last executing test programs:

2m25.609266611s ago: executing program 4 (id=413):
r0 = socket(0x10, 0x3, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$inet(0x2, 0xa, 0x262)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000000)={0x30000011})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42442, 0x1c1)
r7 = socket(0x28, 0x801, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000780), 0x800080, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140))
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000022000102"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0)

2m21.924279762s ago: executing program 4 (id=426):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xaa000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd97}, 0x94)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f8, 0x0, 0x4c, 0x1a, 0x180, 0x73, 0x328, 0x258, 0x258, 0x328, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x3}}, @common=@unspec=@connlimit={{0x40}, {[], 0x0, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x23, 0x3, 0x2, 0x3, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x2e, 0x8, 0xfb, 0x87, 0x3, @remote, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, [0xff000000, 0xff, 0x0, 0xffffff00], [0x8982e4c132e3b466, 0xffffffff, 0xffffff00, 0xff000000], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 0x3420, 0x108}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x5400}}, {0x28}}}}, 0x458)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r5, 0x0, 0x0, 0x28008004)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000e0014004000000040"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000140)={r6, 0x0, &(0x7f0000000080)=""/17}, 0x20)
ioctl$SIOCGETSGCNT_IN6(0xffffffffffffffff, 0x89e1, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote})

2m20.04900297s ago: executing program 4 (id=432):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffdf, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xa0}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

2m19.826352715s ago: executing program 4 (id=433):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
statx(0xffffffffffffffff, 0x0, 0x0, 0x103, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = openat2(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000280)={0x80000, 0x0, 0x2}, 0x18)
getdents64(r3, &(0x7f0000000400)=""/155, 0x9b)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r5, {0xa, 0x9}, {}, {0xc, 0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x60000080}, 0x20000000)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r6 = getpgid(0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
r7 = io_uring_setup(0x70c3, &(0x7f0000000340)={0x0, 0x2c47, 0x0, 0x1, 0x2})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r8, 0x400, 0x0)
flock(r8, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x212d089, 0x0)
r9 = syz_pidfd_open(r6, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, 0x0)
r10 = pidfd_getfd(r9, r9, 0x0)
setns(r10, 0x66020000)

2m19.643223587s ago: executing program 4 (id=434):
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4261, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x2, @perf_config_ext={0x1, 0xf60e}, 0xba92, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0x5, &(0x7f0000001d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf400000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
syz_clone(0xc30e3400, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f0000000140), 0x3200841, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0xbc, 0x4480)
socket$packet(0x11, 0x2, 0x300)
socket(0x1000000010, 0x80002, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}}, 0x0)
r4 = socket(0x29, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x50}, 0x1, 0x1000000, 0x0, 0x24004800}, 0x800)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
connect$pppl2tp(r4, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r5)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000e80)={&(0x7f00000002c0), 0xc, &(0x7f0000000e40)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x2)
r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x8}, 0x2, 0x0, 0x10ffe, 0x0, 0x2, 0x80000011, 0x6, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x8)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x200000, &(0x7f0000000180), 0x3, 0x566, &(0x7f00000015c0)="$eJzs3V9rW+UfAPDvSdv9//3WwRjqhRR24WQuXVv/TBA2L0WHA72foc3KaLqMJh1rHWy7cDfeyBBEHIgvwHsvh2/AVyHoYMgoeuFN5aQnW9YkTZtlNvN8PnC25znnpN/z5DnPk+/JSUgAuTWR/lOIeDkivkoiDrdsG41s48TGfmuPbsymSxLr65/8kUSSrWvun2T/H8wqL0XEz19EnCy0x62trC6UKpXyUlafrC9enaytrJ66vFiaL8+Xr0zPzJx5a2b63XfeHlhbX7/w17cf3//gzJfH17758cGRu0mci0PZttZ2PINbrZWJmMiek7E4t2nHqQEEGyZJrx06nAPsvpFsnI9FOgccjpFs1AP/fTcjYh3IqcT4h5xq5gHNa/sBXQe/MB6+v3EB1N7+0Y33RmJf49rowFry1JVRer07PoD4aYyffr93N12ix/sQNwcQD6Dp1u2IOD062j7/Jdn817/T23jXb3OMvL3+wG66n+Y/b3TKfwqP85/okP8c7DB2+9F7/BceDCBMV2n+917H/Pfx1DU+ktX+18j5xpJLlyvl0xHx/4g4EWN703q/93Na8790SeM3c8HsOB6M7n36MXOleqnPcG0e3o545Un+m0Tb/L+vketu7v/0+biwzRjHyvde7batd/tbDT4DXv8h4rWO/f/kjlay9f3Jycb5MNk8K9r9eefYL93i76z9g5f2/4Gt2z+etN6vre08xvf7/i5329bv+b8n+bRR3pOtu16q15emIvYkH7Wvn37y2Ga9uX/a/hPHt57/Op3/+yPis222/87R7mnQMPT/3I76f+eFXz/8/Ltu8bfX/282SieyNduZ/7Z7gM/y3AEAAAAAAMCwKUTEoUgKxcflQqFY3Ph8x9E4UKhUa/WTl6rLV+ai8V3Z8RgrNO90H275PMRU9nnYZn16U30mIo5ExNcj+xv14my1MrfbjQcAAAAAAAAAAAAAAAAAAIAhcbDL9/9Tv43s9tEBz52f/Ib86jn+B/FLT8BQ8voP+WX8Q34Z/5Bfxj/kl/EP+WX8Q34Z/5Bfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAM1IXz59Nlfe3Rjdm0PndtZXmheu3UXLm2UFxcni3OVpeuFuer1flKuThbXez19yrV6tWp6Vi+Plkv1+qTtZXVi4vV5Sv1i5cXS/Pli+Wxf6VVAAAAAAAAAAAAAAAAAAAA8GKprawulCqV8pJC18LZGIrD6LuQ9Orls9nJ0FeI0d1voMJzKOzyxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALf4JAAD//5CPL9Y=")
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r2)
r7 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0x20)
fallocate(r7, 0x0, 0x0, 0x8800000)
r8 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21)
pwritev2(r8, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x5a00, 0x0, 0x3)

2m19.471197419s ago: executing program 4 (id=437):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4000, &(0x7f0000003800)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r10, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

2m18.42425649s ago: executing program 32 (id=437):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4000, &(0x7f0000003800)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r10, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

4.389624191s ago: executing program 0 (id=1087):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0xffffffffffffff04)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0x1d, 0x4, 0x4, "49c1732dfe57b2f39937d46fe0dfc0f37e29972e33103be64f5f9b4ccacafdd8"})
r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
getsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f0000000000), 0x0)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

4.011020376s ago: executing program 0 (id=1088):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x17440000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setresgid(0xffffffffffffffff, 0xffffffffffffffff, 0xee00)
connect$unix(r1, &(0x7f0000000500)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0xa420, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3)
fcntl$lock(0xffffffffffffffff, 0x24, 0x0)
r5 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x1e, 0x100000000}, 0x1cad, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, 0xffffffffffffffff)
open(0x0, 0x0, 0x112)
socket$kcm(0x10, 0x7, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001a00010028bd70000000000002202000ff00000700020000080002000a01010008000100ac14143308000300", @ANYRES8=r6], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0xea5bc50b619957aa)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {}, {0xfff1, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_EMATCHES={0x10, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x20004000)

2.715031615s ago: executing program 3 (id=1091):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x2400, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xbc}}, 0x0)

2.647070609s ago: executing program 2 (id=1092):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3d}, 0x1c)
pselect6(0x40, &(0x7f0000000100)={0x1, 0x400010000000, 0x100000000, 0xffffffffffffffff, 0x20000000000800, 0x0, 0x4}, 0x0, &(0x7f00000001c0)={0x1f, 0x0, 0x200, 0x0, 0x0, 0x4, 0x6a9}, 0x0, 0x0)

2.575448974s ago: executing program 3 (id=1093):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4000, &(0x7f0000003800)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
io_destroy(r7)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r10, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

2.367525969s ago: executing program 5 (id=1097):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRESDEC=r0, @ANYBLOB="cd36501a2aef5c55cdb389ecbce19f63fd74cec0680df2eced53e592f473d26edd25bc5320795959c8069c69e06f870a645ab45e1e04538002135aa4fcac22deb6348040087e52c354cd90820189417d971c9d8f26011b1f2a7f350e6d14dbdbc4956708f0ec"], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)

2.360213859s ago: executing program 5 (id=1098):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000040)='./file0\x00', 0x2000800, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRESOCT, @ANYRES64=0x0], 0x1, 0x296, &(0x7f0000000740)="$eJzs3U9qU0EcB/Bf0rSJ3SSgK+nigRs3hqY3CFJBDAiRLOoqwbYgTSikENCF7c67uPIO3sBjeAGzKETSF03SxuK/+jT5fCDMD+Z9YSaLzCxm8tpbvaP945PDvdufolRKohBx9v48IiIfa5F68CFt1yMiFxsx6ywAgP9Ns9mpZz0Gbla/X++M927FKz2td5kMCAAAAAAAAAAAgN/W3ipeOf8fw4jKzPn/3KTNO/8PAEvB+f/l1+/XO5uT/ds85/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7AxHo/Lomk/W4wMA/jzrPwCsHus/AKye4dxanwvrPwAsv2d7z5/UG43dZpKUInpvB61BK23T/vphvIxuHMR2lOM8xvuDibR+9Lixu51cqES7dzrJnw5aa/P5WpSjsjhfS/PJfH49NmfzO1GOO4vzOwvzG3H/XkT+60SrUY6PL+I4urEf4+w0/6aWJA+fNi7lixfPAQAAAAAAAAAAAAAAAAAAwN9QTb5ZeH+/Wv1ef5r/if8HuHS/vhB3C9nOHQAAAAAAAAAAAAAAAAAAAP4VJ69eH3W63YP+wuLz5C7/dc8opsWtH/pWf60oRETmE1SsTJHxDxMAAAAAAAAAAAAAAAAAAKyg6aXfrEcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANmZvv//5oqs5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACshi8BAAD//2dk6nI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0x8000, 0x500000000000000})

2.223130249s ago: executing program 1 (id=1099):
listen(0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0)
readv(r2, &(0x7f0000000280), 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000001040500000000003300000007000008080003400000005805000100010000009707c71fba8957746cfabd46207eb984e50200e863200e4051b0c393c09603415c5a686b69292ad399e51e2e210f57cfab5749dbc66fe4729c2ec44a52ba2bde25895143162827e65c40e64432"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x24004800)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r3, @ANYRES32=r0, @ANYBLOB='&'], 0x10)
socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$kcm(0x2, 0x3, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x6000, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="fbd2b9ed29d8974a6ce75f08916ac3b4da11bc1a", 0xffeb}], 0x1}, 0x0)

2.172142492s ago: executing program 1 (id=1100):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48048}, 0x0)
keyctl$reject(0x13, 0x0, 0x400, 0x8000000000000201, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000180)={0x11, 0x17, r4, 0x1, 0x40, 0x6, @broadcast}, 0x14)
getsockname$packet(r3, &(0x7f00000018c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r5, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x20040805}, 0x4000080)
socket$inet(0x2, 0x3, 0x5)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000), &(0x7f0000000040)=0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0)
r6 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$RNDGETENTCNT(r6, 0x80045200, &(0x7f00000000c0))
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.104269507s ago: executing program 1 (id=1101):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
io_destroy(r7)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r10, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

1.998586783s ago: executing program 0 (id=1102):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r2 = socket$packet(0x2d, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @remote}}}}, 0x0)
sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000072c0)={@map, r5, 0x36, 0x10, 0x0, @void, @value=r5}, 0x20)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x100, 0x25dfdbfd, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x6048800)
mlockall(0x7)
r6 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x24000}, 0xc, &(0x7f0000000280)={&(0x7f0000000880)={0xec, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x342a}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffffffff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffe33}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x19, 0x31}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x4}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x13}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0xac3cad7acb74c65b}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x90}, 0x20040000)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e402010902"], 0x0)
syz_open_procfs(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x5, 0x9}, {0xa, 0xa}]}]}, {0x0, [0x5f, 0x5f, 0x30, 0x2e]}}, 0x0, 0x3a, 0x0, 0x8}, 0x28)
fchown(0xffffffffffffffff, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r7, 0x0, 0x0}, 0x10)

1.650753118s ago: executing program 2 (id=1103):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4000, &(0x7f0000003800)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
io_destroy(r7)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r9, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)

1.650122748s ago: executing program 5 (id=1104):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xd, 0x0, &(0x7f0000000200)="405ec826b500000008a1590000", 0x0, 0x885, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

1.239387016s ago: executing program 5 (id=1105):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
capset(&(0x7f0000000080)={0x20080522, r1}, &(0x7f0000000040)={0x6, 0x200200, 0x1, 0x2, 0x3})
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, 0x0, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xc404d, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x6, 0xf60e}, 0x9092, 0x4, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x1, 0xffffffffffffffff, 0x8)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x3, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r6, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)

1.124717894s ago: executing program 1 (id=1106):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x3, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10)

1.065534067s ago: executing program 1 (id=1107):
r0 = socket(0x2a, 0x6, 0x2)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001200210321b97000fedbdf2507"], 0x34}, 0x1, 0x0, 0x0, 0x200000c1}, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000180)={0x7a2a, 0x109, 0x5a}, 0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x4}, 0xfc81)
sendmsg$inet_sctp(r1, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000640)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2804c044}, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000), 0x10, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x6, 0x9}, 0x8)

834.592073ms ago: executing program 5 (id=1108):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRESDEC=r0, @ANYBLOB="cd36501a2aef5c55cdb389ecbce19f63fd74cec0680df2eced53e592f473d26edd25bc5320795959c8069c69e06f870a645ab45e1e04538002135aa4fcac22deb6348040087e52c354cd90820189417d971c9d8f26011b1f2a7f350e6d14dbdbc4956708f0ec"], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)

813.751525ms ago: executing program 5 (id=1109):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc08f, 0x0, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0}, 0x204, 0x0, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
io_pgetevents(0x0, 0x3, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
dup(0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmsg$nl_route_sched_retired(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltclass={0x24, 0x29, 0x1, 0x70bd2d, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffff}, {0x7, 0xd}, {0x7cceb53059bd106f, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x2004e811}, 0x4000050)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)

771.256777ms ago: executing program 3 (id=1110):
r0 = perf_event_open$cgroup(&(0x7f0000000080)={0x5, 0x80, 0xf5, 0x52, 0x9, 0x1, 0x0, 0x1, 0x4084, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc8, 0x4, @perf_config_ext={0x5, 0x3}, 0x800, 0x100000001, 0xfff, 0x9, 0x2, 0x632, 0x5482, 0x0, 0x2, 0x0, 0x5}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x5)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)
lsm_get_self_attr(0x67, &(0x7f0000000000)={0x0, 0x0, 0x5f, 0x3f, ""/63}, &(0x7f0000000140)=0x5f, 0x0)

