0x0, 0x0, 0x1, 0x9, r1, &(0x7f0000000780)="307b97eaaf81", 0x6, 0x1, 0x0, 0x2}, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x6, 0x0, r1, &(0x7f0000000800)="0d78502024d8d75655c57284f0538c876025cbcbce5e1e553f320bfba949135c2b69be74b8af27fd6e47daed32e0d0572258927c51a44789304ca07ea2bdbe596ea6eb0cca7d89fac2740ccfb5015b5538c1d4a2f97e9f2393cca120976536f9efb6ef4ef8b2d4ab65ae22b3a9dcaf780fe0f76caf56f8e23f88fa1e714c7fa07c97a9ea0413005f1a0c1950a505ad13b1ec92f00deb56d5ea6312b0", 0x9c, 0x8, 0x0, 0x3, r3}, &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x8, 0x8000, r4, &(0x7f0000001b40)="505ab664e388ac99f1d4e1c62ddbdde691a5bebe4e359ef280a10b0cda481e46a0bae489f3a8771ced883087994337ec8daeeb528735c090ab364c5f9db00e2bb1ae826c18e5fd0aca2ebe39b02af7997865695d945677c1ad8d04556e95310df0e8e76482ef722614b74ae1903aeebdffedac71c237b3293e1b01caa03893e4f41da6c81facaa81320955ab2b14a58c65497e7792bf72a8b4e413186bac7a15b591accbf03d8ede4c263795e8464558ba116e65ccc83d635e1c70f7c74371d6cc16218260d4d1cb08082759", 0xcc, 0x5683895b, 0x0, 0x2}])
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x7fffdf001000, 0x0, 0x11, r2, 0x0)
r5 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x7fffdf001000, 0x0, 0x11, r5, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xa924, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r6, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r6, 0x4, 0x44000)
sendfile(r6, r7, 0x0, 0xfdef)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000002})

02:31:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000001c0)={'veth1_macvtap\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x81, 0x9c, 0x63, 0xd9, 0x40, 0xcf, 0x80, 0x1, 0x40, [0x33306e43, 0x6, 0x0, 0x5, 0x8, 0xfffffffb, 0x7e67, 0x3], [0x101, 0x6]}})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="0100ebff00ffffffffff1b000000060021006280"], 0x1c}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x30, r5, 0x800, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x8, 0x23}}}}, [@NL80211_ATTR_IFTYPE={0xfffffffffffffefb, 0x5, 0xc}]}, 0x30}}, 0x0)

[  157.352213] validate_nla: 15 callbacks suppressed
[  157.352236] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  157.357217] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.6'.
[  157.380264] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  157.387528] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  157.390670] loop0: detected capacity change from 0 to 256
[  157.409935] syz_tun: refused to change device tx_queue_len
[  157.415525] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  157.425551] loop0: detected capacity change from 0 to 256
[  157.426566] loop3: detected capacity change from 0 to 640
[  157.438789] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  157.466324] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  157.476870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.489908] ext4 filesystem being mounted at /syzkaller-testdir628597727/syzkaller.1M6HqI/3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.518313] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  157.526838] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  157.536255] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  157.690437] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.698966] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
02:31:44 executing program 7:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
connect$inet6(r1, &(0x7f0000000440)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000700)}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000480)='i', 0x1}], 0x1}}], 0x2, 0x0)
clock_gettime(0x0, &(0x7f0000003000)={<r2=>0x0, <r3=>0x0})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004680)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000080)=""/195, 0xc3}, {&(0x7f0000000180)=""/178, 0xb2}], 0x2, &(0x7f00000004c0)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}}, {{&(0x7f0000000280), 0x6e, &(0x7f0000000300)=[{&(0x7f0000000600)=""/206, 0xce}, {&(0x7f00000003c0)=""/87, 0x57}], 0x2, &(0x7f0000000780)=[@rights={{0x10}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x110}}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000d80)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/147, 0x93}, {&(0x7f0000000980)=""/164, 0xa4}, {&(0x7f0000000700)=""/41, 0x29}, {&(0x7f0000000a40)=""/170, 0xaa}, {&(0x7f0000000b00)=""/122, 0x7a}, {&(0x7f0000000b80)=""/73, 0x49}, {&(0x7f0000000c00)=""/60, 0x3c}, {&(0x7f0000000c40)=""/159, 0x9f}], 0x9, &(0x7f0000001e40)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000001f40)=""/4096, 0x1000}, {&(0x7f0000002f40)=""/70, 0x46}, {&(0x7f00000030c0)=""/148, 0x94}, {&(0x7f0000003180)=""/223, 0xdf}, {&(0x7f0000003280)=""/149, 0x95}, {&(0x7f0000000d00)=""/54, 0x36}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/139, 0x8b}, {&(0x7f0000004400)=""/179, 0xb3}, {&(0x7f00000044c0)=""/195, 0xc3}], 0xa, &(0x7f0000002fc0)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}], 0x4, 0x40030122, &(0x7f0000004780)={r2, r3+10000000})
bind$bt_hci(r4, &(0x7f00000047c0)={0x1f, 0x4, 0x2}, 0x6)
close_range(r0, 0xffffffffffffffff, 0x0)

02:31:44 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000040)=""/176)
unshare(0x20000000)
unshare(0x42040600)
unshare(0x4000200)

02:31:44 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xf371}}, './file0\x00'})
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f0000000040)=0x2, 0x4)
sendmmsg$inet(r0, &(0x7f0000000e80), 0x0, 0x0)

