705][ T3679] lo speed is unknown, defaulting to 1000 [ 216.241558][ T3679] syz0: Port: 1 Link ACTIVE [ 216.279040][ T3679] lo speed is unknown, defaulting to 1000 [ 216.367693][T10936] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 216.379360][T10936] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 216.389534][T10936] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.2482: Corrupt directory, running e2fsck is recommended [ 216.512666][ T9940] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 216.621888][T10957] loop5: detected capacity change from 0 to 2048 [ 216.635779][T10959] veth1_to_team: mtu less than device minimum [ 216.663301][T10960] netlink: 'syz.0.2489': attribute type 21 has an invalid length. [ 216.671252][T10960] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2489'. [ 216.690754][T10960] netlink: 'syz.0.2489': attribute type 4 has an invalid length. [ 216.698602][T10960] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2489'. [ 216.713378][ T7095] loop5: p1 < > p2 p3 < p5 p6 > p4 [ 216.718796][ T7095] loop5: partition table partially beyond EOD, truncated [ 216.726448][ T7095] loop5: p1 start 4278190080 is beyond EOD, truncated [ 216.733272][ T7095] loop5: p2 start 16908800 is beyond EOD, truncated [ 216.776015][ T7095] loop5: p5 start 16908800 is beyond EOD, truncated [ 216.789400][T10936] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2 [ 216.809447][T10957] loop5: p1 < > p2 p3 < p5 p6 > p4 [ 216.814748][T10957] loop5: partition table partially beyond EOD, truncated [ 216.832295][T10936] EXT4-fs error (device loop6): ext4_iget_extra_inode:5073: inode #15: comm syz.6.2482: corrupted in-inode xattr: invalid ea_ino [ 216.846254][T10957] loop5: p1 start 4278190080 is beyond EOD, truncated [ 216.853120][T10957] loop5: p2 start 16908800 is beyond EOD, truncated [ 216.876627][T10957] loop5: p5 start 16908800 is beyond EOD, truncated [ 216.919338][T10936] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.2482: couldn't read orphan inode 15 (err -117) [ 216.933467][T10936] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.988893][T10974] team0: Cannot enslave team device to itself [ 216.995079][T10974] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 217.030734][T10526] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.094930][T10978] syz_tun: entered allmulticast mode [ 217.111327][T10975] syz_tun: left allmulticast mode [ 217.241704][T10987] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2499'. [ 217.250912][T10987] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2499'. [ 217.286560][T10987] syz_tun: entered allmulticast mode [ 217.293869][T10986] syz_tun: left allmulticast mode [ 217.358874][T10992] siw: device registration error -23 [ 217.510392][T11006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2507'. [ 217.519441][T11006] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2507'. [ 217.572461][T11009] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2508'. [ 217.581559][T11009] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2508'. [ 217.910776][T11018] netlink: 'syz.5.2512': attribute type 16 has an invalid length. [ 217.918700][T11018] netlink: 'syz.5.2512': attribute type 17 has an invalid length. [ 217.942315][T11020] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.956855][T11020] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.981657][T11025] siw: device registration error -23 [ 218.040408][T10940] syz_tun (unregistering): left allmulticast mode [ 218.111403][T11018] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.227991][T11019] lo speed is unknown, defaulting to 1000 [ 218.234154][T11019] lo speed is unknown, defaulting to 1000 [ 218.339038][T11019] chnl_net:caif_netlink_parms(): no params data found [ 218.407390][T11019] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.414493][T11019] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.422013][T11019] bridge_slave_0: entered allmulticast mode [ 218.429194][T11019] bridge_slave_0: entered promiscuous mode [ 218.436262][T11019] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.443368][T11019] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.451024][T11019] bridge_slave_1: entered allmulticast mode [ 218.457826][T11019] bridge_slave_1: entered promiscuous mode [ 218.483184][T11057] netlink: 304 bytes leftover after parsing attributes in process `syz.5.2518'. [ 218.526250][T11019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.559088][T11019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.610259][T11019] team0: Port device team_slave_0 added [ 218.635400][T11019] team0: Port device team_slave_1 added [ 218.687832][T11019] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.694887][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 