last executing test programs:

37.867461014s ago: executing program 4 (id=220):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./bus\x00', 0x840, &(0x7f0000000000), 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000200000000beaf4723c13eaeecfd01920accc78690dca7b6c04898e6083322230c4aa218949e346c2374beb467d46e92f6c372fd66162bf521b1801b49cf108d52c3f26fb11bda3445f80e5a0f7541bc0c4861271293bdb7de3c9d5de68b51bdb4e9bf75ea55be429f6f030161a546a2ed1e46328d898d4f0c8991a98e55a940da374deb9d263b32ccab8cf4d92e0cfeceee81ff5eb05ca0ac62f612f468821b95bf3887453dbc0809ab0122ce0656e2f28b201cd6dfd0cce74061cb31f73a6ccd9e9df85777", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r0}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5400df2502384400"/17, @ANYRES32=0x0, @ANYBLOB="08000200e00000011400030070696d36726567000000000000000000080009000200000008000a000200000008000800c0040000080001000a010100"], 0x54}, 0x1, 0x0, 0x0, 0x2c000000}, 0x40040)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$P9_RFLUSH(r6, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)
read$char_usb(r5, &(0x7f0000000a40)=""/234, 0xea)

37.688250515s ago: executing program 4 (id=223):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0xfffff7ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x8, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = msgget$private(0x0, 0x480)
msgsnd(r1, &(0x7f0000000040)=ANY=[], 0x401, 0x0)
msgsnd(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="03000000000004"], 0x42, 0x0)
msgsnd(r1, &(0x7f0000000480)=ANY=[@ANYRESOCT], 0x401, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={<r3=>0xffffffffffffffff}, 0x106, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {0x0, r3, 0x4}}, 0x18)
msgrcv(r1, &(0x7f00000002c0)={0x0, ""/35}, 0x2b, 0x2, 0x0)
msgrcv(r1, &(0x7f0000000080)={0x0, ""/211}, 0xdb, 0x3, 0x3800)
r4 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@inlinecrypt}]}, 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000540), 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x5, 0x0, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "22a5cfd43437ad6a"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5, 0x0, 0x0, {}, {0x0, 0xea60}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "29fd71a69d3295d8"}}, 0x38}, 0x2}, 0x0)
setxattr$incfs_metadata(&(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0), 0x0, 0x0, 0x0)
fsetxattr$security_evm(r4, &(0x7f0000000240), &(0x7f0000000280)=@sha1={0x1, "75fafa5887be5af4547d5253fef63088be38f980"}, 0x15, 0x3)
lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='user.incfs.metadata\x00')

36.496427664s ago: executing program 4 (id=235):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x20}}, 0x14}, 0x1, 0x0, 0x0, 0x20040011}, 0x24040808)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x40, 0x1, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_ID={0x8}, @CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}, @CTA_PROTOINFO={0x1c, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x18, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xe}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000040}, 0x20008044)

36.091952047s ago: executing program 4 (id=240):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FIBMAP(r0, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4000)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0)
setsockopt$inet_mreq(r3, 0x0, 0x23, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaa89aaffffffffffff080045000030000000000002907800000000e000030004009078000000004542000400640002054b00a77f000001ac141435"], 0x0)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000300)=0x3, 0x4)
r5 = socket$inet(0x2, 0x80000, 0x1001)
r6 = socket$netlink(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000000400"], 0x50)
close(0x3)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f00000000c0)=0x1000, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000500000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400008500000000000000cd081500000000004b8900000000000000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00')
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r7}, 0xc)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000540)=ANY=[@ANYBLOB], 0x88}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)

35.836828922s ago: executing program 4 (id=242):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/address_bits', 0x0, 0x166)
utimensat(r0, 0x0, &(0x7f0000000040)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0xffc3, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

35.583408557s ago: executing program 4 (id=244):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x53a1bd79, 0x7, 0x9, 0x86, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
timerfd_gettime(r1, 0x0)
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x4, 0x6, 0x2, 0x10, 0x0, 0x8a8, 0x8680, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x6bde64ad, 0x40}, 0x9451, 0x6, 0x5, 0x2, 0x101, 0x7, 0x84cb, 0x0, 0x9}, 0x0, 0x8, r0, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYRESOCT], &(0x7f0000000300)='GPL\x00', 0x10c00000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000001b40)={0xa, 0x4e23, 0x2, @mcast2, 0xa}, 0x1c)
write$binfmt_aout(r2, &(0x7f00000001c0)=ANY=[], 0xff2e)
io_uring_enter(r1, 0x70b4, 0xbfa7, 0x16, &(0x7f0000000780)={[0x40]}, 0x8)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(r2, 0x80)
r4 = dup3(r3, r2, 0x80000)
read$watch_queue(r4, &(0x7f0000002d40)=""/4095, 0xfff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x20, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000c000000000000004eea000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000018210000", @ANYRES32=r4, @ANYBLOB="00000000000000801800000008000000000000000100ff030000000000000000b70200000200000085000000840000b7000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x14000000, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000004c0)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xa, 0x5, 0xfffffff9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r4], 0x0, 0x10, 0x3}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f00000002c0)='id_legacy\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='keyring\x00', 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="b59695baa0d818e8bf416f9183a909b333a9113742dfd9dffc38f3d49e47c4de2919fbf7e3db5c", 0x27, 0x0)
sync()

35.53374605s ago: executing program 32 (id=244):
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x53a1bd79, 0x7, 0x9, 0x86, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
timerfd_gettime(r1, 0x0)
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x4, 0x6, 0x2, 0x10, 0x0, 0x8a8, 0x8680, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x6bde64ad, 0x40}, 0x9451, 0x6, 0x5, 0x2, 0x101, 0x7, 0x84cb, 0x0, 0x9}, 0x0, 0x8, r0, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYRESOCT], &(0x7f0000000300)='GPL\x00', 0x10c00000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000001b40)={0xa, 0x4e23, 0x2, @mcast2, 0xa}, 0x1c)
write$binfmt_aout(r2, &(0x7f00000001c0)=ANY=[], 0xff2e)
io_uring_enter(r1, 0x70b4, 0xbfa7, 0x16, &(0x7f0000000780)={[0x40]}, 0x8)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(r2, 0x80)
r4 = dup3(r3, r2, 0x80000)
read$watch_queue(r4, &(0x7f0000002d40)=""/4095, 0xfff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x20, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000c000000000000004eea000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000018210000", @ANYRES32=r4, @ANYBLOB="00000000000000801800000008000000000000000100ff030000000000000000b70200000200000085000000840000b7000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x14000000, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000004c0)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0xa, 0x5, 0xfffffff9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r4], 0x0, 0x10, 0x3}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f00000002c0)='id_legacy\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='keyring\x00', 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="b59695baa0d818e8bf416f9183a909b333a9113742dfd9dffc38f3d49e47c4de2919fbf7e3db5c", 0x27, 0x0)
sync()

29.961772213s ago: executing program 2 (id=299):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x4414, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES64=0x0, @ANYRES16, @ANYRES8], 0x1, 0x2aa, &(0x7f0000000ac0)="$eJzs3EFr034YwPHnv+6/dh1bK4igoD7oRS9hqy9Ai2wgFpS5DvUgZC7V0tiOpEwq4noRr76O4dGboL6BXYYX796GIHjZQYyYNFu6dVu3tV3dvh8Yvyd5fg/5bUvDk5Zm7f7bZ6WCaxTMqgwkVAZE6rIukv4bNfzXGAf8eEii6nJ15OfX8/cePLydzeUmp1WnsjPXMqo6dvHj85fvLn2ujsy+H/sQl5X0o7UfmW8rZ1bOrv2eeVp0tehquVJVU+cqlao5Z1s6X3RLhupd2zJdS4tl13Ka8gW7srBQU7M8P5pccCzXVbNc05JV02pFq05NzSdmsayGYehoUk62wTbm5Jenp83sjmkv1tEVoeuGW+10nGy9dTK/3IM1AQCAPrN7/x/0+jv3/7nZYOxw/y9C/98l9aatPfp/HAuOkzWTjddvM/p/AAAAAAAAAAAAAAAAAAAAAAD+Beuel/I8LxWO4U9cRBIiEm4f9TrRHQf8/18/ouWiwyJf3EuI2G8W84v5YAzy2YIUxRZLxiUlv/zzoSGIp27lJsfVl5ZP9lKjfmkxH5N4WB9Kt6q/cGoiqNfm+v8lGT1+RlJyuvXxMy3rh+TK5Ui9ISlZfSwVsWXeP683619NqN68k9tSP+zPAwAAAADgODB0w7b7dz/vT0jI9nxQv4/3B7bcXw/KuXYeUQkAAAAAAA7Nrb0ombZtOQcI4iJyiPLjGsSkL5axJbghIn2wjF4FCREJ9uhByr9vlLdV5bUxZ1BEjvzPso9g9+vG6livrlAAAAAAOmWz6Y/s3Otz+S+vu7wqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOlnafBxbO35YKE7uURw4X6/kvCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPSRPwEAAP//Tkkg8A==")
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x8ca4, 0x0, 0x11000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80)
pwritev2(r0, &(0x7f0000000100)=[{0x0}], 0x1, 0x5405, 0x0, 0x0)

29.914071486s ago: executing program 2 (id=301):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x2, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0xeb51a8ffd4e6d429, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
unshare(0x40400)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

29.678187889s ago: executing program 2 (id=303):
socket(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)

29.547967727s ago: executing program 2 (id=304):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x1000410, &(0x7f0000000100), 0x6, 0x507, &(0x7f0000000500)="$eJzs3c9vI1cdAPDvzMab7NbbbKEHQECXUljQss6PbaOqHNheQKiqhKiQkDhsQ+JGUex1FCelCTlkj9yRqMQJ/gRuHJB64sCNG9y4lAPSAhGoQeIwaMbTxE3sdegmcdf+fKTxzHvj+Puenfee5znOC2Bs3YiIvYi4HBFvRsR0mZ+UW9ztbPn9PtjfXTrY311KIsve+EdSnM/zoutnck+VjzkVEd//TsSPk5Nx29s7a4uNRn2jTM9sNtdn2ts7t1fTMmd+YW5h9uU7L82fWV2fa/7m4bdXX/vB7377hff/uPf1n+bFqv7sWnGuux5nqVP1SlS78iYi4rXzCDYkE+XvD0+evLV9KiKeL9r/dFwqXk0AYJRl2XRk091pAGDU5df/1UjSWjkXUI00rdU6c3jPxtW00Wpv3ppubd1fjmIO63pU0rdWG/XZcq7welSSPD1XHB+l54+l70TEMxHx88krRbq21GosD/ONDwCMsaeOjf//nuyM/wDAiJsadgEAgAtn/AeA8WP8B4Dx83+M/74dCAAjwvU/AIwf4z8AjJ+B4/+DiykHAHAhvvf66/mWHZT//3r57e2tb1bfvr1cb6/VmltLtaXWxnptpdVaadRrS1k26PEardb63IuHyfb2zr1ma+v+5r3V5uJK/V69cs71AQAGe+a59/6cRMTeK1eKLbrWcjBWw2hLP5LqsVAPMLIuDbsAwND4Pg+Mr1Nc45sGgBE36Mq/758IvWvxV3hS3fys+X8YV+mwCwAMzceb///WmZcDuHjm/2F8ZVlizX8AGDPm+IGP8/n/D6P8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGVLXYkrRWrAW+l9+mtVrEtYi4HpXkrdVGfTYino6IP01WJvP03LALDQA8pvRvSbn+183pF6rHz15O/jNZ7CPiJ7984xfvLG5ubszl+f88zN98t8yfvzyMCgAA3e6ezOqM0+W+60L+g/3dpQ+3iyziw1c7i4vmcQ/KrXNmIiaK/VRUIuLqv5Iy3ZG/X7l0BvH3HkTEZ47q/05XhGoxB9JZ+fR4/Dz2tXOIf/T8J5FlWXYUP/1I/LQoW76vFM/Fp8+gLDBu3nu100/m7e7K/m7exMr2l8aNYt+7/U8VPdTj+7D/OzjR/6WH/d+lE/GTos3fOEw/uiQPX/z9d09kZtOdcw8iPjfRK35yGD/p0/++cMo6/uXzX3y+37nsVxE3o3f8jmbRzc5sNtdn2ts7t1ebiyv1lfr9+fmFuYXZl++8ND9TzFF3bv/QK8bfX7n1dL/4ef2v9ok/NaD+Xzll/X/93zd/9KVHxP/al3u//s8+In4+Jn71lPEXr97ttXz3YfzlPvUf9PrfOmX89/+6s3zKuwIAF6C9vbO22GjUNwYc5O81B93HwZN5EHsRPU+l5xb0G1MRn4i6O+h3MOyeCThvR41+2CUBAAAAAAAAAAAAAAD6aW/vrE3G+X6daNh1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHT9LwAA//9agtBN")
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000000080)='./file1\x00')
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = epoll_create1(0x80000)
r2 = fcntl$dupfd(r0, 0x406, r1)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x2000)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@o_path={&(0x7f0000000180)='./file1\x00', 0x0, 0x0, r3}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000014})
getpid()
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000014c0)=ANY=[], 0x38}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
r6 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RNDADDTOENTCNT(r6, 0x40045201, &(0x7f0000000000)=0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x209, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x81, 0x3fff8000}, 0x404, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2008}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x18, 0x7ffc1fff}]})
getrusage(0x1, &(0x7f00000011c0))
gettid()
sendmsg$unix(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, 0x0, 0xa0}, 0x4004881)

29.379686636s ago: executing program 2 (id=307):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x3804090, &(0x7f0000000000), 0x0, 0x521, &(0x7f0000000e00)="$eJzs3UFvI1cdAPD/TOJsdpPiFBAqlSgVLcpWsHbS0DZCCMoFTpWAcl9C4kRR7DiKnbKJKpqKb4CQQOLEiQsSHwAJ9cAHQJUqwQVxQIBAFWzhgAR0kMdjbdaxk9DNxtn495Pe+r3nmfm/N1aeZ8ZvZwIYW09HxMsRMRERz0VEuahPixSH3dRZ7r27r692UhJZ9urfkkiKut62piJiMiJmitWmI+IbX434dnI8bmv/YGulXq/tFuVqu7FTbe0f3NpsrGzUNmrbS0uLLy6/tPzC8kJWeKB+zvUyP/3KF3/52e/84fZfb36306wvfCxK0deP89Tteilmj9R19tHuwwg2AhNFf0qjbggAAGfSOcb/cER8Kj/+L8dEfjTXZ2IULQMAAADOS/al2fhPEpEBAAAAV1YaEbORpJViLsBspOlUcW3go3EjrTdb7c+sN/e21yKfwzoXpXR9s15bKOYKz0Up6ZQXizm2vfLzfeWliHg8In5Qvp6XK6vN+tqIr30AAADAuJjpO///ZznN86cb8P8EAAAAgMtrbmgBAAAAuCqc8gMAAMDV13/+737/AAAAcKV87ZVXOinrPf967bX9va3ma7fWaq2tSmNvtbLa3N2pbDSbG/k9+xqnba/ebO58Lrb37lTbtVa72to/uN1o7m23b2/mjwMHAAAARuDxT7712yQiDj9/PU9R3AcQ4D5/GnUDgPNkqh+ML3fxhvFVGnUDgJFLTnnf5B0AAHj0zX/8+O//vef/uzYAV5u5PgAwfvz+D+OrZAYgjK3J4hrAh7rFa8OWG/r7/6/PGinLIt4uH61xfREAAC7WbJ6StFKcB8xGmlYqEY9FpHNRStY367WF4vzgN+XStU55MV8zOXXOMAAAAAAAAAAAAAAAAAAAAAAAAADQlWVJZAAAAMCVFpH+Jcnv5h8xX352tv/6wFTyr3L8uSj8+NUf3llpt3cXO/V/z5/lNRUR7R8V9c8PfXwYAAAAcN6Sw6Fvdc/Ti9fFC20VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGPgvbuvr/bSRcZ998sRMTco/mRM56/TUYqIG/9IYvLIeklETJxD/MM3I+KJQfGTeD/L3oiiFYPiXz+n+DcG7v+ks1tibkj8NCJmziE+jLO3OuPPy4P+/tJ4On8d/Pc3WaQHNXz8S4vIT+Tj3KDx57FjW2sMjPHkOz+vdnOl4/HfjHhycvD40xt/kyHxnzm2tX9nWXY8/re+eXAwrP/ZTyLmh4x/R2NV242damv/4NZmY2WjtlHbXlpafHH5peUXlheq65v1WvHvwBjf/8Qv3h8W/90h4+/vf9cdf0/q/7PDNtrnv+/cufuRbvbYB9CJf/OZgd+/0zEkflp89326yHfen+/lD7v5o5762dtPndT/tSH7/7TP/+YZ+//c17/3xzMuCgBcgNb+wdZKvV7bPSEzfYZlHsXMr6YvRTP+z0z2RveTuyzt+aCZztHqvZpery5Bw45ksoex5ZmIuK/mWn48f9bVpy6o7yMdlgAAgIfg3kH/qFsCAAAAAAAAAAAAAAAAAAAA4+sibqXWH/NwNF0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjR/wIAAP//Ekna1A==")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="b40500000012000071109b000000000000000000009500000000000000dc03b861b47ce33d01ac7e329115bdff99d13fcb67a380d5ae7200f13a0a28c280adc47d6c736aa56fc090141d941f7663ecf43585eb2264cb45938db368840cb35765ac50e43f078ea2ad0cc7e572a71b2d32075be7070a2d22a88c93aad53e09f0ad8dbfbc90b039e03e217709b21c5a662373b8b08725534aff0c7776"], 0x0, 0x5}, 0x94)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000"], 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
timer_create(0x4, &(0x7f0000000200)={0x0, 0x2e, 0x2, @thr={&(0x7f0000000180)="007ff28437a7859618d2ba47658876e171235faaafbacde7aa78b9f61c9230d4b535b9cd1997f3bd1212c50c59d7299e3912fe4cd4d15c462ddaefc4", &(0x7f00000006c0)="23e0ffd4bf3eb755394e9e2845d68b27b154978cf1619bfbf808f22603d857bedf52c08f3284c791ed2d3dc5ed0e023f2f318e3733b0b0a07eb396f5b175d37c6db81a92f65377a9c8c4021dbb84f3be024ceb3fbe303d6918f9abb95b6a1f599973bf84b0580cef554ff25763e54137877b5486f79413f3c65f47b151adad82ea788d922b241c27fbdb62cb70a8f0a580303f4e63e0a37283255da6baada591ab1c32857d9398778eddd117ceee28c07b39f40c25b80ad6e1861ef016e22e13e96b506cdeeded0b303bc6cf82df"}}, &(0x7f0000000340)=<r6=>0x0)
timer_gettime(r6, &(0x7f0000000380))
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001708000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x1e303})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010104}, {0x2, 0x4a24, @remote}, {0x2, 0x4e25, @empty}, 0x84, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
socket$unix(0x1, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

28.931165802s ago: executing program 2 (id=310):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x20}}, 0x14}, 0x1, 0x0, 0x0, 0x20040011}, 0x24040808)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x40, 0x1, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_ID={0x8}, @CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}, @CTA_PROTOINFO={0x1c, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x18, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xe}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000040}, 0x20008044)

28.851939937s ago: executing program 33 (id=310):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x20}}, 0x14}, 0x1, 0x0, 0x0, 0x20040011}, 0x24040808)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x40, 0x1, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_ID={0x8}, @CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}, @CTA_PROTOINFO={0x1c, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x18, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xe}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000040}, 0x20008044)

10.143723692s ago: executing program 3 (id=584):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fbdbdf25fc000000000000000000000000000000ffffffff00000000000000000000000000000004000000000a006080", @ANYRES32=0x0], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="ffff27bd7000fddbdf2502"], 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x2405c004)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a003000", @ANYBLOB], 0xb8}}, 0x4000)

10.108589994s ago: executing program 3 (id=586):
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000e8ff00"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000140)=ANY=[@ANYRESOCT=r3], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
gettid()
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000c0000004300000040000000c0000000", @ANYRES32=0x1, @ANYBLOB="5700000000000000000072d4c32404baff000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f00000001c0), 0x10f0, r5}, 0x38)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = epoll_create1(0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000000c0)={0xa0002000})
preadv(r7, &(0x7f00000007c0)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1, 0x100, 0x400005)

9.182383588s ago: executing program 3 (id=603):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x2, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0xeb51a8ffd4e6d429, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
unshare(0x40400)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