02:31:44 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r7 = fcntl$dupfd(r1, 0x406, 0xffffffffffffffff)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000e40)={&(0x7f0000000140)=@proc={0x10, 0x0, 0x25dfdbff, 0x2}, 0xc, &(0x7f0000000300)=[{&(0x7f0000000700)={0x574, 0x30, 0x300, 0x70bd25, 0x25dfdbfd, "", [@generic="7352ca18ab28fdaff15480f8c2c17ecdb7105641c406ea77b1ce4f17e44a9d1120dea32deb68bd434b52f75d929ac689653d81602c32d5d0a2c99aef7c4950d436639340bb96c795c61b707fa6e16d58c89833e9b5816f0536511df4b437263ae09065ba992db9e0fc09e3d7851a45d72006ce0b050e21edc6141d76040bb362d4404271c745dde7ea03d623789b", @generic="d317d8047f191efe8cd0c4eafc269e55d34716252f336a0116dfec53e78cb9d01028ffd8b98175651f10b247bed852f218dba10bd7acd502d82533c0ab736f1c96927aca88b70a673c66d93f6603b7de7454d3db", @nested={0x27f, 0x24, 0x0, 0x1, [@generic="d4bb0e8305ccd9b3c0420e8cb2a167dbd3aa2a01f8c0b1df7008d6c6396f7c074d69c65f45baebb11b3578bbdb2dfed2513ec09ef838c4ac33ee899a5259aa81df704bf6e6c86faa4d471e257c3ec8976dc7cac523509604fccbf4a00121bd7d96c4ae69a8e1d9d2729a77ea4da37895a187d42a4636b81da2ec4566d381bae01239391d301b19dca11aff88259ca64c0333ef4be71b2dffeb08581a2c47f1aac826d5dc7bbc63cdcfef6655dfab5bde6a0f13c917db89146a3968718640f9623310c124604ba65ad613", @generic="db4111cde54d28f22e50d69811c79ba45a215f", @typed={0x8, 0x1f, 0x0, 0x0, @fd}, @typed={0xc, 0xd, 0x0, 0x0, @u64=0x8}, @generic="60f2f03555fa9b6daccfef6bee94f3ba935c709dcb32b02ac6fe1264c8326c88bf80f6e4511f139cc43e5bb6430f6f0a75055336c6f013ebbfbbbdc4b947029b30", @generic="43f2148cae14eb18fea34fc976d71c7ee6ccbb2946600ea11ff11b1635a85e59965d1b06f3acdf77d57f3351041af6640500dcb485d6242b99bdbf7ccfee1be2a7e551029df19b58895036171ea1a5bd0156bb56d79374fcf765f164eaf4b17b48fb805ebb866106cdd3ccebabd8f872b661ee50005565d59eb311bbe02e1be399ca7544c845f022466f18e6c89a7316089fb6379d404656170a2fb697e79a8f528e9caf5e62d2d547e4929a6aabfe6f5bfdf2c7b24af40cc1726c85fe04ff0fb5572794082a78e7ee7c", @generic="f93efa7075fceafa5076dad1388180a9e9a7e2cfee8c6b520e0d02dfbe0da4a3ff74faf33f2464b4213cdf2bd6144e451209f0c9849b073a57893c359f81c461bef9b5eb31b829a92418f6cc6077900ce89e615bcdb6bf", @typed={0x15, 0x6a, 0x0, 0x0, @str='net/fib_triestat\x00'}, @typed={0x8, 0x43, 0x0, 0x0, @u32=0x345c00}, @typed={0x8, 0xd, 0x0, 0x0, @ipv4=@broadcast}]}, @nested={0x4e, 0x19, 0x0, 0x1, [@typed={0x8, 0x36, 0x0, 0x0, @fd=r2}, @typed={0x8, 0x4, 0x0, 0x0, @uid}, @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x800}, @generic="55d8201e3e7c1df02a77fec35affe4c1c07b7f7c9f87a6a0744d1f2ef9747f188c8b8cfced45", @typed={0x8, 0x75, 0x0, 0x0, @u32=0x4}]}, @typed={0x14, 0x7f, 0x0, 0x0, @ipv6=@mcast2}, @generic="5ad977d4efcf4cf3f25bd7188f2fca6f8b7326d1c7b0070788f6a9ccd1f3b1efbd4e24943ce22c0bad3d4440a44ee5f768e46028cb4522e514997a62ddd732afc19027a0aebda730118b4b4631b4e08156aa4602ea5a16b4ed03cd2ec0c6b60bc6d02426cf9e0969240b1f5b578bb7cb0c2efec8749791a4e460b203cef2422a5ecb20c78f155133ee77dc3f43eeb744d87b2bdf60ca57f142ebbd1066fadd6d48ce70580da56a68519951fa9e279b5db31934567587f8c34716d071d37cc66a55cd92aa21ed4d0a5958e176ffecdca0cf725c08f251965cd7afb397431fedb586b830", @generic="61310c0b9f4a6935dbac9c81f428b153cb4574cd9bd2f82319c4e8a04a7b8407dd85a9f555197977df5c5b6623187474a6a2b37914a82a22ad689bc1c72d0a23735bf8deaa46f7a2ec1ca6c5bea802c80d6f", @generic="43e0ae2a86d3a76e74441ccb2a89ec2fbb8f241869bbcb2f601f92d4eaa2dba6f3081920066031410b7427dc6ff02c918faa4906dea10e57634da6acd5c60e5d6711a7fa8aeaa2b3c9b3b2fbdcd4e855739c16efb49046644e84cb52424dac89d946cee975709e0a5f"]}, 0x574}, {&(0x7f0000005e00)={0x1834, 0x36, 0x400, 0x70bd2a, 0x25dfdbff, "", [@typed={0x14, 0x8e, 0x0, 0x0, @ipv6=@mcast1}, @generic="115dd03897777b12bfb5cce91472a563d05de316d13873adfaf908fb28bb1f136fefe8e4f2bdc22ffb54cc6eb0a4d1653e7797edc2925b8dad26e524ba6eada815065a54940d8452c21b62589c8c353a1e28642a25a9b9a8db975d42f1ca54c4caf9", @typed={0x8, 0x54, 0x0, 0x0, @ipv4=@remote}, @nested={0x369, 0x40, 0x0, 0x1, [@generic="87cc272cb614ade71c5f724b9819d3b769ae56aa18731f487a7591c721beeb669bff19f5497f74872b1277324e7030b5bf086237daf2ff5ccd732fa659d06052bf0d0729e42d0dc8f594107a54293e5fd9c4b7abd339777b32845d4514b1658c8b509d50e1eade459ff7c971dc9a5e0357d4afee11cc68861e596be1233a15ff3f3ab5e3fb096afb314c1e68fb25a44d2aaba8675231049ffb97629842a1d50600d88b4fe5a7be1428ef4d63530ec451fa3e1478307a6acd562dc02e1b3ca0bf34c04af6cb036612f4a0dbc7b102351fa86cd13e1f7b92cdc4a9629f2e74b0686d", @typed={0x14, 0x1a, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @generic="86ff377fcdafab1e81e17ca3a38c8dcafabd6a14d88ef1fd4f1a7b9056e39a66e52bbc8151173bf8b54041ea3ff5547303bb6b67caa32a05abebde88de3dba739687701973ff827bd69f2d22807fe80a7042d81a41d1b578f497db51afacfdfa4410797c2cc8923382d12c612e59724aa9808c969ea66549ac7472f28a53df6fe4e2d0fabcaa1e67a01eff", @typed={0x15, 0x21, 0x0, 0x0, @str='net/fib_triestat\x00'}, @typed={0x8, 0xf, 0x0, 0x0, @pid}, @generic="1418057345794ac4603253c8fc6740b1abfd1b21211a008dfe67132a2ba51113b669f861fbd50e69a6015ed38cd46d88fc675dbb33507c4cca643c24745fe4419a7ddf57583e091d21d63e6d4500bca328567439b4eedcf0cf5282982df6c6479bc430576575f6649c6db1dc6f2aca88b14838a865801b32e3860ad36d3dacb93c36f31a66daa9b54261a16ee81c819c37463d587f3560925419960f95a1aeb43d017a4fa27f7ef7284a326bede7106106b5319cf9ecc728ee15ea4030f5246715ac50ee28ec9c744308c449f3ea4c94f471639fc90b0b25d177c0dfc3e3224013e8d11bbcc3f9187892964777d0c09cae82d14ec26bafa6fc2b37c5cd", @typed={0x8, 0x1d, 0x0, 0x0, @u32=0xffffffff}, @generic="b7c96f52fb9fce21f0a87167c628cee95b605805d7d23c24ce5372e0725ef69bd9f65cbbc956e7cc5204b869a80f7a3db52d13194188c267e2968de4e53a4e8bed26a670a57646b47c23d2894237066ec066cb55065983d848807d105cc5e1e0efda65f5157b35875a02fe5fbd5d0bd2fd4282ff4cd2d32f031eccf47207b54fe82cbac2a275edf14267772b469152d20730e7ba2358051b009a119ac56d4905fbb1a426f11b9b980cd120fd43f2da275b4ac8863cc19b7d53f956fa2a0f9fb9"]}, @nested={0x24a, 0x67, 0x0, 0x1, [@generic="52f01fdc5c04400a9bf21fc7cfb178ba", @typed={0xa, 0x86, 0x0, 0x0, @str='//&}(\x00'}, @generic="2983cce1777269a4eead20e271ee33426562743c7f27d11d36b95ea23713be5b7b0616c7d700ee185b384b7ea74c3f11ab471201fa75c4e081b81fecc26a26fd33", @generic="f1d33307e7fa658ef0151d37f70549e60083e4ea088dd9f2695b21cd91e35c10a167a713d209aa0a878625fc817ede6deb093fe6ab7bc62121c411c220d58aab7b9ae3221435f56248538645042d23b4845e6d0b7cd4ba0386fc758fbbb60ed1076a6efb789e19f7ad8aa8a95a568d2ae10f9552133b3f3ccc1c68071ec5ddc3e63ecd73d7892c2b4177dff220c00e0c0602435fbb1ca0b640511106dd16347f9e480ff4142d04cc3802419afef7a8b57eea7c20a387d17d4d79e617e13700a434a786a9830eb04d5ebdfdec248c651f22f709d658646859a3c9cd9d2b2e40dea5b49137e78009575289a0315a522fb4", @generic="3061f0625ca543d134a485916f1a9af08f5a7a735ff52bf52df8fe8460ed5b9a8918768de056b4139382eef2891f1d8d131a382b035c2e20e92f9a0aa2be3d91680ab0d657809471ddb168e6921a3dcfb7d8b93d3893fbd5e857c8c8663131840524255dc642d4fc19d6882085e4bb4a8702db1781c1fc902c3c03bc1526e401034c96bbabf0ea89fbbdfbf7949e9b10fbc25ab24a18ec65031fe884147ad7f06daf3f55f65660698126851e00ad205b968f27ba6828425737da9b0bb340f3b18355cb122e1ad4bd039c09a11ccb44296018105c5395511151d49edfb49682317421b337e72b13043019089dd9475c3c60", @typed={0x8, 0x59, 0x0, 0x0, @u32=0x8c3}]}, @nested={0x11ea, 0x54, 0x0, 0x1, [@generic="e09a5ec49473b6bad94bac98f6f5a4dcb1555bc9e893b22ea6e6b6749f349ce3e5976cb857fe8f5c25a35be98f95645bc6ab7ca4f35e0e4595448754ec1b9b22f2293844ddbb8dc03d48ca00a82ddc4239f810bb2db9ba3a64386c0089b34ddb600bf31e1f6f2009c9a65315dbcd80dde2c9210f99135e7dcdf8d40cf6a0433115e60b799b68e29ddd81bb77897cd30e2aae85d9aa9300af5df904a2a5a29e4adca66dae4a39a25e1b2bd76b4a2a41659dd212ede86c121dae", @typed={0x8, 0x5f, 0x0, 0x0, @uid}, @generic="4dde785f0a0624f02715a3db8bbcf77d76c4d79ccb11bffec5d04cc9422270fd583c7031468be6cffdada0d94d9c50808d6851d59ff77c96c538a75d4083cfba49435362d99e7ae82e07b5aa387d3f1bdcf8d865b182c29af935a443ed5c8bdbf2e6e7eefbf805cfd4a8f17d36c6a578b649c1def426cebdd64dd627b0cca344740822073866f00e408da615d5ee51e38e6a0902eef48ee210a88f3e96dcc18c41df2aaffdcbf9bb1a3bd29b0f350384e24d21d7a2f39773602e83206d945975b4c10fcfe413064da111c53134631e29ff6be57246f67cf6ced01e5ea9a32eb382cbec3df5c90e15aafe93f71eb13bc1de1ab3aa42be3b1351bdd21e3c5d", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}, @generic="35d9c98c2da90f28c3c436224b1e37deec1af302ec5b0a7911407bc6783b0f865645ee4a27ef711a79e403adb561dde1fea2e7f1cc1b7579cf2a8fb5a482f1316e67660ab78285074e11e698534db227b2e247991413487a69d39fbdaffb1321ebd8d6d34dfdf1c3786d293082907c1302a17853eb62308d07af735c65993a18e4d45d942fd8a2f2bc4dfc8c62f1172a4def995aace5e1a005b4e2f2c55021a63bf15a7a70ed1a288168e0968af0a07d701400da38752eeeeec068379502a3910348c7f4ce33065b4b2a69a064a7dd4d46457d3a149c65efd9e705fcb9098103a8ce0716d9a729087c60f0f2be3262214bc9914d37d77b345baf9ff8d4e21421b18fc45adb23ac9b763a97e8734bebf28e127f363a77e3b187def00e8d954979438aec06f0d5c71d96bf2fa5e8e7ffd03f19c305a55123f446db7b41490eae0650fcfb17087d7d3c6c322198b3f2606a90796e8afbdf9829e3d9cedd15c9118ac47ef40698d9e49544abf60fba083784523263bca34bab919dc60a7ab110f8cde8a299f5e9b09ad8ea48324217aedd8e7abe72d77c5edf589cf4ca3ba83feaf090fe725cf4a51b85e4f3116dcdb837089436e95f4a44950ba5b82e850f4039615b653acf980fc205159f8c0c7c090ac6983caeb8030fc1ad702118ba83f211e74f34390c1d2545f52d70c4c688fae9acb3a69a00d2f3e3fca48b96f377a17f83f8eebc29c19805fe54c844f96d89a323f096a2caa87c3471cdaa9db51273b7d064d508fc2c0847021030811ec20f6135b63854fb1c9ad35a14b5716a66c602b27a82d7fe18f60ef5128239d4d896b1131c25fe742fa3445ad94f03c7e0073696435a069c340a075bed1afc19fc4da7fea5b881e061a253f5d5bf716e4bca8e8dca407d8bac14652576a173bfdb8ef1f770cf9365105f29690379fdd7c409df4cf6e1c8295a01662e6a828d1d885b669dd2d79886703c20855883b0c168e1d923e06b0a365d3b080d78cfe8b0158c543c02d4b82631c99ccab489fcf2a5b622ef9af6d0de90a6027dfb6dad7bab9b1d5fd6e88fe6f2fec64ba90f628a17aaa1249d0e200bedec1b6564842220e3171ef097f9c8f49ef086f3bebd00d9fb111aa76bb88b71fdaed8809b364b015cefc0fd15e2101d9892f720ea152d3a2843130904be4f2ea246a34fbb05a82f9cc8e84d7b0cd00fd6942b69a5b27a0eb6edb863a3e080d997dc3fba9471377713ccfac5a8c290401317bb8e39dd2889af46c6eb8891be72b529bfe9b504655a564a9acea78e4622dcd009ab00f1e2bccd899542f36be79be38e9b959c2512b1ca257370c6646bc308f22b49083860a3e699e62b1bc6de306054d164304e936bc99f662c564428ae8209cda6d482499ac00e593cdf9bcaa1d6cca18713e7cb13a083459dae0cce4c3d70fe9e72c5a855ba968bad5e4844838b0d84aa3ebb7c2f424fb3365b866d6a5082f8c11d930931611d797a55d2c8600361f59c924bc97ce306d7b3e31a708f81be5c49a1b3f1cff46ed60f324fee2e42de872491aedcb63511efc6af9fbe2121864248db51f91fd01c4ce03b373591a8db928032e9ace8975910a8f946aa2856cb4d0c65322749eaca9c5f9ab0bfbc485b1acbbebbfcea99107c7d23dd8cdb0d8884d49e266fcc2159fd15517e8d5f19ebc51c2e3ac5bb537e9cb168f2e0173f27e875e5a0ecf3b900bcb7cacc00a0cd0f4e186404525df08e988be39da640d3b34aa724a1bddf35582d306cd3d0d4c2e82e434747422428b205ca0c7201da010036a50010be901d80cf3b7e7636294ea39f6821ffe231b021335e85f6ceb4c0ac92dd2eee7ce5101c7293a166bdcba65890709006431fbdb55a7b4f0ef9f92a9f2caa268e3d6f3305f672aab3f90035833c57b64e2e9d6b11cdadf8c235e02d09293134f338f360d6368dd4d0aaac0e3deba7ccfd71dc37ef0de4d9042cd4822fcf513e33c3a8f9b2007c6184b8a8d62e4be943b0348439abc8b242abcd584f407c04e1ecf5242eac1a803b730b2f22b0d83fd946550c9509a77822218e63f344556bcfa8487ca80ce14091e8cb77f37fe27de61c1700bfb3c6647a5a0c14b8899e87f68d8e01a3b779211da20f5c69929cffab8afc142ad026d4beb2f5aca5cc932f3429040fadbdf4f936f40ee4689c95d2ca13c288b690f0959fea3a3f1c79eda7a082a2c9cb964c4e2564272e099211c32bc15946847648c9d8c91440d473fe64f3daa0042d17f1391719b0cfc5cc263f91f2a2def279a3a47e780036713321ae1d5fa3e933f6bf2bf63d45c1eeb1b367ecb0237b42130d9114423afa2f06ff083ad62ed2fab06a63b7a1652f3577cc619c08b0a6aed166e397d11439663378ec9c358028f210bafb0230d91036d6640db2bda22b361e73ca20fa942db565f8b391d2662628e2e9e3b057b3363e86c488547b91e0d5b8b4db863b102242408c47b00e6602cb5c13611539175570d2555c43f277271220349dfeaa7d1ce4ee663b261b561d6d27e677534b120e986ae8c269fae4588e4a6f5ceb160b4e0c51127b73b7067b897247bb61a08a084e6a9251acf3df935763222feccca4fae154393565e9a18f9eb2a7b49ca89ed72802b645ac36fec9b733e2feac19f4b1cffb71274f4f82bf5ec2b4211bb5a24fda119c43ae0090540a66554422c5f1066d818ee25669953497b5a7aef7d10ee152bf778f0f7ef5ec87542cba71b09b8fcf6121f2f0da77e4aca443109790d249bca38b2e3bcbd2eb3ac0beb3bd3711061960089801ebb002026cab489acaa7a36ba00cc5b102af9e1636c6c3e7dc2c35650dd703bb18238b92d63515603ee3e6518e2ad0f8e492a0ad940f550ce2916795ecd637493817a6d42ca070100ad9a0cdbd2e40827c27ec26149f0899e1af0653edd5b76ab1768c64708b0044b78dffceeecef9988bb8c52f4fd7c1166eb54292edf288de3af4834ad0843fd1fc280e8c7e54e5c061fdcb60c5866667915543a3bb32eb6fb146ac87ab2c18f2bafd5c4d65ce3c3a12d839504e57540b56f4bec9c8b83dc551c95beb56b57aa849f3fb997f45baa4b0af1aabe07e80780b12e25451246b6ab0832304798d44d42180615bf6a1b2e493b86a5d4f49c28997c7437cde52a88ddfb505e2f9ebb4f003f900b7cdc8f4492466f3160ffec08bd5c4d6a96aa9479bdfd5a94f80997e644d0c61ad316f740b6bbed15cf8bacce774774a1ac97bc705780d84b168901186e5f3c83ef9fa89f4eb644dc447f6c06ba5388f05c671bf13e9a250cf0ff750604c18ed8c18752a32fc924c45194c113c54dad0405a367e07ff8d832142b0ecfb2ec32514e849357b566106a37f6e83e94f190dfdf3ba7a01177e6af2473cdab27aa0edae8b7d9be6530ad4f7f608182ffe090aae5fe141f3408d61ab980ab9f4955e43285b196530a5e521be0d86a1464d43d54fd2b4aaa3453f4ecd53951b2917e23ae50b97d1a169793a56e678395ec8d2505ccd1ef0026753162c117164782be7a254192100a81d33bf6c373d0d79e209678246af1e5edf59fea9bebdf69199b6179520fab9c691cc5dfe7c3a0a2e00dcdcc3cf24604e824f6b76a008515db9bd34eea5f8b692d76347446f1b4d4998ec0d284692fb74a5ee66ba7090918b1248a330128c22c2c287b98696d2df2c8c827efb641b3042558724227a2fac50203b2b5f6a2b2e63999f3a183097bdcf8c955811eb1f926e92fd363344ef7e8ec3efe6ca2b343cf62803a57f924fd6bb6180f3db8442e84d5ce06e4582f64ccfbdfdd7f87c5879cdac06bcb1825a2028a9d8f1301ae4f89f24292ff2434c579e6f5bd054a4b8750ca010a01353b9fdac7e5a85f618f70782e71500e583fe6bf45b2520b62b095802daa0a36583657cba6ce9b06a0d56e75272791f1621b2e6576ddea2e6c70053ce0efa04de283e3602a37c0a69ba8b646949b4d0d78cc10f2cae6138d2648208f306ecacbbc06391e925fd3a12404d869548dd454030230c514298a4daf03bdc20db990475b9301b664fe8f10dda592802976cd6391f14372c39ee2fb06ad8269c0127e41cdd471621c86b55f5da3130a7711d50a3a8421da3c255d3520c74137ed2e0c17e2a055a24c652f5ad3cea47259978d2b476e2b022d44f0d0b50af74e5dfa82588919432a1a98d3d322efb5f785a3027fe626e554eebcfecd97a4f5f4f012bccae60c636a7b77c58c30e1eb98c8a0b02e7502d6b774d6c091174b4dd5a8cbc0df6ee9b2d69fe65d380976dfd99903b4b3b6f3d5a1219af120b8473868d3793372c9cc3f9339a432d759b72a4980e5cc7577343674de5de6116018b2ccde2830bb64fc61fd7fffebe05f0558470471d19be2c25dbbdd1c752533441f6a3c9074a7d7e3e9dee5ba91bea8a0f99bb7ad942c233afc2b41d677e1207931fb9cef46a53742a43370915b2fed4cb27a8eb6d9e85252fa4d0dffd59fbed90c4080ab862c0bef68bb58fd07d1ae508e9b96c389a320ebc906c6c698307395fad09ad53fe6887560f3da5524a712680f2ca6d04cba0b73ee553dcd5eca75d5d5ff918954858951f3de2e444e1d8f80dbdf14c385f119edf54f9979d4784f74a15e2902f8b943726e9cdf841478d535c013a3bfb0190ed3a6aea66d55e50d9103aa99f4cedce968f6504ea0adf2cef7d13abb667867a79f462688f6a97d22e107e45a9ae701b1170f0e6a76bd4790d080d14e3e2698eb5baba7bfd1fb4e90f49585e10ea829d24a9e048a6813260aa1b94681ce81e6c2f65950accfe90e3ebdedda8b67fb86b0169b1663028d0389d6bfc696e9fcbf7148456f19941e81780ddbf2e9598285fe9b718c9cd1a0f9a4973260ce550f993e3ca47cd4e33aa6e55c128c45271ae53622922e0555e765d6161614476848d1e7dbf82482cd402b54a4c1df3f25121a8e7ce60aebe32cac7d88d04d0166938f09ab3c20037b897ed4d0c8b90d10eb68916f9031a4c8c4b836f3f70af5a62e40277e749be1c054c973dc842e1e26183932520dc1478a3088d4c398995d9c74b4f3debde51d3d7e35a7c4fcc15d78315e641af9c19e4e82ea6f0e89c0851ab95c0497de83d52b17c482dea639ad0f1d9572ae224b9e1d0a04c570ce2e99a5c26f1da7ebcf9f8b88db6d331a8cbfc5415bb2f2999304dfa742b558f77eb047dd72bae68b79744923ed2c3ca39deec7a551bbd335b56f05746d86d054d064bae575484c574ea91206e43db4017ef142fcd78d280b9a2776a1d357def7da39e9434e20325de4048d3707ef0811b3039e1d70148c0f78b5eded3d78071f5096091d746d78b9f3fab172eb7579c950f897929f7e6256951d0b4d27cf536c5f8c96c40c445a7656f84cf9484e21c481d0259cb6c588624ee10667773182f93afe6ae013bd20a73b9e9654b65ebab32a12a2120e16e7bcdc295b4afdc673a40184d3694b4c595a933b72c6c26f105ca2d38dc40cce7324ae07f9a3fcfa52f259e95d181c69295cd8a8f3f21795c91b68236872bbc814082a704d8e57c34e6dc5f3282ce8eaf9291289ae5cca23cd3d5209a7498e89c9f4e5f02180c4cdad1de1dc156090ad678af5975a5405621c6645ef0cd4c7bfe640d1b6bc380185f6fa834d8329bfddd688b85a0074d09135b9733225600354cb58b0e68190b0eeaecea89d005d8eb869fb290cc46f653b43f9f8ba289f0c0fef0556c5abbb1772b7ea87b5f820d0cc22ef3b8847b23273d1efb176977c0a3ee6888bbcefa2df5e64461bfa18f77482bdacf", @generic="1bc1c0362386010756e80a32b931ecb32c23f2"]}]}, 0x1834}, {&(0x7f0000000e80)={0x148, 0x18, 0x300, 0x70bd29, 0x25dfdbfe, "", [@nested={0x137, 0x88, 0x0, 0x1, [@generic="327c98e71107ff1865a6e66fa9462e97cd6db3e626904a81d668a75f92567ee83262cb00fbb4e248690f3e4cab7611c88cbd8ad9dc26cc3035e16584dda1107e6039373d6bae0e9bae33edfa31902916f1986204affeba17bf26f9ba5e05d3f87a5449083ba588ededcb267798d8801433a3998a479cb0f982ae9e034cd0a1a7ebcfd823cbd7032521951fe2f5a2e7131f63580245eb3af9dd748572dae68dc8fe8db8426dbcab2cfbdf8d7bd06b22a2b1a016bbc199ac9e59c3c8cca9d08e3e791d7701759aa07891bf0922", @typed={0x14, 0x1e, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic="6b84c088fe05c3335af9e0fe824cb94da99733aeea937e67c706", @generic="34c5548792f8ad7fb77d5b89363ed91f01cd5c3f4bab2c96f7b6015437b1592893ab79fcb819e58751b26a6245e47522270a2ec4999c0c1949"]}]}, 0x148}, {&(0x7f00000032c0)={0x12b4, 0x40, 0x100, 0x70bd2c, 0x25dfdbfd, "", [@nested={0x18, 0x15, 0x0, 0x1, [@typed={0x14, 0x6c, 0x0, 0x0, @ipv6=@mcast1}]}, @typed={0x8, 0x46, 0x0, 0x0, @u32=0x5}, @generic="1149e21e4eed624ee9adf3c5a0b7408c2e0c30f70ece3b6b482869412abc6035b88674dbd9938d45aa0de05efd607645ef472ad848180071736fabc4fcaeeee4f0acd3a57954db11e9994c630a628b45a07864175fbbb3327426ea9fdbd341e10d07984c1fca16cc1ffa92960268045e88d0401c27d4b607c8dc75e7b62ec6540b3e0ab56fdbce072ff24a6ed7596d2046f5a4b5110d2ae215e91e0081cfb298ff0dea5e6a6b8b1446d89defa7952e92b4c425f776607a9e54ac2bad8c661e404cac21aaf856dd4064525953df77799632e1c5b14d05174a286ecbe7ed7b63db19e53648b07201b3579db8433450a9d1675d4e7ba0f9d2e04a101b41af37da49b79167bae9092eb1fc4a09424853947711462a48a32b8e72cd4ae72a020b654e28dd401ef13f5f65813ac0cc45dabb1b4d77ad6e963798613e256229663806ff33dd13504fe0f18086a612444f434a9fdd725b72a9c5247cb8d4692586d63a8f6bc10e84f9545e9b46938a43a220be7cdaeb7c1ebef9b1a3941e874ad87025af8a83b0ce97f73fd8a9797d8ba277c872f36502d28218ab5c45a910c26f4cf30d99d7b5aed8773b5a79008451b7c053c9704d3b5f07ddcfd32fb15c5d78a69af1c60ebd06f5f8ad33ebfd445f5c77fa9ca713b374be318aa394ece451015f2ff7f2bc17038a6c07e4a768b9771384731adc6d1de8a2d805ad2d5455d228bca15b3bc9a332f1c321dd0e0fa9b74dc980c5c0b4c00da2696bd12feac8cc974f6997840e633ff80888cbc11b505086de0ce6de8a1e08d976002fb01189eae5ccc0420020b714ebf799761bb3d49d50cda72e57af7a7008ef14b0cd3e1689b3fb255ce8c090a95f0b140d29ac9a09ddc763689c9bb81c5334bfa6c3b0d4b4ff035676024fc755b14c3f5bb1757d85ab4fb614f7b55cf8e69869b248553e793a905bb81fc70b7b265d2a95f6920c1b24fb919386feee14698ba9af8063a06024f8a260d109995a291da9efcec1485fc67c0422c2072be4daabff751060e5fa8e22cc05dbb2c9224f8c38ba96df5abbaa6e7f75ec97712911b54f1dcdc5683b46c51c7227c7cb87532ded4b85cb43fd67574e561f61c119926b6175893abc361e6c0acc72e25fb86380aad023883ea84410e59b784ac0b0440f53b0398d033dcceab926cb15d2ce7adb2a58cc6954be3b8e9e27a04f9c580dbdd7e48636f584d42a175ebfbe6a647936a110fad7805fdd477237a3120834d5ee7de15811d69c1542168b45dcb9aa5cb29941e1847d1a8ebb1ea3eeb0be5d8c4aae7e81139fe3bdb24fe9f10a05acd9d819ef595b9a8ebd852f392b7b39b4404bdae36a5fb893f15e8afc559582e768c726f0430aa64280e2757c4c4d275854dac03e0e560c21cfec2c8fa672d5c2dc1a84a9ef8dec87725694bf6add844b3bfbe97e63a6a1ca089e7c194ca14549a04c0fc91d521720fc998e8dc06326d26423011cfde229bca402491565dd67b6113f9e4c73ce9918ad1909b2e025571deaee233ebc08da40077308d758904d4a1c4cf3fb19f30516c23f049693e9fe75a7808958ac223b7d7addeadaf043818d1b2f9ae6f330ee434e54f0d7137fcb0dcee508d0fac3a317ae46def7450651003c5db93ffda8625c7b2129f51564e593205de249536a6f63e74efe1fc4a5c4a95526c0c93155b0efb165e0a6996c7b0d9ced88e72e6fe54d89e2e117f9bb2598bf5559048f0469955a54c727980db1d61c286eeaa118bea645d65978cc13a3d9a5943671b48bdbb77086002344026bbb5b45cdccff2e072617ce0fb4867558aba96690e01170c2c5c6993202173bb6aed44afc8f2cbdb23b199efa609659be4ff00e13d0de4642ef39a9250b1c90c2426211b5afad58c8273a791ee464aa47a6aa23a9b91e17c484af87e8f56ec9b95fff6c69c1c0822f4bdbdeb22c5e5f7051a395cc0e24f020a2d4c9330a3bb15c14f97da52421b0660daf582062ba72382f8d78b52b59396be82893e2574106b69610900ef2cd00e62e473548f50ae833606e4bb5afb2a728aaf286759e6e61fed2672d0b460027da841ac9c3a06504d1f4443dfd83beaecec295fc19842a02f0fa873d37b11565a17ed870df0c0351b70e89b56a4f6e1e324d62647a47288a7130235312b784536f9969c070f22d4aae44947435272799bcc4ac47073a2fbf2999f78349fb3fca03b324509687989a231e76fb3a4099d300321e8e1b46adbeb2122ab04d2226ea6712db6539cb7ef1529e5de6baa53c99e03b7ecf3889c2e9f683a293a10c60bfe2cc232ca03597b31359ab0f358613d8a22be56a6b728f8432d575a5b1c9f14dadc4a51dde98e7a3686e5397ca19f3bac81326b90a00871190221db0b77234337a735b316b3ae78f51d3e2048b27e6d216a86e4bcbdbde085ddbe0f7a462d2ee24a387dc6066e1efee19010213fe77ef6a28d80aa1d72031119fda4d0df84661c67d0973f45f8a7c022c58407d345a77c21ca00166f471e8e5d86b6bffbdb9de811a9c60833eedec33c656e31d440d354321fe4a67095fa8584a311c5b63970ce746a78d5f01f65458e9ef5187d9ffa9605d08eb782e9449713f47e4e5dc58577a45097706e75a509757a6602201ae02a2d898dc897dcde9adade32ab2b9d344c0f8098e84befe1a959fe93373b37d2285a866552eb8704d62e8a3a89e6244c613bbcae0ca02cc4dd422e389758f0f343ce66eca29fb28a9e5ca7f09467771bce2038c459e6fabcfb83a45c669d58af9b829fa4426d904a1ee51404cc54ba9151ef28720782a3a4f5a0170ac06c852f291f96cbbe69b183d03e797a62735aeddfc1a80f96c5b4a58609e1890796631b249ef10ebcb3665411213bc66334b3540a60951e8f770dca4495423201ab265e28873a011fef19febbf9bf3622a1d6be7b95deac2eacc0e309d9c882f9f191265cf7c43c0128a04e64fdf2626039d3ea02738cee7f87b804c58faf5b23354fa8ba5dcaa83be2e72cc81baabb918a6551e9b0b9808cfb7c87c2d41221951da538f096c3f11c8b47e28b48c23332eb37e80d6a9f9fcddc653936cd8e3dee8373544f83149e52778c07e60fed331ab9c7a7746184ba795a7ec7b4742b13aae831152f761d3c5ce6058a1525acde7d3ca956cc5db559a79bd8d17fb9a6075d2d9234b41035df29307ae6d24d0a62276f815ffb736164b54ce3e81ab577f61bf1af077f023d38bfaf46cda7b7d4ed002ad9aac25a5207b26b2c5b614f517478e191d4ce814551dc4d5793a7f294cc782eca08a8510500078dfe18e05c19d0761a10dd60f92688b990afe1fd078ea9627e67bd9e3d8f037209c060613a81fa45a5d1401bcc73a34dc69646524c465f46fed327ca5413c2dc2ab1ba692d79dc8fd25dc983f9956ff122f6020c75f5e7e7de8e73ad6b0fa9f13bf09d612a3deab0c2d5cdedede95712b7110c4d3b3bcc8bb408faf8a02a950cd81c957d5075ff5325a9e1c4fdef4d52563909a292b6d63f481c7d14a00ef5884cd7bed403c8d419b50ed1a142c318453ea0aefff9f43fed8179f37060be327f55f55838f08591bb1862c51e525003f467d78244c2b61c6d831d6d27b7d6872faa5c32414c144b8a68ca652d620e947552a54b4075541dd93372f3c3e6f34cd47fe24d33befd6538fd5df3183f1cc379c911de5769c68c43c107f0af0908cd4e6e4635fbee90863fc5998c5c8f3c4bb6e85de191ad00e53ef909dba0b0eb031a5b90dadb948e480a7d4d0baf046533a1f6297da41863ac8e6690d95f6295c40cc2060fdbd4f8efd978f4eb6b719700c2917a658b639c9e1484bce8416adc58dedabbd69bec865f01cb6cc348c3486677e3f4d4a1181c0779c88783928e7e7c38cede0bedc4c45bf3e4711d03e8a12b80c02f6307a6470bcf519d0c3c40d290e4ba67e76c8e27e2b350e5b986950f00aa0b5ddb581623904b72cfd736931cd96e733f9c066fd650f4ae984cd334f4337d25246167ee2a817833bf96c2d2cbb6305e2424f4f67ca14b6b783703f9b62c7d5f66b49a4e1114c4ba5d596689a3d2005da12c93df6fd27de2c87702dc41b86c953bededd0cb90a109705be6ae96fea6d333cf30f31179c6d0ddc86cf602b74061ff38dd7060f676d475f55cb4147cb1a01f19c9cde8e9b69f33f1d285eb5f54bca403076a7e5b5e31368328fa75191a9301eb900d6dd243f5d4c8a4b51e1a2f75111e22d24bdd5de4f327275c86248139ae5e022ae49be9d7821b7d37ee7faf2ec0ea71d3acac2a82582e8813829257715d908d3580f7ce951f8afa2597f54805c6b512a84ab396cc5bee69b12a0be8c690cb3bde1576c5f56484c525e06f2f977ce22ecd460599112bbcece23a7c7054e4087530c24446870560d995fb10e4d10d242ee9266a32c56ef8a7c23c358272a79fb51fdfdc3d378f6bbbc68da849d7dff5ef49ebcd659b4ff03ee9636152c8d77d39f21c56097b7e9dbde5430c415c2e84448500fabd49c491bf6042e73732bf22f7dad599f3d4c79e2479778e35d37e6673804a2caabe8fd2fadb4339cd9ae2afe1a7e0ae20f7cd831255362bf16874a38890f29cdb4dc185899fc82875b04ffcb2a12a564aaae0923b8c80281abaa7526665c763027aa0e18e12fbfb31a52eacbf7ac376152f7dc3902f244533d1d6e8f419d3a57c8b7d50e5c68e76c003ec62a1a9075c8ef38fa4a1a217a1ffddab31e347e58f4f5d78f7034392292dfd935aa6e31949fa1a3e3fa58e1dbb3cafc7ebaebc3c8195e38341b1bc26dfcb5cc879a256cbe9cb187ef58da6d2e630d04e0fa5d8b02b5f0d0ec60ed89fec1b7973d665c5aae07bfde82335231ce086872a4f6b64839499c9024170799b735a7581137ab1365c563570d89b759cb0369df7497108ffaa54513e3e17c85b87dbe7001245e362c81f733582bf4c93bfcef988d070bd4891b79143b431a943ed0f3537a596aa1ac96da9163e7b8c47089a64e92d6d13a7a12ac0904d56400941c839c461105f4f7e02366c7367697250a7e5b836073dd621b75bb296be05383ee845bd76f651fc179b5144221603e0adebe1120f34fd765541721aa6f127d6a8db9e3bbd6cc7e3cf66c168e63ef1b33147fee8153e438f43cc5238c6432820653c9a4045113fa40b26b56e7d6749b17ed59211db11fd0a52a616f6e8a6b7a2bbbcd1ab89edbb5f8610b381d3ebef37cf83886b9293abdb340197bac5156faf9d357a8faf703db8da1b9f29ebd76b9a80546799a00c912b6911c52e189ad7ab1f32ee2dac6940e53cd1e3bcea04a560956fabdcff6c21b0c8636f63646c12adf678a676c2c28d13420d263f01a974b595492db97c2aa794c803324ac5aebe738e3b5997e0f842adab85f25eb4c6ddce3f2546a047f15a8bfa3c9219675eaaa33ffb9a85a9ede7dc071984dec4fbf43139a75ce93607e8fec7656cd6ddc1de2c565e3bddc4a06f43b10032145633815fe16372e09213243ae63a07a2e7092aece4e6769b978001c9a4734a15d8e5677d64370373346ef4e52086a4165443e5c07172c1f4b3842959994635bba89abe69928968038ed1c34aaed389ba95178e0865cd16e30285bce5c55e4fc75053232aec3cfd563e5bbccf4ebdaee0eba80e4b55dd1cd13bf6c88ae67190babbcf6dcdebef80edd385296c3439d0a9cbc294818c1ed38242b507122cc64b92a8978903347da2e5e2275611ad0b1f77af8b34f8000aca31343d50f3fafd841ad63b3b7eba1c22a308e9e7ed01fcb420768d1255aa26255", @generic="4129b7d6224d8a3e25a6239746af657267993986d39006e4fe1306edef28fe012b26c608b9b526a18e6c6cb47594ae858006e81908f7aa63cd3182b27e3f0f162a24d2ca68b1a507b8b94daaebc92c5562370f025d0d3ee2d9655a9f47a69965b1c7081dad62c582483ac5294c139a0fa8e9b1b60ecbcc061673530b5157056b582a1604c7fe986cabf5064a52c214614f0b21797060a88739857767d42777e0fb7e6042c2c4835597d10f7fef7f339012b30fd78796", @typed={0x4, 0x81}, @nested={0x1bf, 0x73, 0x0, 0x1, [@generic="b13b4810", @typed={0x8, 0x58, 0x0, 0x0, @u32=0xd69e}, @generic="aa15d4d05defaccd81f573db2933a8252951271ed58a8980a747ae1d820697198e4bb8ecd2fc7204e1052cab81157389491abccb91333790473bfa5d6f04cbc231fc963fc3d6ffb6205e7df5ae9b1a16c53304e8a1a70603df5caffe2fca27c1c82aa7166b911141fdd04a2d2c119ec9ee97373069250bc03c370213c077cfbc2d44599537be153db33235335f53bae12df2eeddc2d20934d567ba25948d06106503f3ba67ad76", @generic="23a22861d5435b6035e9f8f7560c9ad79b698d845c9cc2a08f2b19d897e19fe865675fe926e93a51783963176fa277d33efe49f6c887e2b7fe849b9818c758f87a354b36c12396a97e04a8156e2589e0e922dc7a1ab496e18da31041ea1cc1f65f4fb9a669fc0f434f5aa4eef690cb95fb61cb5231aa504f1830d88bb02a0f14b3639216b41c9a9533d2f5caa6d5d11387df2ac12589b46ded863342d83f480188a44938302025680c989dd015e19086b91c3d55357fc78d3b229604", @generic="1921d84a43653769b1db5d25365e17587024567e83160a2118ae3cf768bd786c313d4c66828c310c3965d20698669d7638a99d0886cb9addac52309f87555ecca777391513c197221813cb42"]}, @typed={0x8, 0x3b, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}]}, 0x12b4}, {&(0x7f0000000500)=ANY=[@ANYBLOB="940000001100000829bd7000fddbdf2593013e66f3f62c0211fed23cfa5f15e297d99e8b672dff05354a5328cc98775e413bb179509f394e27ea532d7ea0a497afecd2921648ce1d3bdee67d24a9f9fca903e4ec2bbe048135b996172f8e7bd2fb41d7492e2c1d919973962817dc60815be1e711de287b00747fa8d3e0db36f9396987499d97d60461e24fe67a5ed1efab11ac00"], 0x94}], 0x5, &(0x7f0000000d80)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [r5, r0, r6, 0xffffffffffffffff, r7, 0xffffffffffffffff]}}], 0xa0, 0x44880}, 0x4840)