728.65612ms ago: executing program 3 (id=1111):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x7, 0x100}, 0x204, 0x0, 0x43a1bd78, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x24000000000, 0xffffffffffffffff, 0xa)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000380)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x1, 0x0, 0x2, 0x5, 0x0, 0x70bd28, 0x25dfdbfc, [@sadb_address={0x3, 0x6, 0x2b, 0x0, 0x0, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x34}}}]}, 0x28}, 0x1, 0x7}, 0x48000)
r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/ipc\x00')
ioctl$NS_GET_NSTYPE(r3, 0xb703, 0x0)
timer_create(0x1, &(0x7f0000000400)={0x0, 0x3c, 0x0, @thr={0x0, &(0x7f00000003c0)}}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000b80)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="83", 0x1}], 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000780)={0x0, 0x4, 0x0, [0x806f, 0x0, 0x2d5, 0x6, 0x6], [0x6, 0x7, 0x1, 0x9, 0x8002, 0x4, 0x5, 0x2, 0x0, 0x802, 0x9, 0x200000100, 0x3, 0xfffffffffffffff4, 0x4a, 0x1000000000005, 0x100, 0xd, 0xdd, 0x7, 0x1, 0x2a9, 0x3, 0xc39, 0x8, 0x8, 0x100000000, 0x2, 0xa51, 0x8, 0x401, 0x800000000000003, 0x7, 0xfffffffffffffffa, 0x81, 0x796, 0x5, 0x931, 0x1000101, 0x3, 0x1000000000008001, 0x8000000000000000, 0x7, 0x1, 0x8, 0x8, 0x6a7, 0x102, 0x1, 0x83, 0x538a, 0x9, 0xfffffffffffffff7, 0x4, 0x0, 0x4, 0x10001, 0x8, 0x80008000, 0x8000000000000000, 0x4, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x5bc, 0x1, 0x1, 0x4, 0x8000, 0xc9, 0x7, 0x6, 0x9, 0x82c, 0x8000, 0xe000000000000, 0xe4, 0x11, 0x0, 0x8, 0x22, 0xffffffffffffffff, 0xb, 0x1, 0x8000000000000000, 0x2000000009, 0x8, 0x0, 0x6, 0x6, 0x7, 0x100000002, 0xe, 0x4, 0x8, 0x7, 0x8, 0x9, 0x1, 0x16d, 0x6, 0x68d, 0xffffffffffff43b0, 0x8, 0x50000000000000, 0xe, 0x0, 0x0, 0x100000003, 0x4, 0x7, 0x406, 0x3, 0x6, 0x5, 0xfffffffffffffffd, 0x3, 0x40, 0x7fffffff, 0x8, 0x3, 0x1]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r4 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f5})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa7bc3184d"], 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)

727.776ms ago: executing program 2 (id=1112):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48048}, 0x0)
keyctl$reject(0x13, 0x0, 0x400, 0x8000000000000201, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000180)={0x11, 0x17, r4, 0x1, 0x40, 0x6, @broadcast}, 0x14)
getsockname$packet(r3, &(0x7f00000018c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r5, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x20040805}, 0x4000080)
socket$inet(0x2, 0x3, 0x5)
getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000), &(0x7f0000000040)=0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

625.755217ms ago: executing program 2 (id=1113):
listen(0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0)
readv(r2, &(0x7f0000000280), 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000001040500000000003300000007000008080003400000005805000100010000009707c71fba8957746cfabd46207eb984e50200e863200e4051b0c393c09603415c5a686b69292ad399e51e2e210f57cfab5749dbc66fe4729c2ec44a52ba2bde25895143162827e65c40e64432"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x24004800)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r3, @ANYRES32=r0, @ANYBLOB='&'], 0x10)
socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$kcm(0x2, 0x3, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x6000, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="fbd2b9ed29d8974a6ce75f08916ac3b4da11bc1a", 0xffeb}], 0x1}, 0x0)

567.973401ms ago: executing program 2 (id=1114):
r0 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@dev={0xac, 0x14, 0x14, 0x40}, @in6=@private0, 0x0, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x52b, 0xb}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x80001, 0x1, 0x0, 0x2, 0x1}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x28}, 0x4d4, 0x32}, 0x2, @in=@empty, 0x3502, 0x1, 0x1, 0x0, 0x4, 0xfffffffd, 0xfffffffc}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x7}, 0x1c)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x20000000, {0x1, 0xff, 0x4}, 0x1}, 0x18)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r3)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$can_j1939(r1, &(0x7f0000000200)={&(0x7f0000000180)={0x1d, r4, 0x2, {0x2, 0x0, 0x2}}, 0x18, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@rights={{0x18, 0x1, 0x1, [r5, r6]}}], 0x18, 0x4042880}, 0x10)
close(r6)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000140)={<r8=>0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e24, 0xdcdf, @loopback, 0xffff}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000180)={r8, @in={{0x2, 0x4e21, @empty}}, 0x9, 0x3}, &(0x7f0000000080)=0x90)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a000004090001007350bdbaa800000008000540000000020900020073797a310000000008000a40fffffffc2c0000001d0a050000000000000000000a0000050900010073797a31"], 0x90}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_io_uring_setup(0x6d73, &(0x7f0000000340)={0x0, 0xc6b5, 0x20, 0x0, 0x252, 0x0, r7}, &(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000480))
syz_clone3(&(0x7f00000002c0)={0x8018400, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, 0x0}, 0x58)

407.381892ms ago: executing program 3 (id=1115):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000400)='/sys/power/wakeup_count', 0x40042, 0x0)
write$P9_RSTATFS(r1, &(0x7f0000000180)={0x43, 0x9, 0x2, {0x8, 0x2, 0xdb6, 0x1, 0x8, 0x6, 0x9, 0x6, 0x8}}, 0x43)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1200000, &(0x7f0000000000)={[{@nobarrier}]}, 0x1, 0xbac, &(0x7f0000000c00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe, 0x0, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = getpid()
r5 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x2, 0xa}, 0x0, 0x0, 0x0, 0x4, 0x2, 0x7fffffff}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
unshare(0x22020600)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000000)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x6, 0xc, &(0x7f0000000540)=""/12, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x10, 0xfffffffe}, 0x94)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb9)
r7 = socket(0x2, 0x80805, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e24, @rand_addr=0x64010102}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r7, 0x84, 0x74, &(0x7f0000000200)={r9, 0x5, 0x20, 0x0, 0x8}, &(0x7f00000001c0)=0x18)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000040)={r9, 0xff9c, 0x7, "50dc3bf6b716d1"}, 0xf)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r5)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
open(&(0x7f00000001c0)='./file1\x00', 0x169a7e, 0x68)

406.998742ms ago: executing program 2 (id=1116):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc08f, 0x0, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0}, 0x204, 0x0, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200c}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
io_pgetevents(0x0, 0x3, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
dup(0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x2}, 0xe)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmsg$nl_route_sched_retired(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltclass={0x24, 0x29, 0x1, 0x70bd2d, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffff}, {0x7, 0xd}, {0x7cceb53059bd106f, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x2004e811}, 0x4000050)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)

303.317129ms ago: executing program 0 (id=1117):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$inet_udp(0x2, 0x2, 0x0) (async)
socket$netlink(0x10, 0x3, 0xe)
socket$netlink(0x10, 0x3, 0x0)
socket$kcm(0xa, 0x3, 0x3a) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0) (async)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000000)=r0, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000580)=@in6={0xa, 0xce63, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x80, 0x0, 0x0, 0x0, 0xffffff8e}, 0x600008c4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000001c00fdbeca6cf7d7cb9bee00001c000000030000000000080000000001050000a70c3783e6c5ff8c48f0251535b90e6f1ad7b46a5b3b370020000004010000000000001202000000006100"], 0x0, 0x37, 0x0, 0x0, 0x2}, 0x28)
io_setup(0x9, &(0x7f0000000040)=<r2=>0x0)
io_submit(r2, 0x0, &(0x7f0000000080)) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000a40)="2e9b3d0007e03dd651930100c575963f886411", 0x13}, {&(0x7f0000000040)='\x00\x00\x00\x005\x00W', 0x7}], 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r7 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000240)=0x3, 0x0, 0x6) (async)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0) (async)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) (async)
r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f00000002c0)={0x4d, @remote, 0x4e22, 0x2, 'nq\x00', 0x10, 0x6, 0x3b}, 0x2c)

187.808738ms ago: executing program 1 (id=1118):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
capset(&(0x7f0000000080)={0x20080522, r0}, &(0x7f0000000040)={0x6, 0x200200, 0x1, 0x2, 0x3})
socket$kcm(0xa, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xc404d, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x6, 0xf60e}, 0x9092, 0x4, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x1, 0xffffffffffffffff, 0x8)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x3, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r5, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)

90.772594ms ago: executing program 0 (id=1119):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRESDEC=r0, @ANYBLOB="cd36501a2aef5c55cdb389ecbce19f63fd74cec0680df2eced53e592f473d26edd25bc5320795959c8069c69e06f870a645ab45e1e04538002135aa4fcac22deb6348040087e52c354cd90820189417d971c9d8f26011b1f2a7f350e6d14dbdbc4956708f0ec"], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)

86.857024ms ago: executing program 0 (id=1120):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x33, &(0x7f0000000080)=0x4, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4000, &(0x7f0000003800)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_getevents(r7, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], 0x0)
io_destroy(r7)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10102, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r8=>0x0, 0x0, 0x0, 0xffff, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f4, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', r8, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4c, 0x64, 0x0, 0xfe, 0x2f}}}})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x400000)
readahead(r10, 0x5, 0x8)
write$binfmt_register(r0, &(0x7f0000000180)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x6, 0x3a, '#', 0x3a, 'syztnl1\x00', 0x3a, './file0', 0x3a, [0x50, 0x46, 0x43]}, 0x33)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

