last executing test programs:

2m53.511281825s ago: executing program 32 (id=288):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x4, &(0x7f0000000040)=[{0x1, 0xbe, 0x0, 0x2}, {0x8, 0xff, 0x3, 0xc8b}, {0xd, 0x5, 0x4, 0x4}, {0x0, 0x7, 0x8, 0x1}]})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x5, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x6c, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}})
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff"], 0x15)

2m18.611879273s ago: executing program 33 (id=1451):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001a80)=@filter={'filter\x00', 0x42, 0x4, 0x2d8, 0xffffffff, 0xf8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x240, 0x240, 0x220, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x73}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x5}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x338)

2m10.4075565s ago: executing program 1 (id=1632):
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="380000006d000100"/20, @ANYRES32=r3, @ANYBLOB="000000000000000018003480140035006970365f"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2m10.303838166s ago: executing program 1 (id=1635):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000740)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x10}}}}}}}, 0x0)

2m10.303392796s ago: executing program 1 (id=1636):
r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x14, r0, 0xb15, 0x0, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000004)

2m10.261746258s ago: executing program 1 (id=1638):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
tkill(r2, 0x13)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r3 = syz_open_procfs(0x0, 0x0)
getdents(r3, 0x0, 0x51)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a54000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000200004801c0001"], 0x7c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000103b00000000", @ANYRES64=r0, @ANYBLOB="000000000000000014000300697036746e6c300000000000000000001c0012800b000100697036746e6c00000c00028006000f0000030000"], 0x50}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x4800, 0x0, 0x4}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="240000001600010a00000000000000000a000000040000000c000a00eeff000100000000839ff3e5792a58127b82e8dc0598eb2952c896c86328eea5db7e1b3545aed6b5b825e69b3e9b4418a4cbc4c9c4217f445b6e8ca916594e498482d748"], 0x24}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x12000d0, &(0x7f00000005c0)=ANY=[], 0x1, 0x73a, &(0x7f0000001a00)="$eJzs3U9v2+b9APCvHKd1/QOK4rehKLI0ZdMeEiB1JLl1YPQwaDLtsJVFg5SLBDsMRZMMQZ12aDZg8Q5dL9l22EvYode9ib6J3fYaeh8wYB5ISf4XW84c1w7Sz0ew+ZB8yOf7UAK/fmSKCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGt2lZrPViF7WX7+VHK67VOSrE9aP9/fdnsmEdiMa1U/MzMQbw0Vv/HRn9evVr8txcTh3MWaqyUxs/t/rr334k+mp8fYTAjoVDx9tfv7pxsbdr46z8b8fD3t38mGdmpW0n5V5ttpZSZOszJPFhYXm9ZvLZbKc9dLydjlIV5NukXYGeZFc6V5NWouL80k6dztf768sdXrpeOGN99rN5kLy0dxa2inKvH/9o7myezPr9bL+Sl2nWl3VuZH8+svi42yQDNLOapLcu79xd/6oIKtKraep1D6qUrvZbrda7XZr4YPFD240m9Pt5kzsWdDcJ/ZskjSb0+MXbbx2/Gf/H8fZiB/M1J65+OPkZ/ZkTtxwAqZG+T96kUU/1uNWJAc+urEUReSxesj6ke8i/lAXrqcT263y98wo/4+z/Bs7qy9Uvy7PjOYuHZb/D4nl9B4P41FsxufxaWzERtyNr848otN9rEQa/ciijDyyWI1OvSQZLUliOhZiIZrxq7gZy1FGEsuRRS/SKON2lDGItH5FdaOINDoxiDyKSOJKdONqJNGKxViM+Ugijbm4HXmsRz9WYik69V7uxf36uM9PiHG7UutpKrUnVBol8+qFV5t+4g+CZnN6tO6g/H9jO///rc4PD989heTE8+HcuHByJ294Rlvj/B9bW//Zqpx1RAAAAMBJa9TvvjcuvbQ9v5z10l+ecVQAAADASaovZbpYTc5XpTejUY3/mzsVXjq72AAAAICT0YhLo3cBZuOtYWn8SaimsT8AAAC8GOr//1+qJrNV6a1o7Br/j02dYYAAAADAM/vzzj32N+PAe+yWa9XwfzoiGt+s3Xq38aBT1es8ODfc7tz+PQ6WLzReHe2knixMj+a66cXG6O6X2zfB/H40uXfUvf4bRXH+WQPYeSfj7TvD6Z3tNXUrs8tZL53r5r0PW9HpvDo1SG8NfvfF/d9HVK3/pb/6aiPu3d+4O/fZlxt36li+qfbyzYPRHWEb/0Msv403h3XefDme6PFmNM7XH8QYtTs7bLe5u/+jvoy79MpTtPl4XOfy7HA6u7f/M1WbrbnDej/beHm0/TP1/PG48jtX3hlOdqKofuoo2hOiqI9Fe/fx33csniqKeOfQKLaPxfw4ip07Y+6NYv4ZowA4K/e2s9DevHt+O/8/kXePcZY7nez+OK4M61y5UJ9Ypy8ccEZvHphXts7ty7HHz25/j6vDOlfHlQ/LsVWf/7rdbqtu99tqg28PbbfsjQ/Ig9/E9alHm+/dr+ve/aLdnl9ovt9sftCO83U3RpMq0n/N7I/0lZB7AH7ULtfX/0/6jp2Da5zbSc2N9+PtavqzXaPqKidtZ7z/376kYC4+iy9jI+7EtfrTBvUVBwe2O7vrMoRrcXkU7MGj1tld3/By7YhR3bDu+G+Xp6k7/HoZAHiRXD4iD2/n//F38Y1r1Cl0OHa/tmvcPbMz7o7RCHNfLp88Ot6dyw91/gc4EADwI5IW3zdmB39qFNVMa3Gx1RncTJMi736cFNnSSppk/UFadG92+itpslbkg7yb96rCJ9lSWibl+tpaXgyS5bxI1vIyu/XzyHppMvrq9zJd7fQHWbdc66WdMk26eX/Q6Q6SpazsJmvrv+hl5ddbW1vVxuVa2s2Ws25nkOX9pMzXi246lyRlmo4q3kyLJFtK+4NsOauK/WStyF6O4nbySd5bX02TpbTsFtnaIC/qaMZtZf3lvFitdzt31gcbAJ4TDx9tfv7pxsbdrw4uzMShq+rCPydvPiycdR8BgL0mZeknrj4DAAAAAAAAAAAAAADOxBGf/zt+obFvyVRE/FBtvXCFra9Ppa3xBzzO7tk595wc8CcL3+5akpzgnl+JiOeig0cVzvjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+G8AAAD//27LS1k=")
preadv(r0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000140)=""/44, 0x2c}], 0x2, 0x1000300, 0x8000)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$getregset(0x4204, r8, 0x202, &(0x7f0000000140)={&(0x7f0000000100)=""/24, 0x18})

2m9.992350344s ago: executing program 1 (id=1640):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x1}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x2)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x18c6)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
semtimedop(0x0, &(0x7f00000004c0)=[{0x0, 0xfff, 0x1000}], 0x1f4, &(0x7f0000000500)={0x0, 0x989680})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc4040, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x21c91c, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@jqfmt_vfsold}, {@nodelalloc}, {@errors_remount}, {@nomblk_io_submit}, {@usrjquota}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@resgid, 0x32}]}, 0x1e, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN")
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r1, 0x0, &(0x7f0000001740)=""/4085}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@dellinkprop={0x44, 0x6d, 0x1, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x220, 0x22}, [@IFLA_MAP={0x24, 0xe, {0x42, 0xb9, 0x6, 0x8000, 0x81, 0x7f}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d80c}, 0x2400c040)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x12, 0x5, 0x4, 0x3}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000640)={r8, r4, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6fc}}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f00000022c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x4, 0x6, "c48531", 0x14, 0x3a, 0x1, @private1={0xfc, 0x1, '\x00', 0x80}, @private2={0xfc, 0x2, '\x00', 0x1}, {[], @ndisc_ns={0x87, 0x0, 0x0, @remote}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x3, 0x6, 0x0, @remote, @local}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

2m9.352763341s ago: executing program 1 (id=1647):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], 0x0, 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r3], 0x48)
r5 = fsmount(r2, 0x1, 0x0)
fchdir(r5)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r4}, 0x18)

2m9.291529155s ago: executing program 34 (id=1647):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], 0x0, 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r3], 0x48)
r5 = fsmount(r2, 0x1, 0x0)
fchdir(r5)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r4}, 0x18)

1m49.558775242s ago: executing program 3 (id=2056):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x1, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a00000000000000", @ANYRES32=r0], 0x38}, 0x1, 0x10000000}, 0x10)

1m49.483605046s ago: executing program 3 (id=2059):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(r2, r2, r2)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000080)="aefdda9d24", 0x5}], 0x1)

1m49.483320856s ago: executing program 3 (id=2060):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7e9, &(0x7f00000017c0)="$eJzs3c1rHG8dAPDvbF42SauJIGh7CggaKN2YGlsFDxEPIlgo6Nk2bLahZpMt2U1pQqDpQfAiqHgQ9NKzL/UgePXlqv+EeJAW0TRYT7oys7t53d0kbXa3/fXzgck8M/PMPPPN88yzz+4MuwF8sKbTP7mIKxHxwyRisrk+iYiRLDUcsdDI93p3u5hOSdTr3/pnkuX57aWDYyXN+aXmwqcj4o/fi7iWO17qeHNeLq03U7O11Yez1c2t6w9WF5dLy6W1m3Pz8zduffHWzZN7val//2Xr8ssfff1zv14Yjk89/8GfkliIy81te7vbxbc8/AnTMd38n4yk/8IjvnbRhQ1YMugT4I2kl+ZQ4yqPKzEZQ1mqg7e9AAGAd8KTiKgDAB+Y5LTX/yFDBAD4aGl9DrC3u11sTYP9RKK//vHViBhrxN+6v9nYMty8ZzeW3Qed2EuO3BlJImLqAsqfjoif/+47v0yn6NF9SIB2dp425nu7+WP9f5L2f6OnHyHfccvnu+1Wb+w3fWy1/g/65/fp+OdLJ8d/V/cf6BnL/h4b/4zl21y7b+L06z/3osOuZ+ibTpeO/75y6Nm2g/Hf/kNrU0PNpY9lY76R5P6Dcint2z4eETMxkk+X57Ks7Z+Cmnn131edyj88/vvXj7/7i7T8dH6QI/diOB/1xnN5/8vG60uLtcWLiD2L/2nE1eF28Sf749/kSP0v7Ed6p+NRj1bNN778/Z91ypnGn8bbmk7G31v1ZxGfbVv/B3WZdH0+cTZrDrOtRtHGb/7204lO5R/Ufz6bp+W33gv0Q1r/E93jn0pT1c2tlcVyubRePX8Zf342+YdO2w63//bxZ+3/iLT9jybfztKtlvZ4sVZbn4sYTb55cv2Ng31by638afwzn2l//bdv/42+IH1PeG9/qbvhl6O/ah6qbfyZnU7x91Ya/9K56r9Lot7c59im569XhjqVf7b6n89SM801Z+n/TjnTt2jNAAAAAAAAAAAAAAAAAAAAAAAAAHB+uYi4HEmusJ/O5QqFxm94fzImcuVKtXbtfmVjbSmy38qeipFc66suJw99H+pc8/vwW8s3ji1/ISI+ERE/yY9ny4Vipbw06OABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOnS0d//f5LOCoXGtr/nB312AEDPjA36BACAvvP6DwAfnvO9/o/37DwAgP459/v/etKbEwEA+ubMr//3enseAED/uP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAj925fTud6v/Z3S6my0uPNjdWKo+uL5WqK4XVjWKhWFl/WFiuVJbLpUKxstrxQDuNWblSeTgfaxuPZ2ulam22url1d7WysVa7+2B1cbl0tzTSt8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oyqm1sri+VyaV2iS2K8NN45TxIRAz/D0xJpXV/kAYff0ZB3/jqSteuumWPqvWn8o13yJBdZ1vjxNYd7ifFBdE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA74X/BwAA///YTBJy")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000140)=ANY=[@ANYBLOB="5d00000000000004dafb5bbeb47d541302"])

1m49.40886256s ago: executing program 3 (id=2061):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r2=>0x0})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000000280)={0x7bea, 0x1ff, 0xfffe, 0x8, 0x7, 0x5, 0xf}, 0xc)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
sendmsg$sock(r4, &(0x7f0000000000)={&(0x7f0000000140)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x1c, r1, 0x20, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x7e}}, 0x0)

1m49.408723971s ago: executing program 3 (id=2062):
clock_adjtime(0x0, &(0x7f0000000000)={0x66b6, 0x4100000000000000, 0x0, 0x7, 0x100000000, 0xfffffffffffffffd, 0x80000000077, 0x0, 0x0, 0xe, 0x83, 0x248a, 0x0, 0x0, 0xa00, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8000000000, 0x6bf5, 0x5, 0x2000000, 0xf439})

1m49.408417271s ago: executing program 3 (id=2063):
unshare(0x20000400)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x5}, 0x0, 0x10000, 0x8, 0x1, 0xa, 0x2020005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
pipe(&(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ptrace$poke(0x4, 0x0, 0x0, 0xfffffffffffffffe)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1], 0x15)

1m41.356712668s ago: executing program 6 (id=2207):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_clone(0x25888200, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigqueueinfo(r0, 0x9, &(0x7f000000df80)={0x0, 0x0, 0xffffffc0})
socket$kcm(0x2, 0x5, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
syz_clone(0xc020500, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
kexec_load(0x0, 0x0, 0x0, 0x5)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000000000), 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
mmap(&(0x7f000054e000/0xd000)=nil, 0xd000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
fstatfs(0xffffffffffffffff, 0x0)
timer_settime(0x0, 0x1, 0x0, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f00000002c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
timer_getoverrun(r2)

1m40.426264643s ago: executing program 6 (id=2222):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xad}, 0x94)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0xfffc, 0x2fd, 0x4, 0x101}})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c00000002060101000000000000000000000073797a3000000000100003006269746d61703a706f7274001400078006000540000000000500043ffffb00000500010007000000050004dd7a15a4d277277ec00652b6910000000000"], 0x5c}}, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x40000000000004, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000200)=0x1, r5, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x2, 0x9}}, 0xffffff69)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000700)=0x1, r6, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @loopback, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r6, 0x7}}, 0x48)
bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r2, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0}}, {{&(0x7f0000000140)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000000740)}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0x1}], 0x1}}], 0x3, 0x0)
r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r9 = socket(0x200000000000011, 0x2, 0x1)
bind$packet(r9, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa424e1aa2e0d4080045000014"], 0x0)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1m40.263384352s ago: executing program 6 (id=2227):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034)
sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4040)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46041000030700000000000000030003"], 0x138)
close(r0)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)

1m40.207082005s ago: executing program 6 (id=2229):
r0 = socket$packet(0x11, 0x3, 0x300)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00')
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x3, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xc00}, {0x6}]}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_to_bond\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r2, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2c2f}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x40010}, 0x8a1)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r5, @ANYBLOB="000080000000000018003480"], 0x38}, 0x1, 0x300}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48084}, 0x4040014)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r6, &(0x7f00000007c0)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x4, @remote, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000280)="e9", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x931766f6319eed44)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getpeername$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @remote}, &(0x7f0000000200)=0x10)

1m40.147116069s ago: executing program 6 (id=2232):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000010a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100"], 0x64}}, 0x0)

1m39.901140353s ago: executing program 6 (id=2242):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x16ab, &(0x7f0000000040)={0x0, 0x36b, 0xc000, 0x3, 0x77})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xfd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext, 0x42c0, 0x0, 0x400000, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, &(0x7f0000000240)="352f1938d141676d9b6c59065f664735c08b9d697a645f85b19ba9030648cd046d1f26aad0196458046b81", 0xfffffffffffffe08, 0xebec93e830f96115})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1m39.877455865s ago: executing program 35 (id=2242):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x16ab, &(0x7f0000000040)={0x0, 0x36b, 0xc000, 0x3, 0x77})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xfd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext, 0x42c0, 0x0, 0x400000, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, &(0x7f0000000240)="352f1938d141676d9b6c59065f664735c08b9d697a645f85b19ba9030648cd046d1f26aad0196458046b81", 0xfffffffffffffe08, 0xebec93e830f96115})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1m33.4230919s ago: executing program 36 (id=2063):
unshare(0x20000400)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x5}, 0x0, 0x10000, 0x8, 0x1, 0xa, 0x2020005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
pipe(&(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ptrace$poke(0x4, 0x0, 0x0, 0xfffffffffffffffe)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1], 0x15)

1m17.216656711s ago: executing program 8 (id=2628):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f0300a100000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1m17.088902159s ago: executing program 8 (id=2631):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'})
r0 = socket(0x10, 0x803, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)

1m17.039925242s ago: executing program 8 (id=2635):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x90ff}, {}, {0x7, 0x0, 0xb, 0x7}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m16.936892848s ago: executing program 8 (id=2638):
r0 = socket(0x10, 0x2, 0x0)
write(r0, 0x0, 0x0)

1m16.933283288s ago: executing program 8 (id=2639):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@newqdisc={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x3}}]}, 0x2c}, 0x1, 0xf0ffffffffffffff, 0x0, 0x80}, 0x4000c00)

1m16.787781436s ago: executing program 8 (id=2645):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_emit_ethernet(0x92, &(0x7f0000000180)={@broadcast, @dev, @void, {@ipv4={0x800, @udp={{0x8, 0x4, 0x3, 0x0, 0x84, 0x500, 0x0, 0x0, 0x2f, 0x0, @empty, @empty, {[@generic={0x88, 0xc, "36340efeb3c24c3cfc0d"}]}}, {0x4e22, 0x88be, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x3, "3f0e0c8ec7fafb7a3749d32353451277d079006157a10ba52dd2ea954799e417", "50ed08a866917ac494fa0d2441d0d93e", {"67cc783d7e65c3efde5c1944c522fe50", "4f179faa461a707b0bcd8b0a8874065c"}}}}}}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSSYSFSPATH(r1, 0x80811501, &(0x7f0000000440)={0x80})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth0\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x5, 0x80000000, 0x1, 0x4, 0x9, 0xa4, 0x0, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x6, 0x5, 0x101, 0x1002, 0x9, 0x1, 0x3, 0x1, 0xfffffffa, 0x65, 0xa, 0xd, 0x4, 0x7, 0x5, 0x100000, 0x0, 0x40, 0xd, 0xe, 0x1, 0x100, 0x5, 0x1c00, 0xb, 0x7, 0xbed4, 0x20000008, 0x8000100, 0x3, 0xfffffffe, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x0, 0x400083, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x101, 0x2, 0x180000, 0xf, 0x8b, 0x5, 0x2af, 0x6, 0x5, 0x10, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xfffffffe, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0xe, 0xffffffff, 0x6, 0x6, 0x9, 0x600, 0xfdfffffc, 0x2, 0x2, 0x84, 0x100, 0x6, 0x252, 0x81, 0x3ff, 0x5, 0x20006, 0x5, 0x1, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0x8, 0x3, 0x2, 0x5, 0x8, 0x4000000, 0x8004, 0x2, 0x40, 0xd8, 0x4, 0x6, 0x100, 0x66cd, 0xc, 0x8, 0x1, 0x1fc, 0xc5c, 0x3ff]}})
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1300df25080000f1100004"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x48404)
socket(0x11, 0x3, 0x8)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec00000021000100feffffff000000000000000000000000000000000000000000000000007c0000000000000000000000000000000000001700a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c00110000000000000000000000000000000000fe8000000000000000000000000000bbac14142100000000000000000000000020010000000000000000000000000000010000000000000001a8020000000000000000000000000000000000fe8000000000000000000000000000bb"], 0xec}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740)={0x0, r0}, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000200000000000000000085000000a8000000e15cec50789f476785"], &(0x7f0000000700)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r8=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_u}]}})
write$P9_RVERSION(r10, &(0x7f0000000000)=ANY=[@ANYBLOB="150000006bffff"], 0x15)
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r7)
sendmsg$IPVS_CMD_SET_CONFIG(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r11, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0xfffffffffffffe81, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x1000)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0xa8, r11, 0x10, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xa7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xdd7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'dh\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x48801}, 0x48c0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061146c000000001b07000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)