02:31:44 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:31:44 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
capget(&(0x7f0000000000)={0x19980330, r0}, &(0x7f0000000040)={0x200, 0x4})
pwritev2(r1, &(0x7f0000000540)=[{&(0x7f0000000140)="b3b24bdee2919de6abd006fc33d38178ac06e7018bd09946ba5d0c51031ea73f0618b4d804719445a0151c34f706c97e52008426e2606367ce51be3cc3012e1b8c784544b1ed046cf8e4912946e4fec099b8329ed213d64b8773cec9359cd131f0dfa979bcfa60db9e31e0b85e6545dcda8e46aacb43a28cd23291bb4bebcb7c2afa9e48b8757a9b6b35b66e930aeada5fd46141cb558c562c0043da8af44fbb8f74a7d8bb041b63d938f3f15eb4441635dc400fcbc40c801a2c1fa358abf7e0def1c3ff54c46d57993a6993e98e4ae420bf6663bac2c511ea921456f9fc3f3a3ef1b6763791a8f1db6e51f0825d262104f8", 0xf2}, {&(0x7f0000000240)="358aaf4ebc162fa88e0ce0116c00d38f1f9f0aaf6ca371c0da26bb84770624b055b661aa7f764b68776099a928fc066258117114d280426ba1823ee094f78390dd7c5de805c3b5b0837f10777e01f2a03e6cf12c5816", 0x56}, {&(0x7f00000002c0)="1ee10f63afd9588e128ea3fb1c6d15d2f420ff3f8120173d56c8970deb53ed7dce439a3a381564dca2ba4309514e2168e828ef9b46253290e06081014aa7f4b3c4f59633a986d8fe493765e3cfb378a35996cd3dabf58a3fd80e43bc0333bc722410a0de6f74fd0ea1a71b5b", 0x6c}, {&(0x7f00000003c0)="909196f043901ef5bf79e574f416069194c0f398d8718175e6897a78cf5623db3d2284975bf81bfb99e5fbd5dd88ed00dd33c665caa57c9d80aef7d29bcb562ae31760d5e3aa9248d71a9ee8c43acb06a65195d5107876019c854c9bb4e6d0ca64305d79874570df9955272a0ecd57ec341f3503578305f0fa1bdf5f051e6dc7e08e747fda5f4dd37d1ee01be693857c5b5c", 0x92}, {&(0x7f0000000480)="522d8b199f4714a0e996a4435ed1945a42926af675bd5eaaf74f40964aa127e7410df0b0841025a45fee7294bdd55c4f133c87f92242d0603d4855eae73a2874c1288696f8afb13f3d0ea923ce516edc775a73dc6b411cf60d15977664f34effdc7e09618a5f81128638cf8da414f04a572b6f5de93fd8fb1488e1d86d6c2536ed5b61974b4b1806b062f15d11eaed3720", 0x91}], 0x5, 0x2, 0xffffff01, 0x2)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000680)=[0xffffffffffffffff, r1, r3, r2, 0xffffffffffffffff], 0x5)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x4, 0x7, 0x5, 0x4, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x4, @perf_config_ext={0x80000000, 0x4}, 0x100, 0x9, 0x5, 0x3, 0x806, 0x1, 0x1000, 0x0, 0xefe, 0x0, 0x9}, 0x0, 0x2, r3, 0xa)
r4 = gettid()
r5 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x7, 0x420201)
r6 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r7 = dup(r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r7)
r8 = pidfd_open(r4, 0x0)
getpgrp(r4)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x13, r8, 0xcb51f000)