0s ago: executing program 3 (id=1121):
listen(0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0)
readv(r2, &(0x7f0000000280), 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000001040500000000003300000007000008080003400000005805000100010000009707c71fba8957746cfabd46207eb984e50200e863200e4051b0c393c09603415c5a686b69292ad399e51e2e210f57cfab5749dbc66fe4729c2ec44a52ba2bde25895143162827e65c40e64432"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x24004800)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r3, @ANYRES32=r0, @ANYBLOB='&'], 0x10)
socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$kcm(0x2, 0x3, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x6000, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="fbd2b9ed29d8974a6ce75f08916ac3b4da11bc1a", 0xffeb}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  154.628257][   T23] hid-generic 0000:0000:0000.0019: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  154.651685][ T5317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.716519][ T5441] fido_id[5441]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  154.744169][ T5317] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.751188][ T5317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  154.841267][ T5317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  154.898121][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.975201][ T5317] hsr_slave_0: entered promiscuous mode
[  154.987988][ T5317] hsr_slave_1: entered promiscuous mode
[  155.043948][ T5317] debugfs: 'hsr0' already exists in 'hsr'
[  155.066805][ T5317] Cannot create hsr debugfs directory
[  155.075605][ T5474] netlink: 'syz.2.463': attribute type 21 has an invalid length.
[  155.137342][ T5476] loop3: detected capacity change from 0 to 512
[  156.476790][ T5506] syzkaller0: entered promiscuous mode
[  156.647750][   T23] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[  156.660176][   T23] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  156.944634][ T5317] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  157.007172][ T5317] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  157.026079][ T5317] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  157.037417][ T5317] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  157.170600][ T5317] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.209257][ T5317] 8021q: adding VLAN 0 to HW filter on device team0
[  157.219358][ T5540] netlink: 20 bytes leftover after parsing attributes in process `syz.1.473'.
[  157.256540][ T3731] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.264432][ T3731] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.288392][ T5543] loop3: detected capacity change from 0 to 1024
[  157.331562][ T5536] lo speed is unknown, defaulting to 1000
[  157.515387][ T1557] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[  157.558805][ T5554] netlink: 'syz.2.476': attribute type 21 has an invalid length.
[  157.620634][ T1557] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  157.671644][ T5317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  157.721191][ T5543] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.811529][ T5317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  157.826546][ T3731] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.834494][ T3731] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.883278][ T5566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.475'.
[  157.909600][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.126881][ T5317] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.715972][ T1557] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[  158.741642][ T1557] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  159.107289][ T5585] fido_id[5585]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  159.126353][ T5593] loop3: detected capacity change from 0 to 512
[  159.168234][ T5593] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  159.205636][ T5593] EXT4-fs (loop3): 1 truncate cleaned up
[  159.211915][ T5593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.464670][ T5618] netlink: 20 bytes leftover after parsing attributes in process `syz.0.485'.
[  159.482006][ T5621] netlink: 20 bytes leftover after parsing attributes in process `syz.1.486'.
[  159.493199][ T5621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.521832][ T5317] veth0_vlan: entered promiscuous mode
[  159.524961][ T5621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.546049][ T5317] veth1_vlan: entered promiscuous mode
[  159.552834][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.620152][ T5317] veth0_macvtap: entered promiscuous mode
[  159.641205][ T5317] veth1_macvtap: entered promiscuous mode
[  159.655692][ T5317] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.679884][ T5317] batman_adv: batadv0: Interface activated: batadv_slave_1
[  159.704678][ T3700] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.724205][ T3700] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.735994][ T3700] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.766929][ T3700] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.912936][   T23] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  159.934508][   T28] kauditd_printk_skb: 13 callbacks suppressed
[  159.934523][   T28] audit: type=1400 audit(1775675551.381:935): avc:  denied  { getopt } for  pid=5632 comm="syz.3.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  159.985849][   T23] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  160.285908][ T5643] syzkaller0: entered promiscuous mode
[  160.294555][ T5640] tipc: Started in network mode
[  160.304115][ T5640] tipc: Node identity ac14140f, cluster identity 4711
[  160.313132][ T5640] tipc: New replicast peer: 255.255.255.255
[  160.319831][ T5640] tipc: Enabled bearer <udp:syz2>, priority 10
[  160.548920][ T5641] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  161.079133][   T23] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  161.176043][   T23] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  161.360623][ T5657] fido_id[5657]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  161.590606][ T3421] tipc: Node number set to 2886997007
[  161.615360][ T3700] tipc: Subscription rejected, illegal request
[  161.631693][ T5669] loop5: detected capacity change from 0 to 512
[  161.648429][ T5669] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  161.684198][ T5675] netlink: 'syz.3.499': attribute type 1 has an invalid length.
[  161.753871][ T5669] EXT4-fs (loop5): 1 truncate cleaned up
[  161.787065][ T5683] netlink: 20 bytes leftover after parsing attributes in process `syz.2.501'.
[  161.791402][ T5675] bond0: (slave geneve2): making interface the new active one
[  161.811332][ T5669] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.838478][ T5675] bond0: (slave geneve2): Enslaving as an active interface with an up link
[  161.866543][ T3700] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  161.879568][ T3700] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  161.899300][ T3700] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  161.930057][ T3700] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  162.530301][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.565335][ T5699] syzkaller0: entered promiscuous mode
[  162.654463][ T5706] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  163.868775][ T5728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.512'.
[  163.955981][   T28] audit: type=1326 audit(1775675555.371:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  164.037061][   T28] audit: type=1326 audit(1775675555.371:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  164.063376][   T28] audit: type=1326 audit(1775675555.381:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.102516][   T28] audit: type=1326 audit(1775675555.381:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.126479][ T5746] syzkaller0: entered promiscuous mode
[  164.128781][   T28] audit: type=1326 audit(1775675555.381:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.163260][   T28] audit: type=1326 audit(1775675555.381:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.187619][   T28] audit: type=1326 audit(1775675555.381:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.230255][   T28] audit: type=1326 audit(1775675555.381:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.263293][ T5742] xt_CT: You must specify a L4 protocol and not use inversions on it
[  164.276921][   T28] audit: type=1326 audit(1775675555.381:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5732 comm="syz.0.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f292284d04e code=0x7ffc0000
[  164.338273][ T5747] loop5: detected capacity change from 0 to 512
[  164.345886][ T5757] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  164.971898][ T5774] netlink: 20 bytes leftover after parsing attributes in process `syz.5.527'.
[  165.287195][ T5778] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  165.294151][ T5778] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  165.446874][ T5778] vhci_hcd vhci_hcd.0: Device attached
[  165.482701][ T5788] loop5: detected capacity change from 0 to 512
[  165.505742][   T28] kauditd_printk_skb: 30 callbacks suppressed
[  165.505757][   T28] audit: type=1326 audit(1775675556.951:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.554525][ T5790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.529'.
[  165.590435][ T5788] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  165.599374][   T28] audit: type=1326 audit(1775675556.991:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.639336][   T28] audit: type=1326 audit(1775675556.991:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.643783][ T3487] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  165.671961][ T5778] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5)
[  165.678720][ T5778] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  165.690057][   T28] audit: type=1326 audit(1775675556.991:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.735355][   T28] audit: type=1326 audit(1775675556.991:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.759511][   T28] audit: type=1326 audit(1775675557.001:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.790014][   T28] audit: type=1326 audit(1775675557.001:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.813880][   T28] audit: type=1326 audit(1775675557.001:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.839306][   T28] audit: type=1400 audit(1775675557.071:983): avc:  denied  { setopt } for  pid=5777 comm="syz.3.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  165.861053][ T5788] EXT4-fs (loop5): 1 truncate cleaned up
[  165.886856][ T5788] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.907633][   T28] audit: type=1326 audit(1775675557.071:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5777 comm="syz.3.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  165.910734][ T5778] vhci_hcd vhci_hcd.0: Device attached
[  165.959920][ T5791] vhci_hcd: connection closed
[  165.961574][ T3756] vhci_hcd vhci_hcd.3: stop threads
[  165.973829][ T3756] vhci_hcd vhci_hcd.3: release socket
[  165.979576][ T5779] vhci_hcd: connection closed
[  165.980115][ T3756] vhci_hcd vhci_hcd.3: disconnect device
[  165.980680][ T3487] usb 7-1: new full-speed USB device number 2 using vhci_hcd
[  166.004725][ T3756] vhci_hcd vhci_hcd.3: stop threads
[  166.024244][ T3756] vhci_hcd vhci_hcd.3: release socket
[  166.051173][ T3756] vhci_hcd vhci_hcd.3: disconnect device
[  166.098797][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.166786][ T5828] netlink: 'syz.0.538': attribute type 4 has an invalid length.
[  166.184012][ T5827] netlink: 20 bytes leftover after parsing attributes in process `syz.5.540'.
[  166.415508][   T23] lo speed is unknown, defaulting to 1000
[  166.454991][   T23] syz0: Port: 1 Link DOWN
[  167.395392][ T5855] syzkaller0: entered promiscuous mode
[  168.053728][ T5919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.554'.
[  168.074977][ T3421] kernel read not supported for file /397/sessionid (pid: 3421 comm: kworker/0:4)
[  168.101290][ T5918] lo speed is unknown, defaulting to 1000
[  168.130685][ T5920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.142014][ T5923] FAULT_INJECTION: forcing a failure.
[  168.142014][ T5923] name failslab, interval 1, probability 0, space 0, times 0
[  168.400807][ T5923] CPU: 1 UID: 0 PID: 5923 Comm: syz.3.557 Not tainted syzkaller #0 PREEMPT(full) 
[  168.400841][ T5923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  168.400894][ T5923] Call Trace:
[  168.400903][ T5923]  <TASK>
[  168.400913][ T5923]  __dump_stack+0x1d/0x30
[  168.400945][ T5923]  dump_stack_lvl+0x95/0xd0
[  168.400988][ T5923]  dump_stack+0x15/0x1b
[  168.401032][ T5923]  should_fail_ex+0x263/0x280
[  168.401066][ T5923]  ? v9fs_init_fs_context+0x34/0x220
[  168.401110][ T5923]  should_failslab+0x8c/0xb0
[  168.401211][ T5923]  __kmalloc_cache_noprof+0x5f/0x410
[  168.401273][ T5923]  v9fs_init_fs_context+0x34/0x220
[  168.401352][ T5923]  alloc_fs_context+0x4a6/0x580
[  168.401380][ T5923]  fs_context_for_mount+0x22/0x30
[  168.401435][ T5923]  do_new_mount+0xe7/0x8d0
[  168.401463][ T5923]  ? security_capable+0x7b/0x90
[  168.401495][ T5923]  path_mount+0x4d0/0xbc0
[  168.401566][ T5923]  __se_sys_mount+0x28c/0x2e0
[  168.401642][ T5923]  ? fput+0x8f/0xc0
[  168.401670][ T5923]  __x64_sys_mount+0x67/0x80
[  168.401693][ T5923]  x64_sys_call+0x2d61/0x3020
[  168.401803][ T5923]  do_syscall_64+0x12c/0x370
[  168.401836][ T5923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.401899][ T5923] RIP: 0033:0x7fa7d0c8c819
[  168.401916][ T5923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  168.401934][ T5923] RSP: 002b:00007fa7cf6df028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  168.401980][ T5923] RAX: ffffffffffffffda RBX: 00007fa7d0f05fa0 RCX: 00007fa7d0c8c819
[  168.401998][ T5923] RDX: 0000200000000380 RSI: 0000200000000680 RDI: 0000000000000000
[  168.402016][ T5923] RBP: 00007fa7cf6df090 R08: 00002000000003c0 R09: 0000000000000000
[  168.402029][ T5923] R10: 0000000000014c98 R11: 0000000000000246 R12: 0000000000000002
[  168.402107][ T5923] R13: 00007fa7d0f06038 R14: 00007fa7d0f05fa0 R15: 00007ffe9bc42158
[  168.402129][ T5923]  </TASK>
[  168.634823][ T5920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  168.849998][ T5930] loop3: detected capacity change from 0 to 512
[  168.902894][ T5930] EXT4-fs: Ignoring removed i_version option
[  168.956627][ T5930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.091161][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.076639][ T5967] /dev/loop1: Can't lookup blockdev
[  170.194515][ T5967] netlink: 116 bytes leftover after parsing attributes in process `syz.1.563'.
[  170.386507][ T5973] netlink: 12 bytes leftover after parsing attributes in process `syz.3.566'.
[  170.425385][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.1.567'.
[  170.444518][ T5973] netlink: 12 bytes leftover after parsing attributes in process `syz.3.566'.
[  170.532439][ T5986] loop3: detected capacity change from 0 to 1024
[  170.588494][ T5986] EXT4-fs: Ignoring removed mblk_io_submit option
[  170.651910][ T5986] EXT4-fs: Ignoring removed oldalloc option
[  170.698009][ T5986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  170.713611][ T5986] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.795916][ T5986] EXT4-fs error (device loop3): ext4_map_blocks:828: inode #15: block 3: comm syz.3.568: lblock 3 mapped to illegal pblock 3 (length 3)
[  170.843400][ T5986] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  170.898063][ T5986] EXT4-fs (loop3): This should not happen!! Data will be lost
[  170.898063][ T5986] 
[  170.954347][ T6009] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.568: bg 0: block 112: padding at end of block bitmap is not set
[  170.983563][   T28] kauditd_printk_skb: 17 callbacks suppressed
[  170.983595][   T28] audit: type=1400 audit(1775675562.411:1002): avc:  denied  { bind } for  pid=6008 comm="syz.5.575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  171.051248][   T28] audit: type=1400 audit(1775675562.491:1003): avc:  denied  { read } for  pid=6006 comm="syz.1.574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  171.106089][ T6021] netlink: 'syz.2.578': attribute type 21 has an invalid length.
[  171.113371][ T3487] usb 7-1: enqueue for inactive port 0
[  171.120220][ T3487] usb 7-1: enqueue for inactive port 0
[  171.133031][   T30] EXT4-fs error (device loop3): ext4_map_blocks:828: inode #15: block 8: comm kworker/u8:1: lblock 8 mapped to illegal pblock 8 (length 5)
[  171.180645][   T30] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117
[  171.198253][ T3487] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  171.267254][   T30] EXT4-fs (loop3): This should not happen!! Data will be lost
[  171.267254][   T30] 
[  171.278589][ T3317] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  171.305664][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  171.354290][   T28] audit: type=1326 audit(1775675562.791:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.396148][ T6042] lo speed is unknown, defaulting to 1000
[  171.414708][   T28] audit: type=1326 audit(1775675562.791:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.424414][ T6044] lo speed is unknown, defaulting to 1000