8.885643195s ago: executing program 3 (id=609):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x120d, &(0x7f0000003680)="$eJzs3M9rHGUYB/AnsTY1NT/UWm1BfNGLXoYmBy96iZKCdEFpG6EVhKmZ6LLj7rKzBFbE6smrf4cIIngTxJtecvE/ELzl4rGCOJLdNk0kha6UDITP57IPPO93eN9dZuFd9p3dN77+pLNVZVv5MGZnZmK2H5HupEgxG/d8Ea++/suvL1y7cfPKWqu1fjWly2vXV15LKS2++NP7n3370s/Ds+/9sPjjXOwsf7D75+ofO+d3Luz+c/3jdpXaVer2hilPt3q9YX6rLNJmu+pkKb1bFnlVpHa3KgaH+ltlr98fpby7uTDfHxRVlfLuKHWKURr20nAwSvlHebubsixLC/PB9E7tVxvf3KnrOqKuH4/TUdd1/UTMx9l4MhZiMZZiOZ6Kp+OZOBfPxvl4Lp6P73//brSXAAAAAAAAAAAAAAAAAAAAAB6dac//XxiPanrWAAAAAAAAAAAAAAAAAAAAcLJcu3HzylqrtX41pTMR5VfbG9sbk9dJf20r2lFGEZdiKf6O8en/iUl9+e3W+qU0thxflrfv5ufuXX8/vzJ+nMCR+ZVJPh3I397emIv5g/nVWIpzR+dXj8yfiVdePpDPYil++zB6UcZm7GXv5z9fSemtd1r/yV8cjwMAAICTIEv7lg/vfx+b9LMH9Sf5KX4fOLS/3stePNXo0omIavRpJy/LYvAwxczd0EMNVjzq4nSz0/irruvm34SGigffKXMR8b+vPDPF3fTm8S654S8mjsX9D73pmQAAAAAAAAAAADCN4/g7YdNrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4lx04FgAAAAAQ5m+dRscGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAVwEAAP//WcnOQA==")
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00')
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x3, 0x2, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r0, 0x0)
syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040)=<r1=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}])
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)

8.581544973s ago: executing program 3 (id=612):
r0 = getpgid(0x0)
syz_pidfd_open(r0, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x6a, 0xf, 0xff, 0x0, 0x4, 0x0, 0x400000000000004, 0x510, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xc, @perf_config_ext={0x0, 0x6}, 0x11a061, 0x10000, 0x0, 0x5, 0x80000000, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, r0, 0x2, 0xffffffffffffffff, 0x9)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x3d, 0x107, 0x1, 0x25dfdbfb, {0x5, 0x7c}}, 0x14}}, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
setsockopt$sock_int(r3, 0x1, 0xa, &(0x7f0000000100)=0x4, 0x4)
connect$inet(r3, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x4c001, 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f00000d2000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x3c, 0x1, 0x0}, &(0x7f0000000300)=0x40)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x26, 0x6}, 0x1c)
epoll_create1(0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x49, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x3, 0x0, 0x9, 0xb5e}, 0x10}, 0x94)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r5=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
dup(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
io_submit(0x0, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r5, 0x0}])
recvmmsg$unix(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b00)={0x1c, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="cff80291"]}]}, 0x1c}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000090000000400000003"], 0x50)

8.399331123s ago: executing program 3 (id=615):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000120001002bbd7000fedbdf250700000003ef6ae89b68e35eacbf052170409d24b6de9ac6f5f491a69aa136f728d6fac2fe92", @ANYRES32=0x0, @ANYBLOB="0001000000100000"], 0x20}, 0x1, 0x0, 0x0, 0x845}, 0x4009084)

8.374367815s ago: executing program 34 (id=615):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000120001002bbd7000fedbdf250700000003ef6ae89b68e35eacbf052170409d24b6de9ac6f5f491a69aa136f728d6fac2fe92", @ANYRES32=0x0, @ANYBLOB="0001000000100000"], 0x20}, 0x1, 0x0, 0x0, 0x845}, 0x4009084)

2.816395427s ago: executing program 1 (id=681):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5)

2.60295797s ago: executing program 1 (id=685):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28)
bind$inet6(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x48044}, 0x14)

2.450624008s ago: executing program 1 (id=686):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x3804090, &(0x7f0000000000), 0x0, 0x521, &(0x7f0000000e00)="$eJzs3UFvI1cdAPD/TOJsdpPiFBAqlSgVLcpWsHbS0DZCCMoFTpWAcl9C4kRR7DiKnbKJKpqKb4CQQOLEiQsSHwAJ9cAHQJUqwQVxQIBAFWzhgAR0kMdjbdaxk9DNxtn495Pe+r3nmfm/N1aeZ8ZvZwIYW09HxMsRMRERz0VEuahPixSH3dRZ7r27r692UhJZ9urfkkiKut62piJiMiJmitWmI+IbX434dnI8bmv/YGulXq/tFuVqu7FTbe0f3NpsrGzUNmrbS0uLLy6/tPzC8kJWeKB+zvUyP/3KF3/52e/84fZfb36306wvfCxK0deP89Tteilmj9R19tHuwwg2AhNFf0qjbggAAGfSOcb/cER8Kj/+L8dEfjTXZ2IULQMAAADOS/al2fhPEpEBAAAAV1YaEbORpJViLsBspOlUcW3go3EjrTdb7c+sN/e21yKfwzoXpXR9s15bKOYKz0Up6ZQXizm2vfLzfeWliHg8In5Qvp6XK6vN+tqIr30AAADAuJjpO///ZznN86cb8P8EAAAAgMtrbmgBAAAAuCqc8gMAAMDV13/+737/AAAAcKV87ZVXOinrPf967bX9va3ma7fWaq2tSmNvtbLa3N2pbDSbG/k9+xqnba/ebO58Lrb37lTbtVa72to/uN1o7m23b2/mjwMHAAAARuDxT7712yQiDj9/PU9R3AcQ4D5/GnUDgPNkqh+ML3fxhvFVGnUDgJFLTnnf5B0AAHj0zX/8+O//vef/uzYAV5u5PgAwfvz+D+OrZAYgjK3J4hrAh7rFa8OWG/r7/6/PGinLIt4uH61xfREAAC7WbJ6StFKcB8xGmlYqEY9FpHNRStY367WF4vzgN+XStU55MV8zOXXOMAAAAAAAAAAAAAAAAAAAAAAAAADQlWVJZAAAAMCVFpH+Jcnv5h8xX352tv/6wFTyr3L8uSj8+NUf3llpt3cXO/V/z5/lNRUR7R8V9c8PfXwYAAAAcN6Sw6Fvdc/Ti9fFC20VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGPgvbuvr/bSRcZ998sRMTco/mRM56/TUYqIG/9IYvLIeklETJxD/MM3I+KJQfGTeD/L3oiiFYPiXz+n+DcG7v+ks1tibkj8NCJmziE+jLO3OuPPy4P+/tJ4On8d/Pc3WaQHNXz8S4vIT+Tj3KDx57FjW2sMjPHkOz+vdnOl4/HfjHhycvD40xt/kyHxnzm2tX9nWXY8/re+eXAwrP/ZTyLmh4x/R2NV242damv/4NZmY2WjtlHbXlpafHH5peUXlheq65v1WvHvwBjf/8Qv3h8W/90h4+/vf9cdf0/q/7PDNtrnv+/cufuRbvbYB9CJf/OZgd+/0zEkflp89326yHfen+/lD7v5o5762dtPndT/tSH7/7TP/+YZ+//c17/3xzMuCgBcgNb+wdZKvV7bPSEzfYZlHsXMr6YvRTP+z0z2RveTuyzt+aCZztHqvZpery5Bw45ksoex5ZmIuK/mWn48f9bVpy6o7yMdlgAAgIfg3kH/qFsCAAAAAAAAAAAAAAAAAAAA4+sibqXWH/NwNF0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjR/wIAAP//Ekna1A==")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="b40500000012000071109b000000000000000000009500000000000000dc03b861b47ce33d01ac7e329115bdff99d13fcb67a380d5ae7200f13a0a28c280adc47d6c736aa56fc090141d941f7663ecf43585eb2264cb45938db368840cb35765ac50e43f078ea2ad0cc7e572a71b2d32075be7070a2d22a88c93aad53e09f0ad8dbfbc90b039e03e217709b21c5a662373b8b08725534aff0c7776"], 0x0, 0x5}, 0x94)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
timer_create(0x4, 0x0, &(0x7f0000000340)=<r6=>0x0)
timer_gettime(r6, &(0x7f0000000380))
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001708000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x1e303})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010104}, {0x2, 0x4a24, @remote}, {0x2, 0x4e25, @empty}, 0x84, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
socket$unix(0x1, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.136732486s ago: executing program 1 (id=695):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5)

2.117414178s ago: executing program 5 (id=697):
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b3e, 0x2, @perf_config_ext={0x8, 0x3fff8000}, 0xa00, 0x81, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x2, 0x80805, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
shutdown(0xffffffffffffffff, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x4e21, 0x383, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x4}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={<r4=>r3, @in6={{0xa, 0x3, 0x25c, @dev={0xfe, 0x80, '\x00', 0xd}}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000004c0)={r4, 0x7, 0x8, 0x7, 0x4, 0x7, 0x9c, 0x1, {r3, @in6={{0xa, 0x4e24, 0x1, @empty, 0x4}}, 0x9, 0xff, 0xaec, 0x9, 0x4}}, &(0x7f0000000100)=0xb0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket(0x2, 0xa, 0x300)
syz_emit_ethernet(0x3a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004600002c00000000020690780a210104ac1414aa4404060100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ce6800000000c3b7"], 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

2.011706904s ago: executing program 0 (id=699):
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800718, &(0x7f00000003c0)={[{@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x60}}, {@nobh}, {@resgid}, {@resuid}, {@nombcache}, {@noblock_validity}, {@usrquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}]}, 0x2, 0x4a3, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nz2M3n79v1orRotQlBMmrRqF24UBZGKgi7qMk6mJXTaSBPBfmCjiCtBCroWl6J/gbgRQdSV4Epw5UoKRbNp6ypyZ+5NMpNM2iSTTO38fjCZc+aemXueOffce+45kwA61lD2J4nYHRG/RsRALVtfYKj2dHP+cunW/OVSEgsLr/6RVMvdmL9cKooW79uVZ4bTiPT9JN9JvZkLF89MVCrl83l+dPZsX56cOF0+XT43fvz4saNjTz05/kRL4sziunHwnelDB154/epLpZNX3/jhy6y+u/Pty+NYp19Gm2wYygL/c6GqcdsjG9zZ3WrPsnTS3caKsC5dEZE1V0+1/w9EVyw13kA8/15bKwdsqeza1Nd889wCcA9Lot01ANqjuNDvnO8qZffAK++DB7Zy+NF215+p3QBlcd/MH7Ut3ZHmZXoa7m9baSgiTs799Wn2iM3NQwAA3JEPS5+c6I2IS7e+eDEbeyyN9tLu/1aff6v+3ZuPBAcj4l8RsS8i/h0R+yPiPxGRlf1fRPx/k/VZOf5Jr23yI9eUjf+ezte26sd/xegvBrvy3J5q/D3JqalK+Uj+nQxHT1+WH1tjH9889/NHzbYtH/9lj2z/xVgwr8e17oYJusmJ2YnqoLQFrr8bcbA7SVbGnyyuBCQRcSAiDq7vo/cWialHPz/UrNDt419DC9aZFj7LwpvL2n8uGuIvJLX1yTdHZy5cfHzqbOP65Gh/VMpHRoujYqUff/rglWb7r8Xfn+dWj3/H5sNs6nq59rys/ZdtXewDS+u1M63d/waP/7Q3ea26ztybv/b2xOzs+bGI3uRENV/3+vjSe4t8UT47/ocPr97/9+Xvydr/vojIDuL7I+KBiHgwr/tDEfFwRBxeI8bvn719/JFu4PhvgSz+yVXPf4vH/2BS1/7rT3Sd+e6rZvu/s/Y/Vk0N569Uz38Nkob8atXpjuhrrOBmvz8AAAD4J0irv4FP0pHFdJqOjNR+w78/dqaV6ZnZx05Nv3VusvZb+cHoSYuZroF8PrQyVSmPJXP5J9bmR8fzueJivvRoPm/8cdeOan6kNF2ZbHPs0Ol2Nen/md+72l07YIvVLy8VC8DjvW2pDLDNGtfR0/rslZfDyQDuVf5fGzrXbfp/ul31ALaf6z90rtX6/5WGvLUAuDe5/kPn0v+hQ6Xfrvry19teEaAdXP+hI23m//q3MNF/d1SjPYntbpRYV+EoEmnbv6hWJfrjrqjGxhOX8t7cyk9u84kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgRf4OAAD//+Nr2uw=")
r0 = syz_socket_connect_nvme_tcp()
sendto$inet_nvme_pdu(r0, &(0x7f0000000080)=@data_h2c_no_hdigest={{0x6, 0x5, 0x18, 0x18, 0x7802}, 0x1, 0x8c, 0xffffb300, 0x5, "2a4b0596"}, 0x80, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=r1, @ANYBLOB="b6c903f27000000014002b80", @ANYBLOB="decdcd"], 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa01"], 0x18)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

1.923838399s ago: executing program 5 (id=702):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0xd}, 0x2000, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0x1, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x4, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.922203689s ago: executing program 1 (id=703):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x9}, 0x1022, 0x10000, 0x0, 0x5, 0xd3e, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
preadv(r3, &(0x7f0000000340)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x2c2, 0xca)

1.863894312s ago: executing program 7 (id=704):
perf_event_open(&(0x7f0000000740)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x5, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x183, 0x6}, 0x2025, 0x4005, 0xb, 0x0, 0x1, 0x4, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)

1.486592054s ago: executing program 7 (id=705):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r1, 0x0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='u', 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xb0}, 0x0, 0x8400, 0x1})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x8}, 0xb0, 0x4d, 0x800020, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x10000000, 0x0, 0x3}}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x40)
r3 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0xfe15, 0x10, 0x0, 0x30f}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000540)=<r5=>0x0)
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x81, &(0x7f0000000240)={0x3, 0x11, 0x5, 0x5360, 0x7}, 0x10, 0x6, 0x81, 0x0, 0x1, 0x101, 0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'caif0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@newlink={0x54, 0x10, 0x1, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x2180, 0x400c}, [@IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}, @IFLA_MTU={0x8, 0x4, 0xd4}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x391, 0x6, 0x9e2}}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8014}, 0x20000040)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
syz_mount_image$msdos(&(0x7f00000006c0), &(0x7f0000000280)='./file0\x00', 0xc0, &(0x7f0000000080)=ANY=[@ANYBLOB="646f74732c6e66732c71756965742c6e6f646f74732c636865636b3d7374726963742c6e66733d7374616c655f72772c646f74732c6572726f72733d636f6e74696e7565008000000000000074732c00"], 0x1, 0x246, &(0x7f00000016c0)="$eJzs3TFu01AcBvB/2rQNZaAzYrDEwlQBN7BQkBCWkII8wISlwtIiJHcxTDkGZ+BIHKNTNyNqixS3MFRu3ca/nxT5Uz45eW/Jy/Be8uHR58ODL8ef6p/fYzZLYhqxjNOIvdiIzWhM2uvGWd6O85YBANw1i0WRDj0GejS5+FRZpsVWROxcaPIfNzMoAAAAAAAAAAAA+mb/PwCMj/3/668s02K3/f72N/v/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOGc1vWD+j+PoccHAPTP+g8A42P9B4Dxsf4DwPi8fff+dZpl80WSzCJOllVe5c216V++yuZPkzN7q7tOqirfanM2f9b0Sbffbe9/fmm/HU8eN/3v7sWbrNPvxMF1Tx4AAAAAAAAAAAAAAAAAAABuif3kj875/s2m3/9X36Rzvw/QOb8/jYfTG5sGAAAAAAAAAAAAAAAAAAAA3GnHX78dFkdHH0thpOH+JdW9uMILzuI2TEfoKQz9yQQAAAAAAAAAAAAAAAAAAOOzOvQ79EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDir//+/vtB9z0lMhpksAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNZ+BQAA///TbZE4")
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r10, 0x4000000000000, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x4001, 0x3, 0x380, 0x0, 0xb, 0x148, 0x0, 0x148, 0x2e8, 0x240, 0x240, 0x2e8, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0xffffff00, 'ip6erspan0\x00', 'nr0\x00', {}, {0xff}, 0x21, 0x0, 0x10}, 0x2e8, 0x180, 0x1e8, 0x0, {0xff0f000000000000}, [@common=@inet=@multiport={{0x50}, {0x2, 0xb, [0x4e20, 0x4e23, 0x4e22, 0x4e24, 0x4e24, 0x4e24, 0x4e22, 0x4e23, 0x4e21, 0x4e20, 0x3, 0x4e22, 0x4e23, 0xeac, 0x4e23], [0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1]}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "d40b98e613e5c0d53fa5668bfbd8659b9ba9affcbed065733d0012e401764f592fc2c2bfb0e657e39980dd3655cfdfebceab664ab18605949120401237b982613cbdde69fbfbd40e9505ea3909a03f93f0be8cd9870b50e1d8a655f0a2cc7dba129d9af19184e11feeab1ddd11aa07abfef2f0ace242261fac91893e25989bb2", 0x4, 0x8a119efdab096be9}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x8, 0x5, 0x22000000, 0xfffffffa, '\x00', 'syz1\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c00000018092020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f00000001c0)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r11, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff0300600d0600fb9e14f086f8", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000581000/0x2000)=nil)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r9, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)={0x1d0, r12, 0x20, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_FEATURES_WANTED={0x1b0, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x12c, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\x93/,[&'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '}*^\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xb4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6c4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x23}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, 'bridge_slave_0\x00'}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, ',%\'-%#}{^@[&\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\x8f$,*$\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xcfb}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}]}]}, @ETHTOOL_A_BITSET_MASK={0x7c, 0x5, "ab3f03276d8102c64e997c590e8ddad8b8014a8ad8f2bc15268489c15f8cf9257fc1849d0a8b70d5d871ff9498785173bb01790b2b3fb1480aa7d257b16bd4814a4baa6f0b4c9f8529dd8514a0f2050bc2c02d58f410ac523b42bc9973bb908e40ad5497468550afa62ed71f5f408ca215dd87b79cea0ed2"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r3, 0x47bc, 0xe0, 0x21, 0x0, 0x0)