02:31:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))
chmod(&(0x7f0000000040)='./file0\x00', 0xa)

02:31:44 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000340))
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @empty}}, {{0xa, 0x0, 0x0, @private0}}}, 0x108)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_xfrm(r3, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=@getpolicy={0x130, 0x15, 0x4, 0x70bd28, 0x25dfdbfc, {{@in=@rand_addr=0x64010102, @in=@multicast1, 0x4e24, 0x20, 0x4e21, 0x98, 0xa, 0x0, 0x80, 0xff}}, [@XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x3ff}, @algo_aead={0xd8, 0x12, {{'aegis128l-generic\x00'}, 0x460, 0x100, "533e43ca90af0d06a9db7a831ba994dc99f5482e1b0d67d909566fd686dc4cc4f3f435ec74691868ad65fd417046f648afef3795738abb69b87d41b841e5d0e4d84560012e7f7182923b22642cf1701470e63c722710a691e340bf50d48cf18f3ce01772843254a38dd9d576a158b4ed193f69e88f4122df20fbd74dc00b29608998df95ae47dde28bdce9f7"}}]}, 0x130}, 0x1, 0x0, 0x0, 0x8088}, 0x20000000)

[  167.307209] loop0: detected capacity change from 0 to 256
[  167.320727] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use)
[  167.330416] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  167.336560] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:31:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))
chmod(&(0x7f0000000040)='./file0\x00', 0xa)

[  167.361460] syz_tun: refused to change device tx_queue_len
[  167.372096] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:31:45 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  167.392568] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.411094] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  167.423234] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.425801] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.439915] loop0: detected capacity change from 0 to 256
02:31:45 executing program 6:
syz_mount_image$msdos(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, 0x2, &(0x7f0000001b40)=[{0x0, 0x0, 0xffffffffffffffff}, {&(0x7f00000001c0)="5d1e6a8b1bcc238971", 0x9, 0x6}], 0x3918800, &(0x7f0000000180)={[{@dots}, {@dots}, {@nodots}, {@fat=@codepage={'codepage', 0x3d, '862'}}, {@nodots}, {@fat=@check_normal}, {@nodots}]})
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
move_mount(r1, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x6)
rmdir(&(0x7f0000000000)='./file0\x00')
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')

02:31:45 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
fcntl$dupfd(r1, 0x406, 0xffffffffffffffff)

02:31:45 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000800100000f000000000000000100000005000000000004000040000020000000d3f4655fd3f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000000040)="00000000000000000000d02ce4064a30b19941939d5c6a24092e8c9a0100409ba3", 0x21, 0x4e0}], 0x0, &(0x7f0000013e00))
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/pm_print_times', 0x82000, 0xcb)
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x801000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_loose}, {@afid={'afid', 0x3d, 0x3ff}}, {@noextend}, {@uname={'uname', 0x3d, '/dev/sg#\x00'}}, {@version_L}], [{@euid_eq={'euid', 0x3d, r2}}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, 'ext4\x00'}}]}})
r3 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r4 = dup(r3)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
openat(r4, &(0x7f0000000080)='./file0\x00', 0x201400, 0x100)

[  167.556499] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.564847] loop3: detected capacity change from 0 to 4
[  167.571743] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  167.574909] EXT4-fs (loop3): fragment/cluster size (32768) != block size (2048)
[  167.578835] syz_tun: refused to change device tx_queue_len
[  167.583874] loop3: detected capacity change from 0 to 4
[  167.591383] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.591429] EXT4-fs (loop3): fragment/cluster size (32768) != block size (2048)
[  167.601770] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  167.613281] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  167.619204] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:31:53 executing program 4:
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000000)=0x5, 0x4)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x401)
writev(r0, &(0x7f0000006ac0)=[{&(0x7f0000006780)="73e46d7de72f484ad0e322a3d699fa035e41c06332b6da26", 0x18}], 0x1)

02:31:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))
chmod(&(0x7f0000000040)='./file0\x00', 0xa)

02:31:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:31:53 executing program 1:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r0, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000041}, 0x0)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000700), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_TX_POWER(r2, &(0x7f0000000900)={&(0x7f0000000800), 0xc, &(0x7f00000008c0)={&(0x7f0000000380)={0x14, r1, 0x1}, 0x14}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000a80)={'wpan0\x00', <r7=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r5, 0x1, 0x0, 0x0, {0x24}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r7}]}, 0x1c}}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r9)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000a80)={'wpan0\x00', <r12=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r11, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r10, 0x1, 0x0, 0x0, {0x24}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r12}]}, 0x1c}}, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40)
sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000811}, 0x4000045)