[  171.553703][   T28] audit: type=1326 audit(1775675562.791:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.634252][   T28] audit: type=1326 audit(1775675562.791:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.659914][   T28] audit: type=1326 audit(1775675562.791:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.686853][   T28] audit: type=1326 audit(1775675562.791:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.712044][   T28] audit: type=1326 audit(1775675562.791:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.737022][   T28] audit: type=1326 audit(1775675562.791:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5cccdbc819 code=0x7ffc0000
[  171.789267][ T6040] syz.1.585 (6040) used greatest stack depth: 9864 bytes left
[  172.026589][ T1557] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  172.038564][ T1557] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  172.441526][ T6057] fido_id[6057]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  172.471082][ T6065] netlink: 28 bytes leftover after parsing attributes in process `syz.5.593'.
[  172.500798][ T6065] netlink: 28 bytes leftover after parsing attributes in process `syz.5.593'.
[  172.538367][ T6065] ip6gretap0: entered promiscuous mode
[  172.569153][ T6065] syz_tun: entered promiscuous mode
[  172.597961][ T6082] netlink: 'syz.3.599': attribute type 21 has an invalid length.
[  172.644242][ T6090] Illegal XDP return value 4294967274 on prog  (id 114) dev N/A, expect packet loss!
[  172.671579][ T6084] pim6reg: entered allmulticast mode
[  172.701944][ T6099] netlink: 20 bytes leftover after parsing attributes in process `syz.0.604'.
[  172.863097][ T6115] netlink: 'syz.1.610': attribute type 21 has an invalid length.
[  172.924168][ T6122] loop3: detected capacity change from 0 to 512
[  172.933683][ T6122] ext4: Unknown parameter 'nojournal_checksum.euid>00000000000000000000'
[  173.099433][ T6129] bridge0: entered promiscuous mode
[  173.142230][ T6129] macvlan2: entered promiscuous mode
[  173.372479][ T6138] netlink: 20 bytes leftover after parsing attributes in process `syz.1.617'.
[  173.925823][ T6149] netlink: 14 bytes leftover after parsing attributes in process `syz.2.620'.
[  173.949102][ T6148] loop5: detected capacity change from 0 to 1024
[  173.992859][ T6148] EXT4-fs: Ignoring removed mblk_io_submit option
[  174.124787][ T6148] EXT4-fs: Ignoring removed oldalloc option
[  174.211148][ T6148] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  174.224580][ T6149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.264035][ T6148] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.305269][ T6149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.334762][ T6148] EXT4-fs error (device loop5): ext4_map_blocks:828: inode #15: block 3: comm syz.5.621: lblock 3 mapped to illegal pblock 3 (length 3)
[  174.434004][ T6163] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.621: bg 0: block 112: padding at end of block bitmap is not set
[  174.450692][ T6149] bond0 (unregistering): Released all slaves
[  174.646918][ T6148] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  175.149209][ T1557] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0
[  175.184663][ T6148] EXT4-fs (loop5): This should not happen!! Data will be lost
[  175.184663][ T6148] 
[  175.207059][ T1557] hid-generic 0000:0000:0000.0020: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  175.409130][ T6170] fido_id[6170]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  175.454113][  T869] EXT4-fs error (device loop5): ext4_map_blocks:828: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 5)
[  175.489177][  T869] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117
[  175.512740][ T6172] syzkaller0: entered promiscuous mode
[  175.525928][  T869] EXT4-fs (loop5): This should not happen!! Data will be lost
[  175.525928][  T869] 
[  175.545091][ T6172] syzkaller0: entered allmulticast mode
[  175.555065][ T5317] EXT4-fs warning (device loop5): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  175.558673][ T6174] Invalid logical block size (-18)
[  175.585518][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  175.636309][ T6180] netlink: 20 bytes leftover after parsing attributes in process `syz.1.630'.
[  175.738233][ T6188] netlink: 'syz.3.632': attribute type 21 has an invalid length.
[  175.783858][ T6192] netlink: 204 bytes leftover after parsing attributes in process `syz.0.633'.
[  176.066702][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.5.627'.
[  176.113663][   T28] kauditd_printk_skb: 116 callbacks suppressed
[  176.113694][   T28] audit: type=1400 audit(1775675567.491:1128): avc:  denied  { bind } for  pid=6181 comm="syz.5.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  176.185341][   T28] audit: type=1400 audit(1775675567.611:1129): avc:  denied  { read } for  pid=6181 comm="syz.5.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  177.176558][ T6213] lo speed is unknown, defaulting to 1000
[  177.203612][ T1557] IPVS: starting estimator thread 0...
[  178.590852][   T36] IPVS: starting estimator thread 0...
[  178.791731][ T6220] IPVS: using max 2256 ests per chain, 112800 per kthread
[  178.863842][ T6231] IPVS: using max 2208 ests per chain, 110400 per kthread
[  178.976704][ T6248] netlink: 68 bytes leftover after parsing attributes in process `syz.3.649'.
[  179.619020][   T36] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  179.633595][   T36] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  180.524987][   T23] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  180.672198][   T28] audit: type=1400 audit(1775675572.071:1130): avc:  denied  { connect } for  pid=6260 comm="syz.5.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  180.693289][   T28] audit: type=1400 audit(1775675572.101:1131): avc:  denied  { setopt } for  pid=6260 comm="syz.5.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  180.730728][   T23] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  180.946662][ T6263] netlink: 72 bytes leftover after parsing attributes in process `syz.0.653'.
[  181.009921][ T6272] fido_id[6272]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  181.041010][ T6263] netlink: 20 bytes leftover after parsing attributes in process `syz.0.653'.
[  181.253983][   T28] audit: type=1326 audit(1775675572.681:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.320875][ T6280] loop3: detected capacity change from 0 to 512
[  181.321332][ T6275] lo speed is unknown, defaulting to 1000
[  181.333548][   T28] audit: type=1326 audit(1775675572.681:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.755686][ T6293] audit: audit_backlog=65 > audit_backlog_limit=64
[  181.774830][   T28] audit: type=1326 audit(1775675572.681:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.809042][ T6293] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  181.836085][ T6293] audit: backlog limit exceeded
[  181.884213][   T28] audit: type=1326 audit(1775675572.681:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.946407][   T28] audit: type=1326 audit(1775675572.681:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.971186][   T28] audit: type=1326 audit(1775675572.681:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  181.995818][   T28] audit: type=1326 audit(1775675572.681:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6274 comm="syz.1.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4c346c819 code=0x7ffc0000
[  182.115733][ T6299] lo speed is unknown, defaulting to 1000
[  182.696114][ T6310] netlink: 36 bytes leftover after parsing attributes in process `syz.1.665'.
[  183.068485][ T6312] lo speed is unknown, defaulting to 1000
[  183.326679][ T6326] netlink: 'syz.0.670': attribute type 21 has an invalid length.
[  183.364154][ T3487] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0
[  183.616720][ T3487] hid-generic 0000:0000:0000.0023: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  184.040074][ T6321] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  184.149061][ T6325] netlink: 12 bytes leftover after parsing attributes in process `syz.2.669'.
[  184.568312][ T6340] netlink: 20 bytes leftover after parsing attributes in process `syz.5.673'.
[  185.721450][ T6347] lo speed is unknown, defaulting to 1000
[  187.197673][   T28] kauditd_printk_skb: 282 callbacks suppressed
[  187.197720][   T28] audit: type=1326 audit(1775675578.541:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa7d0c4d04e code=0x7ffc0000
[  187.229950][   T28] audit: type=1326 audit(1775675578.671:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa7d0c4d04e code=0x7ffc0000
[  187.239285][    T9] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0
[  187.331966][   T28] audit: type=1326 audit(1775675578.771:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa7d0c4d04e code=0x7ffc0000
[  187.366621][    T9] hid-generic 0000:0000:0000.0024: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  187.386683][   T28] audit: type=1400 audit(1775675578.811:1424): avc:  denied  { ioctl } for  pid=6376 comm="syz.2.686" path="socket:[13050]" dev="sockfs" ino=13050 ioctlcmd=0x745a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  187.492058][ T6385] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  187.543367][   T28] audit: type=1400 audit(1775675578.811:1425): avc:  denied  { bind } for  pid=6376 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  187.596321][ T6380] fido_id[6380]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  187.613260][   T28] audit: type=1400 audit(1775675578.811:1426): avc:  denied  { setopt } for  pid=6376 comm="syz.2.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  187.643589][   T28] audit: type=1326 audit(1775675578.921:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa7d0c4d04e code=0x7ffc0000
[  187.673832][   T28] audit: type=1326 audit(1775675579.031:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa7d0c4d04e code=0x7ffc0000
[  187.698549][   T28] audit: type=1326 audit(1775675579.131:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6346 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  187.812602][ T6398] loop3: detected capacity change from 0 to 512
[  187.829274][ T3487] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[  187.835757][ T6401] FAULT_INJECTION: forcing a failure.
[  187.835757][ T6401] name failslab, interval 1, probability 0, space 0, times 0
[  187.859095][ T6400] lo speed is unknown, defaulting to 1000
[  187.873618][ T6398] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.884501][ T6401] CPU: 0 UID: 0 PID: 6401 Comm: syz.1.695 Not tainted syzkaller #0 PREEMPT(full) 
[  187.884589][ T6401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  187.884641][ T6401] Call Trace:
[  187.884656][ T6401]  <TASK>
[  187.884662][ T6401]  __dump_stack+0x1d/0x30
[  187.884698][ T6401]  dump_stack_lvl+0x95/0xd0
[  187.884861][ T6401]  dump_stack+0x15/0x1b
[  187.884937][ T6401]  should_fail_ex+0x263/0x280
[  187.885034][ T6401]  should_failslab+0x8c/0xb0
[  187.885110][ T6401]  kmem_cache_alloc_lru_noprof+0x6c/0x410
[  187.885216][ T6401]  ? alloc_inode+0x9a/0x170
[  187.885329][ T6401]  alloc_inode+0x9a/0x170
[  187.885426][ T6401]  path_from_stashed+0xec/0x330
[  187.885617][ T6401]  ? __pfx_proc_ns_get_link+0x10/0x10
[  187.885721][ T6401]  ns_get_path+0x62/0x80
[  187.885788][ T6401]  proc_ns_get_link+0x80/0x160
[  187.885910][ T6401]  pick_link+0x4b1/0x8e0
[  187.886015][ T6401]  step_into_slowpath+0x36a/0x4c0
[  187.886120][ T6401]  path_openat+0x15d0/0x2050
[  187.886157][ T6401]  do_file_open+0x16c/0x290
[  187.886218][ T6401]  do_sys_openat2+0x94/0x130
[  187.886406][ T6401]  __x64_sys_openat+0xf2/0x120
[  187.886562][ T6401]  x64_sys_call+0x1e39/0x3020
[  187.886660][ T6401]  do_syscall_64+0x12c/0x370
[  187.886756][ T6401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.886817][ T6401] RIP: 0033:0x7ff4c342d04e
[  187.886871][ T6401] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  187.886966][ T6401] RSP: 002b:00007ff4c1ec6ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  187.887041][ T6401] RAX: ffffffffffffffda RBX: 00007ff4c1ec76c0 RCX: 00007ff4c342d04e
[  187.887095][ T6401] RDX: 0000000000000002 RSI: 00007ff4c1ec6f90 RDI: ffffffffffffff9c
[  187.887139][ T6401] RBP: 00007ff4c1ec7090 R08: 0000000000000000 R09: 0000000000000000
[  187.887182][ T6401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  187.887225][ T6401] R13: 00007ff4c36e6038 R14: 00007ff4c36e5fa0 R15: 00007ffc9ad12358
[  187.887283][ T6401]  </TASK>
[  188.092521][ T6402] loop5: detected capacity change from 0 to 1024
[  188.115511][ T3487] hid-generic 0000:0000:0000.0025: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  188.164102][ T6402] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.339310][ T6418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.694'.
[  188.612883][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.676179][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.685946][   T28] audit: type=1400 audit(1775675580.131:1430): avc:  denied  { connect } for  pid=6423 comm="syz.0.700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  188.740239][ T3487] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  188.752582][ T3487] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  189.423986][ T6451] loop7: detected capacity change from 0 to 6
[  189.946600][ T3487] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0
[  189.956564][ T3487] hid-generic 0000:0000:0000.0027: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  190.410711][ T6465] netlink: 'syz.5.711': attribute type 21 has an invalid length.
[  192.603401][ T3487] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0
[  192.741064][ T3487] hid-generic 0000:0000:0000.0028: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  192.984818][    T9] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  193.080994][ T6494] FAULT_INJECTION: forcing a failure.
[  193.080994][ T6494] name failslab, interval 1, probability 0, space 0, times 0
[  193.101001][    T9] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  193.136579][ T6494] CPU: 1 UID: 0 PID: 6494 Comm: syz.0.720 Not tainted syzkaller #0 PREEMPT(full) 
[  193.136619][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  193.136636][ T6494] Call Trace:
[  193.136645][ T6494]  <TASK>
[  193.136655][ T6494]  __dump_stack+0x1d/0x30
[  193.136689][ T6494]  dump_stack_lvl+0x95/0xd0
[  193.136759][ T6494]  dump_stack+0x15/0x1b
[  193.136792][ T6494]  should_fail_ex+0x263/0x280
[  193.136824][ T6494]  should_failslab+0x8c/0xb0
[  193.136850][ T6494]  kmem_cache_alloc_node_noprof+0x6d/0x460
[  193.136879][ T6494]  ? alloc_unbound_pwq+0x641/0x690
[  193.136935][ T6494]  alloc_unbound_pwq+0x641/0x690
[  193.136972][ T6494]  apply_wqattrs_prepare+0x1df/0x850
[  193.137011][ T6494]  alloc_workqueue_noprof+0xbed/0x15c0
[  193.137081][ T6494]  nci_register_device+0x11e/0x510
[  193.137206][ T6494]  virtual_ncidev_open+0xca/0x130
[  193.137239][ T6494]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  193.137347][ T6494]  misc_open+0x1df/0x220
[  193.137434][ T6494]  chrdev_open+0x2eb/0x3a0
[  193.137464][ T6494]  do_dentry_open+0x4ca/0xa90
[  193.137499][ T6494]  ? __pfx_chrdev_open+0x10/0x10
[  193.137529][ T6494]  vfs_open+0x37/0x1e0
[  193.137649][ T6494]  path_openat+0x1b70/0x2050
[  193.137673][ T6494]  ? _parse_integer_limit+0x170/0x190
[  193.137707][ T6494]  ? kstrtouint+0x76/0xc0
[  193.137735][ T6494]  do_file_open+0x16c/0x290
[  193.137798][ T6494]  do_sys_openat2+0x94/0x130
[  193.137855][ T6494]  __x64_sys_openat+0xf2/0x120
[  193.137941][ T6494]  x64_sys_call+0x1e39/0x3020
[  193.137973][ T6494]  do_syscall_64+0x12c/0x370
[  193.138070][ T6494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.138095][ T6494] RIP: 0033:0x7f292288c819
[  193.138115][ T6494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  193.138142][ T6494] RSP: 002b:00007f29212e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  193.138246][ T6494] RAX: ffffffffffffffda RBX: 00007f2922b05fa0 RCX: 00007f292288c819
[  193.138276][ T6494] RDX: 0000000000000002 RSI: 0000200000000300 RDI: ffffffffffffff9c
[  193.138294][ T6494] RBP: 00007f29212e7090 R08: 0000000000000000 R09: 0000000000000000
[  193.138312][ T6494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  193.138386][ T6494] R13: 00007f2922b06038 R14: 00007f2922b05fa0 R15: 00007ffd5f910b08
[  193.138420][ T6494]  </TASK>
[  193.495282][ T6498] fido_id[6498]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  193.523789][   T28] kauditd_printk_skb: 3 callbacks suppressed
[  193.523805][   T28] audit: type=1400 audit(1775675584.961:1434): avc:  denied  { shutdown } for  pid=6499 comm="syz.1.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  193.759897][   T28] audit: type=1400 audit(1775675585.201:1435): avc:  denied  { create } for  pid=6489 comm="syz.5.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  193.800242][   T28] audit: type=1400 audit(1775675585.221:1436): avc:  denied  { bind } for  pid=6489 comm="syz.5.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  193.955243][ T6506] syz.0.724 (6506) used greatest stack depth: 9544 bytes left
[  193.984566][ T3487] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[  193.993860][ T3487] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  194.010514][   T28] audit: type=1400 audit(1775675585.451:1437): avc:  denied  { write } for  pid=6489 comm="syz.5.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  194.056210][ T6516] netlink: 180 bytes leftover after parsing attributes in process `syz.0.726'.
[  194.065804][ T6516] netlink: 48 bytes leftover after parsing attributes in process `syz.0.726'.