1.466445945s ago: executing program 0 (id=706):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x3804090, &(0x7f0000000000), 0x0, 0x521, &(0x7f0000000e00)="$eJzs3UFvI1cdAPD/TOJsdpPiFBAqlSgVLcpWsHbS0DZCCMoFTpWAcl9C4kRR7DiKnbKJKpqKb4CQQOLEiQsSHwAJ9cAHQJUqwQVxQIBAFWzhgAR0kMdjbdaxk9DNxtn495Pe+r3nmfm/N1aeZ8ZvZwIYW09HxMsRMRERz0VEuahPixSH3dRZ7r27r692UhJZ9urfkkiKut62piJiMiJmitWmI+IbX434dnI8bmv/YGulXq/tFuVqu7FTbe0f3NpsrGzUNmrbS0uLLy6/tPzC8kJWeKB+zvUyP/3KF3/52e/84fZfb36306wvfCxK0deP89Tteilmj9R19tHuwwg2AhNFf0qjbggAAGfSOcb/cER8Kj/+L8dEfjTXZ2IULQMAAADOS/al2fhPEpEBAAAAV1YaEbORpJViLsBspOlUcW3go3EjrTdb7c+sN/e21yKfwzoXpXR9s15bKOYKz0Up6ZQXizm2vfLzfeWliHg8In5Qvp6XK6vN+tqIr30AAADAuJjpO///ZznN86cb8P8EAAAAgMtrbmgBAAAAuCqc8gMAAMDV13/+737/AAAAcKV87ZVXOinrPf967bX9va3ma7fWaq2tSmNvtbLa3N2pbDSbG/k9+xqnba/ebO58Lrb37lTbtVa72to/uN1o7m23b2/mjwMHAAAARuDxT7712yQiDj9/PU9R3AcQ4D5/GnUDgPNkqh+ML3fxhvFVGnUDgJFLTnnf5B0AAHj0zX/8+O//vef/uzYAV5u5PgAwfvz+D+OrZAYgjK3J4hrAh7rFa8OWG/r7/6/PGinLIt4uH61xfREAAC7WbJ6StFKcB8xGmlYqEY9FpHNRStY367WF4vzgN+XStU55MV8zOXXOMAAAAAAAAAAAAAAAAAAAAAAAAADQlWVJZAAAAMCVFpH+Jcnv5h8xX352tv/6wFTyr3L8uSj8+NUf3llpt3cXO/V/z5/lNRUR7R8V9c8PfXwYAAAAcN6Sw6Fvdc/Ti9fFC20VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGPgvbuvr/bSRcZ998sRMTco/mRM56/TUYqIG/9IYvLIeklETJxD/MM3I+KJQfGTeD/L3oiiFYPiXz+n+DcG7v+ks1tibkj8NCJmziE+jLO3OuPPy4P+/tJ4On8d/Pc3WaQHNXz8S4vIT+Tj3KDx57FjW2sMjPHkOz+vdnOl4/HfjHhycvD40xt/kyHxnzm2tX9nWXY8/re+eXAwrP/ZTyLmh4x/R2NV242damv/4NZmY2WjtlHbXlpafHH5peUXlheq65v1WvHvwBjf/8Qv3h8W/90h4+/vf9cdf0/q/7PDNtrnv+/cufuRbvbYB9CJf/OZgd+/0zEkflp89326yHfen+/lD7v5o5762dtPndT/tSH7/7TP/+YZ+//c17/3xzMuCgBcgNb+wdZKvV7bPSEzfYZlHsXMr6YvRTP+z0z2RveTuyzt+aCZztHqvZpery5Bw45ksoex5ZmIuK/mWn48f9bVpy6o7yMdlgAAgIfg3kH/qFsCAAAAAAAAAAAAAAAAAAAA4+sibqXWH/NwNF0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjR/wIAAP//Ekna1A==")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="b40500000012000071109b000000000000000000009500000000000000dc03b861b47ce33d01ac7e329115bdff99d13fcb67a380d5ae7200f13a0a28c280adc47d6c736aa56fc090141d941f7663ecf43585eb2264cb45938db368840cb35765ac50e43f078ea2ad0cc7e572a71b2d32075be7070a2d22a88c93aad53e09f0ad8dbfbc90b039e03e217709b21c5a662373b8b08725534aff0c7776"], 0x0, 0x5}, 0x94)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
timer_create(0x4, 0x0, &(0x7f0000000340)=<r6=>0x0)
timer_gettime(r6, &(0x7f0000000380))
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001708000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r8)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x1e303})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010104}, {0x2, 0x4a24, @remote}, {0x2, 0x4e25, @empty}, 0x84, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
socket$unix(0x1, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.39574933s ago: executing program 5 (id=707):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28)
bind$inet6(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x48044}, 0x14)

1.332395713s ago: executing program 5 (id=708):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x80551, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f00000002c0), 0x9}, 0x0, 0x3, 0xda, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/cpu_byteorder', 0x0, 0x48)
read$hidraw(r2, 0x0, 0x0)
write$P9_RGETLOCK(r1, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r1, 0x407, 0x7000000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000080), &(0x7f0000000280), 0x2, 0x2)
r3 = shmat(0x0, &(0x7f0000f62000/0x1000)=nil, 0x7000)
r4 = socket$netlink(0x10, 0x3, 0x0)
pipe2(&(0x7f0000000300), 0x4080)
sendmsg$nl_route(r4, 0x0, 0x0)
setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4)
shmdt(r3)
mmap(&(0x7f00003ff000/0x2000)=nil, 0x2000, 0x2000000, 0x13, r4, 0x4d8bc000)

1.308225975s ago: executing program 0 (id=709):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
open_by_handle_at(0xffffffffffffffff, &(0x7f00000000c0)=@ceph_nfs_confh={0x10, 0x2, {0x462, 0xe7}}, 0x1d1480)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

1.21299031s ago: executing program 0 (id=711):
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000040)=ANY=[@ANYBLOB="0002020100"], 0x18) (fail_nth: 5)

1.20483747s ago: executing program 7 (id=712):
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
set_mempolicy(0x5, &(0x7f0000000000)=0x4000000ff9, 0xf)

984.515224ms ago: executing program 7 (id=713):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5)

933.381366ms ago: executing program 0 (id=714):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x9001, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x401, 0x20004, 0x572, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
setxattr$system_posix_acl(&(0x7f00000001c0)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="020000b75d95f276a26d1a58000100000000eee30000002000020000000000"], 0x24, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000100))

931.839016ms ago: executing program 6 (id=715):
perf_event_open(&(0x7f0000000740)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x5, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x183, 0x6}, 0x2025, 0x4005, 0xb, 0x0, 0x1, 0x4, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)

900.868368ms ago: executing program 1 (id=716):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@noquota}, {@orlov}, {@noload}, {@delalloc}, {@nodiscard}, {@commit}, {@noquota}, {@nogrpid}, {@grpid}]}, 0xfa, 0x477, &(0x7f0000001380)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc")
mknod$loop(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x449)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x131000, 0x0)
getdents64(r1, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@noquota}, {@orlov}, {@noload}, {@delalloc}, {@nodiscard}, {@commit}, {@noquota}, {@nogrpid}, {@grpid}]}, 0xfa, 0x477, &(0x7f0000001380)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc") (async)
mknod$loop(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1) (async)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async)
inotify_init() (async)
inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x449) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x131000, 0x0) (async)
getdents64(r1, 0x0, 0x0) (async)

872.97983ms ago: executing program 6 (id=717):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0xd}, 0x2000, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0x1, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x4, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x0)

872.68801ms ago: executing program 7 (id=718):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28)
bind$inet6(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x41000, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x48044}, 0x14)

825.366623ms ago: executing program 7 (id=719):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000400eab556a705251e618294ff0051f60a84c9f4d49380", 0x49}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x8080)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0xffa1)

785.790805ms ago: executing program 5 (id=720):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x800)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
syz_emit_ethernet(0x86, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaa0500000080c200000086dd6012000800503a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0801000000000000600000000000110100000000000000000000000000000000fe8000000000000000000000000000aa8000000000000000053a0001a0000000fb36eeca6fad50b375a22a584d16ca55"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r4 = getpid()
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x5}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@nobh}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x1, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x2)
ioctl$FS_IOC_ENABLE_VERITY(r6, 0x8004587d, &(0x7f0000000340)={0x2, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
fsync(r6)
kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r3, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xbf34})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r7, 0x402c542c, &(0x7f00000000c0)={0x5, 0x1, 0xfffd, 0x80000007, 0x83, "203c5eebfffe765e000080fffffffffffffff2", 0x8, 0x5})
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040)=0xff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'pim6reg1\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
socket$netlink(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

709.30211ms ago: executing program 0 (id=721):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macsec0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0xffe0, 0xfff1}, {0xffff, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x7, 0xff}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r5 = getpgid(0xffffffffffffffff)
fcntl$lock(r2, 0x25, &(0x7f00000000c0)={0x0, 0x1, 0x2, 0x8, r5})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffdf8, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x5, '\x00', 0x5, 0x8, 0x1, 0x10000}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0xe, 0x4, 0x4, 0x2}, 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r10, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

709.017839ms ago: executing program 6 (id=722):
r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=<r1=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r0, 0x627, 0x4c1, 0x4b, 0x0, 0xfffffffffffffef2) (fail_nth: 12)

606.628576ms ago: executing program 6 (id=723):
syz_clone3(&(0x7f0000000340)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) (fail_nth: 11)

474.781453ms ago: executing program 6 (id=724):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_config_ext={0x10000, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x13bb711e)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000500)="0c1874268c0000bd3f4c2ee4c3e4fdfea05e8e04a1a42a60557fb65e7388442bcb546079b365311561bb95fb1aff7128184ea4ca0f437142f62b8f3200e2eb47d44e67968ef5a2b24506d380fd62fac61aa99133d75de2774168ed1224dee2e650791e490c7c3f514a1b39c61d40894d45c2205a1d988b31cd6dc9ba0908fb6e4cd35d064b5085cd470e8282240c64159ba4b6b084446629f37ec8700db7d6dea32c10c93f7f19f2de78816ca02e67b7ab59f59fdf2bea3156f5938df17892e404e8ae", 0x6e}], 0x1, 0x0, 0x0, 0x2000000}}], 0x800000000000369, 0x44000)

286.369224ms ago: executing program 5 (id=725):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x20048a, &(0x7f0000000300), 0x12, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
timer_delete(0x0)
getpriority(0x3, 0x0)
syz_clone3(&(0x7f0000000340)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)

0s ago: executing program 6 (id=726):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0xfffffffffffffcc6, &(0x7f0000000300), 0x1, &(0x7f0000000000)=[@ip_tos_int={{0x0, 0x0, 0x1, 0x6}}], 0x20}, 0x0)

kernel console output (not intermixed with test programs):