1m0.683824083s ago: executing program 37 (id=2645):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_emit_ethernet(0x92, &(0x7f0000000180)={@broadcast, @dev, @void, {@ipv4={0x800, @udp={{0x8, 0x4, 0x3, 0x0, 0x84, 0x500, 0x0, 0x0, 0x2f, 0x0, @empty, @empty, {[@generic={0x88, 0xc, "36340efeb3c24c3cfc0d"}]}}, {0x4e22, 0x88be, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x3, "3f0e0c8ec7fafb7a3749d32353451277d079006157a10ba52dd2ea954799e417", "50ed08a866917ac494fa0d2441d0d93e", {"67cc783d7e65c3efde5c1944c522fe50", "4f179faa461a707b0bcd8b0a8874065c"}}}}}}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSSYSFSPATH(r1, 0x80811501, &(0x7f0000000440)={0x80})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth0\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x5, 0x80000000, 0x1, 0x4, 0x9, 0xa4, 0x0, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x6, 0x5, 0x101, 0x1002, 0x9, 0x1, 0x3, 0x1, 0xfffffffa, 0x65, 0xa, 0xd, 0x4, 0x7, 0x5, 0x100000, 0x0, 0x40, 0xd, 0xe, 0x1, 0x100, 0x5, 0x1c00, 0xb, 0x7, 0xbed4, 0x20000008, 0x8000100, 0x3, 0xfffffffe, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x0, 0x400083, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x101, 0x2, 0x180000, 0xf, 0x8b, 0x5, 0x2af, 0x6, 0x5, 0x10, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xfffffffe, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0xe, 0xffffffff, 0x6, 0x6, 0x9, 0x600, 0xfdfffffc, 0x2, 0x2, 0x84, 0x100, 0x6, 0x252, 0x81, 0x3ff, 0x5, 0x20006, 0x5, 0x1, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0x8, 0x3, 0x2, 0x5, 0x8, 0x4000000, 0x8004, 0x2, 0x40, 0xd8, 0x4, 0x6, 0x100, 0x66cd, 0xc, 0x8, 0x1, 0x1fc, 0xc5c, 0x3ff]}})
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="1300df25080000f1100004"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x48404)
socket(0x11, 0x3, 0x8)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec00000021000100feffffff000000000000000000000000000000000000000000000000007c0000000000000000000000000000000000001700a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c00110000000000000000000000000000000000fe8000000000000000000000000000bbac14142100000000000000000000000020010000000000000000000000000000010000000000000001a8020000000000000000000000000000000000fe8000000000000000000000000000bb"], 0xec}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740)={0x0, r0}, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000200000000000000000085000000a8000000e15cec50789f476785"], &(0x7f0000000700)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r8=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x4, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_u}]}})
write$P9_RVERSION(r10, &(0x7f0000000000)=ANY=[@ANYBLOB="150000006bffff"], 0x15)
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r7)
sendmsg$IPVS_CMD_SET_CONFIG(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r11, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0xfffffffffffffe81, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x1000)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0xa8, r11, 0x10, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xa7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xdd7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'dh\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x48801}, 0x48c0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061146c000000001b07000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)

40.920873141s ago: executing program 0 (id=3267):
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_bp={&(0x7f0000000000), 0x5}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000000), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

40.58424303s ago: executing program 0 (id=3271):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0xcc}}, 0x0)

40.543082963s ago: executing program 0 (id=3273):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'caif0\x00'})
r0 = socket(0x10, 0x803, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)

40.473942467s ago: executing program 0 (id=3275):
socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x181802, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
close(r0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})

39.547403381s ago: executing program 0 (id=3288):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
mkdir(&(0x7f0000005800)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000200)='./file0/bus\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x147142, 0x0)
fallocate(r1, 0x0, 0x9, 0x10001)
lgetxattr(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)=@known='trusted.overlay.impure\x00', 0x0, 0x0)

39.448799837s ago: executing program 0 (id=3289):
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = timerfd_create(0x0, 0x800)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x40}}}}, 0x84)
timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
timerfd_settime(r0, 0x2, &(0x7f0000000200)={{0x0, 0x989680}}, 0x0)

23.433688687s ago: executing program 38 (id=3289):
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = timerfd_create(0x0, 0x800)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x40}}}}, 0x84)
timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
timerfd_settime(r0, 0x2, &(0x7f0000000200)={{0x0, 0x989680}}, 0x0)

2.490530405s ago: executing program 5 (id=4121):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r1, r0, 0x26}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000004000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000000000208500000007000000bf91000000000000b7020000210000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

2.432905448s ago: executing program 9 (id=4124):
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x90}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d0f94cae411708e25c9b4db2e29f27306867c1ccc6913c025eb32f451f3a44fb275727425f7701e0dbf96cf26c46af25d53fe42b8af71784fe7aea6c3a7c73502db35e6be1fffc05ac7a2b1c58241508af570aefcb878d8a88d4f9415b523bb75ae24ecdc0bc5a816d23b40f7c08a32958ea7ac7cd80dea1d44b0a1da2a412c5be29f87185db48a0842e02420474430e0b25e56a951a", @ANYRES16=r1, @ANYBLOB="02002dbd7000fcdbdf250f000000080006000700000044000380060007004e230000080005000a01010208000500ac1414bb060007004e22000008000500e000000108000500e0000002080001000200000006000400018000002c00028006000f00ff010000080005001739000006000e004e21000005000d0001000000060002004e21000008000500080000001c000280060002004e240000060002004e22000006000f00070000000c000380060004004e9100001400028006000f00050000000800030004000000"], 0xd0}, 0x1, 0x0, 0x0, 0x40044}, 0x40)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
memfd_create(&(0x7f0000000440)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2\xab\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x05\x11', 0x2)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x4, r2, 0x8, {0x9, 0x7fffffffffffffff}, 0x9d}, 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffe3a}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.360545032s ago: executing program 2 (id=4127):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000003c0), 0x10)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000004c0)=""/172, 0xac}], 0x2}, 0x9}], 0x1, 0x10002, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=r0], 0x48}}, 0x0)

2.360272292s ago: executing program 9 (id=4128):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, <r3=>0x0})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x4401e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0x5}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0xd35}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x1, 0xfb, 0x2}]})
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c)
listen(r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x40, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r1, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a1c1c0000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

2.355091753s ago: executing program 5 (id=4129):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e00)=@mangle={'mangle\x00', 0x2, 0x6, 0x5d8, 0x320, 0x0, 0x10040000, 0x160, 0x320, 0x508, 0x508, 0x508, 0x508, 0x508, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [0x0, 0x0, 0x21], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {}, 0x21}, 0x0, 0x138, 0x160, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0x0, 0xffffffff], [], 0x0, 0x10}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [], 'ip6gre0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x4, 'syz0\x00', {0x6}}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x1000000}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'bond_slave_0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@loopback, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638)

2.316142995s ago: executing program 5 (id=4131):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x20}}], 0x1, 0x9880)
r0 = socket$inet(0x2, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a01"], 0x57)
setsockopt$inet_mreqsrc(r1, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)

2.281322167s ago: executing program 2 (id=4132):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000a, 0x12, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100"/253], 0x119)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000900)={[{@delalloc}, {@block_validity}, {@dioread_lock}, {@commit={'commit', 0x3d, 0x4}}, {@nobarrier}, {@noacl}, {@nodelalloc}, {@commit={'commit', 0x3d, 0x4}}, {@mb_optimize_scan}]}, 0x1, 0x7c3, &(0x7f0000001680)="$eJzs3c1rHOcZAPBnVpJXkt1KhdLWN0HBFRivKle1W+jBpYdSqMHQnmuL1Vq4WmmNdmUsIahNCeQSSEIOgeTicz6cW675gFyS/Bc5BBsnkU0ccggKszsrydKuPmxpV7F+PxjN+87M6nmf+Xx3Z9gN4MgaSf/kIk5GxMtJxFA2PYmIvnqpN+JCY7nHK8v9EVFMYnX1X18n9WUerSwXY8NrUsezym8i4qMXIk7ntsatLi7NTJbLpfmsPlabvT5WXVw6c212cro0XZo7Nz4xcfb8H8+f279cv/186cT9V/7+u3cvfP//X9996eMkLsSJbN7GPPbLSIxk66QvXYVP+Nt+B+uypNsN4Kmkh2ZP4yiPkzEUPfVSGwOdbBkAcFD+FxGrAMARk7j+A8AR0/wc4NHKcrE5dPcTic568NeI6G/k/zgbGnN6s3t2/fX7oIOPkifujCQRMbwP8Uci4s33/3OqJ6un7XAvDeiEW7cj4srwyNbzf7LlmYW9+v12M1fz9dHIpslH7foD3fRB2v/5U6v+X26t/xMt+j/5xrH7q2eNv/Pxn7v3rDG2k/b//tJ4tm1T/2/tobXhnqz2s3qfry+5eq1cSs9tP4+I0ejLp/Xx+qKte26jD3942C5+1v97Ox2+efW/b6Xx0/H6Erl7vfknXzM1Wev95FkTzzy4HYNZcVP+ydr2T9r0fy/tMsY//vziG+3mpfmn+TaHrfkfrNU7Eadabv/1bZls+3ziWH13GGvuFC2898Xrg+3ib9z+6ZDGT8f7n2lrD25HfQdIkvV10Jizlv9wsvF5zereY3x2Z+jDdvN2zr/l/j95LPl3vXwsm3ZzslabH484lvxz6/Sz669t1pvLp/mP/rb18d8I23r/T98TXtll/r33v3rn6fM/WGn+U9vv/5u2f382eX3KToW7j2d62sXf3fafqJdGsynp9t8pr9206+n2ZgAAAAAAAAAAAAAAAAAAAAAAAADYu1xEnIgkV1gr53KFQuM3vH8Zg7lypVo7fbWyMDcV9d/KHo6+XPOrLoc2fB/qePZ9+M362U31P0TELyLitfxAvV4oVspT3U4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLH2/z+f+rLfLdbBwAcmP5uNwAA6DjXfwA4evZ2/R84sHYAAJ3j/T8AHD27vv5fOdh2AACd0+b6v9zpdgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDcunTxYjqsfreyXEzrUzcWF2YqN85MlaozhdmFYqFYmb9emK5UpsulQrEy2/Yf3WqMypXK9YmYW7g5VitVa2PVxaXLs5WFudrla7OT06XLpb6OZQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu1ddXJqZLJdL889D4dP8emL7HGKgqwkOHorVu7HQG4eiGYe6kI8ts3KHomG7Kmw8Swx04cwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NPwYwAAAP//L0cXYQ==")
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
readv(r1, &(0x7f0000000180)=[{&(0x7f0000000080)=""/20, 0x14}, {&(0x7f00000002c0)=""/198, 0xc6}, {&(0x7f0000000580)=""/136, 0x88}], 0x3)
io_uring_enter(0xffffffffffffffff, 0x27e2, 0x0, 0x0, 0x0, 0x0)

2.22043595s ago: executing program 9 (id=4134):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000a40)=@newtaction={0x488, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8000a001, 0x7fffffff, 0xc267, 0xe3df, 0xc265, 0x2, 0x800, 0x9, 0x0, 0x10, 0x40, 0x3ff, 0xfff, 0x6, 0x4, 0x1ff, 0x2, 0x6, 0x8918, 0x0, 0x3, 0x4, 0x8, 0xb, 0x9, 0x9fbd, 0x6000000, 0x1, 0x40, 0x8, 0xe, 0x7, 0x200, 0x3, 0x8, 0x107a, 0x5, 0x5, 0xd6bc, 0x3, 0x831a, 0x2, 0x9, 0x2, 0x30, 0x5, 0x80000001, 0xfff, 0x6, 0xa7, 0x7, 0xffffffff, 0x80ff, 0x1400, 0x7, 0x3, 0x7ff, 0x807fff, 0x4, 0x4, 0xfffff896, 0x2, 0x8, 0x79, 0x0, 0x3ff8000, 0x3, 0x57, 0x8, 0x7fff, 0xf, 0x0, 0x8, 0xa0, 0x1, 0x85, 0x3, 0x1ff, 0x3, 0x85bd, 0x4, 0x865, 0x6, 0xa, 0xfffffff8, 0x2, 0xfffffffa, 0x100, 0x8b, 0x80000000, 0x80000000, 0x8, 0x100, 0x2, 0x400, 0x2, 0x4, 0x3, 0x400, 0x5, 0x1, 0x103, 0xd4e, 0x65ad, 0x0, 0x5, 0x7, 0x32, 0x5, 0xad8, 0x3, 0x4, 0x8, 0x4, 0x1, 0x6, 0xffffffff, 0x5, 0x0, 0x6, 0xa0, 0x7, 0x6, 0x100, 0x100, 0x200, 0x0, 0x0, 0xffff, 0x3, 0x1, 0x2, 0x3, 0xfff, 0x2, 0x6, 0x200, 0x3, 0x47, 0x0, 0x2, 0xfffffff8, 0x8, 0x7f, 0x87ca, 0x1, 0x80000001, 0x4, 0x408, 0x401, 0xffff0000, 0xed1, 0x9, 0xfffffff7, 0xfffffffb, 0xfffffffb, 0x3, 0x2, 0x0, 0x2, 0x1, 0xffffff89, 0xfff, 0x3, 0x9, 0x5, 0x0, 0x8, 0xfffffffe, 0x0, 0x4, 0x5, 0x44, 0x5, 0x0, 0x8000, 0x2, 0x0, 0x8, 0x3ff, 0x5, 0x6, 0xb, 0xca43, 0x3, 0x3, 0x6, 0x0, 0x9, 0x3, 0x7, 0x8001, 0xf0000000, 0xc, 0x3, 0x3, 0x7, 0x7f, 0x5, 0x4, 0xd, 0xffffffff, 0x2, 0x7f, 0x9, 0x7, 0x8, 0x7, 0xffff, 0x1d, 0xc5, 0x9, 0x0, 0x1, 0x5, 0x9, 0x3, 0x1, 0x9, 0x2, 0x2, 0x9, 0x7, 0x40, 0x3, 0x400, 0x8, 0x2, 0x401, 0x6, 0x9982, 0x5, 0x1ff, 0x2706, 0x2, 0x8001, 0x0, 0x2, 0x400, 0x7e, 0xc806, 0xb, 0x1, 0x1, 0x7, 0x2, 0x5, 0x8, 0x2, 0x2, 0x3, 0x41, 0x3, 0x200, 0x100000c8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x2, 0x3, 0x7, 0x40, {0x4, 0x0, 0x3, 0x7, 0x6, 0x9}, {0x40, 0x2, 0x3, 0x435b, 0x5a44}, 0x8c79, 0x5, 0x6}}]]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x488}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

2.087023658s ago: executing program 5 (id=4135):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
listen(r0, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x18)
pselect6(0x40, &(0x7f0000000000)={0x1, 0x5, 0x2, 0xffbffffffffffffe, 0x7, 0x3, 0xc193, 0x9}, 0x0, &(0x7f0000000040)={0x9, 0x8f, 0xdf, 0x81, 0x5, 0xf, 0x1000, 0x1ff}, 0x0, 0x0)

2.086303549s ago: executing program 9 (id=4137):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
msync(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x3)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x7, @loopback, 0x8}, {0xa, 0x4e21, 0x7ff, @private0, 0x3}, r1, 0x5}}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0)

2.05710375s ago: executing program 4 (id=4139):
socket$nl_route(0x10, 0x3, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x10080, &(0x7f0000000400))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
keyctl$set_reqkey_keyring(0xf, 0xfffffffb)
io_uring_setup(0x3f1, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={0x0, 0xa8}}, 0x10000000)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x4, 0x8, 0x0, 0x78}, 0x10)
r1 = socket$isdn_base(0x22, 0x3, 0x0)
bind$isdn_base(r1, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x6, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x1, @perf_bp={0x0, 0x8}, 0x10, 0x32, 0x43a1bd76, 0x7, 0x3, 0x1, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e50100000000fdffffff07000000", @ANYRES32=r5, @ANYBLOB="200ffe00", @ANYRES32, @ANYBLOB="010101007f"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)

2.008853513s ago: executing program 2 (id=4140):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x74df82a6, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3e}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12381, 0x40020}, [@IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x4040000)
sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0xffffff7f)

2.008699263s ago: executing program 9 (id=4141):
r0 = socket(0x10, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000), 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x10, 0xfffffffc}})

1.967060005s ago: executing program 9 (id=4142):
set_mempolicy(0x3, &(0x7f0000000480)=0x7, 0x7)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000008000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

1.962171806s ago: executing program 2 (id=4143):
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xa000000, 0x3b9ac9ff, 0x3, 0x80000, 0x0, 0x4004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x4316872a})

1.88695312s ago: executing program 2 (id=4144):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0)={[{@resuid}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x1}}, {@dioread_nolock}, {@grpjquota}, {@quota}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@minixdf}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa041, 0xd)
fcntl$setlease(r0, 0x400, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x4, 0x0, 0x0, 0x0, 0x8, 0x40060, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x5, 0x6}, 0x10041, 0x0, 0x800000, 0x4, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x3, 0x0, 'queue1\x00', 0x8001})
writev(r1, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x80, 0x0, 0x7ffc1ffb}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0xc)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
faccessat(r4, &(0x7f0000000000)='./file0\x00', 0x5)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000100)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r5, @ANYBLOB="05000f00252155b21c0012000c00010001000000000000000006000000000000005da15a20ef9a10bec06a52f8de80afc6cecc0a5a217a3f81dec541e6e494138cb9dbd5355eae83486aef2401d7099e15d65ef1264547e6e5cbfcef871918a10857d1b0588907c1cd030616d29d7c220952fe2293b47703083ae3e4742c3d8ce04de7"], 0x3c}}, 0x40000)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000006000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r5], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)

1.691790621s ago: executing program 7 (id=4146):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x0, 0xe4ff}, 0x2}, [{}, {}, {0x0, 0x5, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x800}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x40000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0xffffffff, 0xf}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {0xfffffffd, 0x0, 0x0, 0x100}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x6}, {}, {0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {0x10}, {0x0, 0x3}, {}, {}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x7}, {0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {0x10000000}, {0x0, 0x0, 0x20000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x4, 0x2}, {0xd20f}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x5, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0xffff}, {0x8}, {0x52}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}], [{0x0, 0x1}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe94}}, 0x0)