[  194.478968][ T6541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.730'.
[  194.690473][ T6548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.733'.
[  194.873312][ T3487] hid-generic 0000:0000:0000.002B: unknown main item tag 0x0
[  194.892923][ T3487] hid-generic 0000:0000:0000.002B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  195.124462][ T6553] loop5: detected capacity change from 0 to 1024
[  195.158736][ T6553] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  195.193596][ T6553] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.222356][ T6553] sctp: [Deprecated]: syz.5.734 (pid 6553) Use of struct sctp_assoc_value in delayed_ack socket option.
[  195.222356][ T6553] Use struct sctp_sack_info instead
[  195.239530][ T6553] sctp: [Deprecated]: syz.5.734 (pid 6553) Use of struct sctp_assoc_value in delayed_ack socket option.
[  195.239530][ T6553] Use struct sctp_sack_info instead
[  195.316567][ T6553] EXT4-fs error (device loop5): ext4_map_blocks:828: inode #15: comm syz.5.734: lblock 0 mapped to illegal pblock 0 (length 1)
[  195.333352][ T6553] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  195.347103][ T6553] EXT4-fs (loop5): This should not happen!! Data will be lost
[  195.347103][ T6553] 
[  195.361509][   T28] audit: type=1400 audit(1775675586.801:1438): avc:  denied  { map } for  pid=6552 comm="syz.5.734" path="/43/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  195.385845][ T6553] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #15: comm syz.5.734: lblock 0 mapped to illegal pblock 0 (length 1)
[  195.402114][ T6553] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #15: comm syz.5.734: lblock 0 mapped to illegal pblock 0 (length 1)
[  195.419256][ T6553] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #15: comm syz.5.734: lblock 0 mapped to illegal pblock 0 (length 1)
[  195.461036][ T6562] loop3: detected capacity change from 0 to 2048
[  195.471746][ T6564] tipc: Started in network mode
[  195.483945][ T6564] tipc: Node identity fe80000000000000000000000000004, cluster identity 4711
[  195.503803][ T6564] tipc: Enabled bearer <udp:syz0>, priority 10
[  195.515033][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  195.534138][ T6562] EXT4-fs: Ignoring removed oldalloc option
[  195.684296][ T6562] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002]
[  195.694342][ T6562] System zones: 0-7
[  195.699092][ T6562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.771143][ T6578] lo speed is unknown, defaulting to 1000
[  195.818348][ T6583] loop5: detected capacity change from 0 to 1024
[  195.833090][ T6562] lo speed is unknown, defaulting to 1000
[  195.888191][ T6583] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.926448][ T3424] hid-generic 0000:0000:0000.002C: unknown main item tag 0x0
[  196.045160][ T3424] hid-generic 0000:0000:0000.002C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  196.111832][ T6562] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.736: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  196.136330][ T6562] EXT4-fs (loop3): Remounting filesystem read-only
[  196.152818][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.323007][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.478091][ T6601] loop3: detected capacity change from 0 to 128
[  196.508352][ T6600] lo speed is unknown, defaulting to 1000
[  196.514007][   T23] tipc: Node number set to 4269801536
[  196.522344][ T6601] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  196.561440][   T28] audit: type=1400 audit(1775675588.001:1439): avc:  denied  { remount } for  pid=6599 comm="syz.3.746" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  196.903866][ T6611] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.087836][ T6611] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.239559][ T6611] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.402077][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.3.753'.
[  197.423596][ T6611] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.452220][ T6621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.753'.
[  197.487297][ T6622] lo speed is unknown, defaulting to 1000
[  197.516720][ T6622] lo speed is unknown, defaulting to 1000
[  197.560557][ T3740] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.573671][   T28] audit: type=1400 audit(1775675589.001:1440): avc:  denied  { map } for  pid=6618 comm="syz.3.753" path="socket:[14547]" dev="sockfs" ino=14547 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  197.606300][ T3740] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.618821][ T6621] loop3: detected capacity change from 0 to 512
[  197.642812][ T3740] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.700348][ T6622] lo speed is unknown, defaulting to 1000
[  197.712380][ T3740] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.723509][   T28] audit: type=1400 audit(1775675589.001:1441): avc:  denied  { read } for  pid=6618 comm="syz.3.753" path="socket:[14547]" dev="sockfs" ino=14547 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  198.313467][ T6621] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.378169][ T6622] infiniband syU×: set down
[  198.387138][   T36] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0
[  198.395750][ T3424] lo speed is unknown, defaulting to 1000
[  198.405603][ T6631] lo speed is unknown, defaulting to 1000
[  198.418865][ T6621] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.431434][   T36] hid-generic 0000:0000:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  198.457742][ T6631] lo speed is unknown, defaulting to 1000
[  198.475672][ T6622] infiniband syU×: added lo
[  198.553717][ T6622] RDS/IB: syU×: added
[  198.583811][ T6622] smc: adding ib device syU× with port count 1
[  198.604017][ T6622] smc:    ib device syU× port 1 has no pnetid
[  198.623605][   T10] lo speed is unknown, defaulting to 1000
[  198.765010][ T6622] lo speed is unknown, defaulting to 1000
[  198.792500][ T6640] loop5: detected capacity change from 0 to 1024
[  198.914499][ T6640] EXT4-fs (loop5): filesystem too large to mount safely on this system
[  198.925229][ T6622] lo speed is unknown, defaulting to 1000
[  198.963303][ T6640] netlink: 72 bytes leftover after parsing attributes in process `syz.5.756'.
[  198.993811][ T6640] netlink: 20 bytes leftover after parsing attributes in process `syz.5.756'.
[  199.027763][   T36] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0
[  199.046474][   T36] hid-generic 0000:0000:0000.002E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  199.065777][ T6622] lo speed is unknown, defaulting to 1000
[  199.143750][ T6622] lo speed is unknown, defaulting to 1000
[  199.224183][ T6622] lo speed is unknown, defaulting to 1000
[  199.416199][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.748791][ T6654] FAULT_INJECTION: forcing a failure.
[  199.748791][ T6654] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.803964][ T6654] CPU: 0 UID: 0 PID: 6654 Comm: syz.0.760 Not tainted syzkaller #0 PREEMPT(full) 
[  199.804065][ T6654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  199.804129][ T6654] Call Trace:
[  199.804139][ T6654]  <TASK>
[  199.804149][ T6654]  __dump_stack+0x1d/0x30
[  199.804188][ T6654]  dump_stack_lvl+0x95/0xd0
[  199.804218][ T6654]  dump_stack+0x15/0x1b
[  199.804291][ T6654]  should_fail_ex+0x263/0x280
[  199.804398][ T6654]  should_fail+0xb/0x20
[  199.804469][ T6654]  should_fail_usercopy+0x1a/0x20
[  199.804505][ T6654]  _copy_to_user+0x20/0xa0
[  199.804538][ T6654]  simple_read_from_buffer+0xb5/0x130
[  199.804604][ T6654]  proc_fail_nth_read+0x10e/0x150
[  199.804642][ T6654]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  199.804682][ T6654]  vfs_read+0x1ab/0x7f0
[  199.804710][ T6654]  ? __rcu_read_unlock+0x4e/0x70
[  199.804739][ T6654]  ? __fget_files+0x184/0x1c0
[  199.804773][ T6654]  ? mutex_lock+0x57/0x90
[  199.804801][ T6654]  ksys_read+0xdc/0x1a0
[  199.804821][ T6654]  __x64_sys_read+0x40/0x50
[  199.804851][ T6654]  x64_sys_call+0x2886/0x3020
[  199.804887][ T6654]  do_syscall_64+0x12c/0x370
[  199.804973][ T6654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.805081][ T6654] RIP: 0033:0x7f292284d04e
[  199.805098][ T6654] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  199.805120][ T6654] RSP: 002b:00007f29212e6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  199.805197][ T6654] RAX: ffffffffffffffda RBX: 00007f29212e76c0 RCX: 00007f292284d04e
[  199.805211][ T6654] RDX: 000000000000000f RSI: 00007f29212e70a0 RDI: 0000000000000005
[  199.805224][ T6654] RBP: 00007f29212e7090 R08: 0000000000000000 R09: 0000000000000000
[  199.805236][ T6654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.805248][ T6654] R13: 00007f2922b06038 R14: 00007f2922b05fa0 R15: 00007ffd5f910b08
[  199.805269][ T6654]  </TASK>
[  200.121773][ T3487] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[  200.135310][ T3487] hid-generic 0000:0000:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  200.255786][ T6667] netlink: 72 bytes leftover after parsing attributes in process `syz.0.762'.
[  200.309486][ T6667] netlink: 20 bytes leftover after parsing attributes in process `syz.0.762'.
[  200.522170][ T6672] netlink: 'syz.5.764': attribute type 17 has an invalid length.
[  200.541770][ T6672] netlink: 8 bytes leftover after parsing attributes in process `syz.5.764'.
[  202.025242][ T6688] lo speed is unknown, defaulting to 1000
[  202.031986][ T6688] lo speed is unknown, defaulting to 1000
[  202.229363][   T10] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0
[  202.323808][   T10] hid-generic 0000:0000:0000.0030: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  203.117089][ T6710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.774'.
[  204.980204][   T28] audit: type=1400 audit(1775675596.421:1442): avc:  denied  { listen } for  pid=6718 comm="syz.0.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  205.260843][ T6721] netlink: 'syz.0.776': attribute type 8 has an invalid length.
[  205.332413][   T28] audit: type=1400 audit(1775675596.691:1443): avc:  denied  { lock } for  pid=6718 comm="syz.0.776" path="socket:[14883]" dev="sockfs" ino=14883 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  205.952440][ T6730] netlink: 72 bytes leftover after parsing attributes in process `syz.0.779'.
[  205.999507][ T6725] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  206.051713][ T6735] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2049 sclass=netlink_route_socket pid=6735 comm=syz.2.780
[  206.077653][ T6730] netlink: 20 bytes leftover after parsing attributes in process `syz.0.779'.
[  206.445187][   T28] audit: type=1400 audit(1775675597.891:1444): avc:  denied  { bind } for  pid=6740 comm="syz.3.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  206.510784][   T28] audit: type=1400 audit(1775675597.911:1445): avc:  denied  { write } for  pid=6740 comm="syz.3.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  206.894587][ T6751] syz.0.785 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  206.904849][ T6751] CPU: 1 UID: 0 PID: 6751 Comm: syz.0.785 Not tainted syzkaller #0 PREEMPT(full) 
[  206.904900][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  206.904961][ T6751] Call Trace:
[  206.904969][ T6751]  <TASK>
[  206.904977][ T6751]  __dump_stack+0x1d/0x30
[  206.905005][ T6751]  dump_stack_lvl+0x95/0xd0
[  206.905029][ T6751]  dump_stack+0x15/0x1b
[  206.905055][ T6751]  dump_header+0x80/0x240
[  206.905120][ T6751]  oom_kill_process+0x295/0x350
[  206.905147][ T6751]  out_of_memory+0x97d/0xb80
[  206.905172][ T6751]  try_charge_memcg+0x62e/0xa10
[  206.905245][ T6751]  obj_cgroup_charge_pages+0x23/0xc0
[  206.905289][ T6751]  obj_cgroup_charge_account+0x73/0x1a0
[  206.905321][ T6751]  __memcg_slab_post_alloc_hook+0x392/0x540
[  206.905422][ T6751]  ? sockfs_init_fs_context+0x61/0x80
[  206.905457][ T6751]  kmem_cache_alloc_lru_noprof+0x1eb/0x410
[  206.905485][ T6751]  ? sock_alloc_inode+0x34/0xa0
[  206.905543][ T6751]  ? __pfx_sock_alloc_inode+0x10/0x10
[  206.905568][ T6751]  sock_alloc_inode+0x34/0xa0
[  206.905595][ T6751]  alloc_inode+0x40/0x170
[  206.905672][ T6751]  __sock_create+0x120/0x580
[  206.905770][ T6751]  ? __se_sys_futex+0x2f6/0x370
[  206.905811][ T6751]  ? xfd_validate_state+0x45/0xf0
[  206.905846][ T6751]  __sys_socket+0xaf/0x180
[  206.905934][ T6751]  __x64_sys_socket+0x3f/0x50
[  206.905971][ T6751]  x64_sys_call+0x11fc/0x3020
[  206.906007][ T6751]  do_syscall_64+0x12c/0x370
[  206.906071][ T6751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.906153][ T6751] RIP: 0033:0x7f292288c819
[  206.906170][ T6751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  206.906195][ T6751] RSP: 002b:00007f29212c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  206.906223][ T6751] RAX: ffffffffffffffda RBX: 00007f2922b06090 RCX: 00007f292288c819
[  206.906243][ T6751] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f
[  206.906258][ T6751] RBP: 00007f2922922c91 R08: 0000000000000000 R09: 0000000000000000
[  206.906308][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.906320][ T6751] R13: 00007f2922b06128 R14: 00007f2922b06090 R15: 00007ffd5f910b08
[  206.906343][ T6751]  </TASK>
[  206.906353][ T6751] memory: usage 307200kB, limit 307200kB, failcnt 540
[  207.158970][ T6751] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  207.167042][ T6751] kmem: usage 306760kB, limit 9007199254740988kB, failcnt 0
[  207.174739][ T6751] Memory cgroup stats for /syz0:
[  207.174981][ T6751] cache 143360
[  207.183883][ T6751] rss 122880
[  207.187209][ T6751] shmem 0
[  207.190260][ T6751] mapped_file 143360
[  207.194294][ T6751] dirty 143360
[  207.197811][ T6751] writeback 192512
[  207.201588][ T6751] workingset_refault_anon 0
[  207.206222][ T6751] workingset_refault_file 0
[  207.211255][ T6751] swap 0
[  207.214520][ T6751] swapcached 192512
[  207.218363][ T6751] pgpgin 190477
[  207.221943][ T6751] pgpgout 190395
[  207.225623][ T6751] pgfault 194402
[  207.229194][ T6751] pgmajfault 4
[  207.232961][ T6751] inactive_anon 192512
[  207.237078][ T6751] active_anon 0
[  207.240573][ T6751] inactive_file 143360
[  207.244902][ T6751] active_file 0
[  207.248515][ T6751] unevictable 0
[  207.252023][ T6751] hierarchical_memory_limit 314572800
[  207.276592][ T6751] hierarchical_memsw_limit 9223372036854771712
[  207.282826][ T6751] total_cache 143360
[  207.286777][ T6751] total_rss 122880
[  207.290528][ T6751] total_shmem 0
[  207.294057][ T6751] total_mapped_file 143360
[  207.299532][ T6751] total_dirty 143360
[  207.303673][ T6751] total_writeback 192512
[  207.308196][ T6751] total_workingset_refault_anon 0
[  207.313638][ T6751] total_workingset_refault_file 0
[  207.318879][ T6751] total_swap 0
[  207.322406][ T6751] total_swapcached 192512
[  207.327225][ T6751] total_pgpgin 190477
[  207.331244][ T6751] total_pgpgout 190395
[  207.335568][ T6751] total_pgfault 194402
[  207.340246][ T6751] total_pgmajfault 4
[  207.344397][ T6751] total_inactive_anon 192512
[  207.349103][ T6751] total_active_anon 0
[  207.353384][ T6751] total_inactive_file 143360
[  207.358142][ T6751] total_active_file 0
[  207.362148][ T6751] total_unevictable 0
[  207.366178][ T6751] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.785,pid=6748,uid=0
[  207.381451][ T6751] Memory cgroup out of memory: Killed process 6748 (syz.0.785) total-vm:96344kB, anon-rss:1360kB, file-rss:22480kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  207.753634][   T28] audit: type=1400 audit(1775675599.171:1446): avc:  denied  { read } for  pid=6759 comm="syz.5.788" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  207.901116][ T6765] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  208.090858][ T6765] lo speed is unknown, defaulting to 1000
[  208.107641][ T6765] lo speed is unknown, defaulting to 1000
[  208.730996][   T28] audit: type=1400 audit(1775675599.171:1447): avc:  denied  { open } for  pid=6759 comm="syz.5.788" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  208.765810][   T10] IPVS: starting estimator thread 0...
[  208.853620][ T6767] IPVS: using max 2208 ests per chain, 110400 per kthread
[  208.970662][ T6741] lo speed is unknown, defaulting to 1000
[  209.023959][ T6741] lo speed is unknown, defaulting to 1000
[  209.042554][ T6771] syzkaller0: entered promiscuous mode
[  209.058779][ T6771] syzkaller0: entered allmulticast mode
[  209.173329][ T6773] loop5: detected capacity change from 0 to 1024
[  209.190784][ T6773] EXT4-fs: Ignoring removed mblk_io_submit option
[  209.219926][ T6773] EXT4-fs: Ignoring removed oldalloc option
[  209.258257][ T6773] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  209.297571][ T6773] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.340644][ T6773] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.791: bg 0: block 112: padding at end of block bitmap is not set
[  209.422578][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.792'.
[  209.454596][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  210.165949][ T6790] netlink: 72 bytes leftover after parsing attributes in process `syz.0.795'.
[  210.259604][ T6790] netlink: 20 bytes leftover after parsing attributes in process `syz.0.795'.
[  210.322262][ T3487] hid-generic 0000:0000:0000.0031: unknown main item tag 0x0
[  210.354628][ T3487] hid-generic 0000:0000:0000.0031: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  210.853694][   T10] hid-generic 0000:0000:0000.0032: unknown main item tag 0x0
[  211.001370][   T10] hid-generic 0000:0000:0000.0032: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  211.479960][ T6823] openvswitch: netlink: ct_state flags 000070b3 unsupported