n device team0
[   62.130824][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.138014][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.159820][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.166997][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.210221][ T4271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.249363][ T4411] set_capacity_and_notify: 2 callbacks suppressed
[   62.249383][ T4411] loop3: detected capacity change from 0 to 128
[   62.298603][ T4411] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   62.344768][ T4271] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.545971][ T4271] veth0_vlan: entered promiscuous mode
[   62.563762][ T4271] veth1_vlan: entered promiscuous mode
[   62.569705][ T4439] 9pnet_fd: Insufficient options for proto=fd
[   62.574372][ T4441] netlink: 'syz.1.268': attribute type 21 has an invalid length.
[   62.597769][ T4441] netlink: 156 bytes leftover after parsing attributes in process `syz.1.268'.
[   62.606812][ T4441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.268'.
[   62.616827][ T4271] veth0_macvtap: entered promiscuous mode
[   62.634933][ T4271] veth1_macvtap: entered promiscuous mode
[   62.646879][   T29] kauditd_printk_skb: 226 callbacks suppressed
[   62.646893][   T29] audit: type=1326 audit(1770268008.634:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.667733][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.689030][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.710465][   T29] audit: type=1326 audit(1770268008.634:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.733926][   T29] audit: type=1326 audit(1770268008.634:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.757257][   T29] audit: type=1326 audit(1770268008.662:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.760920][   T37] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.780434][   T29] audit: type=1326 audit(1770268008.662:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.780474][   T29] audit: type=1326 audit(1770268008.662:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.780506][   T29] audit: type=1326 audit(1770268008.680:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.858975][   T29] audit: type=1326 audit(1770268008.680:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.882205][   T29] audit: type=1326 audit(1770268008.680:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.905959][   T29] audit: type=1326 audit(1770268008.680:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4442 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   62.939056][   T37] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.948956][ T4447] loop1: detected capacity change from 0 to 1764
[   62.955776][ T4447] iso9660: Bad value for 'mode'
[   62.970688][ T4447] netlink: 45 bytes leftover after parsing attributes in process `syz.1.271'.
[   62.995926][   T37] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.042631][   T37] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.079592][ T4452] loop5: detected capacity change from 0 to 128
[   63.109742][ T4447] netlink: 'syz.1.271': attribute type 1 has an invalid length.
[   63.232227][ T4463] loop1: detected capacity change from 0 to 128
[   63.247410][ T4463] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   63.432325][ T4466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.277'.
[   63.465013][ T4457] netlink: 80 bytes leftover after parsing attributes in process `syz.2.274'.
[   63.720855][ T4478] netlink: 4 bytes leftover after parsing attributes in process `syz.5.282'.
[   63.749533][ T4478] veth0_macvtap: left promiscuous mode
[   63.929100][ T4482] netlink: 80 bytes leftover after parsing attributes in process `syz.3.284'.
[   64.010402][ T4489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.035404][ T4489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.111534][ T4494] loop3: detected capacity change from 0 to 128
[   64.119019][ T4494] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   64.210837][ T4497] FAULT_INJECTION: forcing a failure.
[   64.210837][ T4497] name failslab, interval 1, probability 0, space 0, times 0
[   64.224025][ T4497] CPU: 1 UID: 0 PID: 4497 Comm: syz.2.288 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.224052][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   64.224065][ T4497] Call Trace:
[   64.224073][ T4497]  <TASK>
[   64.224126][ T4497]  __dump_stack+0x1d/0x30
[   64.224153][ T4497]  dump_stack_lvl+0x95/0xd0
[   64.224175][ T4497]  dump_stack+0x15/0x1b
[   64.224195][ T4497]  should_fail_ex+0x263/0x280
[   64.224272][ T4497]  should_failslab+0x8c/0xb0
[   64.224305][ T4497]  __kmalloc_cache_noprof+0x64/0x4a0
[   64.224333][ T4497]  ? audit_log_d_path+0x8d/0x150
[   64.224420][ T4497]  audit_log_d_path+0x8d/0x150
[   64.224459][ T4497]  audit_log_d_path_exe+0x42/0x70
[   64.224510][ T4497]  audit_log_task+0x1e8/0x250
[   64.224545][ T4497]  ? kstrtouint+0x76/0xc0
[   64.224633][ T4497]  audit_seccomp+0x60/0x100
[   64.224682][ T4497]  ? __seccomp_filter+0x8db/0x1350
[   64.224770][ T4497]  __seccomp_filter+0x8ec/0x1350
[   64.224860][ T4497]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   64.224888][ T4497]  ? vfs_write+0x86e/0x9f0
[   64.224913][ T4497]  __secure_computing+0x81/0x150
[   64.224982][ T4497]  syscall_trace_enter+0xce/0x1e0
[   64.225025][ T4497]  do_syscall_64+0x9a/0x2a0
[   64.225056][ T4497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.225146][ T4497] RIP: 0033:0x7f2f52a3aeb9
[   64.225166][ T4497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   64.225186][ T4497] RSP: 002b:00007f2f51497028 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[   64.225206][ T4497] RAX: ffffffffffffffda RBX: 00007f2f52cb5fa0 RCX: 00007f2f52a3aeb9
[   64.225294][ T4497] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   64.225311][ T4497] RBP: 00007f2f51497090 R08: 0000000000000000 R09: 0000000000000000
[   64.225327][ T4497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.225344][ T4497] R13: 00007f2f52cb6038 R14: 00007f2f52cb5fa0 R15: 00007ffe5f322ad8
[   64.225367][ T4497]  </TASK>
[   64.533254][ T4504] loop2: detected capacity change from 0 to 512
[   64.570425][ T4504] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[   64.614402][ T4504] EXT4-fs (loop2): 1 truncate cleaned up
[   64.642396][ T4504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.677173][ T4511] loop1: detected capacity change from 0 to 256
[   64.730619][ T4504] EXT4-fs: Ignoring removed orlov option
[   64.754028][ T4504] EXT4-fs error (device loop2): __ext4_remount:6789: comm syz.2.291: Abort forced by user
[   64.774404][ T4504] EXT4-fs (loop2): Remounting filesystem read-only
[   64.780956][ T4504] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[   64.810708][ T4513] loop1: detected capacity change from 0 to 512
[   64.843649][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.853453][ T4513] EXT4-fs warning (device loop1): read_mmp_block:111: Error -117 while reading MMP block 12
[   64.881691][ T4513] netlink: 'syz.1.294': attribute type 4 has an invalid length.
[   64.903528][ T4513] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   64.923193][ T4512] tipc: Disabling bearer <eth:syzkaller0>
[   65.084753][ T4526] loop2: detected capacity change from 0 to 128
[   65.096082][ T4526] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   65.229286][ T4533] __nla_validate_parse: 1 callbacks suppressed
[   65.229337][ T4533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'.
[   65.468605][ T4539] loop2: detected capacity change from 0 to 512
[   65.507745][ T4539] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   65.532593][ T4539] ext4 filesystem being mounted at /54/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.619526][ T3314] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #4: comm syz-executor: corrupted inode contents
[   65.703910][ T3314] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #4: comm syz-executor: mark_inode_dirty error
[   65.779156][ T3314] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #4: comm syz-executor: corrupted inode contents
[   65.791478][ T3314] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #4: comm syz-executor: mark_inode_dirty error
[   65.832475][ T3314] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz-executor: Failed to acquire dquot type 1
[   66.001067][ T4553] netlink: 8 bytes leftover after parsing attributes in process `syz.5.309'.
[   66.025032][ T4553] netlink: 'syz.5.309': attribute type 3 has an invalid length.
[   66.047686][ T4553] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   66.071739][ T4553] EXT4-fs: error: could not find journal device path
[   66.080066][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.092850][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.108535][ T3314] syz-executor (3314) used greatest stack depth: 10368 bytes left
[   66.198815][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.252582][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.310078][ T4560] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[   66.321650][ T4561] netlink: 20 bytes leftover after parsing attributes in process `syz.1.313'.
[   66.330718][ T4561] netlink: 20 bytes leftover after parsing attributes in process `syz.1.313'.
[   66.340538][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.357977][ T4560] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   66.389327][ T4560] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.314: bg 0: block 248: padding at end of block bitmap is not set
[   66.431465][ T4560] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.314: Failed to acquire dquot type 1
[   66.487480][ T4560] EXT4-fs (loop5): 1 truncate cleaned up
[   66.494719][   T12] bridge_slave_1: left allmulticast mode
[   66.500460][   T12] bridge_slave_1: left promiscuous mode
[   66.506241][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.513270][ T4560] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[   66.526555][   T12] bridge_slave_0: left allmulticast mode
[   66.532278][   T12] bridge_slave_0: left promiscuous mode
[   66.538036][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.680967][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   66.691182][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   66.702656][   T12] bond0 (unregistering): Released all slaves
[   66.710697][   T12] bond1 (unregistering): Released all slaves
[   66.775528][   T12] hsr_slave_0: left promiscuous mode
[   66.781423][   T12] hsr_slave_1: left promiscuous mode
[   66.792445][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.799909][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   66.816442][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.823879][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   66.837159][   T12] veth1_macvtap: left promiscuous mode
[   66.843933][   T12] veth0_macvtap: left promiscuous mode
[   66.849768][   T12] veth1_vlan: left promiscuous mode
[   66.855346][   T12] veth0_vlan: left promiscuous mode
[   66.940319][ T4560] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.314: Failed to acquire dquot type 1
[   67.024648][   T12] team0 (unregistering): Port device team_slave_1 removed
[   67.041846][   T12] team0 (unregistering): Port device team_slave_0 removed
[   67.069595][ T4546] syz.3.306 (4546) used greatest stack depth: 7272 bytes left
[   67.106011][ T4577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.315'.
[   67.225161][ T4584] 9p: Bad value for 'rfdno'
[   67.244077][ T4271] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[   67.311370][ T4590] netlink: 44 bytes leftover after parsing attributes in process `syz.1.318'.
[   67.335491][ T4562] chnl_net:caif_netlink_parms(): no params data found
[   67.390286][ T4591] syzkaller0: entered promiscuous mode
[   67.395953][ T4591] syzkaller0: entered allmulticast mode
[   67.412272][ T4590] netlink: 84 bytes leftover after parsing attributes in process `syz.1.318'.
[   67.423013][ T4599] EXT4-fs warning (device loop5): read_mmp_block:111: Error -117 while reading MMP block 12
[   67.453210][ T4600] bond0: Caught tx_queue_len zero misconfig
[   67.537276][ T4599] netlink: 'syz.5.320': attribute type 4 has an invalid length.
[   67.579502][ T4562] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.586628][ T4562] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.594442][ T4562] bridge_slave_0: entered allmulticast mode
[   67.594770][ T4606] netlink: 16 bytes leftover after parsing attributes in process `syz.1.321'.
[   67.601821][ T4562] bridge_slave_0: entered promiscuous mode
[   67.622279][ T4614] tipc: Started in network mode
[   67.627287][ T4614] tipc: Node identity 5af41b07b758, cluster identity 4711
[   67.634531][ T4614] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   67.641990][ T4562] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.649073][ T4562] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.656499][ T4562] bridge_slave_1: entered allmulticast mode
[   67.663155][ T4562] bridge_slave_1: entered promiscuous mode
[   67.691995][ T4598] tipc: Disabling bearer <eth:syzkaller0>
[   67.712526][ T4617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.323'.
[   67.773342][ T4562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.784050][ T4562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.831914][ T4628] netlink: 24 bytes leftover after parsing attributes in process `syz.5.325'.
[   67.849182][ T4562] team0: Port device team_slave_0 added
[   67.888455][ T4562] team0: Port device team_slave_1 added
[   68.216499][ T4562] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.223491][ T4562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.249693][ T4562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.309512][ T4644] 9p: Bad value for 'rfdno'
[   68.336372][   T29] kauditd_printk_skb: 698 callbacks suppressed
[   68.336386][   T29] audit: type=1400 audit(1770268013.947:1671): avc:  denied  { map } for  pid=4645 comm="syz.1.328" path="socket:[9309]" dev="sockfs" ino=9309 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   68.370479][ T4562] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.377542][ T4562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.403485][ T4562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.417513][   T29] audit: type=1400 audit(1770268013.984:1672): avc:  denied  { ioctl } for  pid=4645 comm="syz.1.328" path="socket:[9311]" dev="sockfs" ino=9311 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   68.442987][   T29] audit: type=1400 audit(1770268013.984:1673): avc:  denied  { read append } for  pid=4645 comm="syz.1.328" name="usbmon4" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   68.488994][ T4562] hsr_slave_0: entered promiscuous mode
[   68.500802][ T4562] hsr_slave_1: entered promiscuous mode
[   68.516986][ T4562] debugfs: 'hsr0' already exists in 'hsr'
[   68.522779][ T4562] Cannot create hsr debugfs directory
[   68.760633][ T4562] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   68.785554][ T4562] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   68.803672][ T4562] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   68.831374][ T4562] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   68.905643][ T4679] dvmrp1: tun_chr_ioctl cmd 1074025677
[   68.911231][ T4679] dvmrp1: linktype set to 823
[   68.921463][   T29] audit: type=1400 audit(1770268014.489:1674): avc:  denied  { name_bind } for  pid=4678 comm="syz.3.332" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[   68.942998][   T29] audit: type=1400 audit(1770268014.489:1675): avc:  denied  { name_connect } for  pid=4678 comm="syz.3.332" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[   68.973869][   T29] audit: type=1400 audit(1770268014.536:1676): avc:  denied  { read } for  pid=4678 comm="syz.3.332" lport=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   69.025125][ T4654] set_capacity_and_notify: 3 callbacks suppressed
[   69.025148][ T4654] loop1: detected capacity change from 0 to 256
[   69.045078][ T4562] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.059769][ T4562] 8021q: adding VLAN 0 to HW filter on device team0
[   69.085329][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.092458][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.124131][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.131331][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.168138][   T29] audit: type=1326 audit(1770268014.723:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.5.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f954721aeb9 code=0x0
[   69.257088][   T29] audit: type=1400 audit(1770268014.760:1678): avc:  denied  { associate } for  pid=4653 comm="syz.1.330" name="cgroup.stat" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   69.278928][ T4562] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.460009][ T4714] loop1: detected capacity change from 0 to 512
[   69.483567][ T4714] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[   69.512671][   T29] audit: type=1400 audit(1770268015.050:1679): avc:  denied  { bind } for  pid=4713 comm="syz.1.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   69.550735][ T4562] veth0_vlan: entered promiscuous mode
[   69.559868][ T4562] veth1_vlan: entered promiscuous mode
[   69.577558][ T4562] veth0_macvtap: entered promiscuous mode
[   69.595256][ T4562] veth1_macvtap: entered promiscuous mode
[   69.637504][ T4562] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.670883][ T4562] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.703416][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.719141][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.744066][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.744258][   T29] audit: type=1400 audit(1770268015.256:1680): avc:  denied  { read write } for  pid=4729 comm="syz.1.338" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   69.764426][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.827597][ T4738] loop6: detected capacity change from 0 to 128
[   69.835179][ T4738] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   69.912121][ T4744] netlink: 'syz.6.342': attribute type 1 has an invalid length.
[   70.138854][ T4749] FAULT_INJECTION: forcing a failure.
[   70.138854][ T4749] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.152113][ T4749] CPU: 0 UID: 0 PID: 4749 Comm: syz.5.344 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.152148][ T4749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.152165][ T4749] Call Trace:
[   70.152173][ T4749]  <TASK>
[   70.152201][ T4749]  __dump_stack+0x1d/0x30
[   70.152240][ T4749]  dump_stack_lvl+0x95/0xd0
[   70.152268][ T4749]  dump_stack+0x15/0x1b
[   70.152421][ T4749]  should_fail_ex+0x263/0x280
[   70.152461][ T4749]  should_fail+0xb/0x20
[   70.152541][ T4749]  should_fail_usercopy+0x1a/0x20
[   70.152583][ T4749]  _copy_from_iter+0xcf/0xea0
[   70.152607][ T4749]  ? __alloc_skb+0x397/0x4b0
[   70.152655][ T4749]  ? __alloc_skb+0x219/0x4b0
[   70.152735][ T4749]  netlink_sendmsg+0x4ae/0x6f0
[   70.152763][ T4749]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.152787][ T4749]  ____sys_sendmsg+0x5af/0x600
[   70.152815][ T4749]  ___sys_sendmsg+0x195/0x1e0
[   70.152854][ T4749]  __x64_sys_sendmsg+0xd4/0x160
[   70.152910][ T4749]  x64_sys_call+0x17ba/0x3000
[   70.152943][ T4749]  do_syscall_64+0xc0/0x2a0
[   70.152983][ T4749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.153011][ T4749] RIP: 0033:0x7f954721aeb9
[   70.153049][ T4749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   70.153104][ T4749] RSP: 002b:00007f9545c77028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.153130][ T4749] RAX: ffffffffffffffda RBX: 00007f9547495fa0 RCX: 00007f954721aeb9
[   70.153149][ T4749] RDX: 0000000000008404 RSI: 0000200000000240 RDI: 0000000000000003
[   70.153166][ T4749] RBP: 00007f9545c77090 R08: 0000000000000000 R09: 0000000000000000
[   70.153183][ T4749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.153199][ T4749] R13: 00007f9547496038 R14: 00007f9547495fa0 R15: 00007ffc7ea77008
[   70.153232][ T4749]  </TASK>
[   70.467140][ T4762] FAULT_INJECTION: forcing a failure.
[   70.467140][ T4762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.480304][ T4762] CPU: 0 UID: 0 PID: 4762 Comm: syz.1.349 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.480331][ T4762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.480379][ T4762] Call Trace:
[   70.480388][ T4762]  <TASK>
[   70.480399][ T4762]  __dump_stack+0x1d/0x30
[   70.480437][ T4762]  dump_stack_lvl+0x95/0xd0
[   70.480524][ T4762]  dump_stack+0x15/0x1b
[   70.480596][ T4762]  should_fail_ex+0x263/0x280
[   70.480632][ T4762]  should_fail+0xb/0x20
[   70.480668][ T4762]  should_fail_usercopy+0x1a/0x20
[   70.480752][ T4762]  _copy_from_user+0x1c/0xb0
[   70.480782][ T4762]  core_sys_select+0x1e6/0x730
[   70.480850][ T4762]  ? set_user_sigmask+0x8b/0x140
[   70.480878][ T4762]  __se_sys_pselect6+0x23c/0x2a0
[   70.480938][ T4762]  ? putname+0x90/0x100
[   70.480967][ T4762]  __x64_sys_pselect6+0x78/0x90
[   70.480995][ T4762]  x64_sys_call+0x2e98/0x3000
[   70.481022][ T4762]  do_syscall_64+0xc0/0x2a0
[   70.481181][ T4762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.481206][ T4762] RIP: 0033:0x7f995d2caeb9
[   70.481221][ T4762] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   70.481307][ T4762] RSP: 002b:00007f995bd27028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[   70.481394][ T4762] RAX: ffffffffffffffda RBX: 00007f995d545fa0 RCX: 00007f995d2caeb9
[   70.481486][ T4762] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[   70.481498][ T4762] RBP: 00007f995bd27090 R08: 0000000000000000 R09: 0000000000000000
[   70.481514][ T4762] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[   70.481531][ T4762] R13: 00007f995d546038 R14: 00007f995d545fa0 R15: 00007fff77e0ca88
[   70.481556][ T4762]  </TASK>
[   70.481858][ T4763] FAULT_INJECTION: forcing a failure.
[   70.481858][ T4763] name failslab, interval 1, probability 0, space 0, times 0
[   70.666842][ T4763] CPU: 1 UID: 0 PID: 4763 Comm: syz.5.348 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.666874][ T4763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.666888][ T4763] Call Trace:
[   70.666897][ T4763]  <TASK>
[   70.666907][ T4763]  __dump_stack+0x1d/0x30
[   70.666939][ T4763]  dump_stack_lvl+0x95/0xd0
[   70.667003][ T4763]  dump_stack+0x15/0x1b
[   70.667089][ T4763]  should_fail_ex+0x263/0x280
[   70.667122][ T4763]  should_failslab+0x8c/0xb0
[   70.667147][ T4763]  __kmalloc_node_track_caller_noprof+0xb8/0x590
[   70.667180][ T4763]  ? sidtab_sid2str_get+0xa0/0x130