218.720973][T11019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.737947][T11019] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.745102][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 218.771154][T11019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 218.819142][T11019] hsr_slave_0: entered promiscuous mode [ 218.829697][T11019] hsr_slave_1: entered promiscuous mode [ 218.835918][T11019] debugfs: 'hsr0' already exists in 'hsr' [ 218.841739][T11019] Cannot create hsr debugfs directory [ 218.958921][T11019] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.228651][T11100] netlink: 'syz.5.2526': attribute type 16 has an invalid length. [ 219.236580][T11100] netlink: 'syz.5.2526': attribute type 17 has an invalid length. [ 219.935844][T11164] netlink: 'syz.6.2530': attribute type 4 has an invalid length. [ 220.062724][T11019] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.450992][T11100] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 220.496236][T11019] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.627155][T11019] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.829656][T11019] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 220.855303][T11019] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 220.879091][T11019] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 220.904403][T11019] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 220.918890][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 220.918916][ T29] audit: type=1326 audit(1770683255.969:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 220.974901][ T29] audit: type=1326 audit(1770683255.999:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 220.998584][ T29] audit: type=1326 audit(1770683255.999:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.022037][ T29] audit: type=1326 audit(1770683255.999:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.045565][ T29] audit: type=1326 audit(1770683255.999:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.069024][ T29] audit: type=1326 audit(1770683255.999:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.092549][ T29] audit: type=1326 audit(1770683255.999:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.104546][T11019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.116014][ T29] audit: type=1326 audit(1770683255.999:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.146145][ T29] audit: type=1326 audit(1770683255.999:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.169741][ T29] audit: type=1326 audit(1770683255.999:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31bf1eaf79 code=0x7ffc0000 [ 221.200303][T11019] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.211455][T11240] loop5: detected capacity change from 0 to 1024 [ 221.222913][T10676] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.230045][T10676] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.258489][T10676] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.265627][T10676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.278144][T11261] loop6: detected capacity change from 0 to 512 [ 221.306407][T11240] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.330273][T11019] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 221.340674][T11019] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.352279][T11261] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.365282][T11261] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.380911][T11261] EXT4-fs error (device loop6): ext4_lookup:1785: inode #12: comm syz.6.2540: iget: bad i_size value: 2533274857506816 [ 221.456585][T11278] EXT4-fs error (device loop6): ext4_lookup:1785: inode #12: comm syz.6.2540: iget: bad i_size value: 2533274857506816 [ 221.507594][T11019] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.585173][T11283] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2545'. [ 221.596188][T11283] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2545'. [ 221.607074][T11288] netlink: 'syz.1.2544': attribute type 16 has an invalid length. [ 221.615002][T11288] netlink: 'syz.1.2544': attribute type 17 has an invalid length. [ 221.660088][ T9940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.717139][T11288] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 221.742607][T11019] veth0_vlan: entered promiscuous mode [ 221.768390][T11019] veth1_vlan: entered promiscuous mode [ 221.804041][T11019] veth0_macvtap: entered promiscuous mode [ 221.814759][T11019] veth1_macvtap: entered promiscuous mode [ 221.831876][T11019] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.849325][T11019] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.888146][ T310] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.910529][ T310] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.956885][T11305] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2550'. [ 