1.508740412s ago: executing program 2 (id=4147):
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, @perf_bp={0x0}, 0x80, 0x10000, 0xfffffffe, 0x5, 0x8, 0x60005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="04", 0x1}], 0x1}, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000780)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000003c6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
sendmsg$inet(r1, &(0x7f0000000740)={&(0x7f00000003c0)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000400)="ae3a118c38576ab4eb0188b7786687c25e409798079dc1883011e8b0be851c7256f3176929bd363a9e25cb8f0adecd56bc6a065a88b9", 0x36}, {&(0x7f0000000540)="49151b0e9f2bcb80ca55a290f44a38856c4457f780b2269abac4496d96c2ce61bc02a192a8a7a549a2743389e83fdb9be8c4f17c04fa4d75ea1109491fc97709c18cf94291602a84384a049719125ffd51db8526471e2da188605f13337928b0870a499bab493ae0cb23fb72b2a2ef506857d9692754969ac0edbef570d6248d0a12434d7c65e72bed328b8ea2b54b3547d415fecc19779308dca11e", 0x9c}, {&(0x7f00000007c0)="2a5fd7e803b97b4622d9c2ae3c59dd200e96460582c707e8f21d898d8046ca45bb1cb7805836bce79996d2686bc254579ad92a4eec12d0c0eebcc8abf2f032fbc5de5f642bdac41a57ff43e390cf0f967ecfdacab4a0d0be488e782208ab9f4b5e29ef6189278643cc7dac6e1ce3898d4669a2abf1742b231e95fa457790407a33f175918ccf034efaf91435b5e480d6d38c7f68a006fc67ee75a2077c4301b51bd85019a6d873b4aeb7861f9fcd3863f3651284dce2864ddd99a094ed1b0b83d75bbccb0840b7c7733e71e5af387bdc5dd0f6218fe8aa6eaf5b06a44d8e36ae8f039f5897240a7bcfa6324b1491", 0xee}, {0x0}, {&(0x7f0000000440)="54e8468624d09af99e79efc0c9640e75d5c249e46bb368e1b3749750e7ff2b084eb528f2fbb8f7dbf757bf7e811f37370de0bcc5061fdb1ae650ff1e821eac73b5b17cbeaf38b5218493d41f03970275748e9477c8", 0x55}, {&(0x7f00000008c0)="055dc8f74879fd214ff2d022a08c932e1fab78a885327e744647ba2af35c6c44616279faba1803d6c40d0dbe4de31cdf26f8857ef318ef4ddde6a0aada5e2f22329de1452b7caca8edf71392628e92921cd3836db0e7bc3c3dedbd79525b06dfccc4b27e9fdae6675af8742e2f1eb5120fd9a710d5ad0880212407ad0718323c3188385490ef1bb2b44cbb6751813888de7b7106dd99607188ca36", 0x9b}], 0x6, &(0x7f0000000600)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8}}], 0x18}, 0x4040010)
r3 = socket$netlink(0x10, 0x3, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x228, 0x320, 0x6affffff, 0x3403000b, 0x320, 0x7, 0x3f8, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8, 0x0, {0x1000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288)
bind$netlink(r5, &(0x7f0000000980)={0x10, 0x0, 0x0, 0x100}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x58, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_PROTOINFO={0x18, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x14, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x8b3}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x9}]}}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @empty}}}]}, @CTA_TIMEOUT={0x8}]}, 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0x3c, 0x2, 0x6, 0x801, 0x7, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x54}, 0x8404)
recvmmsg$unix(r1, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000000, &(0x7f0000000e00)={0x77359400})
close_range(r3, r7, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x200000000000000)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
pwritev(r9, &(0x7f0000001680)=[{&(0x7f00000000c0)='0', 0x1}], 0x1, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r10=>0x0, 0x2f, 0x0, 0xe, 0x8, 0x1a, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x7, 0x6, 0x621a}})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, r9, 0x1, '\x00', r10, r7, 0x3, 0x2, 0x3}, 0x50)

1.319323463s ago: executing program 7 (id=4148):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x4}]}], {0x14}}, 0x58}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

1.294731185s ago: executing program 7 (id=4149):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1e, 0x305, 0x0, 0x25dfdbfe}, 0x14}, 0x1, 0x8000000, 0x0, 0x400c880}, 0x2000000)

1.232933548s ago: executing program 7 (id=4150):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000010100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e21000000080003400000000806000140000100000900010073797a30000000000900020073797a320000000008000b400000000314000000110001"], 0x9c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)

1.207253199s ago: executing program 7 (id=4151):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r2, @ANYBLOB="0000000004000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa000000080003"], 0x68}}, 0x64000004)

828.282401ms ago: executing program 5 (id=4152):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x44c3, &(0x7f00000004c0)={0x0, 0x5331, 0x8000, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xff, 0x30000000000}, 0x0, 0x10000, 0xfffffffe, 0x5, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
listxattr(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0)
write$binfmt_elf64(r2, &(0x7f0000002600)=ANY=[], 0x1820)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010011000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c0002800800034000000004080001", @ANYRES32=0x0, @ANYRES8=r5], 0x164}, 0x1, 0x0, 0x0, 0x4000819}, 0x0)
syz_io_uring_submit(r1, 0x0, 0x0)

722.855297ms ago: executing program 7 (id=4153):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xeb, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010400003e000000000000000000", @ANYRES32=0x0, @ANYBLOB="21000000000000001c0012800e0001006970366772657461700000000800028004001200"], 0x3c}}, 0x0)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000feb000/0x14000)=nil)
syz_emit_ethernet(0x6e, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180a300000086dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001020090780000000060fd906300003a00ff01000000000000000010000000000100000000000000000000ffffac1414aa1e520b4c951ee12e"], 0x0)
r2 = accept$inet6(r1, &(0x7f0000000c40)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000c80)=0x1c)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000cc0)={0x2, {{0xa, 0x4e24, 0x8000, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x7}}}, 0x88)
io_setup(0x7, &(0x7f0000000280)=<r3=>0x0)
r4 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x80)
io_submit(r3, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0xfffffc98}])
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r5=>r0, {0x2}}, './file0\x00'})
io_submit(r3, 0x1, &(0x7f0000000c00)=[&(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x3, 0x40, r0, &(0x7f0000000140)="db241687c5fe275218e35b368f00869bde9545a09edd08e574ab129c85bd8cc499187eb609a958b0489ab04c19afb0b38bc90b81ce71b2ea6e887aca4f1f98cfb2ce9e0e137d6911c257fb5e204105b60a6b675463c6d782f23bb03955b34c4b3f026fff7b64882498e1", 0x6a, 0x5, 0x0, 0x1, r5}])
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xc4, &(0x7f00000007c0)=""/196, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
syz_io_uring_setup(0x134, 0x0, 0x0, 0x0)
close(0x3)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x24000040)
r6 = syz_usbip_server_init(0x5)
write$usbip_server(r6, &(0x7f0000000000)=@ret_unlink={{0x4, 0x0, 0x0, 0x1}, {0x10001}}, 0x30)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000009)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000d80)={0x1b, 0x0, 0x0, 0x815, 0x0, r4, 0x6, '\x00', 0x0, r5, 0x0, 0x0, 0x5}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000e80)={0xffffffffffffffff, 0x58, &(0x7f0000000e00)}, 0x10)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvmmsg(r7, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000141, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000df000000bfa300000000000007030000f0ffffff720af0fff8ffffff71a4f0ff000000005d040200000000001d400500000000002004000001ed0000620300ff000000003f440000000000007a0a00fe00ffffffc30300ffa1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a0000000000000000"], &(0x7f00000001c0)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r8, 0xffffffffffffffff, 0x2, 0x0, @void}, 0x10)

538.151528ms ago: executing program 4 (id=4154):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x6, [@typedef={0x1}, @const={0xf, 0x0, 0x0, 0xa, 0x2}, @union={0xb, 0x1, 0x0, 0x5, 0x0, 0x3, [{0xe, 0x5, 0x5}]}, @union={0x2, 0x5, 0x0, 0x5, 0x0, 0x0, [{0xc, 0x0, 0x6}, {0xb, 0x4, 0x7}, {0x9, 0x1, 0x2}, {0xc, 0x1, 0x1}, {0x6, 0x1, 0x6}]}]}, {0x0, [0x2e, 0x0, 0x5f, 0x0]}}, &(0x7f00000000c0)=""/243, 0x96, 0xf3, 0x1, 0x66, 0x10000}, 0x28)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, r0}, 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000001280)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98010000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

501.84148ms ago: executing program 4 (id=4155):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)={0x14, r2, 0x830b318aaeefb05f, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2b3ed946aae2d0e9}, 0x2040010)

391.655777ms ago: executing program 4 (id=4156):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x20}}], 0x1, 0x9880)
r0 = socket$inet(0x2, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57)
setsockopt$inet_mreqsrc(r1, 0x0, 0x24, 0x0, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)

229.089566ms ago: executing program 4 (id=4157):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0x1acc02, 0x148, 0x158, 0x10, 0x1f0, 0x2a8, 0x2a8, 0x1f0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x40000, 0xf0, 0x158, 0x20000000, {0x0, 0x5803}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x9, 0x1, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@addrtype1={{0x28}, {0x445, 0x18, 0x8}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x5, 0xfff6, 0x8, 0x9, 'syz1\x00', 'syz0\x00', {0x470}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)

213.840397ms ago: executing program 4 (id=4158):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x100000001}, 0x6144, 0x2, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = socket(0x2, 0x80805, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0xfffffffe, 0x0, 0x0, 0x240008c4}, 0x4054)

0s ago: executing program 5 (id=4159):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x4}]}], {0x14}}, 0x58}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