[   70.667293][ T4763]  ? _raw_spin_unlock_irqrestore+0x9/0x30
[   70.667334][ T4763]  kmemdup_noprof+0x2b/0x70
[   70.667357][ T4763]  sidtab_sid2str_get+0xa0/0x130
[   70.667440][ T4763]  security_sid_to_context_core+0x1eb/0x2e0
[   70.667468][ T4763]  security_sid_to_context+0x27/0x40
[   70.667495][ T4763]  avc_audit_post_callback+0x10f/0x520
[   70.667536][ T4763]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   70.667611][ T4763]  common_lsm_audit+0x1ba/0x230
[   70.667637][ T4763]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   70.667683][ T4763]  slow_avc_audit+0x14c/0x190
[   70.667757][ T4763]  audit_inode_permission+0x119/0x160
[   70.667865][ T4763]  selinux_inode_permission+0x723/0x7d0
[   70.667951][ T4763]  security_inode_permission+0x69/0xa0
[   70.667971][ T4763]  inode_permission+0x20e/0x3c0
[   70.668019][ T4763]  may_open+0x255/0x350
[   70.668078][ T4763]  path_openat+0x1d35/0x23c0
[   70.668155][ T4763]  ? path_openat+0x1d94/0x23c0
[   70.668198][ T4763]  do_filp_open+0x15d/0x280
[   70.668248][ T4763]  do_open_execat+0xec/0x280
[   70.668362][ T4763]  alloc_bprm+0x25/0x350
[   70.668410][ T4763]  do_execveat_common+0x120/0x740
[   70.668510][ T4763]  ? getname_flags+0x153/0x3b0
[   70.668543][ T4763]  __x64_sys_execveat+0x73/0x90
[   70.668568][ T4763]  x64_sys_call+0x1c0e/0x3000
[   70.668623][ T4763]  do_syscall_64+0xc0/0x2a0
[   70.668683][ T4763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.668734][ T4763] RIP: 0033:0x7f954721aeb9
[   70.668750][ T4763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   70.668768][ T4763] RSP: 002b:00007f9545c56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[   70.668792][ T4763] RAX: ffffffffffffffda RBX: 00007f9547496090 RCX: 00007f954721aeb9
[   70.668806][ T4763] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   70.668819][ T4763] RBP: 00007f9545c56090 R08: 0000000000000000 R09: 0000000000000000
[   70.668832][ T4763] R10: 0000200000000880 R11: 0000000000000246 R12: 0000000000000002
[   70.668899][ T4763] R13: 00007f9547496128 R14: 00007f9547496090 R15: 00007ffc7ea77008
[   70.668917][ T4763]  </TASK>
[   70.953643][ T4765] loop1: detected capacity change from 0 to 512
[   70.978281][ T4765] EXT4-fs warning (device loop1): read_mmp_block:111: Error -117 while reading MMP block 12
[   71.040861][ T4770] loop0: detected capacity change from 0 to 128
[   71.042014][ T4765] netlink: 'syz.1.350': attribute type 4 has an invalid length.
[   71.055697][ T4765] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   71.065001][ T4764] tipc: Disabling bearer <eth:syzkaller0>
[   71.105107][ T4770] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   71.154741][ T4772] __nla_validate_parse: 5 callbacks suppressed
[   71.154822][ T4772] netlink: 24 bytes leftover after parsing attributes in process `syz.1.353'.
[   71.170140][ T4772] netlink: 24 bytes leftover after parsing attributes in process `syz.1.353'.
[   71.280453][ T4777] bridge0: entered allmulticast mode
[   71.289510][ T4777] bridge_slave_1: left allmulticast mode
[   71.295212][ T4777] bridge_slave_1: left promiscuous mode
[   71.300994][ T4777] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.317620][ T4777] bridge_slave_0: left allmulticast mode
[   71.323325][ T4777] bridge_slave_0: left promiscuous mode
[   71.329187][ T4777] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.476799][ T4792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.496681][ T4792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   71.607727][ T4802] loop5: detected capacity change from 0 to 128
[   71.615324][ T4802] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   71.701335][ T4807] netlink: 24 bytes leftover after parsing attributes in process `syz.6.366'.
[   71.710291][ T4807] netlink: 24 bytes leftover after parsing attributes in process `syz.6.366'.
[   71.721551][ T4809] FAULT_INJECTION: forcing a failure.
[   71.721551][ T4809] name failslab, interval 1, probability 0, space 0, times 0
[   71.734267][ T4809] CPU: 0 UID: 0 PID: 4809 Comm: syz.5.367 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   71.734315][ T4809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   71.734329][ T4809] Call Trace:
[   71.734337][ T4809]  <TASK>
[   71.734345][ T4809]  __dump_stack+0x1d/0x30
[   71.734504][ T4809]  dump_stack_lvl+0x95/0xd0
[   71.734547][ T4809]  dump_stack+0x15/0x1b
[   71.734568][ T4809]  should_fail_ex+0x263/0x280
[   71.734606][ T4809]  should_failslab+0x8c/0xb0
[   71.734646][ T4809]  __kmalloc_noprof+0xb8/0x580
[   71.734670][ T4809]  ? ___neigh_create+0x4c9/0x1290
[   71.734773][ T4809]  ? _raw_spin_lock_irqsave+0x57/0xb0
[   71.734808][ T4809]  ___neigh_create+0x4c9/0x1290
[   71.734829][ T4809]  ? ipt_do_table+0xa5f/0xb20
[   71.734952][ T4809]  ? netlbl_enabled+0x25/0x40
[   71.734991][ T4809]  ? selinux_ip_postroute+0x1a8/0xba0
[   71.735070][ T4809]  __neigh_create+0x54/0x70
[   71.735093][ T4809]  ip_neigh_gw4+0x12e/0x170
[   71.735123][ T4809]  ip_finish_output2+0x857/0x8b0
[   71.735148][ T4809]  ? __rcu_read_unlock+0x4e/0x70
[   71.735187][ T4809]  ip_finish_output+0x114/0x2a0
[   71.735211][ T4809]  ip_mc_output+0x25d/0x370
[   71.735300][ T4809]  ? __pfx_ip_finish_output+0x10/0x10
[   71.735329][ T4809]  ip_send_skb+0x151/0x160
[   71.735389][ T4809]  udp_send_skb+0x6e3/0xa40
[   71.735421][ T4809]  udp_sendmsg+0x1170/0x15d0
[   71.735557][ T4809]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   71.735589][ T4809]  ? __pfx_udp_sendmsg+0x10/0x10
[   71.735611][ T4809]  inet_sendmsg+0xac/0xd0
[   71.735634][ T4809]  ____sys_sendmsg+0x53a/0x600
[   71.735661][ T4809]  ___sys_sendmsg+0x195/0x1e0
[   71.735705][ T4809]  __x64_sys_sendmsg+0xd4/0x160
[   71.735771][ T4809]  x64_sys_call+0x17ba/0x3000
[   71.735803][ T4809]  do_syscall_64+0xc0/0x2a0
[   71.735862][ T4809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.735904][ T4809] RIP: 0033:0x7f954721aeb9
[   71.735921][ T4809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   71.735944][ T4809] RSP: 002b:00007f9545c77028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   71.736036][ T4809] RAX: ffffffffffffffda RBX: 00007f9547495fa0 RCX: 00007f954721aeb9
[   71.736054][ T4809] RDX: 0000000004000004 RSI: 0000200000000100 RDI: 0000000000000003
[   71.736071][ T4809] RBP: 00007f9545c77090 R08: 0000000000000000 R09: 0000000000000000
[   71.736088][ T4809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   71.736101][ T4809] R13: 00007f9547496038 R14: 00007f9547495fa0 R15: 00007ffc7ea77008
[   71.736125][ T4809]  </TASK>
[   72.078615][ T4815] loop6: detected capacity change from 0 to 128
[   72.095971][ T4815] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   72.114018][ T4815] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.230490][ T4562] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   72.294643][ T4827] loop0: detected capacity change from 0 to 4096
[   72.306053][ T4827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.321450][ T4827] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00000019, b_size=4096, device loop0 blocksize: 4096
[   72.346645][ T4827] grow_buffers: requested out-of-range block 144115188075855872 for device loop0
[   72.355859][ T4827] EXT4-fs warning (device loop0): ext4_resize_fs:2019: can't read last block, resize aborted
[   72.389180][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.500851][ T4838] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=4838 comm=syz.1.378
[   72.526795][ T4839] netlink: 32 bytes leftover after parsing attributes in process `syz.0.376'.
[   72.536424][ T4839] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   72.577138][ T4841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.379'.
[   72.586136][ T4841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.379'.
[   72.638259][ T4843] loop1: detected capacity change from 0 to 8192
[   72.782328][ T3313] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000e1b1)
[   72.790322][ T3313] FAT-fs (loop1): Filesystem has been set read-only
[   72.842008][ T4848] 9p: Bad value for 'rfdno'
[   72.847326][ T4848] capability: warning: `syz.1.382' uses deprecated v2 capabilities in a way that may be insecure
[   72.978084][ T4854] FAULT_INJECTION: forcing a failure.
[   72.978084][ T4854] name failslab, interval 1, probability 0, space 0, times 0
[   72.990871][ T4854] CPU: 1 UID: 0 PID: 4854 Comm: syz.1.383 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.990906][ T4854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   72.990922][ T4854] Call Trace:
[   72.990930][ T4854]  <TASK>
[   72.990939][ T4854]  __dump_stack+0x1d/0x30
[   72.991044][ T4854]  dump_stack_lvl+0x95/0xd0
[   72.991071][ T4854]  dump_stack+0x15/0x1b
[   72.991097][ T4854]  should_fail_ex+0x263/0x280
[   72.991130][ T4854]  should_failslab+0x8c/0xb0
[   72.991223][ T4854]  __kmalloc_cache_noprof+0x64/0x4a0
[   72.991326][ T4854]  ? v9fs_get_tree+0x49/0x5e0
[   72.991353][ T4854]  v9fs_get_tree+0x49/0x5e0
[   72.991449][ T4854]  ? security_capable+0x7b/0x90
[   72.991490][ T4854]  vfs_get_tree+0x57/0x1d0
[   72.991563][ T4854]  do_new_mount+0x288/0x700
[   72.991583][ T4854]  ? security_capable+0x7b/0x90
[   72.991618][ T4854]  path_mount+0x4d0/0xbc0
[   72.991641][ T4854]  ? user_path_at+0xbf/0x130
[   72.991719][ T4854]  __se_sys_mount+0x28c/0x2e0
[   72.991746][ T4854]  ? fput+0x8f/0xc0
[   72.991782][ T4854]  __x64_sys_mount+0x67/0x80
[   72.991803][ T4854]  x64_sys_call+0x2cca/0x3000
[   72.991861][ T4854]  do_syscall_64+0xc0/0x2a0
[   72.991928][ T4854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.991950][ T4854] RIP: 0033:0x7f995d2caeb9
[   72.991969][ T4854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   72.991988][ T4854] RSP: 002b:00007f995bd27028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   72.992031][ T4854] RAX: ffffffffffffffda RBX: 00007f995d545fa0 RCX: 00007f995d2caeb9
[   72.992051][ T4854] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[   72.992145][ T4854] RBP: 00007f995bd27090 R08: 0000200000000180 R09: 0000000000000000
[   72.992163][ T4854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   72.992177][ T4854] R13: 00007f995d546038 R14: 00007f995d545fa0 R15: 00007fff77e0ca88
[   72.992204][ T4854]  </TASK>
[   73.366434][ T4860] netlink: 4 bytes leftover after parsing attributes in process `syz.5.386'.
[   73.393639][ T4861] mmap: syz.0.387 (4861): VmData 29335552 exceed data ulimit 9868. Update limits or use boot option ignore_rlimit_data.
[   73.469432][ T4870] loop5: detected capacity change from 0 to 128
[   73.495249][ T4870] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.507910][ T4870] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   73.523245][ T4856] FAULT_INJECTION: forcing a failure.
[   73.523245][ T4856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.541784][ T4856] CPU: 0 UID: 0 PID: 4856 Comm: syz.1.384 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.541894][ T4856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   73.541911][ T4856] Call Trace:
[   73.541987][ T4856]  <TASK>
[   73.541996][ T4856]  __dump_stack+0x1d/0x30
[   73.542038][ T4856]  dump_stack_lvl+0x95/0xd0
[   73.542067][ T4856]  dump_stack+0x15/0x1b
[   73.542093][ T4856]  should_fail_ex+0x263/0x280
[   73.542133][ T4856]  should_fail+0xb/0x20
[   73.542250][ T4856]  should_fail_usercopy+0x1a/0x20
[   73.542358][ T4856]  _copy_to_user+0x20/0xa0
[   73.542382][ T4856]  pagemap_read+0x3ac/0x610
[   73.542438][ T4856]  ? __pfx_pagemap_read+0x10/0x10
[   73.542469][ T4856]  vfs_read+0x1ab/0x7f0
[   73.542492][ T4856]  ? __rcu_read_unlock+0x4e/0x70
[   73.542531][ T4856]  ? __fget_files+0x184/0x1c0
[   73.542614][ T4856]  __x64_sys_pread64+0xfd/0x150
[   73.542700][ T4856]  x64_sys_call+0x281b/0x3000
[   73.542734][ T4856]  do_syscall_64+0xc0/0x2a0
[   73.542824][ T4856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.542852][ T4856] RIP: 0033:0x7f995d2caeb9
[   73.542871][ T4856] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   73.542894][ T4856] RSP: 002b:00007f995bd27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[   73.542994][ T4856] RAX: ffffffffffffffda RBX: 00007f995d545fa0 RCX: 00007f995d2caeb9
[   73.543012][ T4856] RDX: 0000000000019000 RSI: 0000200000001240 RDI: 0000000000000005
[   73.543028][ T4856] RBP: 00007f995bd27090 R08: 0000000000000000 R09: 0000000000000000
[   73.543044][ T4856] R10: 0000001000000300 R11: 0000000000000246 R12: 0000000000000001
[   73.543060][ T4856] R13: 00007f995d546038 R14: 00007f995d545fa0 R15: 00007fff77e0ca88
[   73.543085][ T4856]  </TASK>
[   73.728148][   T29] kauditd_printk_skb: 635 callbacks suppressed
[   73.728199][   T29] audit: type=1326 audit(1770268274.996:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4844 comm="syz.3.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   73.811744][   T29] audit: type=1326 audit(1770268275.071:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4844 comm="syz.3.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fdfe6acaeb9 code=0x7ffc0000
[   73.905456][ T4886] netlink: 24 bytes leftover after parsing attributes in process `syz.0.391'.
[   73.914362][ T4886] netlink: 24 bytes leftover after parsing attributes in process `syz.0.391'.
[   73.948420][ T4271] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.988446][ T4892] netlink: 'syz.1.392': attribute type 1 has an invalid length.
[   73.996249][ T4892] netlink: 'syz.1.392': attribute type 2 has an invalid length.
[   74.028651][ T4894] bond1: option ad_select: invalid value (4)
[   74.073270][ T4894] bond1 (unregistering): Released all slaves
[   74.197536][ T4914] Illegal XDP return value 96416128 on prog  (id 95) dev N/A, expect packet loss!
[   74.206950][   T29] audit: type=1400 audit(1770268275.426:2318): avc:  denied  { compute_member } for  pid=4913 comm="syz.6.398" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   74.279318][ T4914] hub 8-0:1.0: USB hub found
[   74.289589][ T4914] hub 8-0:1.0: 8 ports detected
[   74.322492][ T4922] 9p: Bad value for 'rfdno'
[   74.335103][   T29] audit: type=1400 audit(1770268275.548:2319): avc:  denied  { setopt } for  pid=4921 comm="syz.3.402" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   74.339407][ T4922] xt_hashlimit: size too large, truncated to 1048576
[   74.363138][ T4920] usb usb4: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   74.375606][ T4920] vhci_hcd vhci_hcd.1: invalid port number 253
[   74.523273][ T4929] netlink: 'syz.0.404': attribute type 1 has an invalid length.
[   74.577394][   T29] audit: type=1400 audit(1770268275.763:2320): avc:  denied  { getopt } for  pid=4926 comm="syz.1.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   74.690797][   T29] audit: type=1326 audit(1770268275.894:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4942 comm="syz.1.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f995d2caeb9 code=0x7ffc0000
[   74.714241][   T29] audit: type=1326 audit(1770268275.894:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4942 comm="syz.1.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f995d2caeb9 code=0x7ffc0000
[   74.737661][   T29] audit: type=1326 audit(1770268275.894:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4942 comm="syz.1.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f995d2caeb9 code=0x7ffc0000
[   74.761040][   T29] audit: type=1326 audit(1770268275.894:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4942 comm="syz.1.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f995d2caeb9 code=0x7ffc0000
[   74.784533][   T29] audit: type=1326 audit(1770268275.894:2325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4942 comm="syz.1.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f995d2caeb9 code=0x7ffc0000
[   74.905105][ T4967] loop0: detected capacity change from 0 to 512
[   74.926884][ T4967] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[   74.942605][ T4967] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[   75.008527][ T4976] netlink: 'syz.6.412': attribute type 4 has an invalid length.
[   75.015703][ T4976] netlink: 'syz.6.412': attribute type 4 has an invalid length.
[   75.071877][ T4969] program syz.6.412 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   75.114713][ T4980] loop5: detected capacity change from 0 to 128
[   75.121661][ T4980] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   75.151661][ T4987] loop3: detected capacity change from 0 to 512
[   75.178536][ T4987] EXT4-fs warning (device loop3): read_mmp_block:111: Error -117 while reading MMP block 12
[   75.228998][ T4980] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   75.282581][ T4987] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   75.306459][ T4986] tipc: Disabling bearer <eth:syzkaller0>
[   75.495479][ T5018] loop6: detected capacity change from 0 to 1024
[   75.548711][ T5018] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.755298][ T5042] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5042 comm=syz.1.429
[   75.770751][ T5042] smc: net device bond0 applied user defined pnetid SYZ0
[   75.778691][ T5042] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=5042 comm=syz.1.429
[   75.792305][ T5042] x_tables: unsorted underflow at hook 1
[   75.852084][ T5045] unsupported nlmsg_type 40
[   75.913590][ T5048] loop1: detected capacity change from 0 to 1024
[   75.923863][ T5048] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   75.932606][ T5048] EXT4-fs (loop1): filesystem too large to mount safely on this system
[   76.062432][ T5055] loop1: detected capacity change from 0 to 1024
[   76.070688][ T5055] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   76.341442][ T5066] loop5: detected capacity change from 0 to 512
[   76.363063][ T5066] EXT4-fs warning (device loop5): read_mmp_block:111: Error -117 while reading MMP block 12
[   76.377238][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.399342][ T5066] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   76.408168][ T5065] tipc: Disabling bearer <eth:syzkaller0>
[   76.532321][ T5076] __nla_validate_parse: 8 callbacks suppressed
[   76.532349][ T5076] netlink: 8 bytes leftover after parsing attributes in process `syz.6.441'.
[   76.547549][ T5076] netlink: 4 bytes leftover after parsing attributes in process `syz.6.441'.
[   76.566449][   T52] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   76.575366][   T52] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   76.584584][ T5076] netlink: 8 bytes leftover after parsing attributes in process `syz.6.441'.
[   76.593559][ T5076] netlink: 4 bytes leftover after parsing attributes in process `syz.6.441'.
[   76.598207][   T52] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   76.611325][   T52] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   76.633925][ T5076] loop6: detected capacity change from 0 to 512
[   76.641130][ T5076] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   76.665630][ T5076] ieee802154 phy0 wpan0: encryption failed: -22
[   76.693590][ T5083] FAULT_INJECTION: forcing a failure.
[   76.693590][ T5083] name failslab, interval 1, probability 0, space 0, times 0
[   76.706851][ T5083] CPU: 0 UID: 0 PID: 5083 Comm: syz.6.443 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.706883][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   76.706898][ T5083] Call Trace:
[   76.706906][ T5083]  <TASK>
[   76.706916][ T5083]  __dump_stack+0x1d/0x30
[   76.706947][ T5083]  dump_stack_lvl+0x95/0xd0
[   76.706977][ T5083]  dump_stack+0x15/0x1b
[   76.707003][ T5083]  should_fail_ex+0x263/0x280
[   76.707038][ T5083]  should_failslab+0x8c/0xb0
[   76.707066][ T5083]  __kmalloc_cache_noprof+0x64/0x4a0
[   76.707100][ T5083]  ? resv_map_alloc+0x32/0x190
[   76.707137][ T5083]  resv_map_alloc+0x32/0x190
[   76.707171][ T5083]  hugetlb_reserve_pages+0x108/0xac0
[   76.707202][ T5083]  hugetlbfs_file_mmap_prepare+0x203/0x2e0
[   76.707235][ T5083]  mmap_region+0xc1a/0x1d20
[   76.707261][ T5083]  ? avc_has_perm+0x101/0x190
[   76.707301][ T5083]  ? __rcu_read_unlock+0x33/0x70
[   76.707340][ T5083]  ? context_to_sid+0x2da/0x310
[   76.707404][ T5083]  do_mmap+0x9b2/0xbd0
[   76.707447][ T5083]  vm_mmap_pgoff+0x183/0x2d0
[   76.707476][ T5083]  ksys_mmap_pgoff+0x2cf/0x310
[   76.707530][ T5083]  x64_sys_call+0x16bb/0x3000
[   76.707564][ T5083]  do_syscall_64+0xc0/0x2a0
[   76.707605][ T5083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.707634][ T5083] RIP: 0033:0x7f463840aeb9
[   76.707655][ T5083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   76.707678][ T5083] RSP: 002b:00007f4636e67028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   76.707699][ T5083] RAX: ffffffffffffffda RBX: 00007f4638685fa0 RCX: 00007f463840aeb9
[   76.707719][ T5083] RDX: 0000000000000000 RSI: 0000000001400000 RDI: 0000200000000000
[   76.707732][ T5083] RBP: 00007f4636e67090 R08: ffffffffffffffff R09: 0000000000000000
[   76.707747][ T5083] R10: 00000000000c3072 R11: 0000000000000246 R12: 0000000000000002
[   76.707763][ T5083] R13: 00007f4638686038 R14: 00007f4638685fa0 R15: 00007ffc5e5dc288
[   76.707784][ T5083]  </TASK>
[   76.927247][ T5090] netlink: 'syz.3.446': attribute type 12 has an invalid length.
[   77.193953][ T5109] team0: entered allmulticast mode
[   77.199291][ T5109] team_slave_0: entered allmulticast mode
[   77.205122][ T5109] team_slave_1: entered allmulticast mode
[   77.210915][ T5109] bond1: entered allmulticast mode
[   77.221775][ T5109] team0: left allmulticast mode
[   77.226887][ T5109] team_slave_0: left allmulticast mode
[   77.232887][ T5109] team_slave_1: left allmulticast mode
[   77.238612][ T5109] bond1: left allmulticast mode
[   77.256690][ T5113] program syz.6.456 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   77.267849][ T5111] team0: entered allmulticast mode
[   77.273077][ T5111] team_slave_0: entered allmulticast mode
[   77.278955][ T5111] team_slave_1: entered allmulticast mode
[   77.284862][ T5111] bond1: entered allmulticast mode
[   77.307181][ T5111] team0: left allmulticast mode
[   77.312142][ T5111] team_slave_0: left allmulticast mode
[   77.317655][ T5111] team_slave_1: left allmulticast mode
[   77.323141][ T5111] bond1: left allmulticast mode
[   77.338639][ T5111] FAULT_INJECTION: forcing a failure.
[   77.338639][ T5111] name failslab, interval 1, probability 0, space 0, times 0
[   77.351379][ T5111] CPU: 1 UID: 0 PID: 5111 Comm: syz.3.457 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   77.351409][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   77.351495][ T5111] Call Trace:
[   77.351582][ T5111]  <TASK>
[   77.351589][ T5111]  __dump_stack+0x1d/0x30
[   77.351621][ T5111]  dump_stack_lvl+0x95/0xd0