221.966381][ T310] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.978072][T11305] syz_tun: entered allmulticast mode [ 221.984816][T11304] syz_tun: left allmulticast mode [ 221.999696][T10676] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.091442][T11314] siw: device registration error -23 [ 222.100930][T11314] syz_tun: entered allmulticast mode [ 222.158553][T10526] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.262781][T11325] loop6: detected capacity change from 0 to 512 [ 222.299311][T11325] EXT4-fs warning (device loop6): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 222.330022][T11325] EXT4-fs (loop6): mount failed [ 222.340139][T11332] netlink: 'syz.5.2559': attribute type 16 has an invalid length. [ 222.348180][T11332] netlink: 'syz.5.2559': attribute type 17 has an invalid length. [ 222.363679][T11334] __nla_validate_parse: 4 callbacks suppressed [ 222.363699][T11334] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2561'. [ 222.379081][T11334] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2561'. [ 222.527404][T11332] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 222.591671][T11347] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2567'. [ 222.600737][T11347] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2567'. [ 222.637119][T11347] siw: device registration error -23 [ 222.659241][T11353] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2568'. [ 222.703265][T11353] ..0{X: renamed from gretap0 (while UP) [ 222.723490][T11353] ..0{X: entered allmulticast mode [ 222.747343][T11353] A link change request failed with some changes committed already. Interface ..0{X may have been left with an inconsistent configuration, please check. [ 222.886372][T11371] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2576'. [ 222.895399][T11371] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2576'. [ 222.945703][T11373] loop3: detected capacity change from 0 to 128 [ 222.975550][T11373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2577'. [ 223.003598][T11377] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 223.075152][T11384] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2582'. [ 223.088292][T11386] 9p: Bad value for 'rfdno' [ 223.094013][T11385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2580'. [ 223.114528][T11384] loop3: detected capacity change from 0 to 128 [ 223.185205][T11385] siw: device registration error -23 [ 223.274368][T11399] FAULT_INJECTION: forcing a failure. [ 223.274368][T11399] name failslab, interval 1, probability 0, space 0, times 0 [ 223.287089][T11399] CPU: 1 UID: 0 PID: 11399 Comm: syz.3.2585 Not tainted syzkaller #0 PREEMPT(voluntary) [ 223.287127][T11399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 223.287187][T11399] Call Trace: [ 223.287196][T11399] [ 223.287205][T11399] __dump_stack+0x1d/0x30 [ 223.287235][T11399] dump_stack_lvl+0x95/0xd0 [ 223.287257][T11399] dump_stack+0x15/0x1b [ 223.287282][T11399] should_fail_ex+0x263/0x280 [ 223.287358][T11399] should_failslab+0x8c/0xb0 [ 223.287451][T11399] kmem_cache_alloc_noprof+0x68/0x490 [ 223.287527][T11399] ? __anon_vma_prepare+0xcd/0x2f0 [ 223.287572][T11399] __anon_vma_prepare+0xcd/0x2f0 [ 223.287658][T11399] do_wp_page+0x1976/0x2560 [ 223.287698][T11399] ? css_rstat_updated+0xbb/0x280 [ 223.287758][T11399] ? __rcu_read_lock+0x36/0x50 [ 223.287800][T11399] handle_mm_fault+0x8c7/0x3030 [ 223.287883][T11399] ? vma_start_read+0x1c7/0x2c0 [ 223.287945][T11399] do_user_addr_fault+0x62f/0x1050 [ 223.288031][T11399] ? ksys_mmap_pgoff+0xc1/0x310 [ 223.288135][T11399] ? fpregs_assert_state_consistent+0xb3/0xe0 [ 223.288295][T11399] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 223.288333][T11399] ? irqentry_exit+0x3c/0x510 [ 223.288366][T11399] exc_page_fault+0x62/0xa0 [ 223.288412][T11399] asm_exc_page_fault+0x26/0x30 [ 223.288439][T11399] RIP: 0033:0x7f9a574527e3 [ 223.288460][T11399] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 223.288485][T11399] RSP: 002b:00007f9a55fee470 EFLAGS: 00010202 [ 223.288586][T11399] RAX: 0000000000000400 RBX: 00007f9a55fee530 RCX: 00007f9a4dbcf000 [ 223.288600][T11399] RDX: 00007f9a55fee6d0 RSI: 0000000000000059 RDI: 00007f9a55fee5d0 [ 223.288614][T11399] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a5 [ 223.288626][T11399] R10: 00000000000000be R11: 00007f9a55fee530 R12: 0000000000000001 [ 223.288639][T11399] R13: 00007f9a57650a20 R14: 0000000000000020 R15: 00007f9a55fee5d0 [ 223.288659][T11399] [ 223.288671][T11399] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 223.502801][T11399] loop3: detected capacity change from 0 to 512 [ 223.532765][T11399] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2585: invalid indirect mapped block 256 (level 2) [ 223.550867][T11399] EXT4-fs (loop3): 2 truncates cleaned up [ 223.561157][T11399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.662838][T11019] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.712068][T11413] loop6: detected capacity change from 0 to 512 [ 223.813704][T11413] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 223.833596][T11425] netlink: 'syz.1.2589': attribute type 11 has an invalid length. [ 223.868127][T11413] EXT4-fs (loop6): orphan cleanup on readonly fs [ 223.886178][T11430] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2305 sclass=netlink_route_socket pid=11430 comm=syz.1.2589 [ 223.905966][T11413] EXT4-fs error (device loop6): ext4_acquire_dquot:6986: comm syz.6.2591: Failed to acquire dquot type 1 [ 223.929982][T11433] sctp: [Deprecated]: syz.3.2595 (pid 11433) Use of struct sctp_assoc_value in delayed_ack socket option. [ 223.929982][T11433] Use struct sctp_sack_info instead [ 223.958375][T11433] loop3: detected capacity change from 0 to 512 [ 223.966571][T11413] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #16: comm syz.6.2591: corrupted inode contents [ 224.019858][T11413] EXT4-fs error (device loop6): ext4_dirty_inode:6502: inode #16: comm syz.6.2591: mark_inode_dirty error [ 224.036673][T11433] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2595: couldn't read orphan inode 26 (err -116) [ 224.049016][T11433] EXT4-fs (loop3): Remounting filesystem read-only [ 224.055930][T11413] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #16: comm syz.6.2591: corrupted inode contents [ 224.056823][T11433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.082356][T11433] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.092895][T11435] loop5: detected capacity change from 0 to 128 [ 224.105663][T11413] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #16: comm syz.6.2591: mark_inode_dirty error [ 224.135993][T11413] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #16: comm syz.6.2591: corrupted inode contents [ 224.148902][T11435] FAT-fs (loop5): bogus number of reserved sectors [ 224.155570][T11435] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 224.164913][T11435] FAT-fs (loop5): Can't find a valid FAT filesystem [ 224.185500][T11413] EXT4-fs error (device loop6) in ext4_orphan_del:303: Corrupt filesystem [ 224.205010][T11413] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #16: comm syz.6.2591: corrupted inode contents [ 224.225140][T11413] EXT4-fs error (device loop6): ext4_truncate:4635: inode #16: comm syz.6.2591: mark_inode_dirty error [ 224.246024][T11413] EXT4-fs error (device loop6) in ext4_process_orphan:345: Corrupt filesystem [ 224.265696][T11413] EXT4-fs (loop6): 1 truncate cleaned up [ 224.271767][T11413] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-0000002a0000 ro without journal. Quota mode: writeback. [ 224.319463][T11415] netlink: 'syz.6.2591': attribute type 10 has an invalid length. [ 224.327606][T11413] netlink: 'syz.6.2591': attribute type 10 has an invalid length. [ 224.335360][T11415] dummy0: entered promiscuous mode [ 224.340635][T11415] dummy0: entered allmulticast mode [ 224.347463][T11415] bridge0: port 3(dummy0) entered blocking state [ 224.353908][T11415] bridge0: port 3(dummy0) entered disabled state [ 224.361946][T11415] bridge0: port 3(dummy0) entered blocking state [ 224.368407][T11415] bridge0: port 3(dummy0) entered forwarding state [ 224.422965][T10526] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-0000002a0000. [ 224.537320][T11470] netlink: 'syz.6.2603': attribute type 16 has an invalid length. [ 224.545554][T11470] netlink: 'syz.6.2603': attribute type 17 has an invalid length. [ 224.555463][T11460] bridge0: port 3(dummy0) entered disabled state [ 224.605538][T11460] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.624354][T11460] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.745304][T11470] bridge0: port 3(dummy0) entered blocking state [ 224.751822][T11470] bridge0: port 3(dummy0) entered forwarding state [ 224.757768][T11019] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.771653][T11470] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 224.899161][T11506] binfmt_misc: register: failed to install interpreter file ./file0 [ 225.054555][T11531] lo speed is unknown, defaulting to 1000 [ 225.072489][T11531] lo speed is unknown, defaulting to 1000 [ 225.299183][T11580] sctp: [Deprecated]: syz.0.2618 (pid 11580) Use of struct sctp_assoc_value in delayed_ack socket option. [ 225.299183][T11580] Use struct sctp_sack_info instead [ 225.425117][T11587] netlink: 'syz.3.2620': attribute type 16 has an invalid length. [ 225.432999][T11587] netlink: 'syz.3.2620': attribute type 17 has an invalid length. [ 225.445379][T11582] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.465956][T11582] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.471515][T11586] loop5: detected capacity change from 0 to 512 [ 225.507446][ T3680] IPVS: starting estimator thread 0... [ 225.515840][T11540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.526940][T11540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.535802][T11586] EXT4-fs (loop5): orphan cleanup on readonly fs [ 225.542653][T11586] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #4: comm syz.5.2622: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 225.573784][T11586] EXT4-fs error (device loop5): ext4_quota_enable:7180: comm syz.5.2622: Bad quota inode: 4, type: 1 [ 225.585326][T11586] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 225.615491][T11586] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 225.623104][T11586] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 225.638831][T11586] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 225.645347][T11589] IPVS: using max 2256 ests per chain, 112800 per kthread [ 225.649047][T11586] EXT4-fs warning (device loop5): ext4_multi_mount_protect:288: Invalid MMP block in superblock [ 225.681185][T11587] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 225.790556][ T9940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.797584][T11605] lo speed is unknown, defaulting to 1000 [ 225.806608][T11605] lo speed is unknown, defaulting to 1000 [ 226.025484][T11634] __quota_error: 204 callbacks suppressed [ 226.025507][T11634] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 226.051776][T11634] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 226.090611][T11634] EXT4-fs (loop3): mount failed [ 226.483370][T11700] TCP: TCP_TX_DELAY enabled [ 226.526362][T11708] sctp: [Deprecated]: syz.1.2642 (pid 11708) Use of struct sctp_assoc_value in delayed_ack socket option. [ 226.526362][T11708] Use struct sctp_sack_info instead [ 226.667902][T11731] siw: device registration error -23 [ 226.803849][T11761] set_capacity_and_notify: 1 callbacks suppressed [ 226.803871][T11761] loop5: detected capacity change from 0 to 512 [ 226.860811][T11761] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.2654: corrupted in-inode xattr: invalid ea_ino [ 226.878655][T11774] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11774 comm=syz.3.2658 [ 226.898675][T11761] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.2654: couldn't read orphan inode 15 (err -117) [ 226.914379][T11776] netlink: 'syz.6.2659': attribute type 16 has an invalid length. [ 226.922394][T11776] netlink: 'syz.6.2659': attribute type 17 has an invalid length. [ 226.932865][T11761] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.955394][T11761] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #2: comm syz.5.2654: corrupted xattr block 255: invalid header [ 226.970957][T11776] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 226.991200][T11761] SELinux: (dev loop5, type ext4) getxattr errno 117 [ 227.000637][T11761] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.046320][ T29] audit: type=1400 audit(1770683262.099:976): avc: denied { setopt } for pid=11780 comm="syz.5.2661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 227.219464][ T29] audit: type=1400 audit(1770683262.249:977): avc: denied { append } for pid=11797 comm="syz.6.2669" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 227.267684][ T29] audit: type=1400 audit(1770683262.319:978): avc: denied { connect } for pid=11807 comm="syz.5.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 227.283853][T11804] netlink: 'syz.6.2674': attribute type 16 has an invalid length. [ 227.295209][T11804] netlink: 'syz.6.2674': attribute type 17 has an invalid length. [ 227.341714][ T29] audit: type=1400 audit(1770683262.389:979): avc: denied { setopt } for pid=11807 comm="syz.5.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 227.361644][ T29] audit: type=1400 audit(1770683262.389:980): avc: denied { ioctl } for pid=11807 comm="syz.5.2672" path="socket:[33567]" dev="sockfs" ino=33567 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 227.361682][ T29] audit: type=1400 audit(1770683262.389:981): avc: denied { read } for pid=11807 comm="syz.5.