attributes in process `syz.4.3211'.
[  199.008638][T13687] FAULT_INJECTION: forcing a failure.
[  199.008638][T13687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.021882][T13687] CPU: 0 UID: 0 PID: 13687 Comm: syz.0.3212 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  199.021988][T13687] Tainted: [W]=WARN
[  199.021997][T13687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  199.022015][T13687] Call Trace:
[  199.022023][T13687]  <TASK>
[  199.022033][T13687]  __dump_stack+0x1d/0x30
[  199.022066][T13687]  dump_stack_lvl+0x95/0xd0
[  199.022114][T13687]  dump_stack+0x15/0x1b
[  199.022142][T13687]  should_fail_ex+0x263/0x280
[  199.022184][T13687]  should_fail+0xb/0x20
[  199.022222][T13687]  should_fail_usercopy+0x1a/0x20
[  199.022338][T13687]  _copy_to_user+0x20/0xa0
[  199.022367][T13687]  simple_read_from_buffer+0xb5/0x130
[  199.022454][T13687]  proc_fail_nth_read+0x10e/0x150
[  199.022544][T13687]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.022645][T13687]  vfs_read+0x1ab/0x7f0
[  199.022668][T13687]  ? __sys_setsockopt+0x18e/0x200
[  199.022711][T13687]  ? kfree+0x347/0x3b0
[  199.022815][T13687]  ksys_read+0xdc/0x1a0
[  199.022842][T13687]  __x64_sys_read+0x40/0x50
[  199.022932][T13687]  x64_sys_call+0x2889/0x3000
[  199.022967][T13687]  do_syscall_64+0xc0/0x2a0
[  199.023021][T13687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.023051][T13687] RIP: 0033:0x7f67ae51b78e
[  199.023071][T13687] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  199.023104][T13687] RSP: 002b:00007f67acfb6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.023158][T13687] RAX: ffffffffffffffda RBX: 00007f67acfb76c0 RCX: 00007f67ae51b78e
[  199.023178][T13687] RDX: 000000000000000f RSI: 00007f67acfb70a0 RDI: 0000000000000004
[  199.023195][T13687] RBP: 00007f67acfb7090 R08: 0000000000000000 R09: 0000000000000000
[  199.023213][T13687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.023230][T13687] R13: 00007f67ae7d6038 R14: 00007f67ae7d5fa0 R15: 00007ffc536161f8
[  199.023337][T13687]  </TASK>
[  199.257966][T13689] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3213'.
[  199.278709][T13696] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  199.290666][T13696] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  199.453316][T13713] loop0: detected capacity change from 0 to 128
[  199.455581][T13709] 9pnet: p9_errstr2errno: server reported unknown error 000000
[  199.464248][T13713] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  199.489036][T13713] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  199.565827][ T3648] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  199.591573][T13724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3228'.
[  199.600849][T13724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3228'.
[  199.676180][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.808338][T13743] netlink: 'syz.7.3234': attribute type 16 has an invalid length.
[  199.816264][T13743] netlink: 'syz.7.3234': attribute type 17 has an invalid length.
[  199.826492][T13739] bond1 (unregistering): Released all slaves
[  199.844521][T13743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  199.915424][T13751] loop0: detected capacity change from 0 to 128
[  199.926174][T13751] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  199.945034][T13751] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.336698][T13772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3246'.
[  200.345893][T13772] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  200.353455][T13772] batman_adv: batadv0: Removing interface: batadv_slave_0
[  200.361426][T13772] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  200.368823][T13772] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.539168][T13775] loop4: detected capacity change from 0 to 512
[  200.556777][T13775] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.577263][T13775] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.599935][T12708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.729381][T13795] netlink: 272 bytes leftover after parsing attributes in process `syz.4.3256'.
[  200.739807][T13795] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  200.813994][T13060] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  200.923342][T13791] vlan2: entered allmulticast mode
[  200.941654][T13804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3259'.
[  201.132022][T13824] loop2: detected capacity change from 0 to 512
[  201.176349][T13824] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.200870][T13826] loop4: detected capacity change from 0 to 8192
[  201.208909][T13826] FAT-fs (loop4): bogus logical sector size 516
[  201.215285][T13826] FAT-fs (loop4): Can't find a valid FAT filesystem
[  201.229223][T13824] FAULT_INJECTION: forcing a failure.
[  201.229223][T13824] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.242443][T13824] CPU: 0 UID: 0 PID: 13824 Comm: syz.2.3268 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  201.242483][T13824] Tainted: [W]=WARN
[  201.242492][T13824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  201.242509][T13824] Call Trace:
[  201.242518][T13824]  <TASK>
[  201.242526][T13824]  __dump_stack+0x1d/0x30
[  201.242567][T13824]  dump_stack_lvl+0x95/0xd0
[  201.242594][T13824]  dump_stack+0x15/0x1b
[  201.242614][T13824]  should_fail_ex+0x263/0x280
[  201.242710][T13824]  should_fail+0xb/0x20
[  201.242739][T13824]  should_fail_usercopy+0x1a/0x20
[  201.242777][T13824]  _copy_from_user+0x1c/0xb0
[  201.242806][T13824]  do_vfs_ioctl+0x536/0xe70
[  201.242991][T13824]  ? __rcu_read_unlock+0x4e/0x70
[  201.243032][T13824]  ? __fget_files+0x184/0x1c0
[  201.243062][T13824]  ? mutex_lock+0x57/0x90
[  201.243095][T13824]  __se_sys_ioctl+0x82/0x140
[  201.243186][T13824]  __x64_sys_ioctl+0x43/0x50
[  201.243247][T13824]  x64_sys_call+0x14b0/0x3000
[  201.243275][T13824]  do_syscall_64+0xc0/0x2a0
[  201.243310][T13824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.243382][T13824] RIP: 0033:0x7ff5a77caeb9
[  201.243448][T13824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  201.243491][T13824] RSP: 002b:00007ff5a6227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.243519][T13824] RAX: ffffffffffffffda RBX: 00007ff5a7a45fa0 RCX: 00007ff5a77caeb9
[  201.243552][T13824] RDX: 0000200000000300 RSI: 00000000c020660b RDI: 0000000000000004
[  201.243568][T13824] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  201.243661][T13824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.243697][T13824] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  201.243719][T13824]  </TASK>
[  201.444226][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.508237][T13840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3273'.
[  201.600963][T13842] loop2: detected capacity change from 0 to 512
[  201.627755][T13842] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.641385][T13842] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.768320][T13862] loop2: detected capacity change from 0 to 512
[  201.792414][T13862] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.805182][T13862] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  201.820330][T13862] FAULT_INJECTION: forcing a failure.
[  201.820330][T13862] name failslab, interval 1, probability 0, space 0, times 0
[  201.833054][T13862] CPU: 1 UID: 0 PID: 13862 Comm: syz.2.3281 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  201.833115][T13862] Tainted: [W]=WARN
[  201.833123][T13862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  201.833140][T13862] Call Trace:
[  201.833155][T13862]  <TASK>
[  201.833165][T13862]  __dump_stack+0x1d/0x30
[  201.833195][T13862]  dump_stack_lvl+0x95/0xd0
[  201.833236][T13862]  dump_stack+0x15/0x1b
[  201.833313][T13862]  should_fail_ex+0x263/0x280
[  201.833353][T13862]  should_failslab+0x8c/0xb0
[  201.833383][T13862]  __kmalloc_noprof+0xb8/0x580
[  201.833497][T13862]  ? ext4_find_extent+0x16b/0x7a0
[  201.833527][T13862]  ext4_find_extent+0x16b/0x7a0
[  201.833607][T13862]  ext4_ext_map_blocks+0x128/0x38a0
[  201.833641][T13862]  ? get_page_from_freelist+0x1877/0x1a70
[  201.833697][T13862]  ? css_rstat_updated+0x53/0x280
[  201.833807][T13862]  ? css_rstat_updated+0xbb/0x280
[  201.833863][T13862]  ? trace_event_reg+0xe0/0x190
[  201.833884][T13862]  ? xas_load+0x413/0x430
[  201.834022][T13862]  ext4_map_query_blocks+0xae/0x550
[  201.834089][T13862]  ? ext4_es_lookup_extent+0x3ac/0x540
[  201.834131][T13862]  ext4_map_blocks+0x398/0xd70
[  201.834172][T13862]  ? xa_load+0xb1/0xe0
[  201.834209][T13862]  ? __account_obj_stock+0x211/0x350
[  201.834238][T13862]  ext4_getblk+0x128/0x530
[  201.834312][T13862]  ext4_bread_batch+0x5c/0x320
[  201.834351][T13862]  __ext4_find_entry+0x852/0xdf0
[  201.834379][T13862]  ? __d_alloc+0x37/0x340
[  201.834493][T13862]  ? d_alloc_parallel+0xc01/0xce0
[  201.834616][T13862]  ext4_lookup+0xcd/0x3a0
[  201.834652][T13862]  __lookup_slow+0x19d/0x260
[  201.834703][T13862]  lookup_slow+0x3c/0x60
[  201.834733][T13862]  link_path_walk+0x946/0xe30
[  201.834774][T13862]  __filename_parentat+0x1a4/0x450
[  201.834848][T13862]  filename_create+0x78/0x220
[  201.834896][T13862]  do_mkdirat+0x82/0x3b0
[  201.834963][T13862]  __x64_sys_mkdirat+0x4c/0x60
[  201.834987][T13862]  x64_sys_call+0x30c/0x3000
[  201.835061][T13862]  do_syscall_64+0xc0/0x2a0
[  201.835108][T13862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.835138][T13862] RIP: 0033:0x7ff5a77caeb9
[  201.835159][T13862] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  201.835255][T13862] RSP: 002b:00007ff5a6227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  201.835280][T13862] RAX: ffffffffffffffda RBX: 00007ff5a7a45fa0 RCX: 00007ff5a77caeb9
[  201.835295][T13862] RDX: 00000000000001d0 RSI: 0000200000000280 RDI: ffffffffffffff9c
[  201.835309][T13862] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  201.835323][T13862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.835340][T13862] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  201.835401][T13862]  </TASK>
[  202.115801][T13868] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3282'.
[  202.197404][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.502960][T13884] loop0: detected capacity change from 0 to 1024
[  202.509973][T13884] EXT4-fs: Ignoring removed bh option
[  202.520847][T13884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.787381][T13892] FAT-fs (loop9): bogus logical sector size 516
[  202.793730][T13892] FAT-fs (loop9): Can't find a valid FAT filesystem
[  203.562729][T13926] FAT-fs (loop9): bogus logical sector size 516
[  203.569343][T13926] FAT-fs (loop9): Can't find a valid FAT filesystem
[  203.721545][   T29] kauditd_printk_skb: 177 callbacks suppressed
[  203.721576][   T29] audit: type=1326 audit(1786342292.481:5668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.753130][   T29] audit: type=1326 audit(1786342292.509:5669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.776786][   T29] audit: type=1326 audit(1786342292.509:5670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.800435][   T29] audit: type=1326 audit(1786342292.509:5671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.823994][   T29] audit: type=1326 audit(1786342292.509:5672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.847570][   T29] audit: type=1326 audit(1786342292.509:5673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.871254][   T29] audit: type=1326 audit(1786342292.509:5674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.894850][   T29] audit: type=1326 audit(1786342292.509:5675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.918378][   T29] audit: type=1326 audit(1786342292.509:5676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  203.941948][   T29] audit: type=1326 audit(1786342292.509:5677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13925 comm="syz.9.3304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fb078c7aeb9 code=0x7ffc0000
[  204.370289][T13935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.382705][T13935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.464183][T13941] set_capacity_and_notify: 2 callbacks suppressed
[  204.464206][T13941] loop7: detected capacity change from 0 to 4096
[  204.490175][T13935] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.513091][T13941] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.575365][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.625073][T13949] netlink: 348 bytes leftover after parsing attributes in process `syz.7.3311'.
[  204.677263][T13935] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.716849][T13951] syzkaller0: entered allmulticast mode
[  204.728604][T13949] syzkaller0: entered promiscuous mode
[  204.746614][T13949] syzkaller0 (unregistering): left allmulticast mode
[  204.753445][T13949] syzkaller0 (unregistering): left promiscuous mode
[  204.903845][T13935] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.065643][T13935] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.227270][T13971] loop2: detected capacity change from 0 to 512
[  205.288000][T13971] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.310603][T13971] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.330585][ T3640] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  205.389330][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.420143][T13971] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  205.429519][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.443685][T13971] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  205.454068][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.468451][T13971] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  205.477625][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.489180][T13983] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  205.499214][T13971] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  205.513869][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.527681][T13971] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[  205.545343][T13971] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.3319: corrupted xattr block 6: invalid header
[  205.609985][   T37] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  205.690163][ T3640] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  205.782011][ T3640] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.844812][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.973161][T13999] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3330'.
[  206.007086][T13999] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3330'.
[  206.035865][T13999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=13999 comm=syz.7.3330
[  206.176292][T14025] loop4: detected capacity change from 0 to 764
[  206.207274][T14025] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  206.234264][T14025] pimreg: entered allmulticast mode
[  206.245150][T14025] pimreg: left allmulticast mode
[  206.833265][T14059] loop4: detected capacity change from 0 to 764
[  206.963380][T14064] loop4: detected capacity change from 0 to 8192
[  206.992656][T14064] FAT-fs (loop4): bogus logical sector size 516
[  206.999035][T14064] FAT-fs (loop4): Can't find a valid FAT filesystem
[  207.212607][T14072] netlink: 'syz.2.3358': attribute type 8 has an invalid length.
[  207.494822][T14083] loop7: detected capacity change from 0 to 1024
[  207.546539][T14083] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.776285][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.852148][T14097] loop2: detected capacity change from 0 to 1024
[  207.892737][T14097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.938986][T14104] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3368'.
[  207.950360][T14092] FAULT_INJECTION: forcing a failure.
[  207.950360][T14092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.963500][T14092] CPU: 1 UID: 0 PID: 14092 Comm: syz.2.3364 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  207.963543][T14092] Tainted: [W]=WARN
[  207.963588][T14092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  207.963601][T14092] Call Trace:
[  207.963608][T14092]  <TASK>
[  207.963616][T14092]  __dump_stack+0x1d/0x30
[  207.963642][T14092]  dump_stack_lvl+0x95/0xd0
[  207.963673][T14092]  dump_stack+0x15/0x1b
[  207.963701][T14092]  should_fail_ex+0x263/0x280
[  207.963812][T14092]  should_fail+0xb/0x20
[  207.963850][T14092]  should_fail_usercopy+0x1a/0x20
[  207.963988][T14092]  _copy_to_user+0x20/0xa0
[  207.964018][T14092]  copy_siginfo_to_user+0x22/0xb0
[  207.964057][T14092]  x64_setup_rt_frame+0x2b4/0x4e0
[  207.964091][T14092]  arch_do_signal_or_restart+0x24b/0x450
[  207.964191][T14092]  exit_to_user_mode_loop+0x6a/0x6f0
[  207.964278][T14092]  do_syscall_64+0x1d3/0x2a0
[  207.964372][T14092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.964403][T14092] RIP: 0033:0x7ff5a778b78e
[  207.964420][T14092] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  207.964439][T14092] RSP: 002b:00007ff5a6226fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  207.964555][T14092] RAX: 0000000000000001 RBX: 00007ff5a62276c0 RCX: 00007ff5a778b78e
[  207.964570][T14092] RDX: 0000000000000001 RSI: 00007ff5a6227090 RDI: 0000000000000005
[  207.964583][T14092] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  207.964596][T14092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  207.964609][T14092] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  207.964686][T14092]  </TASK>
[  208.249403][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.338770][T14113] loop7: detected capacity change from 0 to 8192
[  208.348661][T14113] FAT-fs (loop7): bogus logical sector size 516
[  208.354986][T14113] FAT-fs (loop7): Can't find a valid FAT filesystem
[  208.488801][T14121] syzkaller0: entered promiscuous mode
[  208.494561][T14121] syzkaller0: entered allmulticast mode
[  208.857395][T14148] syzkaller0: entered promiscuous mode
[  208.863122][T14148] syzkaller0: entered allmulticast mode
[  209.100011][   T29] kauditd_printk_skb: 156 callbacks suppressed
[  209.100064][   T29] audit: type=1400 audit(1786342297.514:5834): avc:  denied  { name_bind } for  pid=14168 comm="syz.4.3396" src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  209.188239][T14176] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[  209.228929][   T36] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  209.246516][T14181] loop7: detected capacity change from 0 to 2048
[  209.257518][   T36] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  209.272302][T14181] ext4: Unknown parameter 'noacl'
[  209.287252][T14186] loop2: detected capacity change from 0 to 128
[  209.319604][T14180] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  209.425926][T14184] syzkaller0: entered promiscuous mode
[  209.431478][T14184] syzkaller0: entered allmulticast mode
[  209.561274][T14199] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3406'.
[  209.570339][T14199] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3406'.
[  209.585512][T14199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3406'.
[  209.831244][T14220] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  209.996238][T14234] IPv6: addrconf: prefix option has invalid lifetime
[  210.136949][T14237] FAULT_INJECTION: forcing a failure.
[  210.136949][T14237] name failslab, interval 1, probability 0, space 0, times 0
[  210.149681][T14237] CPU: 1 UID: 0 PID: 14237 Comm: syz.7.3422 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  210.149795][T14237] Tainted: [W]=WARN
[  210.149805][T14237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  210.149822][T14237] Call Trace:
[  210.149832][T14237]  <TASK>
[  210.149843][T14237]  __dump_stack+0x1d/0x30
[  210.149875][T14237]  dump_stack_lvl+0x95/0xd0
[  210.149972][T14237]  dump_stack+0x15/0x1b
[  210.150062][T14237]  should_fail_ex+0x263/0x280
[  210.150101][T14237]  should_failslab+0x8c/0xb0
[  210.150128][T14237]  kmem_cache_alloc_noprof+0x68/0x490
[  210.150159][T14237]  ? skb_clone+0x151/0x1f0
[  210.150179][T14237]  skb_clone+0x151/0x1f0
[  210.150283][T14237]  __netlink_deliver_tap+0x2c9/0x500
[  210.150366][T14237]  netlink_unicast+0x66b/0x690
[  210.150412][T14237]  netlink_sendmsg+0x5c8/0x6f0
[  210.150441][T14237]  ? __pfx_netlink_sendmsg+0x10/0x10
[  210.150492][T14237]  sock_write_iter+0x32a/0x360
[  210.150530][T14237]  do_iter_readv_writev+0x4fd/0x5a0
[  210.150562][T14237]  vfs_writev+0x2e1/0x900
[  210.150597][T14237]  do_writev+0xe9/0x210
[  210.150701][T14237]  __x64_sys_writev+0x45/0x50
[  210.150731][T14237]  x64_sys_call+0x1ba5/0x3000
[  210.150829][T14237]  do_syscall_64+0xc0/0x2a0
[  210.150861][T14237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.150891][T14237] RIP: 0033:0x7f9f4bceaeb9
[  210.150913][T14237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  210.150953][T14237] RSP: 002b:00007f9f4a747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  210.150976][T14237] RAX: ffffffffffffffda RBX: 00007f9f4bf65fa0 RCX: 00007f9f4bceaeb9
[  210.150996][T14237] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  210.151015][T14237] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  210.151097][T14237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.151110][T14237] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  210.151138][T14237]  </TASK>
[  210.151321][T14237] netlink: 'syz.7.3422': attribute type 9 has an invalid length.
[  210.398555][T14240] syzkaller0: entered promiscuous mode
[  210.404180][T14240] syzkaller0: entered allmulticast mode
[  210.511567][T14242] set_capacity_and_notify: 1 callbacks suppressed
[  210.511589][T14242] loop7: detected capacity change from 0 to 1024
[  210.536351][T14242] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  210.546695][T14242] EXT4-fs (loop7): can't mount with data=, fs mounted w/o journal
[  210.630297][T14246] netlink: 52 bytes leftover after parsing attributes in process `syz.7.3426'.
[  210.838464][T14253] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  210.871192][T14259] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3431'.
[  211.089092][T14274] loop2: detected capacity change from 0 to 8192