[   77.351705][ T5111]  dump_stack+0x15/0x1b
[   77.351732][ T5111]  should_fail_ex+0x263/0x280
[   77.351769][ T5111]  should_failslab+0x8c/0xb0
[   77.351857][ T5111]  kmem_cache_alloc_node_noprof+0x6a/0x4a0
[   77.351889][ T5111]  ? __alloc_skb+0x2f0/0x4b0
[   77.351923][ T5111]  ? __dev_notify_flags+0x238/0x390
[   77.351960][ T5111]  __alloc_skb+0x2f0/0x4b0
[   77.352059][ T5111]  ? __alloc_skb+0x219/0x4b0
[   77.352165][ T5111]  inet6_netconf_notify_devconf+0x10f/0x1d0
[   77.352285][ T5111]  mif6_delete+0x321/0x420
[   77.352326][ T5111]  mroute_clean_tables+0x13a/0xbb0
[   77.352384][ T5111]  ? should_fail_ex+0xd9/0x280
[   77.352424][ T5111]  ip6_mroute_setsockopt+0x8ba/0xa80
[   77.352510][ T5111]  do_ipv6_setsockopt+0x21d/0x21d0
[   77.352542][ T5111]  ? _parse_integer+0x27/0x40
[   77.352634][ T5111]  ? kstrtoull+0x111/0x140
[   77.352661][ T5111]  ? __rcu_read_unlock+0x4e/0x70
[   77.352692][ T5111]  ? avc_has_perm_noaudit+0xab/0x130
[   77.352736][ T5111]  ? selinux_netlbl_socket_setsockopt+0x20d/0x2f0
[   77.352867][ T5111]  ipv6_setsockopt+0x59/0x130
[   77.352895][ T5111]  rawv6_setsockopt+0x1d2/0x410
[   77.352927][ T5111]  sock_common_setsockopt+0x69/0x80
[   77.352961][ T5111]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   77.353173][ T5111]  __sys_setsockopt+0x184/0x200
[   77.353287][ T5111]  __x64_sys_setsockopt+0x64/0x80
[   77.353330][ T5111]  x64_sys_call+0x21d5/0x3000
[   77.353378][ T5111]  do_syscall_64+0xc0/0x2a0
[   77.353411][ T5111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.353439][ T5111] RIP: 0033:0x7fdfe6acaeb9
[   77.353481][ T5111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   77.353502][ T5111] RSP: 002b:00007fdfe5527028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   77.353528][ T5111] RAX: ffffffffffffffda RBX: 00007fdfe6d45fa0 RCX: 00007fdfe6acaeb9
[   77.353548][ T5111] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003
[   77.353711][ T5111] RBP: 00007fdfe5527090 R08: 0000000000000004 R09: 0000000000000000
[   77.353724][ T5111] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   77.353740][ T5111] R13: 00007fdfe6d46038 R14: 00007fdfe6d45fa0 R15: 00007ffcf844efe8
[   77.353765][ T5111]  </TASK>
[   77.380823][ T5119] loop1: detected capacity change from 0 to 512
[   77.638205][ T5119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.660018][ T5128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.463'.
[   77.683886][ T5119] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.715474][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.823165][ T5139] loop1: detected capacity change from 0 to 8192
[   77.839346][ T5139] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   78.277193][ T5152] FAULT_INJECTION: forcing a failure.
[   78.277193][ T5152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.290459][ T5152] CPU: 0 UID: 0 PID: 5152 Comm: syz.0.470 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.290493][ T5152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   78.290561][ T5152] Call Trace:
[   78.290569][ T5152]  <TASK>
[   78.290579][ T5152]  __dump_stack+0x1d/0x30
[   78.290619][ T5152]  dump_stack_lvl+0x95/0xd0
[   78.290643][ T5152]  dump_stack+0x15/0x1b
[   78.290669][ T5152]  should_fail_ex+0x263/0x280
[   78.290701][ T5152]  should_fail+0xb/0x20
[   78.290784][ T5152]  should_fail_usercopy+0x1a/0x20
[   78.290879][ T5152]  _copy_to_user+0x20/0xa0
[   78.290908][ T5152]  simple_read_from_buffer+0xb5/0x130
[   78.290957][ T5152]  proc_fail_nth_read+0x10e/0x150
[   78.290994][ T5152]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   78.291062][ T5152]  vfs_read+0x1ab/0x7f0
[   78.291084][ T5152]  ? __rcu_read_unlock+0x4e/0x70
[   78.291124][ T5152]  ? __fget_files+0x184/0x1c0
[   78.291155][ T5152]  ? mutex_lock+0x57/0x90
[   78.291289][ T5152]  ksys_read+0xdc/0x1a0
[   78.291316][ T5152]  __x64_sys_read+0x40/0x50
[   78.291402][ T5152]  x64_sys_call+0x2889/0x3000
[   78.291437][ T5152]  do_syscall_64+0xc0/0x2a0
[   78.291478][ T5152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.291554][ T5152] RIP: 0033:0x7fb920c5b78e
[   78.291571][ T5152] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   78.291600][ T5152] RSP: 002b:00007fb91f6f6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   78.291627][ T5152] RAX: ffffffffffffffda RBX: 00007fb91f6f76c0 RCX: 00007fb920c5b78e
[   78.291703][ T5152] RDX: 000000000000000f RSI: 00007fb91f6f70a0 RDI: 0000000000000003
[   78.291721][ T5152] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   78.291739][ T5152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.291757][ T5152] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   78.291784][ T5152]  </TASK>
[   78.664024][ T5161] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.681050][ T5161] FAULT_INJECTION: forcing a failure.
[   78.681050][ T5161] name failslab, interval 1, probability 0, space 0, times 0
[   78.693772][ T5161] CPU: 0 UID: 0 PID: 5161 Comm: syz.3.474 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.693798][ T5161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   78.693842][ T5161] Call Trace:
[   78.693849][ T5161]  <TASK>
[   78.693857][ T5161]  __dump_stack+0x1d/0x30
[   78.693942][ T5161]  dump_stack_lvl+0x95/0xd0
[   78.693968][ T5161]  dump_stack+0x15/0x1b
[   78.694066][ T5161]  should_fail_ex+0x263/0x280
[   78.694103][ T5161]  should_failslab+0x8c/0xb0
[   78.694131][ T5161]  __kmalloc_node_track_caller_noprof+0xb8/0x590
[   78.694169][ T5161]  ? vfs_parse_monolithic_sep+0x16a/0x270
[   78.694266][ T5161]  kmemdup_nul+0x36/0xc0
[   78.694285][ T5161]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[   78.694312][ T5161]  vfs_parse_monolithic_sep+0x16a/0x270
[   78.694381][ T5161]  generic_parse_monolithic+0x24/0x30
[   78.694474][ T5161]  parse_monolithic_mount_data+0x46/0x60
[   78.694502][ T5161]  path_mount+0xaa4/0xbc0
[   78.694533][ T5161]  __se_sys_mount+0x28c/0x2e0
[   78.694564][ T5161]  __x64_sys_mount+0x67/0x80
[   78.694588][ T5161]  x64_sys_call+0x2cca/0x3000
[   78.694694][ T5161]  do_syscall_64+0xc0/0x2a0
[   78.694731][ T5161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.694758][ T5161] RIP: 0033:0x7fdfe6acc14a
[   78.694779][ T5161] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   78.694880][ T5161] RSP: 002b:00007fdfe5526e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   78.694906][ T5161] RAX: ffffffffffffffda RBX: 00007fdfe5526ee0 RCX: 00007fdfe6acc14a
[   78.694925][ T5161] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[   78.694942][ T5161] RBP: 0000200000000f40 R08: 00007fdfe5526ee0 R09: 000000000324a038
[   78.694960][ T5161] R10: 000000000324a038 R11: 0000000000000246 R12: 0000200000000f00
[   78.694978][ T5161] R13: 00007fdfe5526ea0 R14: 0000000000000000 R15: 00002000000008c0
[   78.695065][ T5161]  </TASK>
[   78.960285][ T5173] EXT4-fs: Ignoring removed nobh option
[   78.973106][ T5173] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.996557][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.018072][ T5173] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.041636][ T5176] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.064958][ T5173] netlink: 4 bytes leftover after parsing attributes in process `syz.6.478'.
[   79.074004][ T5176] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.088177][   T29] kauditd_printk_skb: 954 callbacks suppressed
[   79.088192][   T29] audit: type=1326 audit(1770268280.009:3280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.117978][   T29] audit: type=1326 audit(1770268280.019:3281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.118504][ T5173] hsr_slave_0: left promiscuous mode
[   79.141279][   T29] audit: type=1326 audit(1770268280.019:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.170117][   T29] audit: type=1326 audit(1770268280.019:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.193497][   T29] audit: type=1326 audit(1770268280.019:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.216841][   T29] audit: type=1326 audit(1770268280.028:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.240270][   T29] audit: type=1326 audit(1770268280.028:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.263726][   T29] audit: type=1326 audit(1770268280.028:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.266190][ T4271] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.287123][   T29] audit: type=1326 audit(1770268280.066:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.287160][   T29] audit: type=1326 audit(1770268280.066:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5155 comm="syz.0.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   79.300788][ T5185] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #15: comm syz.6.478: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 516(4), depth 0(0)
[   79.321116][ T5173] hsr_slave_1: left promiscuous mode
[   79.351077][ T5185] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #15: comm syz.6.478: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 516(4), depth 0(0)
[   79.433521][ T5184] syzkaller0: entered promiscuous mode
[   79.439038][ T5184] syzkaller0: entered allmulticast mode
[   79.503079][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.573005][ T5196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.484'.
[   80.000035][ T5218] netlink: 36 bytes leftover after parsing attributes in process `syz.0.493'.
[   80.051963][ T5219] netlink: 36 bytes leftover after parsing attributes in process `syz.0.493'.
[   80.095217][ T5221] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   80.187062][ T5228] syzkaller0: entered promiscuous mode
[   80.192848][ T5228] syzkaller0: entered allmulticast mode
[   80.372408][ T5243] set_capacity_and_notify: 3 callbacks suppressed
[   80.372423][ T5243] loop0: detected capacity change from 0 to 512
[   80.416226][ T5243] EXT4-fs warning (device loop0): read_mmp_block:111: Error -117 while reading MMP block 12
[   80.469828][ T5243] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   80.502507][ T5241] tipc: Disabling bearer <eth:syzkaller0>
[   80.547235][ T5250] loop3: detected capacity change from 0 to 512
[   80.554905][ T5250] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   80.704640][   T37] Bluetooth: hci0: Frame reassembly failed (-84)
[   80.964414][ T5301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.517'.
[   80.975728][ T5307] netlink: 'syz.0.518': attribute type 21 has an invalid length.
[   80.989957][ T5307] loop0: detected capacity change from 0 to 1024
[   81.017234][ T5307] EXT4-fs: Ignoring removed oldalloc option
[   81.023232][ T5307] EXT4-fs: Ignoring removed bh option
[   81.045764][ T5307] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.118576][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.190412][ T5325] FAULT_INJECTION: forcing a failure.
[   81.190412][ T5325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   81.203690][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.522 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   81.203767][ T5325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   81.203783][ T5325] Call Trace:
[   81.203792][ T5325]  <TASK>
[   81.203803][ T5325]  __dump_stack+0x1d/0x30
[   81.203835][ T5325]  dump_stack_lvl+0x95/0xd0
[   81.203857][ T5325]  dump_stack+0x15/0x1b
[   81.203900][ T5325]  should_fail_ex+0x263/0x280
[   81.203933][ T5325]  should_fail+0xb/0x20
[   81.203961][ T5325]  should_fail_usercopy+0x1a/0x20
[   81.204021][ T5325]  _copy_from_iter+0xcf/0xea0
[   81.204040][ T5325]  ? __alloc_skb+0x397/0x4b0
[   81.204074][ T5325]  ? __alloc_skb+0x219/0x4b0
[   81.204174][ T5325]  netlink_sendmsg+0x4ae/0x6f0
[   81.204196][ T5325]  ? __pfx_netlink_sendmsg+0x10/0x10
[   81.204258][ T5325]  ____sys_sendmsg+0x5af/0x600
[   81.204344][ T5325]  ___sys_sendmsg+0x195/0x1e0
[   81.204399][ T5325]  __x64_sys_sendmsg+0xd4/0x160
[   81.204452][ T5325]  x64_sys_call+0x17ba/0x3000
[   81.204486][ T5325]  do_syscall_64+0xc0/0x2a0
[   81.204569][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.204616][ T5325] RIP: 0033:0x7fb920c9aeb9
[   81.204646][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   81.204669][ T5325] RSP: 002b:00007fb91f6f7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   81.204767][ T5325] RAX: ffffffffffffffda RBX: 00007fb920f15fa0 RCX: 00007fb920c9aeb9
[   81.204787][ T5325] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   81.204803][ T5325] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   81.204819][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.204834][ T5325] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   81.204862][ T5325]  </TASK>
[   81.765633][ T5359] loop0: detected capacity change from 0 to 8192
[   81.903818][ T5369] loop0: detected capacity change from 0 to 512
[   81.914374][ T5369] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   81.934161][ T5369] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4215: comm syz.0.533: Allocating blocks 41-42 which overlap fs metadata
[   81.948331][ T5369] EXT4-fs (loop0): Remounting filesystem read-only
[   81.955214][ T5369] EXT4-fs (loop0): 1 truncate cleaned up
[   81.961287][ T5369] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.021357][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.182266][ T5386] FAULT_INJECTION: forcing a failure.
[   82.182266][ T5386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   82.195549][ T5386] CPU: 0 UID: 0 PID: 5386 Comm: syz.0.538 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   82.195581][ T5386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   82.195596][ T5386] Call Trace:
[   82.195603][ T5386]  <TASK>
[   82.195612][ T5386]  __dump_stack+0x1d/0x30
[   82.195691][ T5386]  dump_stack_lvl+0x95/0xd0
[   82.195771][ T5386]  dump_stack+0x15/0x1b
[   82.195795][ T5386]  should_fail_ex+0x263/0x280
[   82.195831][ T5386]  should_fail+0xb/0x20
[   82.195866][ T5386]  should_fail_usercopy+0x1a/0x20
[   82.196047][ T5386]  _copy_to_user+0x20/0xa0
[   82.196065][ T5386]  do_pagemap_cmd+0xb5f/0xc10
[   82.196155][ T5386]  ? __pfx_do_pagemap_cmd+0x10/0x10
[   82.196198][ T5386]  __se_sys_ioctl+0xce/0x140
[   82.196261][ T5386]  __x64_sys_ioctl+0x43/0x50
[   82.196345][ T5386]  x64_sys_call+0x14b0/0x3000
[   82.196367][ T5386]  do_syscall_64+0xc0/0x2a0
[   82.196395][ T5386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.196415][ T5386] RIP: 0033:0x7fb920c9aeb9
[   82.196489][ T5386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   82.196505][ T5386] RSP: 002b:00007fb91f6f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.196523][ T5386] RAX: ffffffffffffffda RBX: 00007fb920f15fa0 RCX: 00007fb920c9aeb9
[   82.196551][ T5386] RDX: 0000200000000140 RSI: 00000000c0606610 RDI: 0000000000000003
[   82.196620][ T5386] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   82.196641][ T5386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.196710][ T5386] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   82.196729][ T5386]  </TASK>
[   82.423714][ T5394] syzkaller0: entered promiscuous mode
[   82.429293][ T5394] syzkaller0: entered allmulticast mode
[   82.588056][ T5408] __nla_validate_parse: 2 callbacks suppressed
[   82.588076][ T5408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.539'.
[   82.648581][ T5408] loop0: detected capacity change from 0 to 1764
[   82.659864][ T5408] iso9660: Bad value for 'uid'
[   82.664829][ T5408] iso9660: Bad value for 'uid'
[   82.708061][ T5417] loop1: detected capacity change from 0 to 764
[   82.733217][ T5417] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   82.752018][ T5408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.539'.
[   82.824700][ T5419] loop5: detected capacity change from 0 to 8192
[   82.862958][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   82.907041][ T5429] syzkaller0: entered promiscuous mode
[   82.912598][ T5429] syzkaller0: entered allmulticast mode
[   82.957654][ T5433] loop3: detected capacity change from 0 to 512
[   82.968196][ T5433] EXT4-fs warning (device loop3): read_mmp_block:111: Error -117 while reading MMP block 12
[   82.984345][ T5433] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   83.003116][ T5432] tipc: Disabling bearer <eth:syzkaller0>
[   83.065400][ T5443] loop3: detected capacity change from 0 to 512
[   83.073892][ T5443] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   83.108300][ T5447] FAULT_INJECTION: forcing a failure.
[   83.108300][ T5447] name failslab, interval 1, probability 0, space 0, times 0
[   83.121061][ T5447] CPU: 0 UID: 0 PID: 5447 Comm: syz.3.550 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   83.121093][ T5447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   83.121109][ T5447] Call Trace:
[   83.121117][ T5447]  <TASK>
[   83.121127][ T5447]  __dump_stack+0x1d/0x30
[   83.121205][ T5447]  dump_stack_lvl+0x95/0xd0
[   83.121233][ T5447]  dump_stack+0x15/0x1b
[   83.121257][ T5447]  should_fail_ex+0x263/0x280
[   83.121307][ T5447]  should_failslab+0x8c/0xb0
[   83.121336][ T5447]  __kmalloc_noprof+0xb8/0x580
[   83.121367][ T5447]  ? ethnl_default_doit+0xc6/0x910
[   83.121432][ T5447]  ethnl_default_doit+0xc6/0x910
[   83.121453][ T5447]  ? genl_family_rcv_msg_attrs_parse+0x13b/0x190
[   83.121555][ T5447]  ? genl_family_rcv_msg_attrs_parse+0x184/0x190
[   83.121594][ T5447]  genl_family_rcv_msg_doit+0x187/0x1f0
[   83.121631][ T5447]  genl_rcv_msg+0x432/0x470
[   83.121662][ T5447]  ? __pfx_ethnl_default_doit+0x10/0x10
[   83.121768][ T5447]  netlink_rcv_skb+0x123/0x220
[   83.121800][ T5447]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.121856][ T5447]  genl_rcv+0x28/0x40
[   83.121877][ T5447]  netlink_unicast+0x5c0/0x690
[   83.121917][ T5447]  netlink_sendmsg+0x5c8/0x6f0
[   83.121942][ T5447]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.122032][ T5447]  ____sys_sendmsg+0x5af/0x600
[   83.122058][ T5447]  ___sys_sendmsg+0x195/0x1e0
[   83.122089][ T5447]  __x64_sys_sendmsg+0xd4/0x160
[   83.122111][ T5447]  x64_sys_call+0x17ba/0x3000
[   83.122164][ T5447]  do_syscall_64+0xc0/0x2a0
[   83.122204][ T5447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.122360][ T5447] RIP: 0033:0x7fdfe6acaeb9
[   83.122385][ T5447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.122407][ T5447] RSP: 002b:00007fdfe5527028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.122432][ T5447] RAX: ffffffffffffffda RBX: 00007fdfe6d45fa0 RCX: 00007fdfe6acaeb9
[   83.122450][ T5447] RDX: 0000000004008800 RSI: 0000200000000840 RDI: 0000000000000004
[   83.122468][ T5447] RBP: 00007fdfe5527090 R08: 0000000000000000 R09: 0000000000000000
[   83.122485][ T5447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   83.122508][ T5447] R13: 00007fdfe6d46038 R14: 00007fdfe6d45fa0 R15: 00007ffcf844efe8
[   83.122533][ T5447]  </TASK>
[   83.388457][ T5451] syzkaller0: entered promiscuous mode
[   83.394012][ T5451] syzkaller0: entered allmulticast mode
[   83.467345][ T5453] ªªªªªª: renamed from vlan0 (while UP)
[   83.587155][ T5458] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.610562][ T5458] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.726498][ T5473] program syz.1.561 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   83.790811][ T5477] EXT4-fs: Ignoring removed nobh option
[   83.823079][ T5477] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.839612][ T5477] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.979638][ T5501] netlink: 'syz.6.566': attribute type 27 has an invalid length.
[   84.005875][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   84.075622][ T5501] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.082826][ T5501] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.137405][ T5516] FAULT_INJECTION: forcing a failure.
[   84.137405][ T5516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.150609][ T5516] CPU: 0 UID: 0 PID: 5516 Comm: syz.5.569 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.150700][ T5516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   84.150716][ T5516] Call Trace:
[   84.150741][ T5516]  <TASK>
[   84.150750][ T5516]  __dump_stack+0x1d/0x30
[   84.150815][ T5516]  dump_stack_lvl+0x95/0xd0
[   84.150843][ T5516]  dump_stack+0x15/0x1b
[   84.150937][ T5516]  should_fail_ex+0x263/0x280
[   84.150991][ T5516]  should_fail+0xb/0x20
[   84.151027][ T5516]  should_fail_usercopy+0x1a/0x20
[   84.151065][ T5516]  _copy_from_user+0x1c/0xb0
[   84.151086][ T5516]  memdup_sockptr_noprof+0x70/0xd0
[   84.151136][ T5516]  raw_setsockopt+0x2f1/0xcb0
[   84.151166][ T5516]  ? __pfx_raw_setsockopt+0x10/0x10
[   84.151207][ T5516]  __sys_setsockopt+0x184/0x200
[   84.151267][ T5516]  __x64_sys_setsockopt+0x64/0x80
[   84.151385][ T5516]  x64_sys_call+0x21d5/0x3000
[   84.151418][ T5516]  do_syscall_64+0xc0/0x2a0
[   84.151521][ T5516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.151569][ T5516] RIP: 0033:0x7f954721aeb9
[   84.151590][ T5516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.151610][ T5516] RSP: 002b:00007f9545c77028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   84.151644][ T5516] RAX: ffffffffffffffda RBX: 00007f9547495fa0 RCX: 00007f954721aeb9
[   84.151695][ T5516] RDX: 0000000000000001 RSI: 0000000000000065 RDI: 0000000000000003
[   84.151712][ T5516] RBP: 00007f9545c77090 R08: 0000000000000f00 R09: 0000000000000000
[   84.151730][ T5516] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[   84.151747][ T5516] R13: 00007f9547496038 R14: 00007f9547495fa0 R15: 00007ffc7ea77008
[   84.151772][ T5516]  </TASK>
[   84.157627][ T5501] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.350650][ T5501] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.397385][   T53] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   84.406381][   T53] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.433953][   T53] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   84.443013][   T53] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.452960][   T53] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   84.462178][   T53] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.542866][   T29] kauditd_printk_skb: 864 callbacks suppressed