02:31:53 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:31:53 executing program 6:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
uname(&(0x7f0000000400))
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = io_uring_setup(0x358e, &(0x7f0000000000)={0x0, 0x3124, 0x4, 0x0, 0x248})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
pread64(r2, &(0x7f00000000c0)=""/33, 0x21, 0x200)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000080)=[r1, r1, r3, r0, r1, r0, r0, 0xffffffffffffffff], 0x8)
r4 = io_uring_setup(0x358e, &(0x7f0000000000)={0x0, 0x3126, 0x20, 0x2, 0x248})
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
pread64(r6, &(0x7f00000000c0)=""/33, 0x21, 0x200)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000080)=[r5, r5, r7, r4, r5, r4, r4, 0xffffffffffffffff], 0x8)
ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f00000002c0)={{r7}, "5ac42408622a607396aef663e762b60c17e9cd07625c201c4a22a061f20ed04d36326629e9ba7b57cb521a73cd5cc9b89eb2815a2a04e865010f4311989570d3bcd62480d1ab3be30b0df2bef8094033762ae53874adeb2ff941e6a53aa5265b01a2b69061064026c1c58c84244663e5e608d1595cb4fc50b0126490a6133a13f1b6d24122015aa64ca1a55007c035da14ba823a9213784096c061ce0c59aedf3a820ff1428ef31f7baad7df5e2441e554242ab97e88209bade0e0b6f9f1c2136d8fa5aa45378baccc1e3bcace086a8f923661adef308311357d1680305d7b91c98063b986b3ca3c2d460e9aea46b3a0de2f3e874259ef9a6e7c9013e19ac154e3395b7416bde17c3718b3c8fd9cb25a41af3e8755c59fbf299e0c32b5ecece5695523810042c4ec6b280f34a1727454666d14f9aa604a80a95aef92423e324c72cc7f0c3b99e4241a77852e3faebb28ce3c1b2a9ccbd42b563a06eaa259dee23f7621e8236f11c2a574189ecc182a1617944b50af3f973c3f98fecb2b837da25ffc499b69d03b0cdd8e4894b63fd04102b977ef272d82857ddc2702560abd2099d04c31c6316659248fb31c8be8f0c7c1ec662ed8f53a4084a317cf9d8060c5973200bec8f3f1ad8e289de691a8f329d854c845dc666b6c96d003b85c09fdadef029074952168c561187d793932f0a73608520dbd760da78723b01de794658d4917150a75227e6d2db0d4d204b75590276a9c85ce85511322395a39260b45787637635fcec0895b96e29b37957e1775083dee13887aaaa541c8a4e2e73f78263362a33e5ce7b71d6274ffb18b730375e37b1092b70c9b5ab81ae3ece3611a15ecf3457e54fd3e6ada4d9eee4d5866f6cc0c7e8445438b5ce446d50aad9d6560497ebd350b2a96638f5a0bcc28f53b1c55e05674a051363c1c20a0e12a26138d182739489a62108e936f9a200b963d344a7f08c0dfb161609a0b34edc2b243f169787cc834191bfb0510283c16006646ce698b5d73c443a1bff3b844f9ccbce4dfaa95ea46370db70e3c210b7992e41267723c23880e62ff86c3e68ad2e7112b2a46fa959bb09589525e030f41297ab9b273d0939395be2c4e0d66cec4c7cac31fcc14e1bd59321e315e042942909bd7aed7e5538f52d1bfd9ad63cb951110e0f56cf775c753b6d8ec4f638f299be0565571e9e6974b812699f287e04b4cc8e7af3fef264f9988d3726ce3e08896bb5cc42a7a9b44f3bc6809e77f53da3a3ecf4bef8d7fc60930f684f37a777d21f1ccce5d77679555ab40be7fec4e0a5a42ade8d4ed920e857650b4a14ee08fe54fe1ca3451d6136f8e66c99a5a3d79ea797cab6c672c2ff17307d4b3a90106ecc95b85b4c92c07cc555a9304dc54bf94a3c5431805f52eafd1203008886e83ca0ebf9e569abc18c9bd8a94363e771537b27ee3b3a40255ee67878e39df7272c3afd3179075d28ad6f0192d6a2ea18fa2ef11ecb332988684434d54ecf4f877b7f0a318e811f14828c6c8ef35166033403d8bda3f4c7b75f81832d756269cfe85b947e84779b4ebd5fa3efb9d6c4b248e29296d6a7c5e0816b9aed66ec58c97a1ddef514bc4bdaba1acaa0ccda609eccd0e3193288a495bcd4f524ba41e15d1f1af460c3a0216f971af71bf29d562b6f547252e719cd44f4c730db4bd3078c20ed02528f867a59ea9df2f6a978e3242aafb3bd50fb3a5d352d968b46788a796dfe046892af0ad70bb4e584daabd569e6b4d13d943e9d5569d30e4b49fd00549fab0f8a69a8da54764eced40d1e9b295975726e6d89f351f285750fa2e564a0e536bfdfdeb7383b4b74e0292c327a124b6b5184c9458aaeba6d1f62a55a645a2f5e9bd7a7711a65cca2503400c30edc4339cd04eadd3582955dfd40510408ff31753a4fd1662d489d7f79ef5bee0f9840fb1e38de3dc1564815e4d9cffacae749e48db9d3dfd0ff4c64207bc3c3d89536264fdbb662c8216debfde0811f6e99987a5bc09797b199b2c8d2800af6fb327e2d1a5b304b0ca6ab0499cc023b8fefe974b9c9717583420d0730d003c9d7cc58af57f65181fb63f277c529b4e7717c9fd06c06650aaf7998fbbe25033ba63e2d4ae2c3517a9b7b6a0b2d24bc8213a7790381b7151ab7f2a02deee64a1eddb608ba898cd942c9b2bbdb5a08f8fb17998e479215b37aeb2a4ad8f20eb546ccf3588cf17696518a37528be22b53cc42d8ded123bcd16c15f77410165fa07a965d945bb2cd67f6c3f552dea560cc87bb4b7d2f23a27e86aeb21e6df740a438855c6a5953658a119b8c3f15f86d7d53053bd33e3c97403b567eb559b8cb7cba13c5063af348ed0d58494371397f4b035b54144057ce5cc5874aadda7ae131e722929d7127ffc56f4f111b35f657f264c6d39e029baed2cb89c9f64ee45392d6edc8d27c0b9071376604ad97f497bc6c9351da27947ca2ad5cb57ecd1891f425764e5d72f9ae8f09906c5e8e206866e498c54911bbb66382da329661172fc212ad82fbfb6678d0d26facc9d1093ab9419b0ea30b1d1913439cb450aec1f381ec2f32393204e310edd82057e16438774fb02af16ce59415a12885ec3800ccc72926399da00eb7eb7eb17fda726b504cb0cf3608a3e61c66325b4a4421b2b27f67b104b0ff9d912c61e8a147836d9a3608e96a832a29322cb25ce6f11f3f149ff765509724c2f5dccada10dbc4bc5e25e11433239202aab9f76324eba3b54a3249ef9e8de14532ab92481c98ab1acbe53ae65417d7c10965f2a7ec8095154235f20d07deac4b69dca421d1dfdb18b45e6dbe27ad5025ef704236a278de13c85b9501d97829f34adf7aceca917cada9b162bf1eb8a943913640935325210e2b5f621706e2537cebf160297537202d295b420286f7b5b4d7fe54146cb3faa10cf4911de3ae0b016e9b0eb79f2c25d886eaf358bf12a54869edc057612c061667742d7ddd65e420470eb11c8281095ccd4eead0af4d2f6713d2936151adc958a57f2a76c7e08220bf5f3ff517159e2aabbd87013f5c5305511c179c338a399222e0f30c31f78490cf83a6e9af72e34a82d0e2c04421bae19451e2c24e20e2146cd8bc3ea89ed66f7a918dfcc603910481d1fd856ccdb193b3c95a54667a9febcef46a9740bd6b3d4b2b017ed6f288f292954b3de0460b338ba53312d73b88a6957e6232b462a09912fcd89b7a23b24d5edba6e91619dff8501056b56c950c5ddf90e4055c8fe0a908f08551be991b88f0901645b5197e024fb78b2a1fc42b83cff0491ad5030346260f5468b1f4b8826d7987e2e81b3277b40be7b4365c44b7ccac5141a6221c43c7638e2cb5ef4c6e8d5c0ce2b6ff219a93c9e8f3a2f3a8392edffc6ddc9aa39837e632303b32a6f401f71a2919d30d9b4402fbe445c5e791ac87dcc93a715136263ef437e424ee620962a11dfd9eed28b660ac2cd5d783a011bc072c6df43072cd030362acb08c42612d97f2374c74e2d5acfcc840e7b64373e982f2466c6b52b025a20b9bf9e83a11d7ddd52a6ad69d5a0d77e87ff6319d928a0a9bd505190110567f43feabf7e6cc7682955656754b531a5ffd772dd90c8f98cb4577076f1293e258635e17bfc8331a77481d2440fa0f0b9861e253ae6dcef2ad2e145164e7dee3e96d09faecefd23dae70b82538e2b67845f6e1901870ee027b516b120e8d472ecab245a2f9fe793f5b600a5f65ad7a0806d151e6fd77cdef7313d51a6c1d9bf3e35e3ad310c18460d28355825f7b968bfa9ef435e3b3e89304fdd714e46c2642ba8b106b9e6e7cafe09bebdfb9bb23e6965563ea3b55e626d08e83d1bf2427777d3ebddf3440fefc8ca6698d5b545560746500660931c18b946fe2c97d344205a203eddf1261f10aeac24e9971bc6ed7b1d585c58c0b1b04e40fccbefba62100e7176b5330c47e855a4ecd9ff6ad630318bd74e0c054bf88b53b243cb5efece117260108326ade7d2e2803289b22dbfe46ceededf38eccadb1b7f588519c15107a7f646b4641030a208d742f94e08d0206c0988291825e446062d358ce5bdf8f13c02a93ed674c94eb917b4b0a6e9d9de4375751f0d98f5d34a7ffeb087e9e0f59b56a7d6fee17e435283d431cbbd5272df3225666e0b1dd7ba78658d8858aeaf4bc93acb8512d7085fd19198ca8781e06f0e765236b1acde196cdf823811ea2034c44b058c8b1e319977da57c42ee006b202256085310eb5a59410d25834a97a0bfa7a76a1b28dbb4be42e054c1473df9f7c9d570cef9ddd425439fdf97eb531f95fa7437856dbc22d19eb9d7b206cd2dbcfeeef3527075b1b8330e12b3b07665c56e01332182577afc87a91f8b9cd9b9581dc75ba644617f74847e8b5b488df9d2b8c61805569a82ec22dc25bb999cf8fa7595f8e8db1da605928d30a546fc56056c80796e08d0d9c6b948a411663f8c8aedf3907d0007da5298da5dae50f601324f171a33f4069551dc40e5077a36614c0918eb2ee0c5024979923aeb9fbe8427fe1f36491e505e33dcbf4b8f0dc0e1d65cac1da65398d1f10f2796d3d742d05c93e153ac9a763debe63395ad9925835523323826a82506eea1e9b31846d16e960343279cc3e36ebfeba088bc1f452694e58b5b52ae3dd98bd3274c8b0401c91a535843ed6eda79b0050d4af37e71b8738035ca1dbc4e4aa6b35dddff2973fbeb9c232fe24f0d2c1b458e52681434db763b7732f4bd16c75db604dd61913eed973720295cb13f33be0df62aea22fa537fa834c1331a4aaa5f9b2e7246bc80a4544db66a777e355c7395893a93a85fb9caf63ce538e6be1c0df37f3880f28d558d93105e7efa2e3fed8b23fd299c97b4ef204295d6e1b5ce8ada3ddcfa27f4b5d5a75f69ee39015276790e82c7fda67f2cba8f91948d8ec3219c9b0b1b1e11910c6a3a036a3b4f2a4d3c09863471bb7a27ae94cae2f9df2e2dd6eea223ace2eaedd29320500add4d4421be95883f64d490ec6a23d97a4f9ae518b43603970401ca319ddc88c3343ae2955fdfc4a91af2a07f86c35ebb507137a8288e699581ce0d23e8fe7c00c5d5b85c2f90cc0f84a41e41a48630dda9666d286b11acffb4e4831d95826bd061d50a3e1ac6249f8b26b77ca7ef232a8554775ddd8e164d32905de3dfca3eff4d1c490962d07903ea3da3434108eaed2fed9f71a84cfb0a0e2517dc295e678061ba93a712fac55aabe57344eec6a2d069a2c45c167f35a7966a6da54847fc716491e166fff9768720ef2b6ba04834fbdf06e4f3a9b3c9b443abebbd23fd9a6567457c7a30ac715a9aac8f000ab713720591c31799a7d73a72fdc93eb8c8bee99f20fa6ecbf62c6a0e3ef406bdb201150d26c6e66caa3546c39cc2a022a34239c8736794544333d478da5e764f44301195253a0a3c33a70779678681c3235dc4e94c676b4dc6179f18d6e14f5c0fa6a117a477a20f47e79d6e1aa76169414a243c69521da11720e22649ca0e78e830a9a9fda8318aa5ca2668958a0fb0955e0d94455984a8d10c9805a61093bdfd767d39e3df96e76209fd0fd5d9c6633357e8093b332dd410612fe574508f1f2e1b8e47cf709884749c0448431c937e4b87d20427a0ba76f0a2300b1612a2767b62372bb42d0fd946a5f73b853cd1d617b66a5842ac7e3e3d5c297e1e9218925cd458816538ebb2c1aefeb0283faf6e89a141b1e32ce714b3447eff621e0bc49fba74b82a0b284bb61e211fd3d643609bfb126783afd56924a7dbb5f0475231b730d"})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