[  212.068531][   T29] audit: type=1400 audit(1786342300.292:5835): avc:  denied  { attach_queue } for  pid=14320 comm="syz.7.3457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  212.191554][T14334] loop7: detected capacity change from 0 to 1024
[  212.220641][T14334] EXT4-fs: Ignoring removed orlov option
[  212.244902][T14334] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  212.257617][T14341] FAULT_INJECTION: forcing a failure.
[  212.257617][T14341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.270814][T14341] CPU: 1 UID: 0 PID: 14341 Comm: syz.2.3462 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  212.270893][T14341] Tainted: [W]=WARN
[  212.270901][T14341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  212.270919][T14341] Call Trace:
[  212.270927][T14341]  <TASK>
[  212.270937][T14341]  __dump_stack+0x1d/0x30
[  212.270967][T14341]  dump_stack_lvl+0x95/0xd0
[  212.271013][T14341]  dump_stack+0x15/0x1b
[  212.271035][T14341]  should_fail_ex+0x263/0x280
[  212.271067][T14341]  should_fail+0xb/0x20
[  212.271172][T14341]  should_fail_usercopy+0x1a/0x20
[  212.271213][T14341]  _copy_to_user+0x20/0xa0
[  212.271321][T14341]  __snd_timer_user_ioctl+0x173c/0x2bc0
[  212.271376][T14341]  ? do_vfs_ioctl+0x84f/0xe70
[  212.271412][T14341]  ? selinux_file_ioctl+0x5f7/0xcb0
[  212.271501][T14341]  ? __rcu_read_unlock+0x4e/0x70
[  212.271541][T14341]  ? __rcu_read_unlock+0x4e/0x70
[  212.271578][T14341]  ? __pfx_snd_timer_user_ioctl+0x10/0x10
[  212.271619][T14341]  snd_timer_user_ioctl+0x45/0x90
[  212.271691][T14341]  __se_sys_ioctl+0xce/0x140
[  212.271807][T14341]  __x64_sys_ioctl+0x43/0x50
[  212.271851][T14341]  x64_sys_call+0x14b0/0x3000
[  212.271939][T14341]  do_syscall_64+0xc0/0x2a0
[  212.271980][T14341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.272010][T14341] RIP: 0033:0x7ff5a77caeb9
[  212.272089][T14341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  212.272114][T14341] RSP: 002b:00007ff5a6227028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  212.272142][T14341] RAX: ffffffffffffffda RBX: 00007ff5a7a45fa0 RCX: 00007ff5a77caeb9
[  212.272161][T14341] RDX: 0000200000001040 RSI: 0000000080e85411 RDI: 0000000000000003
[  212.272209][T14341] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  212.272228][T14341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.272241][T14341] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  212.272262][T14341]  </TASK>
[  212.501116][T14344] loop9: detected capacity change from 0 to 128
[  212.538989][   T29] audit: type=1400 audit(1786342300.731:5836): avc:  denied  { read write } for  pid=14333 comm="syz.7.3461" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  212.563756][   T29] audit: type=1400 audit(1786342300.731:5837): avc:  denied  { open } for  pid=14333 comm="syz.7.3461" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  212.616295][T14346] loop2: detected capacity change from 0 to 2048
[  212.646652][T14346] ext4: Unknown parameter 'noacl'
[  212.738363][T14349] netlink: 104 bytes leftover after parsing attributes in process `syz.9.3463'.
[  212.895805][   T29] audit: type=1326 audit(1786342301.059:5838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  212.929877][   T29] audit: type=1326 audit(1786342301.087:5839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  212.953468][   T29] audit: type=1326 audit(1786342301.087:5840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  212.976990][   T29] audit: type=1326 audit(1786342301.087:5841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  213.000540][   T29] audit: type=1326 audit(1786342301.087:5842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  213.024092][   T29] audit: type=1326 audit(1786342301.087:5843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14363 comm="syz.4.3473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f14a6c3aeb9 code=0x7ffc0000
[  213.102474][T13223] IPVS: starting estimator thread 0...
[  213.114501][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.175198][T14382] netlink: 40 bytes leftover after parsing attributes in process `syz.9.3478'.
[  213.198396][T14375] IPVS: using max 2352 ests per chain, 117600 per kthread
[  213.234422][T14385] loop9: detected capacity change from 0 to 1024
[  213.242438][T14385] EXT4-fs: Ignoring removed orlov option
[  213.273250][T14385] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.286316][T14389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3481'.
[  213.349450][T14394] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3482'.
[  213.423894][T10725] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.620265][T14410] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3486'.
[  213.661179][T14410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  213.684279][T14410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  213.727094][T14419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3492'.
[  213.796116][T14421] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  213.849459][T14429] sg_write: data in/out 8156/154 bytes for SCSI command 0x0-- guessing data in;
[  213.849459][T14429]    program syz.7.3495 not setting count and/or reply_len properly
[  214.032704][T14443] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3500'.
[  214.149155][T14455] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3504'.
[  214.415478][T14472] 9pnet: p9_errstr2errno: server reported unknown error 00000000
[  214.466243][T14483] syzkaller0: entered promiscuous mode
[  214.471884][T14483] syzkaller0: entered allmulticast mode
[  214.895061][T14505] loop7: detected capacity change from 0 to 8192
[  214.910525][T14505] FAT-fs (loop7): bogus logical sector size 516
[  214.916860][T14505] FAT-fs (loop7): Can't find a valid FAT filesystem
[  215.327913][T14536] loop4: detected capacity change from 0 to 512
[  215.335311][T14521] program syz.9.3527 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  215.357022][T14536] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  215.391593][T14536] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.3532: casefold flag without casefold feature
[  215.405843][T14536] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3532: couldn't read orphan inode 15 (err -117)
[  215.408015][T14542] bridge0: entered promiscuous mode
[  215.419818][T14536] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.441974][T14536] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #2: block 4: comm syz.4.3532: lblock 0 mapped to illegal pblock 4 (length 1)
[  215.462604][   T29] kauditd_printk_skb: 36 callbacks suppressed
[  215.462619][   T29] audit: type=1400 audit(1786342303.463:5880): avc:  denied  { listen } for  pid=14535 comm="syz.4.3532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  215.488378][T14542] bridge0: left promiscuous mode
[  215.529699][T12708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.585599][T14547] hub 6-0:1.0: USB hub found
[  215.598133][T14547] hub 6-0:1.0: 8 ports detected
[  215.736189][T14563] loop7: detected capacity change from 0 to 8192
[  215.743877][T14563] FAT-fs (loop7): bogus logical sector size 516
[  215.750165][T14563] FAT-fs (loop7): Can't find a valid FAT filesystem
[  215.866487][T14580] loop7: detected capacity change from 0 to 16384
[  215.948849][T14584] loop9: detected capacity change from 0 to 512
[  216.013382][T14584] ------------[ cut here ]------------
[  216.018902][T14584] EA inode 11 i_nlink=0
[  216.018929][T14584] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#1: syz.9.3552/14584
[  216.034064][T14584] Modules linked in:
[  216.038056][T14584] CPU: 1 UID: 0 PID: 14584 Comm: syz.9.3552 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  216.049557][T14584] Tainted: [W]=WARN
[  216.053451][T14584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  216.063621][T14584] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350
[  216.070267][T14584] Code: c4 e7 9a ff 4c 8d 2d 5d 22 3e 05 49 8d 7e 40 e8 d4 d1 b6 ff 49 8b 6e 40 4c 89 e7 e8 08 cd b6 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 1f d3 d0 03 66 66 66 66 66 66 2e
[  216.089978][T14584] RSP: 0018:ffffc900019c7778 EFLAGS: 00010246
[  216.096109][T14584] RAX: ffff8881258f6d90 RBX: ffff88811a7fa950 RCX: ffffffff81be1808
[  216.104118][T14584] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff86fc3a50
[  216.112178][T14584] RBP: 000000000000000b R08: 000188811a7fa903 R09: 0000000000000000
[  216.120225][T14584] R10: ffffc900019c76a8 R11: 0001c900019c76a8 R12: ffff88811a7fa900
[  216.128302][T14584] R13: ffffffff86fc3a50 R14: ffff88811a7fa8b8 R15: 0000000000000001
[  216.136361][T14584] FS:  00007fb0776956c0(0000) GS:ffff8882aec57000(0000) knlGS:0000000000000000
[  216.145362][T14584] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  216.152011][T14584] CR2: 00007ff5a6226ff8 CR3: 0000000168e12000 CR4: 00000000003506f0
[  216.160128][T14584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  216.168135][T14584] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  216.176178][T14584] Call Trace:
[  216.179488][T14584]  <TASK>
[  216.182474][T14584]  ext4_xattr_inode_dec_ref_all+0x57c/0x880
[  216.188458][T14584]  ? errseq_check+0x2c/0x50
[  216.193063][T14584]  ext4_xattr_delete_inode+0x6c1/0x7a0
[  216.198576][T14584]  ext4_evict_inode+0xa1f/0xd40
[  216.203543][T14584]  ? __pfx_ext4_evict_inode+0x10/0x10
[  216.208983][T14584]  evict+0x2af/0x510
[  216.212970][T14584]  ? __dquot_initialize+0x146/0x7c0
[  216.218255][T14584]  iput+0x4b9/0x650
[  216.222108][T14584]  ext4_process_orphan+0x1a9/0x1c0
[  216.227367][T14584]  ext4_orphan_cleanup+0x6a8/0xa00
[  216.232560][T14584]  ext4_fill_super+0x3476/0x3800
[  216.237613][T14584]  ? set_blocksize+0x1a3/0x310
[  216.242439][T14584]  ? setup_bdev_super+0x30e/0x370
[  216.247547][T14584]  ? __pfx_ext4_fill_super+0x10/0x10
[  216.252867][T14584]  get_tree_bdev_flags+0x291/0x300
[  216.258136][T14584]  ? __pfx_ext4_fill_super+0x10/0x10
[  216.263453][T14584]  get_tree_bdev+0x1f/0x30
[  216.267925][T14584]  ext4_get_tree+0x1c/0x30
[  216.272407][T14584]  vfs_get_tree+0x57/0x1d0
[  216.276925][T14584]  do_new_mount+0x288/0x700
[  216.281585][T14584]  path_mount+0x4d0/0xbc0
[  216.285947][T14584]  ? user_path_at+0xbf/0x130
[  216.290622][T14584]  __se_sys_mount+0x28c/0x2e0
[  216.295492][T14584]  __x64_sys_mount+0x67/0x80
[  216.300179][T14584]  x64_sys_call+0x2cca/0x3000
[  216.304906][T14584]  do_syscall_64+0xc0/0x2a0
[  216.309539][T14584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.315533][T14584] RIP: 0033:0x7fb078c7c14a
[  216.320035][T14584] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  216.339709][T14584] RSP: 002b:00007fb077694e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  216.348245][T14584] RAX: ffffffffffffffda RBX: 00007fb077694ee0 RCX: 00007fb078c7c14a
[  216.356439][T14584] RDX: 0000200000000200 RSI: 00002000000001c0 RDI: 00007fb077694ea0
[  216.364623][T14584] RBP: 0000200000000200 R08: 00007fb077694ee0 R09: 0000000000800700
[  216.372634][T14584] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  216.380743][T14584] R13: 00007fb077694ea0 R14: 000000000000046f R15: 0000200000000240
[  216.388830][T14584]  </TASK>
[  216.391931][T14584] ---[ end trace 0000000000000000 ]---
[  216.398037][T14584] EXT4-fs (loop9): 1 orphan inode deleted
[  216.404367][T14584] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.417366][   T29] audit: type=1400 audit(1786342304.361:5881): avc:  denied  { setattr } for  pid=14578 comm="syz.9.3552" name="/" dev="loop9" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  216.439865][T14580] EXT4-fs error (device loop9): ext4_find_dest_de:2050: inode #2: block 13: comm syz.9.3552: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0
[  216.482302][   T29] audit: type=1326 audit(1786342304.417:5882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.505958][   T29] audit: type=1326 audit(1786342304.417:5883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.529596][   T29] audit: type=1326 audit(1786342304.417:5884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.553173][   T29] audit: type=1326 audit(1786342304.417:5885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.576931][   T29] audit: type=1326 audit(1786342304.417:5886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.600581][   T29] audit: type=1326 audit(1786342304.417:5887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.624158][   T29] audit: type=1326 audit(1786342304.417:5888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.647744][   T29] audit: type=1326 audit(1786342304.417:5889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14594 comm="syz.2.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5a77caeb9 code=0x7ffc0000
[  216.938503][T14618] loop4: detected capacity change from 0 to 128
[  216.968214][T10725] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.977689][T14618] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  217.003035][T14618] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.071503][T14618] __nla_validate_parse: 4 callbacks suppressed
[  217.071518][T14618] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3567'.
[  217.175837][T14641] netlink: 92 bytes leftover after parsing attributes in process `syz.7.3574'.
[  217.204593][T14645] FAULT_INJECTION: forcing a failure.
[  217.204593][T14645] name failslab, interval 1, probability 0, space 0, times 0
[  217.217399][T14645] CPU: 0 UID: 0 PID: 14645 Comm: syz.2.3576 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  217.217438][T14645] Tainted: [W]=WARN
[  217.217447][T14645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  217.217496][T14645] Call Trace:
[  217.217597][T14645]  <TASK>
[  217.217604][T14645]  __dump_stack+0x1d/0x30
[  217.217629][T14645]  dump_stack_lvl+0x95/0xd0
[  217.217656][T14645]  dump_stack+0x15/0x1b
[  217.217726][T14645]  should_fail_ex+0x263/0x280
[  217.217761][T14645]  should_failslab+0x8c/0xb0
[  217.217801][T14645]  __kmalloc_cache_noprof+0x64/0x4a0
[  217.217840][T14645]  ? genl_start+0x117/0x390
[  217.217880][T14645]  genl_start+0x117/0x390
[  217.217921][T14645]  __netlink_dump_start+0x334/0x520
[  217.218082][T14645]  genl_family_rcv_msg_dumpit+0x1a5/0x210
[  217.218110][T14645]  ? __pfx_genl_start+0x10/0x10
[  217.218133][T14645]  ? __pfx_genl_dumpit+0x10/0x10
[  217.218175][T14645]  ? __pfx_genl_done+0x10/0x10
[  217.218284][T14645]  genl_rcv_msg+0x400/0x470
[  217.218378][T14645]  ? __pfx_nl802154_dump_wpan_phy+0x10/0x10
[  217.218418][T14645]  ? __pfx_nl802154_dump_wpan_phy_done+0x10/0x10
[  217.218460][T14645]  netlink_rcv_skb+0x123/0x220
[  217.218523][T14645]  ? __pfx_genl_rcv_msg+0x10/0x10
[  217.218637][T14645]  genl_rcv+0x28/0x40
[  217.218720][T14645]  netlink_unicast+0x5c0/0x690
[  217.218760][T14645]  netlink_sendmsg+0x5c8/0x6f0
[  217.218799][T14645]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.218879][T14645]  ____sys_sendmsg+0x5af/0x600
[  217.218915][T14645]  ___sys_sendmsg+0x195/0x1e0
[  217.218954][T14645]  __x64_sys_sendmsg+0xd4/0x160
[  217.218982][T14645]  x64_sys_call+0x17ba/0x3000
[  217.219068][T14645]  do_syscall_64+0xc0/0x2a0
[  217.219102][T14645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.219130][T14645] RIP: 0033:0x7ff5a77caeb9
[  217.219151][T14645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  217.219213][T14645] RSP: 002b:00007ff5a6227028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.219239][T14645] RAX: ffffffffffffffda RBX: 00007ff5a7a45fa0 RCX: 00007ff5a77caeb9
[  217.219254][T14645] RDX: 0000000020000004 RSI: 00002000000002c0 RDI: 0000000000000004
[  217.219303][T14645] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  217.219320][T14645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.219337][T14645] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  217.219363][T14645]  </TASK>
[  217.548910][T14657] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3579'.
[  217.646270][T14668] netlink: 92 bytes leftover after parsing attributes in process `syz.9.3585'.
[  217.672978][T14670] loop2: detected capacity change from 0 to 128
[  217.755400][T14677] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3590'.
[  217.911103][T12708] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  218.180656][T14710] FAULT_INJECTION: forcing a failure.
[  218.180656][T14710] name failslab, interval 1, probability 0, space 0, times 0
[  218.193458][T14710] CPU: 0 UID: 0 PID: 14710 Comm: syz.9.3601 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  218.193495][T14710] Tainted: [W]=WARN
[  218.193502][T14710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  218.193515][T14710] Call Trace:
[  218.193522][T14710]  <TASK>
[  218.193531][T14710]  __dump_stack+0x1d/0x30
[  218.193671][T14710]  dump_stack_lvl+0x95/0xd0
[  218.193770][T14710]  dump_stack+0x15/0x1b
[  218.193793][T14710]  should_fail_ex+0x263/0x280
[  218.193836][T14710]  should_failslab+0x8c/0xb0
[  218.193909][T14710]  kmem_cache_alloc_noprof+0x68/0x490
[  218.193943][T14710]  ? skb_clone+0x151/0x1f0
[  218.193971][T14710]  skb_clone+0x151/0x1f0
[  218.194036][T14710]  __netlink_deliver_tap+0x2c9/0x500
[  218.194083][T14710]  netlink_unicast+0x66b/0x690
[  218.194124][T14710]  netlink_sendmsg+0x5c8/0x6f0
[  218.194154][T14710]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.194212][T14710]  ____sys_sendmsg+0x5af/0x600
[  218.194244][T14710]  ___sys_sendmsg+0x195/0x1e0
[  218.194288][T14710]  __x64_sys_sendmsg+0xd4/0x160
[  218.194320][T14710]  x64_sys_call+0x17ba/0x3000
[  218.194359][T14710]  do_syscall_64+0xc0/0x2a0
[  218.194395][T14710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.194418][T14710] RIP: 0033:0x7fb078c7aeb9
[  218.194501][T14710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  218.194528][T14710] RSP: 002b:00007fb0776d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.194555][T14710] RAX: ffffffffffffffda RBX: 00007fb078ef5fa0 RCX: 00007fb078c7aeb9
[  218.194572][T14710] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  218.194615][T14710] RBP: 00007fb0776d7090 R08: 0000000000000000 R09: 0000000000000000
[  218.194634][T14710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.194651][T14710] R13: 00007fb078ef6038 R14: 00007fb078ef5fa0 R15: 00007fffad161f08
[  218.194814][T14710]  </TASK>
[  218.468070][T14712] netlink: 27 bytes leftover after parsing attributes in process `syz.4.3600'.
[  218.728579][T14742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3610'.
[  218.813884][T14729] chnl_net:caif_netlink_parms(): no params data found
[  218.838005][T13060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.865773][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.867352][T14750] loop2: detected capacity change from 0 to 1024
[  218.895448][T14750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.913589][T14729] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.920855][T14729] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.928819][T14729] bridge_slave_0: entered allmulticast mode
[  218.935428][T14729] bridge_slave_0: entered promiscuous mode
[  218.945292][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.956669][T14729] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.963875][T14729] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.971317][T14729] bridge_slave_1: entered allmulticast mode
[  218.978072][T14729] bridge_slave_1: entered promiscuous mode
[  218.998812][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.000650][T14729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.008998][T14706] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  219.020541][T14729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.078882][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.157995][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.185861][T14729] team0: Port device team_slave_0 added
[  219.193469][T14729] team0: Port device team_slave_1 added
[  219.220110][T14729] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.227572][T14729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  219.253643][T14729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.276026][T14729] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.277572][T14774] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in;
[  219.277572][T14774]    program syz.7.3619 not setting count and/or reply_len properly
[  219.283079][T14729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  219.326340][T14729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.350017][T14784] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3621'.
[  219.392153][T14774] random: crng reseeded on system resumption
[  219.436025][T14787] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3622'.
[  219.454925][T14729] hsr_slave_0: entered promiscuous mode
[  219.463611][T14729] hsr_slave_1: entered promiscuous mode
[  219.467518][T14792] netlink: 1096 bytes leftover after parsing attributes in process `syz.2.3624'.
[  219.470099][T14729] debugfs: 'hsr0' already exists in 'hsr'
[  219.484196][T14729] Cannot create hsr debugfs directory
[  219.496372][   T12] bridge_slave_1: left allmulticast mode
[  219.502180][   T12] bridge_slave_1: left promiscuous mode
[  219.508083][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.517274][   T12] bridge_slave_0: left allmulticast mode
[  219.522960][   T12] bridge_slave_0: left promiscuous mode
[  219.528897][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.626735][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  219.637210][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  219.647330][   T12] bond0 (unregistering): Released all slaves
[  219.709735][   T12] hsr_slave_0: left promiscuous mode
[  219.729581][   T12] hsr_slave_1: left promiscuous mode
[  219.766833][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.774426][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.801792][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.809420][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.827653][   T12] veth1_macvtap: left promiscuous mode
[  219.833303][   T12] veth0_macvtap: left promiscuous mode
[  219.844753][   T12] veth1_vlan: left promiscuous mode
[  219.852150][   T12] veth0_vlan: left promiscuous mode
[  219.946753][   T12] team0 (unregistering): Port device team_slave_1 removed