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 227.410632][T11804] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 227.506436][T11819] loop3: detected capacity change from 0 to 2048 [ 227.547568][T11819] loop3: p1 < > p4 [ 227.560334][T11819] loop3: p4 size 722688 extends beyond EOD, truncated [ 227.598621][ T3001] loop3: p1 < > p4 [ 227.606888][ T3001] loop3: p4 size 722688 extends beyond EOD, truncated [ 227.650600][T11835] __nla_validate_parse: 22 callbacks suppressed [ 227.650644][T11835] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2686'. [ 227.666247][T11835] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2686'. [ 227.812893][ T7095] udevd[7095]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 227.826579][ T7427] udevd[7427]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 227.899495][T11854] FAULT_INJECTION: forcing a failure. [ 227.899495][T11854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.912885][T11854] CPU: 0 UID: 0 PID: 11854 Comm: syz.5.2692 Not tainted syzkaller #0 PREEMPT(voluntary) [ 227.912918][T11854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 227.912935][T11854] Call Trace: [ 227.912944][T11854] [ 227.912954][T11854] __dump_stack+0x1d/0x30 [ 227.913040][T11854] dump_stack_lvl+0x95/0xd0 [ 227.913068][T11854] dump_stack+0x15/0x1b [ 227.913088][T11854] should_fail_ex+0x263/0x280 [ 227.913129][T11854] should_fail+0xb/0x20 [ 227.913247][T11854] should_fail_usercopy+0x1a/0x20 [ 227.913281][T11854] _copy_from_user+0x1c/0xb0 [ 227.913307][T11854] __io_register_rsrc_update+0x268/0xac0 [ 227.913388][T11854] ? get_pid_task+0x96/0xd0 [ 227.913421][T11854] ? should_fail_ex+0xd9/0x280 [ 227.913476][T11854] io_register_rsrc_update+0x12f/0x140 [ 227.913507][T11854] __se_sys_io_uring_register+0x9c6/0xf30 [ 227.913553][T11854] ? fput+0x8f/0xc0 [ 227.913615][T11854] ? ksys_write+0x194/0x1a0 [ 227.913650][T11854] __x64_sys_io_uring_register+0x55/0x70 [ 227.913789][T11854] x64_sys_call+0x27ad/0x3000 [ 227.913822][T11854] do_syscall_64+0xc0/0x2a0 [ 227.913862][T11854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.913954][T11854] RIP: 0033:0x7f68763faf79 [ 227.913970][T11854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 227.913989][T11854] RSP: 002b:00007f6874e4f028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 227.914013][T11854] RAX: ffffffffffffffda RBX: 00007f6876675fa0 RCX: 00007f68763faf79 [ 227.914034][T11854] RDX: 0000200000000600 RSI: 0000000000000010 RDI: 0000000000000003 [ 227.914051][T11854] RBP: 00007f6874e4f090 R08: 0000000000000000 R09: 0000000000000000 [ 227.914074][T11854] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001 [ 227.914086][T11854] R13: 00007f6876676038 R14: 00007f6876675fa0 R15: 00007ffd1e7aa718 [ 227.914141][T11854] [ 228.045590][T11859] sctp: [Deprecated]: syz.6.2694 (pid 11859) Use of struct sctp_assoc_value in delayed_ack socket option. [ 228.045590][T11859] Use struct sctp_sack_info instead [ 228.149679][T11861] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2694'. [ 228.200888][T11866] loop5: detected capacity change from 0 to 1024 [ 228.210927][T11863] binfmt_misc: register: failed to install interpreter file ./file0 [ 228.257517][T11866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.273946][T11874] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 228.282077][T11874] audit: out of memory in audit_log_start [ 228.289104][T11874] random: crng reseeded on system resumption [ 228.309512][ T29] audit: type=1400 audit(1770683263.339:982): avc: denied { open } for pid=11870 comm="syz.3.2698" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 228.375325][ T9940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.593528][T11891] FAULT_INJECTION: forcing a failure. [ 228.593528][T11891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.606714][T11891] CPU: 1 UID: 0 PID: 11891 Comm: syz.5.2704 Not tainted syzkaller #0 PREEMPT(voluntary) [ 228.606750][T11891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 228.606764][T11891] Call Trace: [ 228.606772][T11891] [ 228.606780][T11891] __dump_stack+0x1d/0x30 [ 228.606849][T11891] dump_stack_lvl+0x95/0xd0 [ 228.606878][T11891] dump_stack+0x15/0x1b [ 228.606932][T11891] should_fail_ex+0x263/0x280 [ 228.606973][T11891] should_fail+0xb/0x20 [ 228.607012][T11891] should_fail_usercopy+0x1a/0x20 [ 228.607095][T11891] _copy_from_user+0x1c/0xb0 [ 228.607123][T11891] __sys_bpf+0x183/0x7b0 [ 228.607165][T11891] __x64_sys_bpf+0x41/0x50 [ 228.607251][T11891] x64_sys_call+0x28e1/0x3000 [ 228.607284][T11891] do_syscall_64+0xc0/0x2a0 [ 228.607404][T11891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.607433][T11891] RIP: 0033:0x7f68763faf79 [ 228.607454][T11891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.607480][T11891] RSP: 002b:00007f6874e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 228.607506][T11891] RAX: ffffffffffffffda RBX: 00007f6876675fa0 RCX: 00007f68763faf79 [ 228.607520][T11891] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 228.607587][T11891] RBP: 00007f6874e4f090 R08: 0000000000000000 R09: 0000000000000000 [ 228.607604][T11891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.607619][T11891] R13: 00007f6876676038 R14: 00007f6876675fa0 R15: 00007ffd1e7aa718 [ 228.607651][T11891] [ 228.798622][T11893] IPv6: NLM_F_CREATE should be specified when creating new route [ 228.830129][T11900] random: crng reseeded on system resumption [ 228.925708][T11906] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2710'. [ 