[   84.542909][   T29] audit: type=1400 audit(1770268285.107:4150): avc:  denied  { write } for  pid=5537 comm="syz.0.576" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   84.578447][   T12] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   84.587397][   T12] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.599166][   T29] audit: type=1400 audit(1770268285.164:4151): avc:  denied  { wake_alarm } for  pid=5532 comm="syz.1.571" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   84.644857][   T29] audit: type=1400 audit(1770268285.201:4152): avc:  denied  { ioctl } for  pid=5545 comm="syz.5.577" path="socket:[11897]" dev="sockfs" ino=11897 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   84.683280][   T29] audit: type=1400 audit(1770268285.201:4153): avc:  denied  { cpu } for  pid=5537 comm="syz.0.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   84.702442][   T29] audit: type=1400 audit(1770268285.229:4154): avc:  denied  { validate_trans } for  pid=5545 comm="syz.5.577" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   84.762031][ T5539] syz.0.576 (5539) used obsolete PPPIOCDETACH ioctl
[   84.774908][   T29] audit: type=1400 audit(1770268285.285:4155): avc:  denied  { accept } for  pid=5548 comm="syz.5.579" lport=58899 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   84.985388][   T29] audit: type=1400 audit(1770268285.519:4156): avc:  denied  { bind } for  pid=5569 comm="syz.5.587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   85.010816][ T5574] netlink: 'syz.6.589': attribute type 32 has an invalid length.
[   85.079412][   T29] audit: type=1400 audit(1770268285.612:4157): avc:  denied  { create } for  pid=5581 comm="syz.5.591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[   85.117314][   T29] audit: type=1400 audit(1770268285.631:4158): avc:  denied  { write } for  pid=5581 comm="syz.5.591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[   85.137998][   T29] audit: type=1326 audit(1770268285.641:4159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5583 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb920c9aeb9 code=0x7ffc0000
[   85.200833][ T5596] EXT4-fs warning (device loop5): read_mmp_block:111: Error -117 while reading MMP block 12
[   85.248231][ T5582] netlink: 24 bytes leftover after parsing attributes in process `syz.6.589'.
[   85.274814][ T5596] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   85.291584][ T5595] tipc: Disabling bearer <eth:syzkaller0>
[   85.301073][ T5602] FAULT_INJECTION: forcing a failure.
[   85.301073][ T5602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.314304][ T5602] CPU: 1 UID: 0 PID: 5602 Comm: syz.6.596 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.314400][ T5602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   85.314417][ T5602] Call Trace:
[   85.314425][ T5602]  <TASK>
[   85.314435][ T5602]  __dump_stack+0x1d/0x30
[   85.314467][ T5602]  dump_stack_lvl+0x95/0xd0
[   85.314557][ T5602]  dump_stack+0x15/0x1b
[   85.314578][ T5602]  should_fail_ex+0x263/0x280
[   85.314617][ T5602]  should_fail+0xb/0x20
[   85.314715][ T5602]  should_fail_usercopy+0x1a/0x20
[   85.314777][ T5602]  _copy_to_user+0x20/0xa0
[   85.314847][ T5602]  simple_read_from_buffer+0xb5/0x130
[   85.314897][ T5602]  proc_fail_nth_read+0x10e/0x150
[   85.314928][ T5602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   85.314971][ T5602]  vfs_read+0x1ab/0x7f0
[   85.314995][ T5602]  ? __schedule+0x82d/0xc90
[   85.315025][ T5602]  ? __rcu_read_unlock+0x4e/0x70
[   85.315065][ T5602]  ? __fget_files+0x184/0x1c0
[   85.315095][ T5602]  ? mutex_lock+0x57/0x90
[   85.315123][ T5602]  ksys_read+0xdc/0x1a0
[   85.315143][ T5602]  __x64_sys_read+0x40/0x50
[   85.315212][ T5602]  x64_sys_call+0x2889/0x3000
[   85.315308][ T5602]  do_syscall_64+0xc0/0x2a0
[   85.315346][ T5602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.315374][ T5602] RIP: 0033:0x7f46383cb78e
[   85.315393][ T5602] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   85.315476][ T5602] RSP: 002b:00007f4636e66fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.315497][ T5602] RAX: ffffffffffffffda RBX: 00007f4636e676c0 RCX: 00007f46383cb78e
[   85.315560][ T5602] RDX: 000000000000000f RSI: 00007f4636e670a0 RDI: 0000000000000003
[   85.315578][ T5602] RBP: 00007f4636e67090 R08: 0000000000000000 R09: 0000000000000000
[   85.315595][ T5602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.315610][ T5602] R13: 00007f4638686038 R14: 00007f4638685fa0 R15: 00007ffc5e5dc288
[   85.315631][ T5602]  </TASK>
[   85.333408][ T5600] usb usb8: usbfs: process 5600 (syz.1.595) did not claim interface 0 before use
[   85.597263][ T5608] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.650320][ T5608] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.666461][ T5608] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.921932][ T5650] netlink: 8 bytes leftover after parsing attributes in process `syz.6.604'.
[   86.193243][ T5668] set_capacity_and_notify: 8 callbacks suppressed
[   86.193260][ T5668] loop0: detected capacity change from 0 to 256
[   86.210270][ T5668] FAT-fs (loop0): Directory bread(block 1285) failed
[   86.220589][ T5668] FAT-fs (loop0): Directory bread(block 1285) failed
[   86.330580][ T5669] loop3: detected capacity change from 0 to 8192
[   86.339886][ T5669] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   86.347609][ T5669] FAT-fs (loop3): Filesystem has been set read-only
[   86.356468][ T5672] netlink: 'syz.0.610': attribute type 4 has an invalid length.
[   86.364655][ T5672] netlink: 'syz.0.610': attribute type 4 has an invalid length.
[   86.384590][ T5669] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   86.471188][ T3319] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   86.479524][ T3319] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   86.537722][ T4271] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.797324][   T37] bridge_slave_1: left allmulticast mode
[   86.803213][   T37] bridge_slave_1: left promiscuous mode
[   86.809048][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.840331][   T37] bridge_slave_0: left allmulticast mode
[   86.846050][   T37] bridge_slave_0: left promiscuous mode
[   86.851760][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.926973][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.950821][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.961975][   T37] bond0 (unregistering): Released all slaves
[   86.970033][   T37] team0: Port device bond1 removed
[   86.975741][   T37] bond1 (unregistering): Released all slaves
[   87.042404][   T37] tipc: Left network mode
[   87.049715][   T37] hsr_slave_0: left promiscuous mode
[   87.068336][   T37] hsr_slave_1: left promiscuous mode
[   87.083288][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.091024][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.108300][ T5708] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'.
[   87.154610][   T37] team0 (unregistering): Port device team_slave_1 removed
[   87.164452][   T37] team0 (unregistering): Port device team_slave_0 removed
[   87.209758][ T5708] netlink: 16 bytes leftover after parsing attributes in process `syz.0.618'.
[   87.363487][ T5731] netlink: 8 bytes leftover after parsing attributes in process `syz.6.622'.
[   87.372498][ T5731] netlink: 4 bytes leftover after parsing attributes in process `syz.6.622'.
[   87.413513][ T5683] chnl_net:caif_netlink_parms(): no params data found
[   87.492772][ T5731] wireguard0: entered promiscuous mode
[   87.498433][ T5731] wireguard0: entered allmulticast mode
[   87.511695][ T5683] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.518922][ T5683] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.604663][ T5683] bridge_slave_0: entered allmulticast mode
[   87.625806][ T5683] bridge_slave_0: entered promiscuous mode
[   87.645524][ T5683] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.652677][ T5683] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.701540][ T5683] bridge_slave_1: entered allmulticast mode
[   87.713320][ T5683] bridge_slave_1: entered promiscuous mode
[   87.806335][ T5683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.837795][ T5683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.849416][ T5752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.627'.
[   87.858376][ T5752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.627'.
[   87.903175][ T5683] team0: Port device team_slave_0 added
[   87.926091][ T5762] loop6: detected capacity change from 0 to 512
[   87.980085][ T5752] wireguard2: entered promiscuous mode
[   87.985643][ T5752] wireguard2: entered allmulticast mode
[   88.017214][ T5762] EXT4-fs warning (device loop6): read_mmp_block:111: Error -117 while reading MMP block 12
[   88.058146][ T5683] team0: Port device team_slave_1 added
[   88.106904][ T5762] tipc: Started in network mode
[   88.111899][ T5762] tipc: Node identity 1a49b12e3acf, cluster identity 4711
[   88.119313][ T5762] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   88.144362][ T5761] tipc: Disabling bearer <eth:syzkaller0>
[   88.160560][ T5683] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.167650][ T5683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.193621][ T5683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.257582][ T5683] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.264613][ T5683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.290717][ T5683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.346392][ T5782] FAULT_INJECTION: forcing a failure.
[   88.346392][ T5782] name failslab, interval 1, probability 0, space 0, times 0
[   88.359110][ T5782] CPU: 1 UID: 0 PID: 5782 Comm: syz.1.633 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   88.359139][ T5782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.359156][ T5782] Call Trace:
[   88.359163][ T5782]  <TASK>
[   88.359173][ T5782]  __dump_stack+0x1d/0x30
[   88.359202][ T5782]  dump_stack_lvl+0x95/0xd0
[   88.359239][ T5782]  dump_stack+0x15/0x1b
[   88.359259][ T5782]  should_fail_ex+0x263/0x280
[   88.359355][ T5782]  should_failslab+0x8c/0xb0
[   88.359380][ T5782]  kmem_cache_alloc_node_noprof+0x6a/0x4a0
[   88.359414][ T5782]  ? alloc_vmap_area+0x243/0xe50
[   88.359501][ T5782]  ? path_openat+0x1d94/0x23c0
[   88.359583][ T5782]  alloc_vmap_area+0x243/0xe50
[   88.359617][ T5782]  ? __kmalloc_cache_node_noprof+0x42a/0x4a0
[   88.359650][ T5782]  __get_vm_area_node+0x173/0x1d0
[   88.359686][ T5782]  get_vm_area+0x65/0x90
[   88.359714][ T5782]  ? arena_map_alloc+0x1e6/0x360
[   88.359750][ T5782]  arena_map_alloc+0x1e6/0x360
[   88.359814][ T5782]  map_create+0x862/0xda0
[   88.359844][ T5782]  ? security_bpf+0x2b/0x90
[   88.359875][ T5782]  __sys_bpf+0x54e/0x7b0
[   88.359912][ T5782]  __x64_sys_bpf+0x41/0x50
[   88.360007][ T5782]  x64_sys_call+0x28e1/0x3000
[   88.360040][ T5782]  do_syscall_64+0xc0/0x2a0
[   88.360217][ T5782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.360247][ T5782] RIP: 0033:0x7f995d2caeb9
[   88.360266][ T5782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.360290][ T5782] RSP: 002b:00007f995bd27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   88.360316][ T5782] RAX: ffffffffffffffda RBX: 00007f995d545fa0 RCX: 00007f995d2caeb9
[   88.360334][ T5782] RDX: 0000000000000050 RSI: 0000200000000480 RDI: 0000000000000000
[   88.360349][ T5782] RBP: 00007f995bd27090 R08: 0000000000000000 R09: 0000000000000000
[   88.360404][ T5782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.360417][ T5782] R13: 00007f995d546038 R14: 00007f995d545fa0 R15: 00007fff77e0ca88
[   88.360442][ T5782]  </TASK>
[   88.363279][ T5683] hsr_slave_0: entered promiscuous mode
[   88.466490][ T5785] loop1: detected capacity change from 0 to 1024
[   88.470678][ T5683] hsr_slave_1: entered promiscuous mode
[   88.507329][ T5785] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.629857][ T5790] random: crng reseeded on system resumption
[   88.888571][ T5683] netdevsim netdevsim7 netdevsim0: renamed from eth0
[   88.899350][ T5683] netdevsim netdevsim7 netdevsim1: renamed from eth1
[   88.913376][ T5683] netdevsim netdevsim7 netdevsim2: renamed from eth2
[   88.949302][ T5683] netdevsim netdevsim7 netdevsim3: renamed from eth3
[   88.967478][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.005862][ T5823] netlink: 8 bytes leftover after parsing attributes in process `syz.6.639'.
[   89.014828][ T5823] netlink: 4 bytes leftover after parsing attributes in process `syz.6.639'.
[   89.061962][ T5830] loop1: detected capacity change from 0 to 256
[   89.071141][ T5683] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.080350][ T5830] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   89.103365][ T5832] loop0: detected capacity change from 0 to 1024
[   89.111347][ T5830] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   89.130080][ T5832] EXT4-fs: inline encryption not supported
[   89.136406][ T5832] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   89.147580][ T5823] wireguard1: entered promiscuous mode
[   89.153155][ T5823] wireguard1: entered allmulticast mode
[   89.170032][ T5832] EXT4-fs error (device loop0): ext4_map_blocks:783: inode #3: block 2: comm syz.0.643: lblock 2 mapped to illegal pblock 2 (length 1)
[   89.195076][ T5683] 8021q: adding VLAN 0 to HW filter on device team0
[   89.204489][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.211588][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.238819][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.245936][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.289287][ T5832] EXT4-fs (loop0): Remounting filesystem read-only
[   89.295897][ T5832] EXT4-fs (loop0): 1 orphan inode deleted
[   89.355762][ T5832] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.419043][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.430358][ T5683] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.627232][ T5683] veth0_vlan: entered promiscuous mode
[   89.637346][ T5683] veth1_vlan: entered promiscuous mode
[   89.656305][ T5683] veth0_macvtap: entered promiscuous mode
[   89.665748][ T5683] veth1_macvtap: entered promiscuous mode
[   89.679983][ T5683] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.695181][ T5683] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.709713][  T320] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.719460][  T320] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.728953][  T320] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.740724][ T5864] loop6: detected capacity change from 0 to 512
[   89.749211][  T320] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.766367][ T5864] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.878302][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.887596][ T5874] loop7: detected capacity change from 0 to 512
[   89.911230][   T29] kauditd_printk_skb: 437 callbacks suppressed
[   89.911244][   T29] audit: type=1400 audit(1770268546.162:4595): avc:  denied  { listen } for  pid=5872 comm="syz.5.649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   89.911287][ T5874] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.964409][ T5877] syzkaller0: entered promiscuous mode
[   89.970041][ T5877] syzkaller0: entered allmulticast mode
[   89.986493][   T29] audit: type=1400 audit(1770268546.228:4596): avc:  denied  { create } for  pid=5871 comm="syz.7.648" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[   90.018868][ T5683] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.069432][   T29] audit: type=1400 audit(1770268546.313:4597): avc:  denied  { write } for  pid=5882 comm="syz.7.652" name="file0" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   90.098746][ T5883] netlink: 8 bytes leftover after parsing attributes in process `syz.7.652'.
[   90.141388][ T5889] loop6: detected capacity change from 0 to 512
[   90.152779][ T5889] EXT4-fs warning (device loop6): read_mmp_block:111: Error -117 while reading MMP block 12
[   90.170099][ T5889] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   90.179315][ T5888] tipc: Disabling bearer <eth:syzkaller0>
[   90.276192][ T5898] loop6: detected capacity change from 0 to 1024
[   90.284080][ T5898] EXT4-fs: Ignoring removed oldalloc option
[   90.290220][ T5898] EXT4-fs: Ignoring removed bh option
[   90.349669][ T5902] netlink: 8 bytes leftover after parsing attributes in process `syz.7.655'.
[   90.358708][ T5902] netlink: 4 bytes leftover after parsing attributes in process `syz.7.655'.
[   90.371322][ T5898] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.405449][   T29] audit: type=1400 audit(1770268546.634:4598): avc:  denied  { read write } for  pid=5897 comm="syz.6.658" name="file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   90.428143][   T29] audit: type=1400 audit(1770268546.634:4599): avc:  denied  { open } for  pid=5897 comm="syz.6.658" path="/58/file1/file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   90.483743][ T5911] FAULT_INJECTION: forcing a failure.
[   90.483743][ T5911] name failslab, interval 1, probability 0, space 0, times 0
[   90.496628][ T5911] CPU: 1 UID: 0 PID: 5911 Comm: syz.0.661 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   90.496658][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   90.496675][ T5911] Call Trace:
[   90.496683][ T5911]  <TASK>
[   90.496693][ T5911]  __dump_stack+0x1d/0x30
[   90.496726][ T5911]  dump_stack_lvl+0x95/0xd0
[   90.496778][ T5911]  dump_stack+0x15/0x1b
[   90.496805][ T5911]  should_fail_ex+0x263/0x280
[   90.496845][ T5911]  should_failslab+0x8c/0xb0
[   90.496914][ T5911]  __kmalloc_cache_node_noprof+0x69/0x4a0
[   90.496943][ T5911]  ? __get_vm_area_node+0x106/0x1d0
[   90.496972][ T5911]  __get_vm_area_node+0x106/0x1d0
[   90.497008][ T5911]  __vmalloc_node_range_noprof+0x291/0x12b0
[   90.497090][ T5911]  ? copy_process+0x37e/0x1f10
[   90.497197][ T5911]  ? __rcu_read_unlock+0x4e/0x70
[   90.497298][ T5911]  ? __memcg_slab_post_alloc_hook+0x44a/0x530
[   90.497345][ T5911]  __vmalloc_node_noprof+0x89/0xc0
[   90.497381][ T5911]  ? copy_process+0x37e/0x1f10
[   90.497507][ T5911]  ? copy_process+0x37e/0x1f10
[   90.497550][ T5911]  dup_task_struct+0x219/0x940
[   90.497614][ T5911]  ? copy_process+0x36d/0x1f10
[   90.497657][ T5911]  copy_process+0x37e/0x1f10
[   90.497699][ T5911]  ? kstrtouint+0x76/0xc0
[   90.497735][ T5911]  ? kstrtouint_from_user+0xa8/0xf0
[   90.497838][ T5911]  kernel_clone+0x16b/0x5b0
[   90.497863][ T5911]  ? vfs_write+0x86e/0x9f0
[   90.497888][ T5911]  __x64_sys_clone+0x143/0x180
[   90.497923][ T5911]  x64_sys_call+0x12d0/0x3000
[   90.497954][ T5911]  do_syscall_64+0xc0/0x2a0
[   90.498053][ T5911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.498078][ T5911] RIP: 0033:0x7fb920c9aeb9
[   90.498099][ T5911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   90.498121][ T5911] RSP: 002b:00007fb91f6f6fd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[   90.498141][ T5911] RAX: ffffffffffffffda RBX: 00007fb920f15fa0 RCX: 00007fb920c9aeb9
[   90.498169][ T5911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000080
[   90.498181][ T5911] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   90.498195][ T5911] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   90.498210][ T5911] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   90.498232][ T5911]  </TASK>
[   90.729088][ T5902] wireguard0: entered promiscuous mode
[   90.729044][ T5911] syz.0.661: vmalloc error: size 16384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[   90.729161][ T5911] CPU: 1 UID: 0 PID: 5911 Comm: syz.0.661 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   90.729278][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   90.729355][ T5911] Call Trace:
[   90.729375][ T5911]  <TASK>
[   90.729405][ T5911]  __dump_stack+0x1d/0x30
[   90.729479][ T5911]  dump_stack_lvl+0x95/0xd0
[   90.729597][ T5911]  dump_stack+0x15/0x1b
[   90.729666][ T5911]  warn_alloc+0x145/0x1c0
[   90.729847][ T5911]  __vmalloc_node_range_noprof+0x2b6/0x12b0
[   90.729967][ T5911]  ? __rcu_read_unlock+0x4e/0x70
[   90.730070][ T5911]  ? __memcg_slab_post_alloc_hook+0x44a/0x530
[   90.730190][ T5911]  __vmalloc_node_noprof+0x89/0xc0
[   90.730268][ T5911]  ? copy_process+0x37e/0x1f10
[   90.730438][ T5911]  ? copy_process+0x37e/0x1f10
[   90.730576][ T5911]  dup_task_struct+0x219/0x940
[   90.730727][ T5911]  ? copy_process+0x36d/0x1f10
[   90.730883][ T5911]  copy_process+0x37e/0x1f10
[   90.730992][ T5911]  ? kstrtouint+0x76/0xc0
[   90.731093][ T5911]  ? kstrtouint_from_user+0xa8/0xf0
[   90.731279][ T5911]  kernel_clone+0x16b/0x5b0
[   90.731340][ T5911]  ? vfs_write+0x86e/0x9f0
[   90.731382][ T5911]  __x64_sys_clone+0x143/0x180
[   90.731408][ T5911]  x64_sys_call+0x12d0/0x3000
[   90.731470][ T5911]  do_syscall_64+0xc0/0x2a0
[   90.731585][ T5911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.731697][ T5911] RIP: 0033:0x7fb920c9aeb9
[   90.731754][ T5911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   90.731831][ T5911] RSP: 002b:00007fb91f6f6fd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[   90.731900][ T5911] RAX: ffffffffffffffda RBX: 00007fb920f15fa0 RCX: 00007fb920c9aeb9
[   90.731999][ T5911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000080
[   90.732052][ T5911] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   90.732111][ T5911] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   90.732163][ T5911] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   90.732252][ T5911]  </TASK>
[   90.732362][ T5911] Mem-Info:
[   90.734666][ T5902] wireguard0: entered allmulticast mode
[   90.961620][ T5911] active_anon:14763 inactive_anon:0 isolated_anon:0
[   90.961620][ T5911]  active_file:19005 inactive_file:2608 isolated_file:0
[   90.961620][ T5911]  unevictable:0 dirty:207 writeback:0
[   90.961620][ T5911]  slab_reclaimable:3441 slab_unreclaimable:15740
[   90.961620][ T5911]  mapped:35446 shmem:6112 pagetables:1660
[   90.961620][ T5911]  sec_pagetables:0 bounce:0
[   90.961620][ T5911]  kernel_misc_reclaimable:0
[   90.961620][ T5911]  free:1875979 free_pcp:7364 free_cma:0
[   91.006763][ T5911] Node 0 active_anon:59168kB inactive_anon:0kB active_file:76020kB inactive_file:10432kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:141900kB dirty:828kB writeback:0kB shmem:24564kB kernel_stack:4048kB pagetables:6640kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   91.034168][ T5911] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   91.063840][ T5911] lowmem_reserve[]: 0 2879 7858 7858
[   91.069307][ T5911] Node 0 DMA32 free:2944744kB boost:0kB min:4128kB low:7056kB high:9984kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2948376kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3528kB free_cma:0kB
[   91.101122][ T5911] lowmem_reserve[]: 0 0 4978 4978
[   91.106234][ T5911] Node 0 Normal free:4540228kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:62532kB inactive_anon:0kB active_file:76020kB inactive_file:10432kB unevictable:0kB writepending:828kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:25700kB local_pcp:15472kB free_cma:0kB
[   91.139370][ T5911] lowmem_reserve[]: 0 0 0 0