[  211.805998][ T6828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.805'.
[  211.866218][   T28] audit: type=1400 audit(1775675603.301:1448): avc:  denied  { bind } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  211.922687][   T28] audit: type=1400 audit(1775675603.311:1449): avc:  denied  { listen } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  211.962380][   T28] audit: type=1400 audit(1775675603.311:1450): avc:  denied  { connect } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  211.994616][ T6838] loop3: detected capacity change from 0 to 2048
[  212.063547][   T28] audit: type=1400 audit(1775675603.331:1451): avc:  denied  { accept } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  212.088139][ T6838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.111688][   T28] audit: type=1400 audit(1775675603.331:1452): avc:  denied  { setopt } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  212.163336][ T6847] loop5: detected capacity change from 0 to 1024
[  212.240831][   T28] audit: type=1400 audit(1775675603.331:1453): avc:  denied  { write } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  212.261398][   T28] audit: type=1400 audit(1775675603.331:1454): avc:  denied  { read } for  pid=6832 comm="syz.3.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  212.314091][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.332429][ T6847] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  212.368572][ T6847] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  212.377738][ T6852] netlink: 'syz.2.813': attribute type 4 has an invalid length.
[  212.397091][ T6852] netlink: 'syz.2.813': attribute type 4 has an invalid length.
[  212.419163][   T28] audit: type=1326 audit(1775675603.861:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6851 comm="syz.3.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  212.444063][   T28] audit: type=1326 audit(1775675603.861:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6851 comm="syz.3.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  212.471556][ T6847] EXT4-fs error (device loop5): ext4_map_blocks:828: inode #15: comm syz.5.811: lblock 0 mapped to illegal pblock 0 (length 1)
[  212.494549][   T28] audit: type=1326 audit(1775675603.861:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6851 comm="syz.3.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  212.532936][ T6847] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  212.545689][ T6847] EXT4-fs (loop5): This should not happen!! Data will be lost
[  212.545689][ T6847] 
[  212.572667][ T6853] lo speed is unknown, defaulting to 1000
[  212.587186][ T6853] lo speed is unknown, defaulting to 1000
[  213.327054][ T5317] EXT4-fs warning (device loop5): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  213.364123][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  213.662051][ T6877] lo speed is unknown, defaulting to 1000
[  213.708320][ T6877] lo speed is unknown, defaulting to 1000
[  214.027272][ T6880] loop5: detected capacity change from 0 to 1024
[  214.135837][ T6880] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.324025][ T6882] lo speed is unknown, defaulting to 1000
[  214.345879][ T6882] lo speed is unknown, defaulting to 1000
[  214.631024][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.745408][ T6901] loop3: detected capacity change from 0 to 512
[  214.777851][ T6901] EXT4-fs: Ignoring removed bh option
[  214.920695][ T6901] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  215.043455][ T6901] EXT4-fs (loop3): 1 truncate cleaned up
[  215.099228][ T6901] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.640930][ T6909] lo speed is unknown, defaulting to 1000
[  215.648938][ T6909] lo speed is unknown, defaulting to 1000
[  215.801488][ T6917] netlink: 'syz.0.832': attribute type 1 has an invalid length.
[  216.021333][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.248278][ T6923] loop3: detected capacity change from 0 to 1024
[  216.314673][ T6923] EXT4-fs (loop3): filesystem too large to mount safely on this system
[  216.858427][ T6923] netlink: 72 bytes leftover after parsing attributes in process `syz.3.833'.
[  216.883630][ T6923] netlink: 20 bytes leftover after parsing attributes in process `syz.3.833'.
[  216.911649][   T28] kauditd_printk_skb: 503 callbacks suppressed
[  216.911667][   T28] audit: type=1400 audit(1775675608.351:1961): avc:  denied  { create } for  pid=6919 comm="syz.3.833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  217.063285][   T28] audit: type=1400 audit(1775675608.381:1962): avc:  denied  { ioctl } for  pid=6919 comm="syz.3.833" path="socket:[15482]" dev="sockfs" ino=15482 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  218.043771][   T28] audit: type=1400 audit(1775675608.521:1963): avc:  denied  { mount } for  pid=6932 comm="syz.1.837" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  218.084653][   T28] audit: type=1400 audit(1775675608.581:1965): avc:  denied  { setopt } for  pid=6928 comm="syz.2.835" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  218.116289][   T28] audit: type=1400 audit(1775675609.341:1966): avc:  denied  { module_request } for  pid=6936 comm="syz.5.838" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  218.177849][   T28] audit: type=1400 audit(1775675608.541:1964): avc:  denied  { create } for  pid=6933 comm="syz.0.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  218.200546][   T28] audit: type=1400 audit(1775675609.481:1967): avc:  denied  { unmount } for  pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  218.222051][   T28] audit: type=1400 audit(1775675609.511:1968): avc:  denied  { read } for  pid=6933 comm="syz.0.836" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  218.890208][   T28] audit: type=1400 audit(1775675609.511:1969): avc:  denied  { open } for  pid=6933 comm="syz.0.836" path="/dev/ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  219.161449][   T28] audit: type=1400 audit(1775675609.521:1970): avc:  denied  { ioctl } for  pid=6933 comm="syz.0.836" path="/dev/ptp0" dev="devtmpfs" ino=247 ioctlcmd=0x3d11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  221.274825][ T6968] netlink: 8 bytes leftover after parsing attributes in process `syz.5.842'.
[  222.197198][   T28] kauditd_printk_skb: 42 callbacks suppressed
[  222.197242][   T28] audit: type=1326 audit(1775675613.621:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.265841][ T6971] bond2: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  222.276554][   T28] audit: type=1326 audit(1775675613.621:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.420729][   T28] audit: type=1326 audit(1775675613.671:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.532392][ T6987] loop5: detected capacity change from 0 to 512
[  222.542739][   T28] audit: type=1326 audit(1775675613.671:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.575984][ T6987] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[  222.601886][ T6991] audit: audit_backlog=65 > audit_backlog_limit=64
[  222.643734][ T6991] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  222.666778][   T28] audit: type=1326 audit(1775675613.671:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.699899][ T6991] audit: backlog limit exceeded
[  222.710474][   T28] audit: type=1326 audit(1775675613.671:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.741003][   T28] audit: type=1326 audit(1775675613.671:2019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6962 comm="syz.0.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f292288c819 code=0x7ffc0000
[  222.782927][ T6971] bond2 (unregistering): Released all slaves
[  222.910239][ T6974] lo speed is unknown, defaulting to 1000
[  222.940807][ T6974] lo speed is unknown, defaulting to 1000
[  223.066475][ T6999] loop5: detected capacity change from 0 to 512
[  223.077596][ T6999] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  223.188874][ T6999] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  223.308875][ T7010] loop3: detected capacity change from 0 to 1024
[  223.361661][ T7010] EXT4-fs (loop3): filesystem too large to mount safely on this system
[  223.572478][ T7010] netlink: 72 bytes leftover after parsing attributes in process `syz.3.853'.
[  223.669306][ T7027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.859'.
[  223.749428][ T7010] netlink: 20 bytes leftover after parsing attributes in process `syz.3.853'.
[  223.835237][ T7025] netlink: 'syz.0.862': attribute type 4 has an invalid length.
[  224.142379][ T7030] FAULT_INJECTION: forcing a failure.
[  224.142379][ T7030] name failslab, interval 1, probability 0, space 0, times 0
[  224.293584][ T7030] CPU: 1 UID: 0 PID: 7030 Comm: syz.5.863 Not tainted syzkaller #0 PREEMPT(full) 
[  224.293621][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  224.293639][ T7030] Call Trace:
[  224.293649][ T7030]  <TASK>
[  224.293659][ T7030]  __dump_stack+0x1d/0x30
[  224.293744][ T7030]  dump_stack_lvl+0x95/0xd0
[  224.293820][ T7030]  dump_stack+0x15/0x1b
[  224.293858][ T7030]  should_fail_ex+0x263/0x280
[  224.293895][ T7030]  should_failslab+0x8c/0xb0
[  224.293919][ T7030]  kmem_cache_alloc_noprof+0x66/0x400
[  224.293961][ T7030]  ? alloc_empty_file+0x76/0x200
[  224.293997][ T7030]  alloc_empty_file+0x76/0x200
[  224.294057][ T7030]  path_openat+0x65/0x2050
[  224.294079][ T7030]  ? __rcu_read_unlock+0x4e/0x70
[  224.294102][ T7030]  ? terminate_walk+0x1e6/0x210
[  224.294218][ T7030]  ? path_openat+0x1ab2/0x2050
[  224.294243][ T7030]  ? path_openat+0x1b01/0x2050
[  224.294268][ T7030]  ? _parse_integer_limit+0x170/0x190
[  224.294299][ T7030]  do_file_open+0x16c/0x290
[  224.294391][ T7030]  do_open_execat+0xab/0x240
[  224.294425][ T7030]  alloc_bprm+0x25/0x350
[  224.294482][ T7030]  do_execveat_common+0x104/0x720
[  224.294508][ T7030]  ? do_getname+0x102/0x1c0
[  224.294538][ T7030]  __x64_sys_execve+0x5f/0x80
[  224.294620][ T7030]  x64_sys_call+0x2752/0x3020
[  224.294650][ T7030]  do_syscall_64+0x12c/0x370
[  224.294688][ T7030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.294712][ T7030] RIP: 0033:0x7fef0490c819
[  224.294779][ T7030] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.294799][ T7030] RSP: 002b:00007fef03367028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  224.294819][ T7030] RAX: ffffffffffffffda RBX: 00007fef04b85fa0 RCX: 00007fef0490c819
[  224.294897][ T7030] RDX: 0000200000010280 RSI: 0000000000000000 RDI: 0000200000000000
[  224.294925][ T7030] RBP: 00007fef03367090 R08: 0000000000000000 R09: 0000000000000000
[  224.294941][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.294954][ T7030] R13: 00007fef04b86038 R14: 00007fef04b85fa0 R15: 00007ffce2b1c7b8
[  224.295013][ T7030]  </TASK>
[  225.628492][ T7043] syzkaller1: entered promiscuous mode
[  225.643780][ T7043] syzkaller1: entered allmulticast mode
[  226.097806][ T7066] loop3: detected capacity change from 0 to 512
[  226.168526][ T7066] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.874: inode has both inline data and extents flags
[  226.186807][    T9] hid-generic 0000:0000:0000.0033: unknown main item tag 0x0
[  226.228731][    T9] hid-generic 0000:0000:0000.0033: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  226.256897][ T7066] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  226.257178][ T7066] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.874: couldn't read orphan inode 15 (err -117)
[  226.266803][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  226.266838][    C0] EXT4-fs (loop3): initial error at time 1775675617: ext4_orphan_get:1397: inode 15
[  226.266896][    C0] EXT4-fs (loop3): last error at time 1775675617: ext4_orphan_get:1397: inode 15
[  226.331144][ T7066] loop3: lost filesystem error report for type 5 error -117
[  226.337407][ T7066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.797366][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.493215][   T28] kauditd_printk_skb: 352 callbacks suppressed
[  227.493245][   T28] audit: type=1400 audit(1775675618.931:2372): avc:  denied  { create } for  pid=7100 comm="syz.5.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  227.599661][   T28] audit: type=1400 audit(1775675618.971:2373): avc:  denied  { bind } for  pid=7100 comm="syz.5.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  227.659242][   T28] audit: type=1400 audit(1775675618.971:2374): avc:  denied  { write } for  pid=7100 comm="syz.5.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  227.680618][   T28] audit: type=1400 audit(1775675619.001:2375): avc:  denied  { create } for  pid=7086 comm="syz.3.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  227.714027][   T28] audit: type=1400 audit(1775675619.021:2376): avc:  denied  { write } for  pid=7086 comm="syz.3.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  227.739584][   T28] audit: type=1400 audit(1775675619.181:2377): avc:  denied  { create } for  pid=7103 comm="syz.5.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.848655][   T28] audit: type=1400 audit(1775675619.291:2378): avc:  denied  { bind } for  pid=7103 comm="syz.5.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.864562][ T7112] netlink: 'syz.0.885': attribute type 1 has an invalid length.
[  227.884473][ T7106] bridge0: entered promiscuous mode
[  227.889731][   T28] audit: type=1400 audit(1775675619.291:2379): avc:  denied  { write } for  pid=7103 comm="syz.5.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.901082][ T7106] macvlan2: entered allmulticast mode
[  227.942404][ T7106] bridge0: entered allmulticast mode
[  227.952231][   T28] audit: type=1400 audit(1775675619.291:2380): avc:  denied  { read } for  pid=7103 comm="syz.5.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.953134][ T7106] bridge0: port 3(macvlan2) entered blocking state
[  227.991798][ T7106] bridge0: port 3(macvlan2) entered disabled state
[  227.999653][   T28] audit: type=1400 audit(1775675619.371:2381): avc:  denied  { connect } for  pid=7103 comm="syz.5.882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  228.022865][ T7113] loop5: detected capacity change from 0 to 512
[  228.025174][ T7106] bridge0: left allmulticast mode
[  228.050354][ T7113] EXT4-fs (loop5): can't mount with commit=, fs mounted w/o journal
[  228.053863][ T7106] bridge0: left promiscuous mode
[  228.093036][ T7112] bond1: entered promiscuous mode
[  228.108976][ T7112] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.130343][ T7114] vlan2: entered allmulticast mode
[  228.135908][ T7114] bond1: entered allmulticast mode
[  228.149130][ T7116] bond1: (slave bridge1): making interface the new active one
[  228.159923][ T7116] bridge1: entered promiscuous mode
[  228.183860][ T7116] bridge1: entered allmulticast mode
[  228.195025][ T7116] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  228.475344][ T3421] hid-generic 0000:0000:0000.0034: unknown main item tag 0x0
[  228.486761][ T3421] hid-generic 0000:0000:0000.0034: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  228.948983][ T7140] netlink: 20 bytes leftover after parsing attributes in process `syz.3.892'.
[  229.069769][ T7144] netlink: 16 bytes leftover after parsing attributes in process `syz.1.893'.
[  229.081249][ T7144] tipc: Invalid UDP bearer configuration
[  229.081263][ T7144] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  230.023267][ T7139] syzkaller0: entered promiscuous mode
[  230.029448][ T7139] syzkaller0: entered allmulticast mode
[  230.039093][ T7153] Invalid logical block size (-3)
[  231.286183][ T7150] netlink: 72 bytes leftover after parsing attributes in process `syz.2.896'.
[  231.295676][ T7150] netlink: 20 bytes leftover after parsing attributes in process `syz.2.896'.
[  231.629748][ T7173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.901'.
[  232.460081][ T7187] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7187 comm=syz.5.905
[  232.508608][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.5.905'.
[  233.313785][ T7191] sctp: [Deprecated]: syz.1.906 (pid 7191) Use of int in max_burst socket option.
[  233.313785][ T7191] Use struct sctp_assoc_value instead
[  233.540559][   T28] kauditd_printk_skb: 12 callbacks suppressed
[  233.540579][   T28] audit: type=1400 audit(2000000000.990:2394): avc:  denied  { create } for  pid=7198 comm="syz.5.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  233.616313][   T28] audit: type=1400 audit(2000000001.070:2395): avc:  denied  { name_bind } for  pid=7198 comm="syz.5.910" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  233.693115][ T7201] bond1: option tlb_dynamic_lb: invalid value (255)
[  233.723920][   T28] audit: type=1400 audit(2000000001.070:2396): avc:  denied  { node_bind } for  pid=7198 comm="syz.5.910" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  234.701093][   T28] audit: type=1400 audit(2000000001.950:2397): avc:  denied  { bind } for  pid=7198 comm="syz.5.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.721371][   T28] audit: type=1400 audit(2000000001.950:2398): avc:  denied  { name_bind } for  pid=7198 comm="syz.5.910" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  234.826464][   T28] audit: type=1400 audit(2000000001.950:2399): avc:  denied  { node_bind } for  pid=7198 comm="syz.5.910" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  235.105792][ T3710] Bluetooth: hci0: Frame reassembly failed (-84)
[  235.112764][ T7201] bond1 (unregistering): Released all slaves
[  235.200796][ T7207] netlink: 'syz.3.909': attribute type 66 has an invalid length.