[  219.957571][   T12] team0 (unregistering): Port device team_slave_0 removed
[  220.310575][T14869] loop9: detected capacity change from 0 to 512
[  220.332154][T14869] EXT4-fs error (device loop9): ext4_iget_extra_inode:5073: inode #15: comm syz.9.3636: corrupted in-inode xattr: e_value size too large
[  220.381641][T14869] EXT4-fs error (device loop9): ext4_orphan_get:1396: comm syz.9.3636: couldn't read orphan inode 15 (err -117)
[  220.398344][T14869] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.635651][T10725] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.759038][T14911] loop2: detected capacity change from 0 to 2048
[  220.802528][T14911] ext4: Unknown parameter 'noacl'
[  220.813043][T14729] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  220.863982][T14729] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  220.890654][T14729] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  220.934944][T14729] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  221.017355][T14946] netlink: 'syz.4.3650': attribute type 1 has an invalid length.
[  221.026632][T14942] loop2: detected capacity change from 0 to 1024
[  221.082550][T14942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.119875][T14946] bond0: (slave bridge1): making interface the new active one
[  221.128921][T14946] bond0: (slave bridge1): Enslaving as an active interface with an up link
[  221.139322][T14958] loop7: detected capacity change from 0 to 512
[  221.147066][T14954] bond0: entered promiscuous mode
[  221.152231][T14954] bridge1: entered promiscuous mode
[  221.157728][T14954] bond0: entered allmulticast mode
[  221.162906][T14954] bridge1: entered allmulticast mode
[  221.169096][T14958] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  221.178230][T14958] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem
[  221.194731][T14954] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.206157][T14958] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended
[  221.218741][T14958] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  221.227749][T14958] System zones: 0-2, 18-18, 34-35
[  221.233573][T14958] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.247305][T14958] EXT4-fs warning (device loop7): ext4_lookup:1797: Inconsistent encryption contexts: 12/14
[  221.257810][T14958] EXT4-fs warning (device loop7): ext4_lookup:1797: Inconsistent encryption contexts: 12/14
[  221.378736][T14729] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.395107][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.406066][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.424804][T14729] 8021q: adding VLAN 0 to HW filter on device team0
[  221.451342][ T3640] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.458468][ T3640] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.474487][T14975] loop4: detected capacity change from 0 to 2048
[  221.481426][T14975] ext4: Unknown parameter 'noacl'
[  221.535774][T14983] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20001
[  221.558762][   T29] kauditd_printk_skb: 122 callbacks suppressed
[  221.558782][   T29] audit: type=1400 audit(1786342309.159:6012): avc:  denied  { write } for  pid=14982 comm="syz.7.3655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  221.588951][ T3640] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.596127][ T3640] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.648887][   T29] audit: type=1326 audit(1786342309.234:6013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.672534][   T29] audit: type=1326 audit(1786342309.234:6014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.696033][   T29] audit: type=1326 audit(1786342309.234:6015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.719899][   T29] audit: type=1326 audit(1786342309.234:6016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.743598][   T29] audit: type=1326 audit(1786342309.234:6017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.767167][   T29] audit: type=1326 audit(1786342309.234:6018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.777605][T14729] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  221.790756][   T29] audit: type=1326 audit(1786342309.234:6019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.801008][T14729] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  221.824596][   T29] audit: type=1326 audit(1786342309.234:6020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.858588][   T29] audit: type=1326 audit(1786342309.244:6021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14989 comm="syz.7.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f4bceaeb9 code=0x7ffc0000
[  221.969958][T15012] syzkaller0: entered promiscuous mode
[  221.975567][T15012] syzkaller0: entered allmulticast mode
[  222.004528][T15021] loop9: detected capacity change from 0 to 512
[  222.023499][T15021] EXT4-fs: Ignoring removed nobh option
[  222.078677][T15029] loop4: detected capacity change from 0 to 512
[  222.114680][T15021] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.171183][T15021] ext4 filesystem being mounted at /273/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  222.185719][T14729] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.281792][T10725] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.310663][T15058] loop2: detected capacity change from 0 to 512
[  222.390190][T15058] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  222.425220][T15058] EXT4-fs (loop2): 1 truncate cleaned up
[  222.434951][T15058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.465811][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.515429][T15074] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  222.575398][T14729] veth0_vlan: entered promiscuous mode
[  222.592060][T14729] veth1_vlan: entered promiscuous mode
[  222.638543][T14729] veth0_macvtap: entered promiscuous mode
[  222.664624][T15087] loop2: detected capacity change from 0 to 512
[  222.692267][T14729] veth1_macvtap: entered promiscuous mode
[  222.716630][T15087] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.738831][T14729] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.763211][T14729] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.781674][T15087] ext4 filesystem being mounted at /274/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  222.797036][ T3648] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.801990][T15106] __nla_validate_parse: 4 callbacks suppressed
[  222.802044][T15106] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3679'.
[  222.843458][ T3648] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.856775][T15088] loop7: detected capacity change from 0 to 164
[  222.872240][T15087] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  222.890313][ T3648] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.900579][T15087] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3678: Failed to acquire dquot type 0
[  222.909723][T15088] iso9660: Bad value for 'sbsector'
[  222.956932][ T3648] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.967202][T15087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=15087 comm=syz.2.3678
[  223.003428][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.065917][T15125] 9p: Bad value for 'rfdno'
[  223.077927][T15127] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3689'.
[  223.184063][T15135] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3690'.
[  223.353470][T15169] loop9: detected capacity change from 0 to 512
[  223.360320][T15169] ext4: Unknown parameter 'audit'
[  223.471359][T15182] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3707'.
[  223.485181][T15175] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  223.655132][T15200] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3712'.
[  223.726946][T15206] loop9: detected capacity change from 0 to 512
[  223.804550][T15206] EXT4-fs (loop9): warning: mounting unchecked fs, running e2fsck is recommended
[  223.816349][T15206] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  223.835779][T15206] System zones: 0-2, 18-18, 34-35
[  223.878866][T15206] EXT4-fs (loop9): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  223.952052][T15206] EXT4-fs (loop9): unmounting filesystem 00000000-0700-0000-0000-000000000000.
[  224.005484][T15235] loop4: detected capacity change from 0 to 1024
[  224.025539][T15235] EXT4-fs: Ignoring removed nobh option
[  224.031361][T15235] EXT4-fs: Ignoring removed bh option
[  224.053287][T15235] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.058958][T15233] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  224.097282][T15206] loop9: detected capacity change from 0 to 512
[  224.101257][T15235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3722'.
[  224.156705][T15206] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3713: invalid indirect mapped block 4294967295 (level 1)
[  224.244064][T15206] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3713: invalid indirect mapped block 4294967295 (level 1)
[  224.271864][T15258] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3725'.
[  224.326208][T15206] EXT4-fs (loop9): 2 truncates cleaned up
[  224.351570][T15206] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.374641][T12708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.397616][T15206] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.529099][T15289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3732'.
[  224.561036][T15289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3732'.
[  224.574265][T15291] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3733'.
[  224.766264][T15311] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  224.959642][T15343] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.080263][T15357] syzkaller0: entered promiscuous mode
[  225.085811][T15357] syzkaller0: entered allmulticast mode
[  225.143223][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.469869][T15398] FAULT_INJECTION: forcing a failure.
[  225.469869][T15398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.483491][T15398] CPU: 0 UID: 0 PID: 15398 Comm: syz.7.3757 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  225.483577][T15398] Tainted: [W]=WARN
[  225.483585][T15398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.483651][T15398] Call Trace:
[  225.483659][T15398]  <TASK>
[  225.483667][T15398]  __dump_stack+0x1d/0x30
[  225.483696][T15398]  dump_stack_lvl+0x95/0xd0
[  225.483777][T15398]  dump_stack+0x15/0x1b
[  225.483814][T15398]  should_fail_ex+0x263/0x280
[  225.483854][T15398]  should_fail+0xb/0x20
[  225.483885][T15398]  should_fail_usercopy+0x1a/0x20
[  225.483965][T15398]  _copy_from_user+0x1c/0xb0
[  225.483988][T15398]  kstrtouint_from_user+0x69/0xf0
[  225.484025][T15398]  proc_fail_nth_write+0x50/0x160
[  225.484056][T15398]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  225.484128][T15398]  vfs_write+0x269/0x9f0
[  225.484150][T15398]  ? __sys_setsockopt+0x18e/0x200
[  225.484186][T15398]  ? kfree+0x347/0x3b0
[  225.484235][T15398]  ksys_write+0xdc/0x1a0
[  225.484336][T15398]  __x64_sys_write+0x40/0x50
[  225.484358][T15398]  x64_sys_call+0x2847/0x3000
[  225.484386][T15398]  do_syscall_64+0xc0/0x2a0
[  225.484440][T15398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.484464][T15398] RIP: 0033:0x7f9f4bcab78e
[  225.484481][T15398] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  225.484502][T15398] RSP: 002b:00007f9f4a746fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  225.484524][T15398] RAX: ffffffffffffffda RBX: 00007f9f4a7476c0 RCX: 00007f9f4bcab78e
[  225.484598][T15398] RDX: 0000000000000001 RSI: 00007f9f4a7470a0 RDI: 0000000000000004
[  225.484612][T15398] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  225.484627][T15398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.484657][T15398] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  225.484679][T15398]  </TASK>
[  225.733183][T15401] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.772976][T15401] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.939824][T14729] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.983736][T15429] EXT4-fs error (device loop9): ext4_orphan_get:1391: inode #13: comm syz.9.3769: iget: bad i_size value: 12154757448730
[  225.997215][T15429] EXT4-fs error (device loop9): ext4_orphan_get:1396: comm syz.9.3769: couldn't read orphan inode 13 (err -117)
[  226.021451][T15429] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.036694][T15429] EXT4-fs warning (device loop9): ext4_lookup:1797: Inconsistent encryption contexts: 2/12
[  226.048029][T15429] EXT4-fs warning (device loop9): ext4_lookup:1797: Inconsistent encryption contexts: 2/12
[  226.174055][T15444] EXT4-fs (loop2): Invalid log cluster size: 63
[  226.297343][T15454] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.310474][T15454] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.321939][T15454] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #15: comm syz.5.3781: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled
[  226.338700][T15454] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  226.347892][T15454] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #15: comm syz.5.3781: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled
[  226.364556][T15454] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  226.390230][T14729] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.402560][T15458] tipc: Can't bind to reserved service type 0
[  226.477725][T15460] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  226.533366][T15475] netlink: 'syz.2.3789': attribute type 1 has an invalid length.
[  226.554145][T15475] 8021q: adding VLAN 0 to HW filter on device bond2
[  226.562323][T15475] bond1: (slave bond2): making interface the new active one
[  226.569957][T15475] bond1: (slave bond2): Enslaving as an active interface with an up link
[  226.587520][T15475] rock: directory entry would overflow storage
[  226.593815][T15475] rock: sig=0x5245, size=8, remaining=5
[  226.618774][T10725] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.834932][T15509] netlink: 'syz.5.3795': attribute type 64 has an invalid length.
[  226.920643][T15519] netlink: 'syz.5.3795': attribute type 8 has an invalid length.
[  226.998511][T15528] set_capacity_and_notify: 7 callbacks suppressed
[  226.998532][T15528] loop7: detected capacity change from 0 to 128
[  227.016528][T15528] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  227.032263][T15528] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  227.072914][T15528] FAULT_INJECTION: forcing a failure.
[  227.072914][T15528] name failslab, interval 1, probability 0, space 0, times 0
[  227.086386][T15528] CPU: 0 UID: 0 PID: 15528 Comm: syz.7.3809 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  227.086483][T15528] Tainted: [W]=WARN
[  227.086493][T15528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  227.086561][T15528] Call Trace:
[  227.086570][T15528]  <TASK>
[  227.086581][T15528]  __dump_stack+0x1d/0x30
[  227.086661][T15528]  dump_stack_lvl+0x95/0xd0
[  227.086750][T15528]  dump_stack+0x15/0x1b
[  227.086779][T15528]  should_fail_ex+0x263/0x280
[  227.086832][T15528]  should_failslab+0x8c/0xb0
[  227.086875][T15528]  kmem_cache_alloc_noprof+0x68/0x490
[  227.086931][T15528]  ? getname_flags+0x7f/0x3b0
[  227.086968][T15528]  getname_flags+0x7f/0x3b0
[  227.087003][T15528]  do_sys_openat2+0x60/0x150
[  227.087082][T15528]  __x64_sys_openat+0xf2/0x120
[  227.087115][T15528]  x64_sys_call+0x2b07/0x3000
[  227.087141][T15528]  do_syscall_64+0xc0/0x2a0
[  227.087184][T15528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.087212][T15528] RIP: 0033:0x7f9f4bceaeb9
[  227.087233][T15528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  227.087257][T15528] RSP: 002b:00007f9f4a747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  227.087334][T15528] RAX: ffffffffffffffda RBX: 00007f9f4bf65fa0 RCX: 00007f9f4bceaeb9
[  227.087353][T15528] RDX: 0000000000101842 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  227.087369][T15528] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  227.087382][T15528] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  227.087395][T15528] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  227.087451][T15528]  </TASK>
[  227.336776][T15545] loop7: detected capacity change from 0 to 128
[  227.356307][T15545] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  227.368744][T15541] 9p: Unknown Cache mode or invalid value f
[  227.406252][T15545] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  227.598675][   T29] kauditd_printk_skb: 95 callbacks suppressed
[  227.598693][   T29] audit: type=1400 audit(1786342314.809:6115): avc:  denied  { read } for  pid=15559 comm="syz.7.3820" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  227.627712][   T29] audit: type=1400 audit(1786342314.809:6116): avc:  denied  { open } for  pid=15559 comm="syz.7.3820" path="/dev/cpu/1/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  227.653795][   T29] audit: type=1400 audit(1786342314.819:6117): avc:  denied  { getopt } for  pid=15559 comm="syz.7.3820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.735892][T15569] loop7: detected capacity change from 0 to 1024
[  227.801781][   T29] audit: type=1400 audit(1786342314.959:6118): avc:  denied  { write } for  pid=15573 comm="syz.5.3823" lport=55715 faddr=::ffff:100.1.1.0 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  227.826252][   T29] audit: type=1326 audit(1786342314.959:6119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.849868][   T29] audit: type=1326 audit(1786342314.959:6120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.873671][   T29] audit: type=1326 audit(1786342314.959:6121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.897398][   T29] audit: type=1326 audit(1786342314.959:6122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.920989][   T29] audit: type=1326 audit(1786342314.959:6123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.944769][   T29] audit: type=1326 audit(1786342314.959:6124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15573 comm="syz.5.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  227.971839][T15578] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  227.988759][T15580] loop4: detected capacity change from 0 to 128
[  228.112402][T15580] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  228.206515][T15580] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  228.467990][T15608] loop4: detected capacity change from 0 to 512
[  228.535969][T15608] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.607593][T12708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.623486][T15619] 9pnet: p9_errstr2errno: server reported unknown error 1844674
[  228.691540][T15629] loop9: detected capacity change from 0 to 512
[  228.705151][T15622] syzkaller0: entered promiscuous mode
[  228.710795][T15622] syzkaller0: entered allmulticast mode
[  228.728148][T15627] syzkaller0: entered promiscuous mode
[  228.733946][T15627] syzkaller0: entered allmulticast mode
[  228.776080][T15629] ext4 filesystem being mounted at /304/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.792746][T15632] __nla_validate_parse: 9 callbacks suppressed
[  228.792760][T15632] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3843'.
[  228.849557][T15629] FAULT_INJECTION: forcing a failure.
[  228.849557][T15629] name failslab, interval 1, probability 0, space 0, times 0
[  228.862999][T15629] CPU: 0 UID: 0 PID: 15629 Comm: syz.9.3844 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  228.863041][T15629] Tainted: [W]=WARN
[  228.863051][T15629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  228.863068][T15629] Call Trace:
[  228.863077][T15629]  <TASK>
[  228.863087][T15629]  __dump_stack+0x1d/0x30
[  228.863141][T15629]  dump_stack_lvl+0x95/0xd0
[  228.863179][T15629]  dump_stack+0x15/0x1b
[  228.863203][T15629]  should_fail_ex+0x263/0x280
[  228.863292][T15629]  should_failslab+0x8c/0xb0
[  228.863324][T15629]  kmem_cache_alloc_noprof+0x68/0x490
[  228.863413][T15629]  ? __es_insert_extent+0x508/0xee0
[  228.863445][T15629]  ? kvfree_call_rcu+0xba/0x390
[  228.863513][T15629]  __es_insert_extent+0x508/0xee0
[  228.863549][T15629]  ? mas_wr_store_entry+0x2141/0x2e70
[  228.863581][T15629]  ext4_es_cache_extent+0x28d/0x390
[  228.863634][T15629]  ext4_find_extent+0x336/0x7a0
[  228.863660][T15629]  ext4_ext_map_blocks+0x128/0x38a0
[  228.863765][T15629]  ? get_page_from_freelist+0x1877/0x1a70
[  228.863808][T15629]  ? css_rstat_updated+0x31/0x280
[  228.863927][T15629]  ? trace_event_reg+0xe0/0x190
[  228.863949][T15629]  ? try_charge_memcg+0x215/0xa10
[  228.863972][T15629]  ? xas_load+0x413/0x430
[  228.864008][T15629]  ext4_map_query_blocks+0xae/0x550
[  228.864112][T15629]  ? ext4_es_lookup_extent+0x3ac/0x540
[  228.864150][T15629]  ext4_map_blocks+0x398/0xd70
[  228.864199][T15629]  ? xa_load+0xb1/0xe0
[  228.864229][T15629]  ? __account_obj_stock+0x211/0x350
[  228.864258][T15629]  ext4_getblk+0x128/0x530
[  228.864329][T15629]  ext4_bread_batch+0x5c/0x320
[  228.864368][T15629]  __ext4_find_entry+0x852/0xdf0
[  228.864399][T15629]  ? __d_alloc+0x37/0x340
[  228.864433][T15629]  ? d_alloc_parallel+0xc01/0xce0
[  228.864555][T15629]  ext4_lookup+0xcd/0x3a0
[  228.864587][T15629]  __lookup_slow+0x19d/0x260
[  228.864631][T15629]  lookup_slow+0x3c/0x60
[  228.864667][T15629]  link_path_walk+0x946/0xe30
[  228.864779][T15629]  __filename_parentat+0x1a4/0x450
[  228.864818][T15629]  filename_create+0x78/0x220
[  228.864861][T15629]  do_mkdirat+0x82/0x3b0
[  228.864887][T15629]  __x64_sys_mkdirat+0x4c/0x60
[  228.864968][T15629]  x64_sys_call+0x30c/0x3000
[  228.865003][T15629]  do_syscall_64+0xc0/0x2a0
[  228.865044][T15629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.865071][T15629] RIP: 0033:0x7fb078c7aeb9
[  228.865087][T15629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  228.865182][T15629] RSP: 002b:00007fb0776d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  228.865278][T15629] RAX: ffffffffffffffda RBX: 00007fb078ef5fa0 RCX: 00007fb078c7aeb9
[  228.865292][T15629] RDX: 00000000000001d0 RSI: 0000200000000280 RDI: ffffffffffffff9c