[   91.143988][ T5911] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   91.156793][ T5911] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 1*32kB (M) 2*64kB (M) 4*128kB (M) 4*256kB (M) 2*512kB (M) 3*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2944744kB
[   91.173213][ T5911] Node 0 Normal: 580*4kB (UE) 493*8kB (U) 90*16kB (UE) 87*32kB (UM) 116*64kB (UM) 127*128kB (UM) 52*256kB (UME) 53*512kB (UME) 41*1024kB (UME) 35*2048kB (UM) 1061*4096kB (UM) = 4534136kB
[   91.191905][ T5911] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   91.201334][ T5911] 29488 total pagecache pages
[   91.206078][ T5911] 0 pages in swap cache
[   91.210322][ T5911] Free swap  = 124996kB
[   91.214586][ T5911] Total swap = 124996kB
[   91.218763][ T5911] 2097051 pages RAM
[   91.222611][ T5911] 0 pages HighMem/MovableOnly
[   91.227301][ T5911] 81557 pages reserved
[   91.287659][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.324680][ T5919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.375572][ T5919] ext4 filesystem being mounted at /131/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   91.408616][ T5926] netlink: 876 bytes leftover after parsing attributes in process `syz.6.664'.
[   91.431185][ T5929] netlink: 8 bytes leftover after parsing attributes in process `syz.5.665'.
[   91.440263][   T29] audit: type=1400 audit(1770268547.586:4600): avc:  denied  { shutdown } for  pid=5928 comm="syz.7.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   91.443987][ T5919] EXT4-fs error (device loop0): ext4_xattr_block_get:597: inode #15: comm syz.0.663: corrupted xattr block 33: invalid ea_ino
[   91.475581][ T3304] Alternate GPT is invalid, using primary GPT.
[   91.482020][ T3304]  loop1: p2 p3 p7
[   91.485893][ T5919] EXT4-fs (loop0): Remounting filesystem read-only
[   91.492515][ T5919] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[   91.508892][ T5926] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #15: comm syz.6.664: corrupted inode contents
[   91.527737][ T5909] Alternate GPT is invalid, using primary GPT.
[   91.534185][ T5909]  loop1: p2 p3 p7
[   91.544091][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.556764][ T5926] EXT4-fs error (device loop6) in ext4_orphan_del:303: Corrupt filesystem
[   91.568622][ T5926] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #15: comm syz.6.664: corrupted inode contents
[   91.587349][ T5926] EXT4-fs error (device loop6): ext4_evict_inode:301: inode #15: comm syz.6.664: mark_inode_dirty error
[   91.599130][ T5934] set_capacity_and_notify: 3 callbacks suppressed
[   91.599203][ T5934] loop7: detected capacity change from 0 to 1024
[   91.608684][ T5936] netlink: 16 bytes leftover after parsing attributes in process `syz.0.668'.
[   91.619335][ T5926] EXT4-fs (loop6): 1 orphan inode deleted
[   91.664625][ T5926] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.714104][   T29] audit: type=1326 audit(1770268547.859:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.5.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f954721aeb9 code=0x7ffc0000
[   91.737581][   T29] audit: type=1326 audit(1770268547.859:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.5.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f954721aeb9 code=0x7ffc0000
[   91.761130][   T29] audit: type=1326 audit(1770268547.859:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.5.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f954721aeb9 code=0x7ffc0000
[   91.784486][   T29] audit: type=1326 audit(1770268547.859:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5939 comm="syz.5.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f954721aeb9 code=0x7ffc0000
[   91.824438][ T5934] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   91.837010][ T5934] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   91.840771][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   91.862162][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   91.873378][ T4310] udevd[4310]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[   91.903043][ T5947] loop1: detected capacity change from 0 to 512
[   91.923411][ T5947] EXT4-fs warning (device loop1): read_mmp_block:111: Error -117 while reading MMP block 12
[   91.942974][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.969365][ T5947] netlink: 'syz.1.672': attribute type 4 has an invalid length.
[   91.983933][ T5947] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   92.001119][ T5946] tipc: Disabling bearer <eth:syzkaller0>
[   92.068430][   T37] EXT4-fs error (device loop7): ext4_map_blocks:825: inode #15: comm kworker/u8:2: lblock 0 mapped to illegal pblock 0 (length 6)
[   92.085685][   T37] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[   92.098087][   T37] EXT4-fs (loop7): This should not happen!! Data will be lost
[   92.098087][   T37] 
[   92.122442][ T5683] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   92.158578][ T5964] xt_hashlimit: size too large, truncated to 1048576
[   92.161841][ T5962] netlink: 16 bytes leftover after parsing attributes in process `syz.1.679'.
[   92.165373][ T5964] xt_hashlimit: max too large, truncated to 1048576
[   92.208962][ T5967] loop6: detected capacity change from 0 to 512
[   92.258212][ T5972] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'.
[   92.270829][ T5971] syzkaller0: entered promiscuous mode
[   92.276337][ T5971] syzkaller0: entered allmulticast mode
[   92.285478][ T5967] EXT4-fs (loop6): revision level too high, forcing read-only mode
[   92.294660][ T5967] EXT4-fs (loop6): orphan cleanup on readonly fs
[   92.306434][ T5967] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #16: comm syz.6.680: corrupted inode contents
[   92.320612][ T5967] EXT4-fs (loop6): Remounting filesystem read-only
[   92.327598][ T5967] EXT4-fs (loop6): 1 truncate cleaned up
[   92.333438][   T53] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   92.344123][   T53] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   92.354726][   T53] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[   92.365893][ T5967] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-0000002a0000 ro without journal. Quota mode: writeback.
[   92.366674][ T5972] wireguard3: entered promiscuous mode
[   92.383908][ T5972] wireguard3: entered allmulticast mode
[   92.436636][ T4562] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-0000002a0000.
[   92.471425][ T5983] FAULT_INJECTION: forcing a failure.
[   92.471425][ T5983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.484671][ T5983] CPU: 0 UID: 0 PID: 5983 Comm: syz.6.684 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.484699][ T5983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   92.484714][ T5983] Call Trace:
[   92.484722][ T5983]  <TASK>
[   92.484734][ T5983]  __dump_stack+0x1d/0x30
[   92.484791][ T5983]  dump_stack_lvl+0x95/0xd0
[   92.484819][ T5983]  dump_stack+0x15/0x1b
[   92.484844][ T5983]  should_fail_ex+0x263/0x280
[   92.484946][ T5983]  ? __pfx_ucma_set_option+0x10/0x10
[   92.485052][ T5983]  should_fail+0xb/0x20
[   92.485087][ T5983]  should_fail_usercopy+0x1a/0x20
[   92.485126][ T5983]  _copy_from_user+0x1c/0xb0
[   92.485148][ T5983]  ucma_set_option+0x54/0x950
[   92.485245][ T5983]  ? path_openat+0x1e8e/0x23c0
[   92.485313][ T5983]  ? _parse_integer_limit+0x170/0x190
[   92.485428][ T5983]  ? avc_policy_seqno+0x15/0x30
[   92.485463][ T5983]  ? selinux_file_permission+0x1f2/0x690
[   92.485489][ T5983]  ? should_fail_ex+0xd9/0x280
[   92.485529][ T5983]  ? __pfx_ucma_set_option+0x10/0x10
[   92.485652][ T5983]  ucma_write+0x1c9/0x260
[   92.485735][ T5983]  vfs_writev+0x42b/0x900
[   92.485809][ T5983]  ? __pfx_ucma_write+0x10/0x10
[   92.485846][ T5983]  do_writev+0xe9/0x210
[   92.485874][ T5983]  __x64_sys_writev+0x45/0x50
[   92.485902][ T5983]  x64_sys_call+0x1ba5/0x3000
[   92.485971][ T5983]  do_syscall_64+0xc0/0x2a0
[   92.486004][ T5983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.486051][ T5983] RIP: 0033:0x7f463840aeb9
[   92.486069][ T5983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.486091][ T5983] RSP: 002b:00007f4636e67028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   92.486151][ T5983] RAX: ffffffffffffffda RBX: 00007f4638685fa0 RCX: 00007f463840aeb9
[   92.486169][ T5983] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000e
[   92.486182][ T5983] RBP: 00007f4636e67090 R08: 0000000000000000 R09: 0000000000000000
[   92.486213][ T5983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.486226][ T5983] R13: 00007f4638686038 R14: 00007f4638685fa0 R15: 00007ffc5e5dc288
[   92.486252][ T5983]  </TASK>
[   92.747906][ T5989] loop1: detected capacity change from 0 to 512
[   92.755288][ T5989] EXT4-fs warning (device loop1): read_mmp_block:111: Error -117 while reading MMP block 12
[   92.777903][ T5989] netlink: 'syz.1.686': attribute type 4 has an invalid length.
[   92.787096][ T5989] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   92.795714][ T5988] tipc: Disabling bearer <eth:syzkaller0>
[   92.955989][ T6010] syzkaller0: entered promiscuous mode
[   92.961653][ T6010] syzkaller0: entered allmulticast mode
[   93.066858][ T6018] loop0: detected capacity change from 0 to 512
[   93.075446][ T6018] EXT4-fs: Ignoring removed nobh option
[   93.140993][ T6018] ------------[ cut here ]------------
[   93.146526][ T6018] EA inode 11 i_nlink=1026
[   93.146557][ T6018] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#1: syz.0.699/6018
[   93.161878][ T6018] Modules linked in:
[   93.165806][ T6018] CPU: 1 UID: 0 PID: 6018 Comm: syz.0.699 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.175616][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.185806][ T6018] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350
[   93.192501][ T6018] Code: e4 e5 9a ff 4c 8d 2d 2d 21 3e 05 49 8d 7e 40 e8 f4 cf b6 ff 49 8b 6e 40 4c 89 e7 e8 28 cb b6 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 4f e1 d0 03 66 66 66 66 66 66 2e
[   93.212390][ T6018] RSP: 0018:ffffc900012475a8 EFLAGS: 00010246
[   93.218562][ T6018] RAX: ffff888105bf3c10 RBX: ffff88810613f688 RCX: ffffffff81be19f8
[   93.226661][ T6018] RDX: 0000000000000402 RSI: 000000000000000b RDI: ffffffff86fc3b10
[   93.234672][ T6018] RBP: 000000000000000b R08: 000188810613f63b R09: 0000000000000000
[   93.242839][ T6018] R10: ffffc900012474d8 R11: 0001c900012474d8 R12: ffff88810613f638
[   93.250981][ T6018] R13: ffffffff86fc3b10 R14: ffff88810613f5f0 R15: 0000000000000001
[   93.259013][ T6018] FS:  00007fb91f6f76c0(0000) GS:ffff8882aec57000(0000) knlGS:0000000000000000
[   93.268093][ T6018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.274708][ T6018] CR2: 00007f995e078060 CR3: 000000010a068000 CR4: 00000000003506f0
[   93.282760][ T6018] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[   93.290779][ T6018] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   93.298826][ T6018] Call Trace:
[   93.302129][ T6018]  <TASK>
[   93.305127][ T6018]  ext4_xattr_set_entry+0x77c/0x1010
[   93.310566][ T6018]  ext4_xattr_ibody_set+0x184/0x3c0
[   93.316347][ T6018]  ext4_expand_extra_isize_ea+0xd7b/0x11a0
[   93.322237][ T6018]  __ext4_expand_extra_isize+0x246/0x280
[   93.327964][ T6018]  __ext4_mark_inode_dirty+0x29d/0x3f0
[   93.333480][ T6018]  ext4_evict_inode+0x7c3/0xd40
[   93.338379][ T6018]  ? __pfx_ext4_evict_inode+0x10/0x10
[   93.343844][ T6018]  evict+0x2af/0x510
[   93.347789][ T6018]  ? __dquot_initialize+0x146/0x7c0
[   93.353090][ T6018]  iput+0x4b9/0x650
[   93.356927][ T6018]  ext4_process_orphan+0x1a9/0x1c0
[   93.362072][ T6018]  ext4_orphan_cleanup+0x6a8/0xa00
[   93.367242][ T6018]  ext4_fill_super+0x3476/0x3800
[   93.372286][ T6018]  ? set_blocksize+0x1a3/0x310
[   93.377232][ T6018]  ? setup_bdev_super+0x30e/0x370
[   93.382311][ T6018]  ? __pfx_ext4_fill_super+0x10/0x10
[   93.387641][ T6018]  get_tree_bdev_flags+0x291/0x300
[   93.392879][ T6018]  ? __pfx_ext4_fill_super+0x10/0x10
[   93.398287][ T6018]  get_tree_bdev+0x1f/0x30
[   93.402763][ T6018]  ext4_get_tree+0x1c/0x30
[   93.407277][ T6018]  vfs_get_tree+0x57/0x1d0
[   93.411837][ T6018]  do_new_mount+0x288/0x700
[   93.416416][ T6018]  path_mount+0x4d0/0xbc0
[   93.420786][ T6018]  ? user_path_at+0xbf/0x130
[   93.425517][ T6018]  __se_sys_mount+0x28c/0x2e0
[   93.430258][ T6018]  __x64_sys_mount+0x67/0x80
[   93.434899][ T6018]  x64_sys_call+0x2cca/0x3000
[   93.439700][ T6018]  do_syscall_64+0xc0/0x2a0
[   93.444318][ T6018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.450315][ T6018] RIP: 0033:0x7fb920c9c14a
[   93.454802][ T6018] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.474654][ T6018] RSP: 002b:00007fb91f6f6e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   93.483109][ T6018] RAX: ffffffffffffffda RBX: 00007fb91f6f6ee0 RCX: 00007fb920c9c14a
[   93.491731][ T6018] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fb91f6f6ea0
[   93.499827][ T6018] RBP: 0000200000000180 R08: 00007fb91f6f6ee0 R09: 0000000000800718
[   93.507871][ T6018] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140
[   93.515880][ T6018] R13: 00007fb91f6f6ea0 R14: 00000000000004a3 R15: 00002000000003c0
[   93.523958][ T6018]  </TASK>
[   93.527012][ T6018] ---[ end trace 0000000000000000 ]---
[   93.533058][ T6018] EXT4-fs (loop0): 1 orphan inode deleted
[   93.539324][ T6018] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.585348][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.607873][ T6034] loop0: detected capacity change from 0 to 512
[   93.615580][ T6034] EXT4-fs warning (device loop0): read_mmp_block:111: Error -117 while reading MMP block 12
[   93.626659][ T6032] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   93.634311][ T6032] vhci_hcd vhci_hcd.2: invalid port number 96
[   93.640451][ T6032] vhci_hcd vhci_hcd.2: default hub control req: 0311 v0005 i0060 l7
[   93.654040][ T6034] netlink: 'syz.0.706': attribute type 4 has an invalid length.
[   93.665162][ T6034] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   93.673901][ T6033] tipc: Disabling bearer <eth:syzkaller0>
[   93.685966][ T6032] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   93.705979][ T6032] loop7: detected capacity change from 0 to 512
[   93.830776][ T6046] FAULT_INJECTION: forcing a failure.
[   93.830776][ T6046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.843939][ T6046] CPU: 1 UID: 0 PID: 6046 Comm: syz.0.711 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   93.843980][ T6046] Tainted: [W]=WARN
[   93.843989][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.844007][ T6046] Call Trace:
[   93.844045][ T6046]  <TASK>
[   93.844053][ T6046]  __dump_stack+0x1d/0x30
[   93.844080][ T6046]  dump_stack_lvl+0x95/0xd0
[   93.844109][ T6046]  dump_stack+0x15/0x1b
[   93.844136][ T6046]  should_fail_ex+0x263/0x280
[   93.844254][ T6046]  should_fail+0xb/0x20
[   93.844344][ T6046]  should_fail_usercopy+0x1a/0x20
[   93.844414][ T6046]  _copy_to_user+0x20/0xa0
[   93.844442][ T6046]  simple_read_from_buffer+0xb5/0x130
[   93.844523][ T6046]  proc_fail_nth_read+0x10e/0x150
[   93.844553][ T6046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   93.844582][ T6046]  vfs_read+0x1ab/0x7f0
[   93.844607][ T6046]  ? __rcu_read_unlock+0x4e/0x70
[   93.844646][ T6046]  ? __fget_files+0x184/0x1c0
[   93.844676][ T6046]  ? mutex_lock+0x57/0x90
[   93.844707][ T6046]  ksys_read+0xdc/0x1a0
[   93.844734][ T6046]  __x64_sys_read+0x40/0x50
[   93.844805][ T6046]  x64_sys_call+0x2889/0x3000
[   93.844839][ T6046]  do_syscall_64+0xc0/0x2a0
[   93.844875][ T6046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.844903][ T6046] RIP: 0033:0x7fb920c5b78e
[   93.844925][ T6046] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   93.845025][ T6046] RSP: 002b:00007fb91f6f6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   93.845049][ T6046] RAX: ffffffffffffffda RBX: 00007fb91f6f76c0 RCX: 00007fb920c5b78e
[   93.845144][ T6046] RDX: 000000000000000f RSI: 00007fb91f6f70a0 RDI: 0000000000000004
[   93.845158][ T6046] RBP: 00007fb91f6f7090 R08: 0000000000000000 R09: 0000000000000000
[   93.845215][ T6046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.845246][ T6046] R13: 00007fb920f16038 R14: 00007fb920f15fa0 R15: 00007ffe2cbf7d88
[   93.845267][ T6046]  </TASK>
[   94.081533][ T6051] syzkaller0: entered promiscuous mode
[   94.087209][ T6051] syzkaller0: entered allmulticast mode
[   94.140078][ T6055] loop0: detected capacity change from 0 to 512
[   94.192580][ T6055] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.241658][ T6055] ext4 filesystem being mounted at /142/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.299243][ T6068] loop5: detected capacity change from 0 to 1024
[   94.316692][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.319627][ T6068] EXT4-fs: Ignoring removed nobh option
[   94.331354][ T6068] EXT4-fs: Ignoring removed nomblk_io_submit option
[   94.378171][ T6068] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.379611][ T6074] syzkaller0: entered promiscuous mode
[   94.395974][ T6074] syzkaller0: entered allmulticast mode
[   94.408368][ T6068] EXT4-fs (loop5): shut down requested (2)
[   94.418991][ T6079] FAULT_INJECTION: forcing a failure.
[   94.418991][ T6079] name failslab, interval 1, probability 0, space 0, times 0
[   94.432076][ T6079] CPU: 1 UID: 0 PID: 6079 Comm: syz.6.723 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   94.432124][ T6079] Tainted: [W]=WARN
[   94.432133][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   94.432193][ T6079] Call Trace:
[   94.432199][ T6079]  <TASK>
[   94.432207][ T6079]  __dump_stack+0x1d/0x30
[   94.432233][ T6079]  dump_stack_lvl+0x95/0xd0
[   94.432298][ T6079]  dump_stack+0x15/0x1b
[   94.432323][ T6079]  should_fail_ex+0x263/0x280
[   94.432365][ T6079]  should_failslab+0x8c/0xb0
[   94.432468][ T6079]  kmem_cache_alloc_noprof+0x68/0x490
[   94.432499][ T6079]  ? copy_sighand+0x52/0x1b0
[   94.432584][ T6079]  copy_sighand+0x52/0x1b0
[   94.432679][ T6079]  copy_process+0xc68/0x1f10
[   94.432781][ T6079]  kernel_clone+0x16b/0x5b0
[   94.432878][ T6079]  __se_sys_clone3+0x1f5/0x230
[   94.433091][ T6079]  __x64_sys_clone3+0x31/0x40
[   94.433162][ T6079]  x64_sys_call+0x2c0f/0x3000
[   94.433267][ T6079]  do_syscall_64+0xc0/0x2a0
[   94.433466][ T6079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.433538][ T6079] RIP: 0033:0x7f463840aeb9
[   94.433671][ T6079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   94.433739][ T6079] RSP: 002b:00007f4636e66ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[   94.433860][ T6079] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f463840aeb9
[   94.433911][ T6079] RDX: 00007f4636e66f10 RSI: 0000000000000058 RDI: 00007f4636e66f10
[   94.433954][ T6079] RBP: 00007f4636e67090 R08: 0000000000000000 R09: 0000000000000058
[   94.434002][ T6079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   94.434057][ T6079] R13: 00007f4638686038 R14: 00007f4638685fa0 R15: 00007ffc5e5dc288
[   94.434227][ T6079]  </TASK>
[   94.528002][ T6057] loop1: detected capacity change from 0 to 512
[   94.657443][ T6057] EXT4-fs: Ignoring removed orlov option
[   94.693483][ T6057] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.716: corrupted in-inode xattr: e_value size too large
[   94.711204][ T6084] ieee802154 phy0 wpan0: encryption failed: -22
[   94.721995][ T6057] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.716: couldn't read orphan inode 15 (err -117)
[   94.765540][ T4271] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.786386][ T6057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.092725][ T3408] ==================================================================
[   95.100885][ T3408] BUG: KCSAN: data-race in __filemap_remove_folio / nr_blockdev_pages
[   95.109125][ T3408] 
[   95.111487][ T3408] read-write to 0xffff8881005f24b8 of 8 bytes by task 4271 on cpu 1:
[   95.119585][ T3408]  __filemap_remove_folio+0x218/0x300
[   95.124999][ T3408]  __remove_mapping+0x390/0x4c0
[   95.129894][ T3408]  remove_mapping+0x22/0x90
[   95.134459][ T3408]  mapping_try_invalidate+0x293/0x430
[   95.139885][ T3408]  invalidate_mapping_pages+0x27/0x40
[   95.145308][ T3408]  invalidate_bdev+0x58/0x70
[   95.149954][ T3408]  ext4_put_super+0x624/0x7d0
[   95.154670][ T3408]  generic_shutdown_super+0xe6/0x210
[   95.159999][ T3408]  kill_block_super+0x2a/0x70
[   95.164727][ T3408]  ext4_kill_sb+0x42/0x80
[   95.169103][ T3408]  deactivate_locked_super+0x75/0x1c0
[   95.174539][ T3408]  deactivate_super+0x97/0xa0
[   95.179347][ T3408]  cleanup_mnt+0x2bb/0x330
[   95.183809][ T3408]  __cleanup_mnt+0x19/0x20
[   95.188268][ T3408]  task_work_run+0x130/0x1a0
[   95.192904][ T3408]  exit_to_user_mode_loop+0x1f7/0x6f0
[   95.198334][ T3408]  do_syscall_64+0x1d3/0x2a0
[   95.203063][ T3408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.209101][ T3408] 
[   95.211454][ T3408] read to 0xffff8881005f24b8 of 8 bytes by task 3408 on cpu 0:
[   95.219025][ T3408]  nr_blockdev_pages+0x7e/0xd0
[   95.223839][ T3408]  si_meminfo+0x87/0xd0
[   95.228041][ T3408]  update_defense_level+0x47/0x5d0
[   95.233198][ T3408]  defense_work_handler+0x1f/0x80
[   95.238254][ T3408]  process_scheduled_works+0x4cd/0x9d0
[   95.243749][ T3408]  worker_thread+0x6bc/0x8b0
[   95.248366][ T3408]  kthread+0x488/0x510
[   95.252470][ T3408]  ret_from_fork+0x148/0x280
[   95.257086][ T3408]  ret_from_fork_asm+0x1a/0x30
[   95.261904][ T3408] 
[   95.264242][ T3408] value changed: 0x0000000000000004 -> 0x0000000000000002
[   95.271357][ T3408] 
[   95.273697][ T3408] Reported by Kernel Concurrency Sanitizer on:
[   95.279862][ T3408] CPU: 0 UID: 0 PID: 3408 Comm: kworker/0:3 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   95.291300][ T3408] Tainted: [W]=WARN
[   95.295113][ T3408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   95.305193][ T3408] Workqueue: events_long defense_work_handler
[   95.311296][ T3408] ==================================================================
[   95.365481][   T29] kauditd_printk_skb: 668 callbacks suppressed
[   95.365502][   T29] audit: type=1400 audit(1770268551.290:5267): avc:  denied  { create } for  pid=6095 comm="syz.7.728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[   95.436989][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.455818][ T6091] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   95.468792][ T6091] ext4 filesystem being mounted at /89/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.498673][   T29] audit: type=1400 audit(1770268551.431:5268): avc:  denied  { append } for  pid=6090 comm="syz.5.725" name="file2" dev="loop5" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.552497][ T4271] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.