[  235.595278][   T28] audit: type=1400 audit(2000000003.050:2400): avc:  denied  { prog_load } for  pid=7231 comm="syz.1.919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  235.665724][   T28] audit: type=1400 audit(2000000003.050:2401): avc:  denied  { bpf } for  pid=7231 comm="syz.1.919" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  235.736392][   T28] audit: type=1400 audit(2000000003.080:2402): avc:  denied  { map_create } for  pid=7231 comm="syz.1.919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  235.779930][   T28] audit: type=1400 audit(2000000003.090:2403): avc:  denied  { create } for  pid=7230 comm="syz.2.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  237.164747][ T3594] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  237.996765][ T7248] netlink: 68 bytes leftover after parsing attributes in process `syz.3.922'.
[  238.620026][   T28] kauditd_printk_skb: 40 callbacks suppressed
[  238.620044][   T28] audit: type=1400 audit(2000000006.070:2444): avc:  denied  { read append } for  pid=7259 comm="syz.0.926" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  238.677973][ T7263] syzkaller0: entered promiscuous mode
[  238.696323][ T7263] syzkaller0: entered allmulticast mode
[  238.754036][   T28] audit: type=1400 audit(2000000006.110:2445): avc:  denied  { open } for  pid=7259 comm="syz.0.926" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  238.874986][   T28] audit: type=1400 audit(2000000006.110:2446): avc:  denied  { name_bind } for  pid=7258 comm="syz.2.927" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  238.983557][   T28] audit: type=1400 audit(2000000006.160:2447): avc:  denied  { create } for  pid=7267 comm="syz.0.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  239.029995][ T7280] lo speed is unknown, defaulting to 1000
[  239.049944][ T7280] lo speed is unknown, defaulting to 1000
[  239.060736][ T7281] netlink: 72 bytes leftover after parsing attributes in process `syz.0.931'.
[  239.075559][   T28] audit: type=1400 audit(2000000006.160:2448): avc:  denied  { map } for  pid=7267 comm="syz.0.929" path="socket:[15982]" dev="sockfs" ino=15982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  239.141887][ T7281] netlink: 20 bytes leftover after parsing attributes in process `syz.0.931'.
[  239.175046][   T28] audit: type=1400 audit(2000000006.160:2449): avc:  denied  { read } for  pid=7267 comm="syz.0.929" path="socket:[15982]" dev="sockfs" ino=15982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  239.331094][   T28] audit: type=1400 audit(2000000006.160:2450): avc:  denied  { setopt } for  pid=7262 comm="syz.5.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  239.446899][   T28] audit: type=1400 audit(2000000006.160:2451): avc:  denied  { write } for  pid=7262 comm="syz.5.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  239.563816][   T28] audit: type=1400 audit(2000000006.170:2452): avc:  denied  { setopt } for  pid=7267 comm="syz.0.929" lport=17 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  239.686791][   T28] audit: type=1400 audit(2000000006.290:2453): avc:  denied  { create } for  pid=7272 comm="syz.0.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  241.924738][ T7310] lo speed is unknown, defaulting to 1000
[  242.187134][ T7304] loop3: detected capacity change from 0 to 164
[  242.845921][ T7310] lo speed is unknown, defaulting to 1000
[  244.267258][ T7304] rock: directory entry would overflow storage
[  244.274516][ T7304] rock: sig=0x66, size=4, remaining=3
[  244.286844][   T28] kauditd_printk_skb: 20 callbacks suppressed
[  244.286863][   T28] audit: type=1400 audit(2000000011.740:2474): avc:  denied  { mount } for  pid=7293 comm="syz.3.939" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  245.154426][   T28] audit: type=1400 audit(2000000012.310:2475): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  245.175651][   T28] audit: type=1400 audit(2000000012.490:2476): avc:  denied  { bind } for  pid=7316 comm="syz.2.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  245.190129][ T7324] netlink: 'syz.2.948': attribute type 21 has an invalid length.
[  245.197732][   T28] audit: type=1400 audit(2000000012.500:2477): avc:  denied  { create } for  pid=7316 comm="syz.2.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  245.256000][   T28] audit: type=1400 audit(2000000012.530:2478): avc:  denied  { write } for  pid=7316 comm="syz.2.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  245.276085][ T7324] netlink: 'syz.2.948': attribute type 1 has an invalid length.
[  245.284405][ T7324] netlink: 132 bytes leftover after parsing attributes in process `syz.2.948'.
[  245.392708][   T28] audit: type=1400 audit(2000000012.590:2479): avc:  denied  { allowed } for  pid=7320 comm="syz.0.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  245.413673][   T28] audit: type=1400 audit(2000000012.600:2480): avc:  denied  { create } for  pid=7320 comm="syz.0.947" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  245.436872][   T28] audit: type=1400 audit(2000000012.630:2481): avc:  denied  { create } for  pid=7323 comm="syz.2.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  245.443826][ T7330] netlink: 'syz.5.950': attribute type 13 has an invalid length.
[  245.465519][   T28] audit: type=1400 audit(2000000012.680:2482): avc:  denied  { create } for  pid=7320 comm="syz.0.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  245.573807][ T7333] netlink: 68 bytes leftover after parsing attributes in process `syz.1.949'.
[  246.159619][ T7330] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.167045][ T7330] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.344569][ T7330] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.366944][ T7330] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.454254][   T28] audit: type=1400 audit(2000000013.900:2483): avc:  denied  { create } for  pid=7353 comm="syz.2.952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  246.556994][ T3731] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.584984][ T3731] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.627029][ T3731] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  246.677503][ T3731] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  247.040528][ T7368] loop5: detected capacity change from 0 to 1024
[  247.065682][ T7368] EXT4-fs (loop5): filesystem too large to mount safely on this system
[  247.374528][ T7368] netlink: 72 bytes leftover after parsing attributes in process `syz.5.957'.
[  247.394532][ T7368] netlink: 20 bytes leftover after parsing attributes in process `syz.5.957'.
[  247.672084][ T7384] loop3: detected capacity change from 0 to 1024
[  247.984625][ T7384] EXT4-fs (loop3): filesystem too large to mount safely on this system
[  248.076797][ T7391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.964'.
[  250.013588][   T28] kauditd_printk_skb: 41 callbacks suppressed
[  250.013620][   T28] audit: type=1400 audit(2000000017.000:2525): avc:  denied  { open } for  pid=7389 comm="syz.2.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  250.265976][ T7393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'.
[  251.475388][   T28] audit: type=1400 audit(2000000017.010:2526): avc:  denied  { perfmon } for  pid=7389 comm="syz.2.965" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  251.504209][   T28] audit: type=1400 audit(2000000017.010:2527): avc:  denied  { kernel } for  pid=7389 comm="syz.2.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  251.527501][   T28] audit: type=1400 audit(2000000017.110:2528): avc:  denied  { write } for  pid=7389 comm="syz.2.965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  251.547356][   T28] audit: type=1400 audit(2000000018.140:2529): avc:  denied  { module_request } for  pid=7389 comm="syz.2.965" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  251.590353][   T28] audit: type=1400 audit(2000000018.590:2530): avc:  denied  { sys_module } for  pid=7389 comm="syz.2.965" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  251.623769][   T28] audit: type=1400 audit(2000000018.880:2531): avc:  denied  { create } for  pid=7398 comm="syz.3.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  251.645442][   T28] audit: type=1400 audit(2000000018.880:2532): avc:  denied  { write } for  pid=7398 comm="syz.3.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  251.678548][   T28] audit: type=1400 audit(2000000018.880:2533): avc:  denied  { read write } for  pid=5317 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  251.704190][   T28] audit: type=1400 audit(2000000018.880:2534): avc:  denied  { open } for  pid=5317 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  251.835366][ T7427] lo speed is unknown, defaulting to 1000
[  251.841778][ T7427] lo speed is unknown, defaulting to 1000
[  252.400214][    T9] hid-generic 0000:0000:0000.0035: unknown main item tag 0x0
[  252.409265][    T9] hid-generic 0000:0000:0000.0035: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  252.680616][ T7464] loop3: detected capacity change from 0 to 1024
[  252.702625][ T7464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.128020][ T7489] loop5: detected capacity change from 0 to 512
[  253.139054][ T7489] ext4: Unknown parameter 'fowner'
[  254.171052][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.133533][   T28] kauditd_printk_skb: 750 callbacks suppressed
[  255.133551][   T28] audit: type=1400 audit(2000000022.500:3285): avc:  denied  { prog_load } for  pid=7501 comm="syz.5.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  255.190140][   T28] audit: type=1400 audit(2000000022.500:3286): avc:  denied  { bpf } for  pid=7501 comm="syz.5.998" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  255.284359][ T7508] FAULT_INJECTION: forcing a failure.
[  255.284359][ T7508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  255.291219][   T28] audit: type=1400 audit(2000000022.500:3287): avc:  denied  { perfmon } for  pid=7501 comm="syz.5.998" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  255.328290][ T7508] CPU: 1 UID: 0 PID: 7508 Comm: syz.3.994 Not tainted syzkaller #0 PREEMPT(full) 
[  255.328319][ T7508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  255.328362][ T7508] Call Trace:
[  255.328370][ T7508]  <TASK>
[  255.328379][ T7508]  __dump_stack+0x1d/0x30
[  255.328410][ T7508]  dump_stack_lvl+0x95/0xd0
[  255.328442][ T7508]  dump_stack+0x15/0x1b
[  255.328487][ T7508]  should_fail_ex+0x263/0x280
[  255.328517][ T7508]  should_fail+0xb/0x20
[  255.328623][ T7508]  should_fail_usercopy+0x1a/0x20
[  255.328654][ T7508]  _copy_to_user+0x20/0xa0
[  255.328779][ T7508]  simple_read_from_buffer+0xb5/0x130
[  255.328804][ T7508]  proc_fail_nth_read+0x10e/0x150
[  255.328886][ T7508]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  255.328921][ T7508]  vfs_read+0x1ab/0x7f0
[  255.328980][ T7508]  ? __rcu_read_unlock+0x4e/0x70
[  255.329003][ T7508]  ? __fget_files+0x184/0x1c0
[  255.329029][ T7508]  ? mutex_lock+0x57/0x90
[  255.329049][ T7508]  ksys_read+0xdc/0x1a0
[  255.329074][ T7508]  __x64_sys_read+0x40/0x50
[  255.329153][ T7508]  x64_sys_call+0x2886/0x3020
[  255.329189][ T7508]  do_syscall_64+0x12c/0x370
[  255.329273][ T7508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.329303][ T7508] RIP: 0033:0x7fa7d0c4d04e
[  255.329323][ T7508] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  255.329396][ T7508] RSP: 002b:00007fa7cf6defe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  255.329416][ T7508] RAX: ffffffffffffffda RBX: 00007fa7cf6df6c0 RCX: 00007fa7d0c4d04e
[  255.329431][ T7508] RDX: 000000000000000f RSI: 00007fa7cf6df0a0 RDI: 0000000000000005
[  255.329444][ T7508] RBP: 00007fa7cf6df090 R08: 0000000000000000 R09: 0000000000000000
[  255.329462][ T7508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.329479][ T7508] R13: 00007fa7d0f06038 R14: 00007fa7d0f05fa0 R15: 00007ffe9bc42158
[  255.329550][ T7508]  </TASK>
[  255.331761][   T28] audit: type=1400 audit(2000000022.520:3288): avc:  denied  { map_create } for  pid=7501 comm="syz.5.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  255.552941][   T28] audit: type=1400 audit(2000000022.520:3289): avc:  denied  { create } for  pid=7501 comm="syz.5.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  255.574248][   T28] audit: type=1400 audit(2000000022.540:3290): avc:  denied  { map_read map_write } for  pid=7501 comm="syz.5.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  255.595758][   T28] audit: type=1400 audit(2000000022.640:3291): avc:  denied  { prog_run } for  pid=7505 comm="syz.0.999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  255.617999][   T28] audit: type=1400 audit(2000000022.750:3292): avc:  denied  { name_bind } for  pid=7509 comm="syz.0.1000" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  255.705825][ T7515] loop3: detected capacity change from 0 to 512
[  255.723989][   T28] audit: type=1400 audit(2000000023.150:3293): avc:  denied  { connect } for  pid=7514 comm="syz.5.1003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  255.746960][ T7515] EXT4-fs: Ignoring removed bh option
[  255.765725][ T7515] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  255.783348][   T28] audit: type=1400 audit(2000000023.150:3294): avc:  denied  { name_connect } for  pid=7514 comm="syz.5.1003" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  255.933906][ T7515] EXT4-fs (loop3): 1 truncate cleaned up
[  255.940151][ T7515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  255.958137][ T7515] EXT4-fs (loop3): shut down requested (2)
[  255.966896][ T7515] bridge_slave_1: left allmulticast mode
[  255.972801][ T7515] bridge_slave_1: left promiscuous mode
[  255.979111][ T7515] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.015232][ T7515] bridge_slave_0: left allmulticast mode
[  256.047116][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1004'.
[  256.077243][ T7515] bridge_slave_0: left promiscuous mode
[  256.084028][ T7515] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.566687][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.938566][ T7555] hsr0: entered allmulticast mode
[  259.914120][ T7555] hsr_slave_0: entered allmulticast mode
[  259.921393][ T7557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1013'.
[  259.931648][ T7555] hsr_slave_1: entered allmulticast mode
[  259.938276][ T7557] hsr_slave_0: left promiscuous mode
[  259.944931][ T7557] hsr_slave_1: left promiscuous mode
[  259.960684][ T7557] hsr0 (unregistering): left allmulticast mode
[  260.223719][   T28] kauditd_printk_skb: 20 callbacks suppressed
[  260.223736][   T28] audit: type=1400 audit(2000000027.650:3315): avc:  denied  { allowed } for  pid=7554 comm="syz.1.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  260.959105][   T28] audit: type=1400 audit(2000000027.900:3316): avc:  denied  { read write } for  pid=7536 comm="syz.5.1008" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  261.258271][   T28] audit: type=1400 audit(2000000027.900:3317): avc:  denied  { open } for  pid=7536 comm="syz.5.1008" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  261.283972][   T28] audit: type=1400 audit(2000000028.400:3318): avc:  denied  { read } for  pid=7554 comm="syz.1.1013" dev="nsfs" ino=4026532414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  261.945322][ T1557] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0
[  262.022312][ T1557] hid-generic 0000:0000:0000.0036: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  262.982921][   T28] audit: type=1400 audit(2000000028.400:3319): avc:  denied  { open } for  pid=7554 comm="syz.1.1013" path="net:[4026532414]" dev="nsfs" ino=4026532414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  263.289549][ T7561] fido_id[7561]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  263.554715][   T28] audit: type=1326 audit(2000000030.980:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7563 comm="syz.3.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  263.649933][ T7565] lo speed is unknown, defaulting to 1000
[  264.031092][   T28] audit: type=1326 audit(2000000030.980:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7563 comm="syz.3.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  264.057293][ T7565] lo speed is unknown, defaulting to 1000
[  264.066030][ T7567] lo speed is unknown, defaulting to 1000
[  264.076925][ T7572] audit: audit_backlog=65 > audit_backlog_limit=64
[  264.112594][ T7572] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[  264.134457][   T28] audit: type=1326 audit(2000000030.980:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7563 comm="syz.3.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d0c8c819 code=0x7ffc0000
[  264.191651][ T7579] netlink: 'syz.0.1019': attribute type 32 has an invalid length.
[  264.200598][ T7579] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'.
[  264.210784][ T7579] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0)
[  264.227850][ T7567] lo speed is unknown, defaulting to 1000
[  264.526539][ T7584] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  264.583935][ T3487] hid-generic 0000:0000:0000.0037: unknown main item tag 0x0
[  264.603053][ T3487] hid-generic 0000:0000:0000.0037: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  264.866978][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1022'.
[  265.299782][   T28] kauditd_printk_skb: 156 callbacks suppressed