02:31:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)={0x24, 0x18, 0x1, 0x0, 0x0, "", [@nested={0x2, 0x0, 0x0, 0x1, [@typed={0x0, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x4, 0x0, 0x0, @fd}]}]}, 0x24}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="380000001000070000000000000000000c09000003000000000000000c000000080000000000000010000d800c0000000000020000000000bea6ad7212ce990873f00be4ea3ad5a4235d6acb5e548f5c59246685bccb9393aafc03d8f69690e737840b5b94460bd9f443ff6e724354f2d594882be7ce60fd949e1e1ae821647c1b81a8b15fce3b331e2d8140879a6703c2561040763e715a1cf559ad5fdd3ceded201ef38e47983ab170d286a362b81ea3498960f238669bf7c5f2141ff946f17d8b84b37ed225220b4467893be7ad36866fd7985e8f5f0a50c9511b33b437855e66f6940e86b0b5416ebf8d614c73070b058cf5b814a01710fd58f6a63d204a74a7aaef16c3e40af82512285ddf8dd1c965bf5b75da821b7634f44d008f1f5408c48895faab631f7ffabee4ca20d63adb8b4f4aa0c5c261d85a65568774862ac422e1084b75ce51ca6077516e45"], 0x38}], 0x1}, 0x0)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='\':-@:\\*}}!@+,\x00', 0x0, r1)

02:31:53 executing program 7:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r0=>0x0})
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x141802, 0x0)
ioctl$VT_ACTIVATE(r1, 0x301, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x30, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{}, {}, {}, {}], "621600e2c66ebcbb"}}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000280)={0x28, r4, 0x906, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x1000, 0x74}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x10050804}, 0x8008)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r0}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x44, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0xc116}, @NL80211_ATTR_IE={0x20, 0x2a, [@random_vendor={0xdd, 0x6, "6ab4c58b31ef"}, @link_id={0x65, 0x12, {@random="05d4142e3316", @device_b, @device_b}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0xc000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchdir(0xffffffffffffffff)
r5 = creat(&(0x7f0000000240)='./file1\x00', 0x40)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002b80)={0x0, 0x0, 0x0}, 0x0)
r6 = dup(0xffffffffffffffff)
r7 = dup(0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r7, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, r6, 0x0)
pwritev2(r5, &(0x7f0000000380)=[{&(0x7f0000000180)="bd", 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

[  176.341084] loop0: detected capacity change from 0 to 256
[  176.346178] validate_nla: 1 callbacks suppressed
[  176.346194] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  176.375735] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.385196] syz_tun: refused to change device tx_queue_len
[  176.394510] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  176.396209] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.400537] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.404912] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  176.442767] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.487556] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:31:54 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:31:54 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:31:54 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget(0x1, 0x1000, 0x200, &(0x7f0000cea000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
fork()

02:31:54 executing program 3:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = gettid()
pidfd_open(r1, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x7, 0x8, 0xd6, 0x2, 0x0, 0x0, 0x80000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x2010, 0x1000, 0x657, 0x5, 0x7fffffff, 0x0, 0x1, 0x0, 0x8001, 0x0, 0x3}, r1, 0x4, r3, 0x8)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r0, r4, 0x0, 0xa0103)
creat(&(0x7f00000003c0)='./file0\x00', 0x0)

02:31:54 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x0, 0x0, 0x5, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
io_setup(0x1, &(0x7f00000001c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)='a', 0x1}])

02:31:54 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  176.643403] loop0: detected capacity change from 0 to 256
[  176.733190] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:31:54 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  176.784246] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.801454] syz_tun: refused to change device tx_queue_len
02:31:54 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:31:54 executing program 6:
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x6}, @HCI_OP_LE_CLEAR_RESOLV_LIST}}, 0x16)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="02b9ca0168c5209845fa35b89e000000000000000500000100", @ANYRES16], 0x9)
syz_emit_vhci(&(0x7f0000000140)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="04f906000000043ac4debc30e49132de3f69f05ead03007af7d6bdedbbb6a7e80406b69b4e386f5e43bdaf3fe440b9ce9b7c909181e07903b80a0dfc69cc27ed84e71757c4e1c736c0b5fdb02e254c56840b0d4e95dde1e08ff844bc42d62e1006222b5f1ecd155e0b7fe7ef4a7158d452d92fcde3ba282e82b42def15ef7c1af96806f837f8068e08dccbd8edbd4aa3efa300"/157], 0x7)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYRES32], 0x54)
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x7f, 0xc9, 0x8}}}, 0x8)
syz_emit_vhci(&(0x7f0000000d40)=ANY=[@ANYBLOB="0552748f00ffd1b794010c3a0180cd75a8aa823214dfcc5877c119f436d7a6cfcd07e540ca9ba7e15079a084b55af839f7776d984cb7cc0aaabd54cf2a7d684a623092521febea67509fbd0093beabfee30b036c4c128cdf492f7e4f0a56723fff9fc6c7b7bdbee5503ef72ab64ba35efc026a60d21a3b374df22b60b32d1e967f0014f97b21680b552e4b9f062935144953295e6c7fe661c8c79942eb49c1d62f7a88ce2fe65b937fadba02394acd13e92d02bdb15695f0bdbab4b5e5061a7ab4731d48e897fcc6bfc190ca235e03479fe7572637f9868cadc2dcbdae4008facc7493b6b2dd3f51bcb6db5ea3062e30428ac85dec2c839169f20612f76a4a4bf1869f84f7270be6d52809a75c824f2b64a8b6a058be380e307e3a4aa63b434b0f8b9d42bd8ff5c971636d20547a40485c674673d60d9f431d010fc3e7b1e8d11c4a0c4fc47f5f54ed7a5e0e38da48492953a6798ee31fcfa7b783f820bb03a4f2c72d8d1e1568b9db48e001f14fc8f71799f1ae415fc62c51dff1a5f8224e75835b05c2f5b62be6beb71e02ca856ad6d8e75dbe20e1949e7b6671403a0042582a5c7ce12ca555d3ec69f3a9895a0d71f4c7958bfd62a8b52779bb59680a017e5a00"/464], 0x17)
syz_emit_vhci(&(0x7f0000000d40)=ANY=[], 0x11)
r1 = syz_open_dev$sg(&(0x7f0000000340), 0x1f9, 0x614900)
syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x6a}, {0x7, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x5, 0x6d, "9a0edb", 0x100, 0x8}, {@any, 0x8, 0x2f, 0x5, "d960ea", 0x90ff, 0x7}, {@none, 0x5, 0xb1, 0x6c, "c5f224", 0x8001, 0x6b}, {@any, 0x47, 0x8, 0x4, "0587e0", 0x8000, 0x8}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5, 0x80, 0x7, "db71b7", 0x1, 0x7f}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1, 0x1f, 0x1, "70dfc4", 0x3, 0x8}, {@none, 0xf9, 0x8, 0x0, '(](', 0x0, 0x9}]}}}, 0x6d)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x1a1, 0x1a00)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="cf5fb29327c3f6cc7b825a804ff58b2ce07b37a0721e012f4624c285f812bbed0d70f8649edc990e4187e6776aa2127add02485983d8c997fa67a867bb2e06bee305b1015805ab1eb6bd5c247f5b8736d9099055e77abdb8ac49402e7909aae702b379b1de6bd86e236327358db0b768740b9fdecb2ee4f79151abba", @ANYRES64=r1, @ANYRESHEX])
syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_conn_rsp={{0x18, 0x1, 0xc}, {0x46f, 0x0, 0x200, 0x1, [0x1ff, 0x5]}}}}, 0x19)
syz_emit_vhci(&(0x7f0000000d00)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1}, ' '}, 0x5)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYRESHEX=r1, @ANYRESDEC=r0], 0x90)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2)
clone(0x4c01f900, 0x0, &(0x7f0000000080), 0x0, 0x0)

02:31:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0xb, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736617e43c00088020000200000004f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610100000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736617e43c00088020000200000004f80000200040000000000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010001fe870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020001fe870325132510000e870325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020001fe870325132510000e870325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20001fe870325132510000e8703251070064000000", 0x120, 0x11000}, {&(0x7f0000010800)="2e2020202020202020202010001fe870325132510000e87032510300000000002e2e20202020202020202010001fe870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020001fe870325132510000e870325104001a040000", 0x80, 0x51000}, {&(0x7f0000010900)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x91000}, {&(0x7f0000010e00)='syzkallers\x00'/32, 0x20, 0xd1000}, {&(0x7f0000010f00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x151000}], 0x0, &(0x7f0000011000)=ANY=[@ANYBLOB='\x00'])

[  176.828985] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  176.874050] loop0: detected capacity change from 0 to 256
[  176.875674] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  176.911093] Bluetooth: hci5: unexpected cc 0x2029 length: 16 > 1
[  176.913641] Bluetooth: hci5: ACL packet for unknown connection handle 2745
[  176.923614] Bluetooth: hci5: ISO packet for unknown connection handle 1106
[  176.924784] Bluetooth: hci5: ISO packet for unknown connection handle 1106
[  176.970766] loop4: detected capacity change from 0 to 5392
02:31:54 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:31:54 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:31:54 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000001b40)}}, {{0x0, 0x0, &(0x7f0000000200)}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0x15a}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040), 0xfffffffffffffd5a, 0x4090)
shutdown(r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

02:31:54 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  177.067210] loop0: detected capacity change from 0 to 256
[  177.068201] Bluetooth: hci5: unexpected cc 0x2029 length: 16 > 1
[  177.069195] Bluetooth: hci5: ACL packet for unknown connection handle 2745
[  177.070449] Bluetooth: hci5: ISO packet for unknown connection handle 1106
[  177.071497] Bluetooth: hci5: ISO packet for unknown connection handle 1106
[  177.097548] syz_tun: refused to change device tx_queue_len
[  177.169341] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  180.920947] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  180.922653] Bluetooth: hci5: Injecting HCI hardware error event
[  180.925880] Bluetooth: hci5: hardware error 0x00
[  182.968094] Bluetooth: hci5: Opcode 0x0c03 failed: -110
02:32:04 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

02:32:04 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x13b)
write$cgroup_pid(r1, &(0x7f0000000040), 0x12)
syncfs(r1)
r2 = signalfd(r0, &(0x7f0000000000)={[0xffffffffffffffff]}, 0x8)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f00000000c0)={0x2, 0x0, [0x0, 0x0]})
pwrite64(r1, &(0x7f0000000140)=' ', 0x1, 0xa00000)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
fspick(r1, &(0x7f0000000100)='./file1\x00', 0x1)

02:32:04 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000001b40)}}, {{0x0, 0x0, &(0x7f0000000200)}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0x15a}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040), 0xfffffffffffffd5a, 0x4090)
shutdown(r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