[  228.865352][T15629] RBP: 00007fb0776d7090 R08: 0000000000000000 R09: 0000000000000000
[  228.865405][T15629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.865422][T15629] R13: 00007fb078ef6038 R14: 00007fb078ef5fa0 R15: 00007fffad161f08
[  228.865507][T15629]  </TASK>
[  228.960220][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.184458][T15629] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=12
[  229.200272][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.213707][T15629] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=12
[  229.222812][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.236898][T15629] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=12
[  229.248557][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.326265][T15629] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=12
[  229.362159][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.378282][T15645] loop5: detected capacity change from 0 to 1024
[  229.386653][T15629] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop9 ino=12
[  229.397111][T15645] EXT4-fs: Ignoring removed bh option
[  229.403522][T15629] EXT4-fs error (device loop9): ext4_xattr_block_get:597: inode #12: comm syz.9.3844: corrupted xattr block 6: invalid header
[  229.520916][T15658] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3850'.
[  229.618662][T15671] xt_socket: unknown flags 0x48
[  229.682950][T15664] syzkaller0: entered promiscuous mode
[  229.688533][T15664] syzkaller0: entered allmulticast mode
[  229.702342][T15680] syzkaller0: entered promiscuous mode
[  229.708662][T15680] syzkaller0: entered allmulticast mode
[  229.806803][T15686] loop5: detected capacity change from 0 to 164
[  229.827821][T15688] loop4: detected capacity change from 0 to 164
[  229.837265][T15686] isofs_fill_super: root inode is not a directory. Corrupted media?
[  229.848722][T15688] Unable to read rock-ridge attributes
[  229.929281][T15697] Unable to read rock-ridge attributes
[  230.024232][T15710] loop7: detected capacity change from 0 to 512
[  230.039963][T15710] EXT4-fs (loop7): 1 truncate cleaned up
[  230.107271][T15718] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3877'.
[  230.130604][T15716] syzkaller0: entered promiscuous mode
[  230.136909][T15716] syzkaller0: entered allmulticast mode
[  230.164104][T15720] syzkaller0: entered promiscuous mode
[  230.170413][T15720] syzkaller0: entered allmulticast mode
[  230.291690][T15730] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  230.517654][ T7416]  loop5: p1 p2 p4
[  230.521589][ T7416] loop5: p1 size 262144 extends beyond EOD, truncated
[  230.530736][ T7416] loop5: p2 start 4293394690 is beyond EOD, truncated
[  230.537614][ T7416] loop5: p4 size 100663296 extends beyond EOD, truncated
[  230.547714][T15744]  loop5: p1 p2 p4
[  230.551714][T15744] loop5: p1 size 262144 extends beyond EOD, truncated
[  230.559227][T15744] loop5: p2 start 4293394690 is beyond EOD, truncated
[  230.566261][T15744] loop5: p4 size 100663296 extends beyond EOD, truncated
[  230.610681][ T7416] udevd[7416]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  230.620954][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  230.641287][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  230.651741][ T7416] udevd[7416]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  230.735316][T15756] syzkaller0: entered promiscuous mode
[  230.740986][T15756] syzkaller0: entered allmulticast mode
[  230.780870][T15760] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3894'.
[  230.823518][T15760] SELinux: failed to load policy
[  230.985553][T15777] EXT4-fs mount: 6 callbacks suppressed
[  230.985574][T15777] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  231.004373][T15777] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  231.015308][T15779] ext4: Unknown parameter 'func'
[  231.065194][T15783] EXT4-fs: Ignoring removed nobh option
[  231.072392][T15783] EXT4-fs warning (device loop7): ext4_multi_mount_protect:394: Unable to create kmmpd thread for loop7.
[  231.174559][T15791] syzkaller0: entered promiscuous mode
[  231.180230][T15791] syzkaller0: entered allmulticast mode
[  231.426501][T14729] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  231.517941][T15815] syzkaller0: entered promiscuous mode
[  231.523542][T15815] syzkaller0: entered allmulticast mode
[  231.584934][T15819] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  231.609909][T15819] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.622687][T15819] ext4 filesystem being mounted at /442/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  231.666616][ T8383] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.939769][T15848] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=29 sclass=netlink_tcpdiag_socket pid=15848 comm=syz.5.3924
[  232.102175][T15863] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.115422][T15863] ext4 filesystem being mounted at /329/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.168095][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.169372][T15869] netlink: 'syz.5.3932': attribute type 10 has an invalid length.
[  232.201807][T15869] team0: Port device dummy0 added
[  232.381534][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3943'.
[  232.423026][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3943'.
[  232.449775][T15905] netlink: 'syz.5.3947': attribute type 1 has an invalid length.
[  232.458512][ T2035] bond0: (slave bond_slave_0): interface is now down
[  232.465415][ T2035] bond0: (slave bond_slave_1): interface is now down
[  232.501012][ T2035] bond0: now running without any active interface!
[  232.521972][T15911] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  232.773238][T15937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3956'.
[  232.841697][T15940] set_capacity_and_notify: 7 callbacks suppressed
[  232.841713][T15940] loop7: detected capacity change from 0 to 2048
[  232.855492][T15940] ext4: Unknown parameter 'noacl'
[  232.962961][T15928] loop5: detected capacity change from 0 to 512
[  232.985494][T15928] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  233.008287][T15928] EXT4-fs (loop5): orphan cleanup on readonly fs
[  233.025160][T15928] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4215: comm syz.5.3956: Allocating blocks 41-42 which overlap fs metadata
[  233.058062][T15928] __quota_error: 617 callbacks suppressed
[  233.058144][T15928] Quota error (device loop5): write_blk: dquota write failed
[  233.073250][T15928] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5
[  233.094418][T15928] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4215: comm syz.5.3956: Allocating blocks 41-42 which overlap fs metadata
[  233.111742][T15928] Quota error (device loop5): write_blk: dquota write failed
[  233.120517][T15928] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  233.145799][T15928] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3956: Failed to acquire dquot type 1
[  233.159986][T15928] EXT4-fs error (device loop5): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  233.186402][T15928] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.3956: corrupted inode contents
[  233.200625][T15928] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #12: comm syz.5.3956: mark_inode_dirty error
[  233.214493][T15928] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.3956: corrupted inode contents
[  233.228199][T15928] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #12: comm syz.5.3956: mark_inode_dirty error
[  233.241598][T15928] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.3956: corrupted inode contents
[  233.269538][T15928] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem
[  233.279613][T15928] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.3956: corrupted inode contents
[  233.293258][T15928] EXT4-fs error (device loop5): ext4_truncate:4635: inode #12: comm syz.5.3956: mark_inode_dirty error
[  233.306057][T15928] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem
[  233.317390][T15928] EXT4-fs (loop5): 1 truncate cleaned up
[  233.327810][T15928] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  233.344328][T15928] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.489354][T15956] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3965'.
[  233.638110][T15970] program syz.2.3969 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  233.687992][T15977] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.3972'.
[  233.730212][T15974] syzkaller0: entered promiscuous mode
[  233.735857][T15974] syzkaller0: entered allmulticast mode
[  233.743673][T15974] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487
[  233.753180][   T29] audit: type=1400 audit(1786342320.581:6742): avc:  denied  { getopt } for  pid=15972 comm="syz.5.3971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  233.891454][T15993] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3976'.
[  233.934262][T15998] FAULT_INJECTION: forcing a failure.
[  233.934262][T15998] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  233.947640][T15998] CPU: 0 UID: 0 PID: 15998 Comm: syz.7.3978 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  233.947675][T15998] Tainted: [W]=WARN
[  233.947682][T15998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  233.947695][T15998] Call Trace:
[  233.947701][T15998]  <TASK>
[  233.947710][T15998]  __dump_stack+0x1d/0x30
[  233.947885][T15998]  dump_stack_lvl+0x95/0xd0
[  233.947909][T15998]  dump_stack+0x15/0x1b
[  233.947933][T15998]  should_fail_ex+0x263/0x280
[  233.948019][T15998]  should_fail_alloc_page+0xf2/0x100
[  233.948063][T15998]  __alloc_frozen_pages_noprof+0x108/0x350
[  233.948098][T15998]  alloc_pages_mpol+0xb3/0x260
[  233.948217][T15998]  vma_alloc_folio_noprof+0x1a9/0x300
[  233.948321][T15998]  handle_mm_fault+0x111f/0x3030
[  233.948442][T15998]  ? mt_find+0x291/0x3b0
[  233.948494][T15998]  do_user_addr_fault+0x3fd/0x1050
[  233.948594][T15998]  exc_page_fault+0x62/0xa0
[  233.948627][T15998]  asm_exc_page_fault+0x26/0x30
[  233.948653][T15998] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  233.948683][T15998] Code: 15 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  233.948783][T15998] RSP: 0018:ffffc90001727d48 EFLAGS: 00050202
[  233.948807][T15998] RAX: ffff888101671b10 RBX: 00000000000000e8 RCX: 00000000000000e8
[  233.948827][T15998] RDX: 0000000000000000 RSI: ffff888104e0a800 RDI: 0000200000001040
[  233.948846][T15998] RBP: ffffc90001727e60 R08: 0000000000000076 R09: 0000000000000000
[  233.948865][T15998] R10: 0001888104e0a800 R11: 0001888104e0a8e7 R12: 0000200000001128
[  233.948884][T15998] R13: 00007ffffffff000 R14: 0000200000001040 R15: ffff888104e0a800
[  233.948993][T15998]  _copy_to_user+0x7c/0xa0
[  233.949029][T15998]  __snd_timer_user_ioctl+0x173c/0x2bc0
[  233.949072][T15998]  ? do_vfs_ioctl+0x84f/0xe70
[  233.949115][T15998]  ? selinux_file_ioctl+0x5f7/0xcb0
[  233.949240][T15998]  ? __rcu_read_unlock+0x4e/0x70
[  233.949279][T15998]  ? __rcu_read_unlock+0x4e/0x70
[  233.949321][T15998]  ? __pfx_snd_timer_user_ioctl+0x10/0x10
[  233.949361][T15998]  snd_timer_user_ioctl+0x45/0x90
[  233.949477][T15998]  __se_sys_ioctl+0xce/0x140
[  233.949523][T15998]  __x64_sys_ioctl+0x43/0x50
[  233.949567][T15998]  x64_sys_call+0x14b0/0x3000
[  233.949660][T15998]  do_syscall_64+0xc0/0x2a0
[  233.949696][T15998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.949725][T15998] RIP: 0033:0x7f9f4bceaeb9
[  233.949803][T15998] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  233.949830][T15998] RSP: 002b:00007f9f4a747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  233.949857][T15998] RAX: ffffffffffffffda RBX: 00007f9f4bf65fa0 RCX: 00007f9f4bceaeb9
[  233.949878][T15998] RDX: 0000200000001040 RSI: 0000000080e85411 RDI: 0000000000000003
[  233.949917][T15998] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  233.949936][T15998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.949953][T15998] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  233.949999][T15998]  </TASK>
[  234.022552][T16001] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  234.550209][T16034] FAULT_INJECTION: forcing a failure.
[  234.550209][T16034] name failslab, interval 1, probability 0, space 0, times 0
[  234.562937][T16034] CPU: 1 UID: 0 PID: 16034 Comm: syz.7.3987 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  234.562972][T16034] Tainted: [W]=WARN
[  234.562980][T16034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  234.563005][T16034] Call Trace:
[  234.563015][T16034]  <TASK>
[  234.563026][T16034]  __dump_stack+0x1d/0x30
[  234.563060][T16034]  dump_stack_lvl+0x95/0xd0
[  234.563089][T16034]  dump_stack+0x15/0x1b
[  234.563112][T16034]  should_fail_ex+0x263/0x280
[  234.563166][T16034]  should_failslab+0x8c/0xb0
[  234.563191][T16034]  kmem_cache_alloc_node_noprof+0x6a/0x4a0
[  234.563218][T16034]  ? __alloc_skb+0x2f0/0x4b0
[  234.563256][T16034]  __alloc_skb+0x2f0/0x4b0
[  234.563370][T16034]  ? __alloc_skb+0x219/0x4b0
[  234.563443][T16034]  netlink_dump+0x10d/0x8a0
[  234.563492][T16034]  ? __kfree_skb+0x109/0x150
[  234.563531][T16034]  ? nlmon_xmit+0x4f/0x60
[  234.563572][T16034]  __netlink_dump_start+0x43e/0x520
[  234.563687][T16034]  ? __pfx_neigh_dump_info+0x10/0x10
[  234.563740][T16034]  rtnetlink_rcv_msg+0x59f/0x720
[  234.563769][T16034]  ? __pfx_neigh_dump_info+0x10/0x10
[  234.563809][T16034]  ? __pfx_neigh_dump_info+0x10/0x10
[  234.563869][T16034]  netlink_rcv_skb+0x123/0x220
[  234.564028][T16034]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  234.564069][T16034]  rtnetlink_rcv+0x1c/0x30
[  234.564094][T16034]  netlink_unicast+0x5c0/0x690
[  234.564184][T16034]  netlink_sendmsg+0x5c8/0x6f0
[  234.564215][T16034]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.564242][T16034]  sock_write_iter+0x32a/0x360
[  234.564351][T16034]  do_iter_readv_writev+0x4fd/0x5a0
[  234.564387][T16034]  vfs_writev+0x2e1/0x900
[  234.564450][T16034]  do_writev+0xe9/0x210
[  234.564483][T16034]  __x64_sys_writev+0x45/0x50
[  234.564506][T16034]  x64_sys_call+0x1ba5/0x3000
[  234.564592][T16034]  do_syscall_64+0xc0/0x2a0
[  234.564630][T16034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.564661][T16034] RIP: 0033:0x7f9f4bceaeb9
[  234.564683][T16034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  234.564780][T16034] RSP: 002b:00007f9f4a747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  234.564802][T16034] RAX: ffffffffffffffda RBX: 00007f9f4bf65fa0 RCX: 00007f9f4bceaeb9
[  234.564818][T16034] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  234.564831][T16034] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  234.564845][T16034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.564895][T16034] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  234.564922][T16034]  </TASK>
[  234.859343][T16038] netlink: 'syz.7.3988': attribute type 9 has an invalid length.
[  234.944359][T16040] __nla_validate_parse: 1 callbacks suppressed
[  234.944381][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3989'.
[  235.192428][T16071] netlink: 'syz.2.3999': attribute type 13 has an invalid length.
[  235.201610][T16071] veth1_vlan: left allmulticast mode
[  235.306187][T16079] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4002'.
[  235.365875][T16086] netlink: 'syz.2.4005': attribute type 4 has an invalid length.
[  235.386460][   T29] audit: type=1326 audit(1786342322.096:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16085 comm="syz.5.4006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  235.410896][   T29] audit: type=1326 audit(1786342322.096:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16085 comm="syz.5.4006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  235.434487][   T29] audit: type=1326 audit(1786342322.096:6745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16085 comm="syz.5.4006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  235.458118][   T29] audit: type=1326 audit(1786342322.096:6746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16085 comm="syz.5.4006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  235.482430][   T29] audit: type=1326 audit(1786342322.096:6747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16085 comm="syz.5.4006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  235.769500][T16101] program syz.4.4012 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  235.851372][T16110] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4014'.
[  235.865550][T16110] bridge0: entered promiscuous mode
[  235.871709][T16110] bridge0: left promiscuous mode
[  235.924953][T16116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4015'.
[  236.024251][T16134] loop5: detected capacity change from 0 to 128
[  236.032627][T16133] loop4: detected capacity change from 0 to 512
[  236.048797][T16133] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 4294967295)!
[  236.060627][T16133] EXT4-fs (loop4): group descriptors corrupted!
[  236.078363][T16134] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  236.094778][T16134] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.187132][T14729] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  236.352554][T16172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4033'.
[  236.361750][T16172] chnl_net:caif_netlink_parms(): no params data found
[  236.396166][T16176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5133 sclass=netlink_route_socket pid=16176 comm=syz.7.4036
[  236.528728][T16192] loop7: detected capacity change from 0 to 512
[  236.602079][T16202] syzkaller0: entered promiscuous mode
[  236.607702][T16202] syzkaller0: entered allmulticast mode
[  236.881887][T16230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4055'.
[  237.140084][T16251] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.4062'.
[  237.395212][T16278] loop4: detected capacity change from 0 to 512
[  237.418268][T16278] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  237.427957][T16278] EXT4-fs (loop4): orphan cleanup on readonly fs
[  237.434608][T16278] EXT4-fs error (device loop4): ext4_quota_enable:7173: comm syz.4.4067: Bad quota inum: 5, type: 1
[  237.446043][T16278] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=5). Please run e2fsck to fix.
[  237.460842][T16278] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  237.469016][T16278] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  237.520666][T16282] FAULT_INJECTION: forcing a failure.
[  237.520666][T16282] name failslab, interval 1, probability 0, space 0, times 0
[  237.533433][T16282] CPU: 0 UID: 0 PID: 16282 Comm: syz.2.4068 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  237.533535][T16282] Tainted: [W]=WARN
[  237.533549][T16282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  237.533567][T16282] Call Trace:
[  237.533574][T16282]  <TASK>
[  237.533582][T16282]  __dump_stack+0x1d/0x30
[  237.533605][T16282]  dump_stack_lvl+0x95/0xd0
[  237.533625][T16282]  dump_stack+0x15/0x1b
[  237.533644][T16282]  should_fail_ex+0x263/0x280
[  237.533737][T16282]  should_failslab+0x8c/0xb0
[  237.533768][T16282]  __kmalloc_cache_noprof+0x64/0x4a0
[  237.533794][T16282]  ? nf_tables_newtable+0x375/0xea0
[  237.533858][T16282]  ? __nla_validate_parse+0x1650/0x1cf0
[  237.533891][T16282]  nf_tables_newtable+0x375/0xea0
[  237.533927][T16282]  nfnetlink_rcv+0xc1e/0x1720
[  237.534005][T16282]  netlink_unicast+0x5c0/0x690
[  237.534035][T16282]  netlink_sendmsg+0x5c8/0x6f0
[  237.534100][T16282]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.534118][T16282]  ____sys_sendmsg+0x5af/0x600
[  237.534139][T16282]  ___sys_sendmsg+0x195/0x1e0
[  237.534174][T16282]  __x64_sys_sendmsg+0xd4/0x160
[  237.534196][T16282]  x64_sys_call+0x17ba/0x3000
[  237.534260][T16282]  do_syscall_64+0xc0/0x2a0
[  237.534325][T16282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.534346][T16282] RIP: 0033:0x7ff5a77caeb9
[  237.534361][T16282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  237.534401][T16282] RSP: 002b:00007ff5a6227028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.534419][T16282] RAX: ffffffffffffffda RBX: 00007ff5a7a45fa0 RCX: 00007ff5a77caeb9
[  237.534433][T16282] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  237.534445][T16282] RBP: 00007ff5a6227090 R08: 0000000000000000 R09: 0000000000000000
[  237.534517][T16282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.534529][T16282] R13: 00007ff5a7a46038 R14: 00007ff5a7a45fa0 R15: 00007ffe19c76f48
[  237.534552][T16282]  </TASK>
[  237.535123][T12708] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.752530][T16287] loop9: detected capacity change from 0 to 512
[  237.805080][T16287] EXT4-fs: dax option not supported
[  237.872433][T16305] netlink: 'syz.4.4077': attribute type 5 has an invalid length.
[  237.881218][T16305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4077'.
[  237.979086][T16309] loop4: detected capacity change from 0 to 8192
[  237.989404][T16309] FAT-fs (loop4): bogus logical sector size 516
[  237.995902][T16309] FAT-fs (loop4): Can't find a valid FAT filesystem
[  238.297440][ T3648] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  238.314831][ T3648] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  238.339053][ T3648] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  238.355396][T16329] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4087'.
[  238.386534][T16332] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16332 comm=syz.7.4089
[  238.413113][ T3648] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  238.513917][T16317] loop5: detected capacity change from 0 to 512
[  238.521736][T16349] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4094'.
[  238.546708][T16317] EXT4-fs (loop5): orphan cleanup on readonly fs
[  238.586510][T16317] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.4082: bg 0: block 248: padding at end of block bitmap is not set
[  238.612200][T16317] __quota_error: 92 callbacks suppressed
[  238.612217][T16317] Quota error (device loop5): write_blk: dquota write failed
[  238.625513][T16317] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  238.635572][T16317] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.4082: Failed to acquire dquot type 1