[  265.299813][   T28] audit: type=1400 audit(2000000032.730:3469): avc:  denied  { write } for  pid=7585 comm="syz.5.1023" name="hidraw0" dev="devtmpfs" ino=907 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  265.868836][   T28] audit: type=1400 audit(2000000032.780:3470): avc:  denied  { create } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  266.105369][   T28] audit: type=1400 audit(2000000032.790:3471): avc:  denied  { create } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  266.188057][ T7607] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1026'.
[  266.214538][   T28] audit: type=1400 audit(2000000032.790:3472): avc:  denied  { create } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  266.265253][ T7607] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1026'.
[  266.321679][ T7592] lo speed is unknown, defaulting to 1000
[  266.476878][ T7592] lo speed is unknown, defaulting to 1000
[  266.692583][ T7614] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1028'.
[  266.907096][   T28] audit: type=1400 audit(2000000032.790:3473): avc:  denied  { create } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  266.929435][   T28] audit: type=1400 audit(2000000032.790:3474): avc:  denied  { write } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  266.965906][   T28] audit: type=1400 audit(2000000032.800:3475): avc:  denied  { create } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  267.003724][   T28] audit: type=1400 audit(2000000032.800:3476): avc:  denied  { write } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  267.476120][ T3487] hid-generic 0000:0000:0000.0038: unknown main item tag 0x0
[  267.528709][ T3487] hid-generic 0000:0000:0000.0038: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  267.621374][ T7626] fido_id[7626]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  267.694269][   T28] audit: type=1400 audit(2000000032.800:3477): avc:  denied  { read } for  pid=7591 comm="syz.0.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  267.716136][   T28] audit: type=1400 audit(2000000032.800:3478): avc:  denied  { read } for  pid=7591 comm="syz.0.1024" dev="nsfs" ino=4026532817 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  267.799785][ T7632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1033'.
[  268.046137][ T7641] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  268.666108][ T7655] 9p: Bad value for 'wfdno'
[  268.696261][ T7646] lo speed is unknown, defaulting to 1000
[  268.721603][ T7646] lo speed is unknown, defaulting to 1000
[  268.753391][ T7653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1039'.
[  268.893580][ T7660] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=7660 comm=syz.1.1039
[  269.184668][ T7664] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1041'.
[  271.202527][   T28] kauditd_printk_skb: 63 callbacks suppressed
[  271.202548][   T28] audit: type=1400 audit(2000000038.650:3542): avc:  denied  { create } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  271.238172][   T28] audit: type=1400 audit(2000000038.690:3543): avc:  denied  { write } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  272.105525][   T28] audit: type=1400 audit(2000000038.690:3544): avc:  denied  { nlmsg_write } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  272.127211][   T28] audit: type=1400 audit(2000000038.690:3545): avc:  denied  { create } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.223506][   T28] audit: type=1400 audit(2000000038.690:3546): avc:  denied  { ioctl } for  pid=7676 comm="syz.5.1044" path="socket:[17799]" dev="sockfs" ino=17799 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.266618][ T7688] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1047'.
[  272.314159][   T28] audit: type=1400 audit(2000000038.690:3547): avc:  denied  { connect } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.358555][   T28] audit: type=1400 audit(2000000038.690:3548): avc:  denied  { write } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.925989][ T1557] page_pool_release_retry() stalled pool shutdown: id 32, 1 inflight 60 sec
[  273.053091][   T28] audit: type=1400 audit(2000000038.690:3549): avc:  denied  { setopt } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  273.088371][   T28] audit: type=1400 audit(2000000038.690:3550): avc:  denied  { create } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  273.158887][   T28] audit: type=1400 audit(2000000038.690:3551): avc:  denied  { allowed } for  pid=7676 comm="syz.5.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  273.305073][ T3421] hid-generic 0000:0000:0000.0039: unknown main item tag 0x0
[  273.342501][ T3421] hid-generic 0000:0000:0000.0039: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  273.460522][ T7710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1050'.
[  274.461366][ T7719] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1051'.
[  275.095435][ T7719] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1051'.
[  275.164358][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1053'.
[  275.446922][ T7725] vxlan0: entered promiscuous mode
[  275.473972][ T3710] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  275.502629][ T3710] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  275.550206][ T3710] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  275.568721][ T3710] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  275.688232][ T7734] xt_NFQUEUE: number of total queues is 0
[  276.516745][   T28] kauditd_printk_skb: 42 callbacks suppressed
[  276.516767][   T28] audit: type=1400 audit(2000000043.870:3594): avc:  denied  { execmem } for  pid=7742 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  276.613519][   T28] audit: type=1400 audit(2000000043.970:3595): avc:  denied  { read write } for  pid=5317 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  276.724028][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1059'.
[  277.195719][ T7755] syz.1.1062 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  277.471917][ T7755] netlink: 16406 bytes leftover after parsing attributes in process `syz.1.1062'.
[  277.538075][ T7755] netlink: 16406 bytes leftover after parsing attributes in process `syz.1.1062'.
[  277.589282][   T28] audit: type=1400 audit(2000000043.970:3596): avc:  denied  { open } for  pid=5317 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  277.613965][   T28] audit: type=1400 audit(2000000043.970:3597): avc:  denied  { ioctl } for  pid=5317 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  277.881413][ T7758] loop3: detected capacity change from 0 to 128
[  278.601931][   T28] audit: type=1400 audit(2000000044.010:3598): avc:  denied  { create } for  pid=7738 comm="syz.2.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  278.863885][ T7766] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1065'.
[  278.893560][   T28] audit: type=1400 audit(2000000044.010:3599): avc:  denied  { create } for  pid=7738 comm="syz.2.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  278.953517][ T7766] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1065'.
[  278.963036][   T28] audit: type=1400 audit(2000000044.010:3600): avc:  denied  { mounton } for  pid=7738 comm="syz.2.1057" path="/215/file0" dev="tmpfs" ino=1164 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  279.019493][   T28] audit: type=1400 audit(2000000044.140:3601): avc:  denied  { prog_load } for  pid=7742 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  279.039912][   T28] audit: type=1400 audit(2000000044.140:3602): avc:  denied  { bpf } for  pid=7742 comm="syz.0.1059" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  279.098506][   T28] audit: type=1400 audit(2000000044.150:3603): avc:  denied  { perfmon } for  pid=7742 comm="syz.0.1059" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  279.424879][ T7772] lo speed is unknown, defaulting to 1000
[  279.431547][ T7772] lo speed is unknown, defaulting to 1000
[  280.163300][ T7790] syzkaller0: entered promiscuous mode
[  280.174650][ T7790] syzkaller0: entered allmulticast mode
[  280.357567][ T7792] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1074'.
[  280.718327][ T7797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1075'.
[  281.127105][ T3503] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[  281.222395][ T3503] hid-generic 0000:0000:0000.003A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  281.472819][ T7800] fido_id[7800]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  281.561920][   T28] kauditd_printk_skb: 64 callbacks suppressed
[  281.561937][   T28] audit: type=1400 audit(2000000049.010:3668): avc:  denied  { create } for  pid=7801 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  281.693601][   T28] audit: type=1400 audit(2000000049.050:3669): avc:  denied  { create } for  pid=7801 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  281.781719][   T28] audit: type=1400 audit(2000000049.050:3670): avc:  denied  { ioctl } for  pid=7801 comm="syz.3.1076" path="socket:[17976]" dev="sockfs" ino=17976 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  281.868121][   T28] audit: type=1400 audit(2000000049.050:3671): avc:  denied  { module_request } for  pid=7801 comm="syz.3.1076" kmod="netdev-bridge0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  281.933636][ T7807] loop3: detected capacity change from 0 to 1024
[  281.983526][   T28] audit: type=1400 audit(2000000049.060:3672): avc:  denied  { sys_module } for  pid=7801 comm="syz.3.1076" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  282.033520][ T7807] EXT4-fs (loop3): filesystem too large to mount safely on this system
[  282.117544][   T28] audit: type=1400 audit(2000000049.080:3673): avc:  denied  { bind } for  pid=7801 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  282.223606][   T28] audit: type=1400 audit(2000000049.080:3674): avc:  denied  { create } for  pid=7801 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  282.325491][   T28] audit: type=1400 audit(2000000049.080:3675): avc:  denied  { getopt } for  pid=7801 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  282.425909][   T28] audit: type=1400 audit(2000000049.200:3676): avc:  denied  { read } for  pid=7805 comm="syz.3.1077" dev="nsfs" ino=4026532393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  282.514118][   T28] audit: type=1400 audit(2000000049.200:3677): avc:  denied  { open } for  pid=7805 comm="syz.3.1077" path="net:[4026532393]" dev="nsfs" ino=4026532393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  282.566091][ T7807] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1077'.
[  282.584693][ T7807] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1077'.
[  282.637472][ T7809] lo speed is unknown, defaulting to 1000
[  282.663979][ T7809] lo speed is unknown, defaulting to 1000
[  282.843687][ T7812] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1079'.
[  282.905463][ T7820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1082'.
[  283.155984][ T7822] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1083'.
[  283.342041][ T7822] syz_tun (unregistering): left promiscuous mode
[  283.500052][ T7344] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0
[  283.715052][ T7344] hid-generic 0000:0000:0000.003B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  283.875260][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1088'.
[  285.010287][ T7861] xt_hashlimit: max too large, truncated to 1048576
[  285.035852][ T7861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1096'.
[  285.061755][ T7861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1096'.
[  285.134056][ T7868] loop5: detected capacity change from 0 to 512
[  285.170790][ T7868] FAT-fs (loop5): Directory bread(block 199916) failed
[  285.194738][ T7868] FAT-fs (loop5): Directory bread(block 199917) failed
[  285.213652][ T7868] FAT-fs (loop5): Directory bread(block 199918) failed
[  285.231821][ T7868] FAT-fs (loop5): Directory bread(block 199919) failed
[  285.253311][ T7868] FAT-fs (loop5): Directory bread(block 199920) failed
[  285.275484][ T7868] FAT-fs (loop5): Directory bread(block 199921) failed
[  285.298468][ T7868] FAT-fs (loop5): Directory bread(block 199922) failed
[  285.318826][ T7868] FAT-fs (loop5): Directory bread(block 199923) failed
[  285.496812][ T7879] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  285.512569][ T7868] FAT-fs (loop5): FAT read failed (blocknr 128)
[  285.519295][ T7879] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.713009][ T7879] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  285.866967][ T7344] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0
[  285.998233][ T7879] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.063012][   T10] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0
[  286.084342][ T7882] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1102'.
[  286.095317][ T7882] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7882 comm=syz.0.1102
[  286.111587][ T7882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.132629][   T10] hid-generic 0000:0000:0000.003D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  286.154001][ T7882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.192738][ T7879] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.203594][ T7879] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.237144][ T7895] fido_id[7895]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  286.251691][ T7344] hid-generic 0000:0000:0000.003C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  286.327488][ T7879] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.363340][ T7901] fido_id[7901]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  286.367303][ T7879] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.441203][ T3731] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  286.450025][ T3731] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  286.469813][ T3731] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  286.483991][ T3731] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  286.505321][ T3731] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  286.521667][ T3731] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  286.546904][ T3731] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  286.562433][ T3731] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.727715][   T28] kauditd_printk_skb: 382 callbacks suppressed
[  286.727736][   T28] audit: type=1326 audit(2000000054.180:4060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.759857][   T28] audit: type=1326 audit(2000000054.180:4061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.786082][   T28] audit: type=1326 audit(2000000054.180:4062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.840487][   T28] audit: type=1326 audit(2000000054.180:4063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.865223][   T28] audit: type=1326 audit(2000000054.190:4064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.889370][   T28] audit: type=1326 audit(2000000054.270:4065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef0490c819 code=0x7ffc0000
[  286.913597][   T28] audit: type=1326 audit(2000000054.270:4066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fef0490c582 code=0x7ffc0000
[  286.928241][ T7920] audit: audit_backlog=65 > audit_backlog_limit=64
[  286.937744][   T28] audit: type=1326 audit(2000000054.270:4067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fef0490c617 code=0x7ffc0000
[  286.937787][   T28] audit: type=1326 audit(2000000054.270:4068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7908 comm="syz.5.1109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fef048c9511 code=0x7ffc0000
[  286.984949][ T7909] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  287.064469][ T7922] loop3: detected capacity change from 0 to 4096
[  287.090883][ T7922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.481089][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.509513][ T3004] ==================================================================
[  287.518636][ T3004] BUG: KCSAN: data-race in dont_mount / path_lookupat
[  287.525811][ T3004] 
[  287.528182][ T3004] read-write to 0xffff88811a598300 of 4 bytes by task 7559 on cpu 1:
[  287.536730][ T3004]  dont_mount+0x2a/0x40
[  287.541206][ T3004]  vfs_unlink+0x206/0x490
[  287.545971][ T3004]  filename_unlinkat+0x1e2/0x410
[  287.551315][ T3004]  __se_sys_unlink+0x2b/0xe0
[  287.556243][ T3004]  __x64_sys_unlink+0x1f/0x30
[  287.561093][ T3004]  x64_sys_call+0x2eb6/0x3020
[  287.565837][ T3004]  do_syscall_64+0x12c/0x370
[  287.570770][ T3004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.576815][ T3004] 
[  287.579265][ T3004] read to 0xffff88811a598300 of 4 bytes by task 3004 on cpu 0:
[  287.587201][ T3004]  path_lookupat+0x1d8/0x500
[  287.591863][ T3004]  filename_lookup+0x190/0x390
[  287.597207][ T3004]  do_readlinkat+0x74/0x2f0
[  287.602225][ T3004]  __x64_sys_readlink+0x47/0x60
[  287.607141][ T3004]  x64_sys_call+0x2b51/0x3020
[  287.611914][ T3004]  do_syscall_64+0x12c/0x370
[  287.616795][ T3004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.623139][ T3004] 
[  287.625524][ T3004] value changed: 0x00300080 -> 0x00004080
[  287.631692][ T3004] 
[  287.634191][ T3004] Reported by Kernel Concurrency Sanitizer on:
[  287.640980][ T3004] CPU: 0 UID: 0 PID: 3004 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
[  287.650298][ T3004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  287.660826][ T3004] ==================================================================
[  287.930088][ T3503] hid-generic 0000:0000:0000.003E: unknown main item tag 0x0
[  287.943867][ T3503] hid-generic 0000:0000:0000.003E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0