228.934734][T11906] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2710'. [ 228.962266][T11906] siw: device registration error -23 [ 228.968667][T11906] syz_tun: entered allmulticast mode [ 228.985521][T11902] loop3: detected capacity change from 0 to 8192 [ 229.040084][T11911] loop5: detected capacity change from 0 to 512 [ 229.064149][T11911] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 229.082746][T11902] macvlan2: entered promiscuous mode [ 229.114694][T11902] batman_adv: batadv0: Adding interface: macvlan2 [ 229.121245][T11902] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 229.146821][T11902] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 229.168468][T11915] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2711'. [ 229.231022][T11917] syzkaller0: entered promiscuous mode [ 229.236677][T11917] syzkaller0: entered allmulticast mode [ 229.246974][T11911] loop5: detected capacity change from 0 to 8192 [ 229.409800][T11932] xt_CT: You must specify a L4 protocol and not use inversions on it [ 229.524949][T11911] ================================================================== [ 229.541180][T11911] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 [ 229.551029][T11911] [ 229.553381][T11911] read-write to 0xffffffff86a09a00 of 8 bytes by interrupt on cpu 1: [ 229.561916][T11911] tick_do_update_jiffies64+0x113/0x1c0 [ 229.567508][T11911] tick_nohz_handler+0x8d/0x3d0 [ 229.572411][T11911] __hrtimer_run_queues+0x20f/0x590 [ 229.577691][T11911] hrtimer_interrupt+0x269/0x810 [ 229.582681][T11911] __sysvec_apic_timer_interrupt+0x5f/0x1d0 [ 229.588642][T11911] sysvec_apic_timer_interrupt+0x6f/0x80 [ 229.594316][T11911] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 229.600369][T11911] __cond_resched+0x0/0x60 [ 229.604825][T11911] __alloc_frozen_pages_noprof+0xfe/0x350 [ 229.610594][T11911] alloc_pages_mpol+0xb3/0x260 [ 229.615423][T11911] vma_alloc_folio_noprof+0x1a9/0x300 [ 229.620851][T11911] handle_mm_fault+0x111f/0x3030 [ 229.625837][T11911] __get_user_pages+0x1023/0x1ea0 [ 229.630992][T11911] __gup_longterm_locked+0x2fa/0xe30 [ 229.636389][T11911] gup_fast_fallback+0x1f3/0x13c0 [ 229.641440][T11911] pin_user_pages_fast+0x5f/0x90 [ 229.646620][T11911] io_pin_pages+0xba/0x170 [ 229.651060][T11911] io_sqe_buffer_register+0x184/0x14d0 [ 229.656551][T11911] __io_register_rsrc_update+0x31b/0xac0 [ 229.662241][T11911] io_register_rsrc_update+0x12f/0x140 [ 229.667724][T11911] __se_sys_io_uring_register+0x9c6/0xf30 [ 229.673601][T11911] __x64_sys_io_uring_register+0x55/0x70 [ 229.679275][T11911] x64_sys_call+0x27ad/0x3000 [ 229.683985][T11911] do_syscall_64+0xc0/0x2a0 [ 229.688521][T11911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.694477][T11911] [ 229.696823][T11911] read to 0xffffffff86a09a00 of 8 bytes by task 11911 on cpu 0: [ 229.704478][T11911] mem_cgroup_flush_stats_ratelimited+0x29/0x70 [ 229.710752][T11911] count_shadow_nodes+0x6a/0x230 [ 229.715740][T11911] do_shrink_slab+0x63/0x670 [ 229.720355][T11911] shrink_slab+0x538/0x880 [ 229.724800][T11911] shrink_node+0x6cb/0x2000 [ 229.729340][T11911] do_try_to_free_pages+0x404/0xcc0 [ 229.734579][T11911] try_to_free_mem_cgroup_pages+0x222/0x470 [ 229.740623][T11911] try_charge_memcg+0x37e/0xa10 [ 229.745497][T11911] obj_cgroup_charge_pages+0x23/0xc0 [ 229.750821][T11911] __memcg_kmem_charge_page+0x9e/0x170 [ 229.756324][T11911] __alloc_frozen_pages_noprof+0x18a/0x350 [ 229.762159][T11911] alloc_pages_mpol+0xb3/0x260 [ 229.766954][T11911] alloc_pages_noprof+0x8f/0x130 [ 229.771953][T11911] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 229.778023][T11911] __kvmalloc_node_noprof+0x471/0x680 [ 229.783426][T11911] ip_set_alloc+0x24/0x30 [ 229.787803][T11911] hash_netiface_create+0x282/0x740 [ 229.793058][T11911] ip_set_create+0x3cf/0x970 [ 229.797706][T11911] nfnetlink_rcv_msg+0x509/0x5d0 [ 229.802671][T11911] netlink_rcv_skb+0x123/0x220 [ 229.807468][T11911] nfnetlink_rcv+0x167/0x1720 [ 229.812176][T11911] netlink_unicast+0x5c0/0x690 [ 229.816969][T11911] netlink_sendmsg+0x5c8/0x6f0 [ 229.821757][T11911] ____sys_sendmsg+0x5af/0x600 [ 229.826562][T11911] ___sys_sendmsg+0x195/0x1e0 [ 229.831261][T11911] __x64_sys_sendmsg+0xd4/0x160 [ 229.836133][T11911] x64_sys_call+0x17ba/0x3000 [ 229.840842][T11911] do_syscall_64+0xc0/0x2a0 [ 229.845446][T11911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.851368][T11911] [ 229.853724][T11911] value changed: 0x00000000ffffe43d -> 0x00000000ffffe43e [ 229.860851][T11911] [ 229.863195][T11911] Reported by Kernel Concurrency Sanitizer on: [ 229.869378][T11911] CPU: 0 UID: 0 PID: 11911 Comm: syz.5.2714 Not tainted syzkaller #0 PREEMPT(voluntary) [ 229.879215][T11911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 229.889305][T11911] ================================================================== [ 