[  238.650373][T16363] xt_hashlimit: max too large, truncated to 1048576
[  238.665012][T16366] netlink: 'syz.7.4096': attribute type 1 has an invalid length.
[  238.674601][T16363] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  238.713680][T16317] EXT4-fs (loop5): 1 truncate cleaned up
[  238.721531][T16317] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  238.747125][T16379] loop2: detected capacity change from 0 to 512
[  238.754265][   T29] audit: type=1400 audit(1786342581.367:6840): avc:  denied  { remount } for  pid=16316 comm="syz.5.4082" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  238.755855][T16379] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  238.785052][T16317] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  238.805716][T16317] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  238.815605][T16340] Quota error (device loop5): write_blk: dquota write failed
[  238.823131][T16340] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  238.829976][T16379] EXT4-fs (loop2): 1 truncate cleaned up
[  238.833154][T16340] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.4082: Failed to acquire dquot type 1
[  238.843799][T16317] ext4 filesystem being remounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.861109][T16379] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.910930][T13221] IPVS: starting estimator thread 0...
[  238.934719][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.945924][T14729] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.964838][T16386] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16386 comm=syz.7.4104
[  239.063710][T16384] IPVS: using max 2352 ests per chain, 117600 per kthread
[  239.118305][   T29] audit: type=1400 audit(1786342581.714:6841): avc:  denied  { write } for  pid=16392 comm="syz.7.4106" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  239.178204][T16404] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
[  239.196482][ T3648] IPVS: stop unused estimator thread 0...
[  239.282397][T16417] loop7: detected capacity change from 0 to 2048
[  239.320101][   T29] audit: type=1326 audit(1786342581.901:6842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16420 comm="syz.5.4114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  239.381579][   T29] audit: type=1326 audit(1786342581.929:6843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16420 comm="syz.5.4114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  239.405214][   T29] audit: type=1326 audit(1786342581.929:6844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16420 comm="syz.5.4114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  239.428875][   T29] audit: type=1326 audit(1786342581.929:6845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16420 comm="syz.5.4114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0e1aeaeb9 code=0x7ffc0000
[  239.496492][T16427] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  239.513736][T16432] loop2: detected capacity change from 0 to 512
[  239.521452][T16432] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  239.536443][T16432] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  239.545991][T16432] EXT4-fs (loop2): failed to initialize system zone (-117)
[  239.554061][T16432] EXT4-fs (loop2): mount failed
[  239.674783][T16454] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
[  239.762198][T16468] FAULT_INJECTION: forcing a failure.
[  239.762198][T16468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.776341][T16468] CPU: 0 UID: 0 PID: 16468 Comm: syz.7.4133 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  239.776462][T16468] Tainted: [W]=WARN
[  239.776472][T16468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  239.776490][T16468] Call Trace:
[  239.776499][T16468]  <TASK>
[  239.776509][T16468]  __dump_stack+0x1d/0x30
[  239.776542][T16468]  dump_stack_lvl+0x95/0xd0
[  239.776571][T16468]  dump_stack+0x15/0x1b
[  239.776633][T16468]  should_fail_ex+0x263/0x280
[  239.776673][T16468]  should_fail+0xb/0x20
[  239.776718][T16468]  should_fail_usercopy+0x1a/0x20
[  239.776780][T16468]  _copy_from_user+0x1c/0xb0
[  239.776812][T16468]  ___sys_sendmsg+0xc1/0x1e0
[  239.776853][T16468]  __x64_sys_sendmsg+0xd4/0x160
[  239.776930][T16468]  x64_sys_call+0x17ba/0x3000
[  239.776957][T16468]  do_syscall_64+0xc0/0x2a0
[  239.777039][T16468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.777061][T16468] RIP: 0033:0x7f9f4bceaeb9
[  239.777120][T16468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  239.777140][T16468] RSP: 002b:00007f9f4a747028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  239.777204][T16468] RAX: ffffffffffffffda RBX: 00007f9f4bf65fa0 RCX: 00007f9f4bceaeb9
[  239.777220][T16468] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  239.777276][T16468] RBP: 00007f9f4a747090 R08: 0000000000000000 R09: 0000000000000000
[  239.777293][T16468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.777315][T16468] R13: 00007f9f4bf66038 R14: 00007f9f4bf65fa0 R15: 00007ffeb3deb7a8
[  239.777341][T16468]  </TASK>
[  239.803114][T16466] loop2: detected capacity change from 0 to 2048
[  239.948644][T16466] ext4: Unknown parameter 'noacl'
[  240.012356][T16480] loop7: detected capacity change from 0 to 128
[  240.038607][T16480] FAT-fs (loop7): Directory bread(block 32) failed
[  240.057061][T16480] FAT-fs (loop7): Directory bread(block 33) failed
[  240.071735][T16480] FAT-fs (loop7): Directory bread(block 34) failed
[  240.089519][T16480] FAT-fs (loop7): Directory bread(block 35) failed
[  240.099484][T16480] FAT-fs (loop7): Directory bread(block 36) failed
[  240.113922][T16480] FAT-fs (loop7): Directory bread(block 37) failed
[  240.121551][T16480] FAT-fs (loop7): Directory bread(block 38) failed
[  240.128168][T16480] FAT-fs (loop7): Directory bread(block 39) failed
[  240.134944][T16480] FAT-fs (loop7): Directory bread(block 40) failed
[  240.142096][T16480] FAT-fs (loop7): Directory bread(block 41) failed
[  240.167405][T16480] syz.7.4138: attempt to access beyond end of device
[  240.167405][T16480] loop7: rw=8388608, sector=4108, nr_sectors = 4 limit=128
[  240.185866][T16480] FAT-fs (loop7): Filesystem has been set read-only
[  240.192912][T16480] FAT-fs (loop7): error, fat_free_clusters: deleting FAT entry beyond EOF
[  240.214382][T16492] loop2: detected capacity change from 0 to 1024
[  240.226362][T16492] EXT4-fs: Ignoring removed nobh option
[  240.232028][T16492] EXT4-fs: Ignoring removed bh option
[  240.253321][T16492] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.285493][T16492] __nla_validate_parse: 1 callbacks suppressed
[  240.285512][T16492] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4144'.
[  240.484946][T10993] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.581193][T16500] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4146'.
[  240.590409][T16500] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4146'.
[  240.828945][T16489] syz.9.4142 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  240.843158][T16489] CPU: 1 UID: 0 PID: 16489 Comm: syz.9.4142 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  240.843205][T16489] Tainted: [W]=WARN
[  240.843215][T16489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  240.843264][T16489] Call Trace:
[  240.843272][T16489]  <TASK>
[  240.843283][T16489]  __dump_stack+0x1d/0x30
[  240.843339][T16489]  dump_stack_lvl+0x95/0xd0
[  240.843371][T16489]  dump_stack+0x15/0x1b
[  240.843401][T16489]  dump_header+0x80/0x240
[  240.843441][T16489]  oom_kill_process+0x295/0x350
[  240.843471][T16489]  out_of_memory+0x97d/0xb80
[  240.843498][T16489]  try_charge_memcg+0x62e/0xa10
[  240.843543][T16489]  obj_cgroup_charge_pages+0x23/0xc0
[  240.843598][T16489]  __memcg_kmem_charge_page+0x9e/0x170
[  240.843642][T16489]  __alloc_frozen_pages_noprof+0x18a/0x350
[  240.843689][T16489]  alloc_pages_mpol+0xb3/0x260
[  240.843806][T16489]  alloc_pages_noprof+0x8f/0x130
[  240.844017][T16489]  __vmalloc_node_range_noprof+0xa46/0x12b0
[  240.844076][T16489]  __kvmalloc_node_noprof+0x471/0x680
[  240.844117][T16489]  ? ip_set_alloc+0x24/0x30
[  240.844211][T16489]  ? ip_set_alloc+0x24/0x30
[  240.844327][T16489]  ? __kmalloc_cache_noprof+0x3cd/0x4a0
[  240.844369][T16489]  ip_set_alloc+0x24/0x30
[  240.844414][T16489]  hash_netiface_create+0x282/0x740
[  240.844474][T16489]  ? __pfx_hash_netiface_create+0x10/0x10
[  240.844631][T16489]  ip_set_create+0x3cf/0x970
[  240.844685][T16489]  ? __nla_parse+0x40/0x60
[  240.844735][T16489]  nfnetlink_rcv_msg+0x509/0x5d0
[  240.844846][T16489]  netlink_rcv_skb+0x123/0x220
[  240.844883][T16489]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  240.844996][T16489]  nfnetlink_rcv+0x167/0x1720
[  240.845037][T16489]  ? __kfree_skb+0x109/0x150
[  240.845178][T16489]  ? nlmon_xmit+0x4f/0x60
[  240.845240][T16489]  ? consume_skb+0x49/0x140
[  240.845272][T16489]  ? nlmon_xmit+0x4f/0x60
[  240.845316][T16489]  ? dev_hard_start_xmit+0x3a8/0x3e0
[  240.845366][T16489]  ? __dev_queue_xmit+0x139a/0x1f20
[  240.845451][T16489]  ? __dev_queue_xmit+0x148/0x1f20
[  240.845545][T16489]  ? ref_tracker_free+0x37d/0x3e0
[  240.845598][T16489]  ? __netlink_deliver_tap+0x4dc/0x500
[  240.845654][T16489]  netlink_unicast+0x5c0/0x690
[  240.845749][T16489]  netlink_sendmsg+0x5c8/0x6f0
[  240.845781][T16489]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.845809][T16489]  ____sys_sendmsg+0x5af/0x600
[  240.845842][T16489]  ___sys_sendmsg+0x195/0x1e0
[  240.845949][T16489]  __x64_sys_sendmsg+0xd4/0x160
[  240.845982][T16489]  x64_sys_call+0x17ba/0x3000
[  240.846016][T16489]  do_syscall_64+0xc0/0x2a0
[  240.846154][T16489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.846182][T16489] RIP: 0033:0x7fb078c7aeb9
[  240.846205][T16489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  240.846232][T16489] RSP: 002b:00007fb0776d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.846319][T16489] RAX: ffffffffffffffda RBX: 00007fb078ef5fa0 RCX: 00007fb078c7aeb9
[  240.846387][T16489] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  240.846404][T16489] RBP: 00007fb078ce8c1f R08: 0000000000000000 R09: 0000000000000000
[  240.846432][T16489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  240.846446][T16489] R13: 00007fb078ef6038 R14: 00007fb078ef5fa0 R15: 00007fffad161f08
[  240.846507][T16489]  </TASK>
[  241.169783][T16489] memory: usage 307200kB, limit 307200kB, failcnt 567
[  241.176642][T16489] memory+swap: usage 319152kB, limit 9007199254740988kB, failcnt 0
[  241.184595][T16489] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[  241.191936][T16489] Memory cgroup stats for /syz9:
[  241.215227][T16489] cache 4096
[  241.217760][T16514] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4151'.
[  241.220283][T16489] rss 0
[  241.220294][T16489] shmem 4096
[  241.220308][T16489] mapped_file 1642496
[  241.220319][T16489] dirty 0
[  241.220329][T16489] writeback 8192
[  241.249976][T16489] workingset_refault_anon 48
[  241.254632][T16489] workingset_refault_file 0
[  241.259190][T16489] swap 12238848
[  241.262744][T16489] swapcached 8192
[  241.267158][T16489] pgpgin 151185
[  241.270657][T16489] pgpgout 151180
[  241.274274][T16489] pgfault 105380
[  241.277887][T16489] pgmajfault 37
[  241.281375][T16489] inactive_anon 12288
[  241.285465][T16489] active_anon 0
[  241.288955][T16489] inactive_file 4096
[  241.292896][T16489] active_file 4096
[  241.297406][T16489] unevictable 0
[  241.301012][T16489] hierarchical_memory_limit 314572800
[  241.306467][T16489] hierarchical_memsw_limit 9223372036854771712
[  241.312806][T16489] total_cache 4096
[  241.316259][T16517] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3)
[  241.317082][T16489] total_rss 0
[  241.323100][T16517] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  241.326405][T16489] total_shmem 4096
[  241.334158][T16517] vhci_hcd vhci_hcd.0: Device attached
[  241.335616][T16519] vhci_hcd: cannot find the pending unlink 0
[  241.338687][T16489] total_mapped_file 1642496
[  241.338698][T16489] total_dirty 0
[  241.338706][T16489] total_writeback 8192
[  241.338716][T16489] total_workingset_refault_anon 48
[  241.354731][T16519] vhci_hcd: connection closed
[  241.368170][T16489] total_workingset_refault_file 0
[  241.371982][ T3648] vhci_hcd vhci_hcd.7: stop threads
[  241.372899][T16489] total_swap 12238848
[  241.377983][ T3648] vhci_hcd vhci_hcd.7: release socket
[  241.383149][T16489] total_swapcached 8192
[  241.383163][T16489] total_pgpgin 151185
[  241.387198][ T3648] vhci_hcd vhci_hcd.7: disconnect device
[  241.394068][T16489] total_pgpgout 151180
[  241.403022][T16521] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4152'.
[  241.406609][T16489] total_pgfault 105380
[  241.424395][T16489] total_pgmajfault 37
[  241.428419][T16489] total_inactive_anon 12288
[  241.432977][T16489] total_active_anon 0
[  241.437037][T16489] total_inactive_file 4096
[  241.441462][T16489] total_active_file 4096
[  241.445805][T16489] total_unevictable 0
[  241.449802][T16489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz9,task_memcg=/syz9,task=syz.9.2523,pid=11477,uid=0
[  241.465278][T16489] Memory cgroup out of memory: Killed process 11477 (syz.9.2523) total-vm:95868kB, anon-rss:1224kB, file-rss:22340kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[  241.544207][T16489] syz.9.4142 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  241.558527][T16489] CPU: 0 UID: 0 PID: 16489 Comm: syz.9.4142 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  241.558575][T16489] Tainted: [W]=WARN
[  241.558586][T16489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  241.558606][T16489] Call Trace:
[  241.558615][T16489]  <TASK>
[  241.558626][T16489]  __dump_stack+0x1d/0x30
[  241.558658][T16489]  dump_stack_lvl+0x95/0xd0
[  241.558694][T16489]  dump_stack+0x15/0x1b
[  241.558725][T16489]  dump_header+0x80/0x240
[  241.558756][T16489]  oom_kill_process+0x295/0x350
[  241.558792][T16489]  out_of_memory+0x97d/0xb80
[  241.558855][T16489]  try_charge_memcg+0x62e/0xa10
[  241.558884][T16489]  obj_cgroup_charge_pages+0x23/0xc0
[  241.558990][T16489]  __memcg_kmem_charge_page+0x9e/0x170
[  241.559085][T16489]  __alloc_frozen_pages_noprof+0x18a/0x350
[  241.559149][T16489]  alloc_pages_mpol+0xb3/0x260
[  241.559196][T16489]  alloc_pages_noprof+0x8f/0x130
[  241.559346][T16489]  __vmalloc_node_range_noprof+0xa46/0x12b0
[  241.559400][T16489]  __kvmalloc_node_noprof+0x471/0x680
[  241.559436][T16489]  ? ip_set_alloc+0x24/0x30
[  241.559527][T16489]  ? ip_set_alloc+0x24/0x30
[  241.559564][T16489]  ? __kmalloc_cache_noprof+0x3cd/0x4a0
[  241.559655][T16489]  ip_set_alloc+0x24/0x30
[  241.559698][T16489]  hash_netiface_create+0x282/0x740
[  241.559742][T16489]  ? __pfx_hash_netiface_create+0x10/0x10
[  241.559787][T16489]  ip_set_create+0x3cf/0x970
[  241.559858][T16489]  ? __nla_parse+0x40/0x60
[  241.559911][T16489]  nfnetlink_rcv_msg+0x509/0x5d0
[  241.560002][T16489]  netlink_rcv_skb+0x123/0x220
[  241.560050][T16489]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  241.560164][T16489]  nfnetlink_rcv+0x167/0x1720
[  241.560257][T16489]  ? __kfree_skb+0x109/0x150
[  241.560344][T16489]  ? nlmon_xmit+0x4f/0x60
[  241.560423][T16489]  ? consume_skb+0x49/0x140
[  241.560467][T16489]  ? nlmon_xmit+0x4f/0x60
[  241.560526][T16489]  ? dev_hard_start_xmit+0x3a8/0x3e0
[  241.560646][T16489]  ? __dev_queue_xmit+0x139a/0x1f20
[  241.560732][T16489]  ? __dev_queue_xmit+0x148/0x1f20
[  241.560782][T16489]  ? ref_tracker_free+0x37d/0x3e0
[  241.560823][T16489]  ? __netlink_deliver_tap+0x4dc/0x500
[  241.560955][T16489]  netlink_unicast+0x5c0/0x690
[  241.561004][T16489]  netlink_sendmsg+0x5c8/0x6f0
[  241.561035][T16489]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.561060][T16489]  ____sys_sendmsg+0x5af/0x600
[  241.561140][T16489]  ___sys_sendmsg+0x195/0x1e0
[  241.561186][T16489]  __x64_sys_sendmsg+0xd4/0x160
[  241.561220][T16489]  x64_sys_call+0x17ba/0x3000
[  241.561349][T16489]  do_syscall_64+0xc0/0x2a0
[  241.561388][T16489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.561423][T16489] RIP: 0033:0x7fb078c7aeb9
[  241.561440][T16489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  241.561460][T16489] RSP: 002b:00007fb0776d7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  241.561503][T16489] RAX: ffffffffffffffda RBX: 00007fb078ef5fa0 RCX: 00007fb078c7aeb9
[  241.561524][T16489] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  241.561543][T16489] RBP: 00007fb078ce8c1f R08: 0000000000000000 R09: 0000000000000000
[  241.561645][T16489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  241.561659][T16489] R13: 00007fb078ef6038 R14: 00007fb078ef5fa0 R15: 00007fffad161f08
[  241.561688][T16489]  </TASK>
[  241.561698][T16489] memory: usage 307200kB, limit 307200kB, failcnt 648
[  241.901277][T16489] memory+swap: usage 307468kB, limit 9007199254740988kB, failcnt 0
[  241.909927][T16489] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0
[  241.917348][T16489] Memory cgroup stats for /syz9:
[  241.917779][T16489] cache 0
[  241.925872][T16489] rss 0
[  241.928680][T16489] shmem 0
[  241.931642][T16489] mapped_file 0
[  241.935147][T16489] dirty 0
[  241.938151][T16489] writeback 0
[  241.941470][T16489] workingset_refault_anon 56
[  241.946122][T16489] workingset_refault_file 0
[  241.950674][T16489] swap 274432
[  241.953985][T16489] swapcached 24576
[  241.957727][T16489] pgpgin 151193
[  241.961292][T16489] pgpgout 151184
[  241.964873][T16489] pgfault 105380
[  241.968601][T16489] pgmajfault 37
[  241.972157][T16489] inactive_anon 28672
[  241.976157][T16489] active_anon 0
[  241.979699][T16489] inactive_file 8192
[  241.983617][T16489] active_file 0
[  241.987144][T16489] unevictable 0
[  241.990713][T16489] hierarchical_memory_limit 314572800
[  241.996188][T16489] hierarchical_memsw_limit 9223372036854771712
[  242.002537][T16489] total_cache 0
[  242.006023][T16489] total_rss 0
[  242.009408][T16489] total_shmem 0
[  242.013011][T16489] total_mapped_file 0
[  242.017091][T16489] total_dirty 0
[  242.020576][T16489] total_writeback 0
[  242.024467][T16489] total_workingset_refault_anon 56
[  242.029610][T16489] total_workingset_refault_file 0
[  242.034735][T16489] total_swap 274432
[  242.038623][T16489] total_swapcached 24576
[  242.042930][T16489] total_pgpgin 151193
[  242.047048][T16489] total_pgpgout 151184
[  242.051149][T16489] total_pgfault 105380
[  242.055331][T16489] total_pgmajfault 37
[  242.059399][T16489] total_inactive_anon 28672
[  242.063992][T16489] total_active_anon 0
[  242.068090][T16489] total_inactive_file 8192
[  242.068263][ T2992] ==================================================================
[  242.072555][T16489] total_active_file 0
[  242.072568][T16489] total_unevictable 0
[  242.080665][ T2992] BUG: KCSAN: data-race in _prb_read_valid / data_alloc
[  242.084657][T16489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  242.088639][ T2992] 
[  242.088650][ T2992] write to 0xffffffff86a6db78 of 8 bytes by task 16489 on cpu 1:
[  242.088673][ T2992]  data_alloc+0x310/0x390
[  242.095610][T16489] ,cpuset=/
[  242.102461][ T2992]  prb_reserve+0x8d7/0xae0
[  242.104911][T16489] ,mems_allowed=0
[  242.112554][ T2992]  vprintk_store+0x54a/0x910
[  242.116917][T16489] ,oom_memcg=
[  242.120043][ T2992]  vprintk_emit+0x1a4/0x600
[  242.120081][ T2992]  vprintk_default+0x26/0x30
[  242.124546][T16489] /syz9
[  242.128194][ T2992]  vprintk+0x1d/0x30
[  242.128217][ T2992]  _printk+0x79/0xa0
[  242.128234][ T2992]  seq_buf_do_printk+0x113/0x1a0
[  242.132943][T16489] ,task_memcg=
[  242.136108][ T2992]  mem_cgroup_print_oom_meminfo+0x17d/0x260
[  242.140699][T16489] /syz9
[  242.145221][ T2992]  dump_header+0xa2/0x240
[  242.147991][T16489] ,task=syz.9.4142,pid=16487,uid=0
[  242.151912][ T2992]  oom_kill_process+0x295/0x350
[  242.151947][ T2992]  out_of_memory+0x97d/0xb80
[  242.155910][T16489] Memory cgroup out of memory: Killed process 16487 (syz.9.4142) total-vm:94000kB, anon-rss:1332kB, file-rss:22156kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  242.160826][ T2992]  try_charge_memcg+0x62e/0xa10
[  242.213842][ T2992]  obj_cgroup_charge_pages+0x23/0xc0
[  242.219257][ T2992]  __memcg_kmem_charge_page+0x9e/0x170
[  242.224766][ T2992]  __alloc_frozen_pages_noprof+0x18a/0x350
[  242.230617][ T2992]  alloc_pages_mpol+0xb3/0x260
[  242.235440][ T2992]  alloc_pages_noprof+0x8f/0x130
[  242.240456][ T2992]  __vmalloc_node_range_noprof+0xa46/0x12b0
[  242.246416][ T2992]  __kvmalloc_node_noprof+0x471/0x680
[  242.251826][ T2992]  ip_set_alloc+0x24/0x30
[  242.256187][ T2992]  hash_netiface_create+0x282/0x740
[  242.261445][ T2992]  ip_set_create+0x3cf/0x970
[  242.266071][ T2992]  nfnetlink_rcv_msg+0x509/0x5d0
[  242.271047][ T2992]  netlink_rcv_skb+0x123/0x220
[  242.275853][ T2992]  nfnetlink_rcv+0x167/0x1720
[  242.280653][ T2992]  netlink_unicast+0x5c0/0x690
[  242.285452][ T2992]  netlink_sendmsg+0x5c8/0x6f0
[  242.290244][ T2992]  ____sys_sendmsg+0x5af/0x600
[  242.295034][ T2992]  ___sys_sendmsg+0x195/0x1e0
[  242.299727][ T2992]  __x64_sys_sendmsg+0xd4/0x160
[  242.304640][ T2992]  x64_sys_call+0x17ba/0x3000
[  242.309344][ T2992]  do_syscall_64+0xc0/0x2a0
[  242.313885][ T2992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.319803][ T2992] 
[  242.322148][ T2992] read to 0xffffffff86a6db78 of 16 bytes by task 2992 on cpu 0:
[  242.329798][ T2992]  _prb_read_valid+0x1bc/0x950
[  242.334592][ T2992]  prb_read_valid+0x3c/0x60
[  242.339128][ T2992]  syslog_print+0x258/0x560
[  242.343661][ T2992]  do_syslog+0x52b/0x7f0
[  242.347937][ T2992]  __x64_sys_syslog+0x41/0x50
[  242.352639][ T2992]  x64_sys_call+0x27ce/0x3000
[  242.357347][ T2992]  do_syscall_64+0xc0/0x2a0
[  242.361884][ T2992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.367810][ T2992] 
[  242.370149][ T2992] Reported by Kernel Concurrency Sanitizer on:
[  242.376370][ T2992] CPU: 0 UID: 0 PID: 2992 Comm: klogd Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  242.387254][ T2992] Tainted: [W]=WARN
[  242.391073][ T2992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  242.401152][ T2992] ==================================================================