229.907940][T11940] Invalid argument reading file caps for ./file0 [ 230.496783][T11910] syz.5.2714 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 230.507881][T11910] CPU: 0 UID: 0 PID: 11910 Comm: syz.5.2714 Not tainted syzkaller #0 PREEMPT(voluntary) [ 230.507912][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 230.507925][T11910] Call Trace: [ 230.507934][T11910] [ 230.507945][T11910] __dump_stack+0x1d/0x30 [ 230.507978][T11910] dump_stack_lvl+0x95/0xd0 [ 230.508042][T11910] dump_stack+0x15/0x1b [ 230.508136][T11910] dump_header+0x80/0x240 [ 230.508166][T11910] oom_kill_process+0x295/0x350 [ 230.508200][T11910] out_of_memory+0x97d/0xb80 [ 230.508235][T11910] try_charge_memcg+0x62e/0xa10 [ 230.508266][T11910] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 230.508345][T11910] __read_swap_cache_async+0x17b/0x2d0 [ 230.508391][T11910] swap_cluster_readahead+0x362/0x3c0 [ 230.508434][T11910] swapin_readahead+0xde/0x840 [ 230.508550][T11910] ? mod_memcg_lruvec_state+0x1a1/0x280 [ 230.508592][T11910] ? lruvec_stat_mod_folio+0xd2/0x110 [ 230.508620][T11910] ? __rcu_read_unlock+0x4e/0x70 [ 230.508677][T11910] ? swap_cache_get_folio+0x26f/0x280 [ 230.508718][T11910] do_swap_page+0x59b/0x2a50 [ 230.508770][T11910] ? __rcu_read_lock+0x36/0x50 [ 230.508799][T11910] ? __pfx_default_wake_function+0x10/0x10 [ 230.508849][T11910] handle_mm_fault+0xb40/0x3030 [ 230.508885][T11910] ? vma_start_read+0x1c7/0x2c0 [ 230.508926][T11910] do_user_addr_fault+0x62f/0x1050 [ 230.509030][T11910] ? fpregs_assert_state_consistent+0xb3/0xe0 [ 230.509056][T11910] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 230.509098][T11910] ? irqentry_exit+0x3c/0x510 [ 230.509143][T11910] exc_page_fault+0x62/0xa0 [ 230.509221][T11910] asm_exc_page_fault+0x26/0x30 [ 230.509243][T11910] RIP: 0033:0x7f68763b6178 [ 230.509295][T11910] Code: 75 40 a8 10 75 3c 41 51 4c 8d 9b 08 03 00 00 49 89 c9 48 89 f1 41 50 48 8b 74 24 20 49 89 d0 48 89 fa 4c 89 df e8 a8 56 00 00 <8b> 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 [ 230.509316][T11910] RSP: 002b:00007ffd1e7aa800 EFLAGS: 00010246 [ 230.509333][T11910] RAX: 0000000000000000 RBX: 0000555559291500 RCX: 00007f68763bb84e [ 230.509347][T11910] RDX: 00007ffd1e7aa850 RSI: 0000000000000000 RDI: 0000000000000000 [ 230.509360][T11910] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 230.509375][T11910] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000381df [ 230.509437][T11910] R13: 00007f687667609c R14: 000000000003808d R15: 00007f6876676090 [ 230.509457][T11910] [ 230.509463][T11910] memory: usage 307200kB, limit 307200kB, failcnt 141 [ 230.747443][T11910] memory+swap: usage 311516kB, limit 9007199254740988kB, failcnt 0 [ 230.755400][T11910] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0 [ 230.762710][T11910] Memory cgroup stats for /syz5: [ 230.763109][T11910] cache 45056 [ 230.771420][T11910] rss 0 [ 230.774215][T11910] shmem 0 [ 230.777264][T11910] mapped_file 0 [ 230.780738][T11910] dirty 0 [ 230.783743][T11910] writeback 0 [ 230.787095][T11910] workingset_refault_anon 85 [ 230.791710][T11910] workingset_refault_file 0 [ 230.796254][T11910] swap 4419584 [ 230.799661][T11910] swapcached 0 [ 230.803141][T11910] pgpgin 36756 [ 230.806616][T11910] pgpgout 36745 [ 230.810149][T11910] pgfault 35021 [ 230.813717][T11910] pgmajfault 41 [ 230.817307][T11910] inactive_anon 0 [ 230.820975][T11910] active_anon 0 [ 230.824484][T11910] inactive_file 45056 [ 230.829065][T11910] active_file 0 [ 230.832569][T11910] unevictable 0 [ 230.836224][T11910] hierarchical_memory_limit 314572800 [ 230.841624][T11910] hierarchical_memsw_limit 9223372036854771712 [ 230.847838][T11910] total_cache 45056 [ 230.851681][T11910] total_rss 0 [ 230.855097][T11910] total_shmem 0 [ 230.858583][T11910] total_mapped_file 0 [ 230.862577][T11910] total_dirty 0 [ 230.866105][T11910] total_writeback 0 [ 230.869962][T11910] total_workingset_refault_anon 85 [ 230.875135][T11910] total_workingset_refault_file 0 [ 230.880173][T11910] total_swap 4419584 [ 230.884124][T11910] total_swapcached 0 [ 230.888147][T11910] total_pgpgin 36756 [ 230.892076][T11910] total_pgpgout 36745 [ 230.896153][T11910] total_pgfault 35021 [ 230.900236][T11910] total_pgmajfault 41 [ 230.904289][T11910] total_inactive_anon 0 [ 230.908535][T11910] total_active_anon 0 [ 230.912539][T11910] total_inactive_file 45056 [ 230.917111][T11910] total_active_file 0 [ 230.921111][T11910] total_unevictable 0 [ 230.925152][T11910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2714,pid=11910,uid=0 [ 230.939892][T11910] Memory cgroup out of memory: Killed process 11910 (syz.5.2714) total-vm:94312kB, anon-rss:1212kB, file-rss:22536kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 231.060922][T11911] syz.5.2714 (11911) used greatest stack depth: 5456 bytes left