02:32:04 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:32:04 executing program 6:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000240)={0x3, 0x80, 0x14, 0x40, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1002, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x40012, 0x1f, 0x9, 0x3, 0xfa, 0x3, 0x7f, 0x0, 0xffff, 0x0, 0x5423}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x2)
mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x31006, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = dup3(r2, r0, 0x0)
r4 = syz_io_uring_setup(0x792a, &(0x7f0000000140)={0x0, 0x4706, 0x2, 0x2, 0x33a}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f00000023c0))
r5 = syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/user\x00')
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f00000003c0)={0x0, <r6=>0x0, "02db7d47995fcf1f69318ca143085ab0d8e5627e59f5c3ca7a36c03292d4cf626afa158ca6053423009d727ae6abdbcb8f2d82852291797bc7c1429ef3f2b0ea9a1a905df9a4c1113759ca290e8139b0906882232ca3186fe6213e4c02b5503f8b27e55f4b4f3946bef31752ea7eaeb3b5e53ad722332ec1595ee676d80ba8a23f9bd6db7f6de0ef7de523b03d279c25f8abacb80ed9cf94ff88c5d6e55acbbe8fcf6e55da96252b77b7362915e66ea95be502511e069ec96c67291e323c8d97acf91b79dc48aac094ca15947ed97ccd33a62a5f9a2e89527318800530e22fc19e9be646a162da554eee80e7402d7449640e61cc7e3bbe1db20e4b37701280ea", "692a802be5f155e5f98b15d57cfeaf3be91218fd00e949267cc0369579829a3e4b21d8b49d8b14f0b35600ac289181af0eaf75315b25172ba6475166c25ac4712777cfcbfd06e0931436efc1e8f24abd0dababdd1de10641fdc305ae12ed2d12dbe9fe64c0f52d6c6982309e55d00cf76dd407070b0c19af288ec26a13d6ed442585a3aabc3f322894b481ee3268b374bd415fe8f26c98b51ffb3631d1244cd2a61e319b8d0e8680834a613ec003449cf6753d9622150a2ec4a9399900a71ee8a27060b53e07563a27a5646bce4f6e0ae7156d72977173f3dab1f29e5cfe302739869daf08c3286ad90a56236a8e236accb128e5a6d8e43895be423b9c75ad9c48f0fce29d5791cb28537a7709593ecfb580f7cb82e3e5c06d43463a6edf9b8878afa882311bb013227826f58dfb5a37a09b3d76056e494e4d69188f4751c5a888df7ea8fe755941ceef37325fac39b95499a4ebba42e37fa0187f6dc4c46f91576c7bca474f6da884051eb686f850ac6bd0acc8dff6b560ff3d5193084fe6989d72092a07a87f9395d3698dfa41597367b6fe1e717d81d11b87646b894df8106d610370204b36c1c4a134e7c13aa66ffe4936a081af4dd282399ba1cae8e9a3e845ae8354152c5d184257ec4ee6e2f50bd69f220e9deecd13324e07aa6926498955f55df07d942431014d189608aae936125632ae9088ff5034d515b339fd784563d6535d5d0e0e4e7b2cec978177febb4e8ec64e0581affe65e011240274b8abfe2bb7604cf9793f47bf136d1409fa22a738faf6499bb54404a8e89429e2a0d9037693c4f4ef318e7ade61f455b39226c39e9b5b0dc191b1e07021f551baa2e3d5c48adc1028dd0ab6edfc6b74ff59a46f6a7cb39075ea68bb9a973921369bcd44844a54f3e668b7ffe9792589fff44812a365501ed426dbe73a2ce8beb281ea3682fb25511196070a484c5ed30b06bc193f2052278c3385c94f47d4ef4c8258fcaef696af1cb654b3d7f072d6df5778ef4cb9906ec555ecdaad6bc33c2b077aaf805b6141c582829421816f5ddee38be93ee7c98932b41f68331f3ce2da500768aee34134110c49b1729619f7d6f3ed82f9f969678cd3b787142d93b56a1a6f1c04cccea53fa85462d0ae61920d5ccd1971c229d340d42b32e51b119d3c4381c05641bd1fb375c09b281377b793af5201e81d6ba92d84efd1b67ad7a1f2fb8223a53cf3ecd8eae42b58797b33207022daa0466dc2d1952050f05cdb07fc78094cf29b9764a497638fb127939359d6370bbb8ab99e4134d2cf8f30cbea3287d4c6bba1dba960a315131999d92178061a8f223d3e09d0b1af87780d11cd65627237e3866fbfcf1138a37fd63f249bb75205c58ded4b101bf3a646df40586f7cc9821a53620f025a295668a8ac1daf92be78cdf2d8e312e109e600aace676e4c448e5a5e33ff4bf756544ff45ae351d89a3d0830928f079445e5533c7e029bbe399b064e0f96c5a5160f74631475ab75f10e3e1369bd7353dba3697a1887dc96b2c3766140bef772d5794a7b23bc867356d7f305d2461e03a996b0db4d7430d8132955457a7ab77b001cbd4efb4fa0ad4a10eaf441749bd74fc53d7c7befeccc6e4d920193673b10dddf645d71e5011f1f4246e8e4321ae89c0c774550763432daad9f7f7fa8cfd0afb03184857e7c584b726216af9c3b118386340eeb94c35bdbde19fe4d66e6db679c83e481102709d1ddb39716e5aa38ccd33bb8f775c069fcd74f1a81d4b4c71bdd206b69404db88f6de76a723735de41648250665e9e9ac94074f243ea7a1aeb52335e7ed96e2a6583aeac85c033d0c0a59c23e4a665aad548349fe0ae455c481cd6c5135d5914ae855596bcd4ebb280c47a389f3f7d25257269a0552f3ff5e7fd24d9d8f66b6780f0ab3fea727317da0898875efd0d8edb04bb353ae45268b51c2cc9d323681e5b0c22bfad074d6e03144a5104656a10ca4edcb99a811df0391f739f0f884cbae5df10bcd5d33b6642c2fb76fbad2883e07684040798a7db83c41feffde3258734c2cb0a29ad2dbfa2652a08267779fe7cf0ae550388861f3ddbffaf410b04e6367c2587c01efb072b58f95eeb7e883055c3784afcba7d0dc77dface4c504cf774b76209b8c3088696ab0deb569bc7217f4a0fc214d2da4bf15bfd5c72df64b82aeb7db2fb149b29a1645f442ce33be062480a1e6c55d26b74407cdc48805eb8af9bd621eaf0ca39038efb171e83d92396c9d9b7a6bf2f1508e86c27554fd13b9ef2644284681049dce8a7f2414743aff5da4fdf3f3569c96c2afdf26aafd6a7cce3344dc44178974d0858aacc6ee2a1b9615a315573ac647e77785ec7afdb5b1e086146760ed4f993a39a8c27eb1ffe7e5b41507acc4510df8c3e1e3282207e5ad47c564a269c5171349f6d632dbc38b08a084685e0282ddb60b42558c725c40f67e5f0ca9e5fd5e47b587b9f2dd77333c97db8eefc2ed8e790b56a44ed9ea8729cac5d7d16a319193fc34b44818326a51437e2b18793b736c82f9369d3f41294e161be5e4fe45dd12569e9f0353a409743e9ca18e2ef03c62548e15553ed0dbe15df2004168d9e3fb0f9735208e95a8fffb557f69fb7e61623fa65576b3b68907d334befdc9d71798b39d386f3ea9b7c12e5a72dfe82fc9b104726ccaf72a833a487d5a072062a6f084ee299d05aabf0008314fc099ec0b424ce6c07258391260ff8170541252c28f8af179d45d400cd88a9b776b603bcf6b87d73839252a0ef299b2cc3eee4201978149d1c3f10fb831509b63b9c8e516d9dfd7391cb4b1745d249b64dd34f2c4225b1b88ac2d7ef13ec217f71e88f98f5581a6704ece8bc534485528c2963719be206b1186c707e1ff6a0b4f625f227dd392ec02f6a09b7e9701f608fdf47361d61d0550ae3d2710343376446e56f2139d1d5abf4f41c71bcbdcbaae814e91b5bbf83335fdd8443d13660dcdb8123551c397e46c49f005e12f2086d1afe254e91240f51001f8dbab29f40481dc9288ecc77e7abb2ebac1486f9c4e0bbc8272461fb557309088fd4f13dc3f32a72de7b6bece59662f7880a47c6226d04c743a14fb03becefe148195a00c79fd635562e14942005666f8073f231cb2d1f8700e0a49eabbebac642487b3f09da622db7504a176b7f4cf2e7dcdfb763cdf7b334dc5ac648c9e2746c0578a0049e2af937cda3ba837967661ef5f87432978e46e1233c90e5415324eb66189495ff1fd13a43fdda01393338ebcb529b4debda9276635b7da692edeba2b942f2b7a441b80d2296d186291d2fa8e1d8e8330103a5bb539d924c75d8cc684f3a3a76baa717edd0ab102ac820fd86f7df7d94def27e9b3d95df85c3c847c6a67249d4baf5aeb65c16c1b77924f431219c145e9f970227f9b43560d7e1ec2b445870c4ddc3abcbed49a9dcaac7f7154dead05ec709b8111d2b645f379f4b52180afc1d180dbcad59c44a1593582a49d9978e4bb67b74a6d0b94e67a6f9500afc85d8d9f82ca1849bf0ebc4776d2c6f76ec0215a94c6958275898fa054fa79ed7dd62cc60d69574e80129324fef6506931471b709e0502560c653d221be3c66ec7ea12ca94e9202d7dbb90368d3a5c4da90b3c158ee03f154bc12771e7944346ee15b51888768e3e30159f1385d3903e88c8ba9047791e45048488911ecf41fbbcdf968a5e9923eb0acb7fa5061c088bb94bf8c02e30a8888b3b2c24235917ca5ee80328a03e5a67976c49fb42dd1ffaf1791aa639a3ce4d3bde717c15cf7653564d378a484062361ca89e055ccfd5ee702231aadf1acc626adcddc3c884c3ae6844bac39492c0d2d57aaaa24d69faa640a136a3717320b3f7ed39b15b2e5e5fc79d7d6697fa3027247a1f91a91a56591f64ab995c153c6e597465fcd7ffd0160b3aff5401b2be5c3143e2f5cfcd8b1e69d00d0d1271a37c3983c162131387f6093db108e3e377e3af4e75839913faf591e49cf4b314e72a7768778be2f15ed3f1a998d2386a6533b6c2891c411602013264429483cbc453ea94923d3acca3e7c88902ad3feaf5f880bcbc1f1770aea17300091f7ebcbb57b4191f94d754c26a15029bfacd31e4d8663b4ecf57a205ccf403c6b0c1d794801f61d568da0d08a41a2ce35eb1ba75f7aa5441034f105d83e1e98d47b49405ac0f317ffb921344d982278ddc1c4de7d7237d795fd3a0e431a6419299fb8e46aa30ddc6d726c9d461caddece5fe6cd8f2100354cc00ae4068110d7776e6ba79db7a8a779da07bceabd01ba277c408c410f8f73f026c5954beb301277fff82d4811277375cea84ef0bbe2bb19dd8dd573fc0eadd06e4c7a1116efdf918b03e50738885c8d51899c3c3431f742fbedb5ea63923afee5ea9e8bda422f43da8ddecdacd4662de06baf38fe76f2a5ffdeb0a44667dc991238b25d52ed409a0a24240f26dcdded7f2ddef768b85ca9e089eda3913544faccf33927b6541182aeafc5720998dad26539af8f3d2b91c4f375015d4a5ae855b4c6a4b817cd4bd2ad7d00f7a7c22e55fc2810c0a538873dbe0e88f10778ed68607aaaf0e158af7ac1cc4d673024f919ca8eb6b4319a96a42c845e5ee067ad919b436c4d5dae5842689ccaa14d0918f7a9b770196b54897bfc758f08684189fc45d765a4ece11c67182907b3efdc6cb07972ff7cd037dd4bc02c065a9fbbd2984c6e52b2face4cf330109914f1cfa9c3825332778aeec549112f06584ed982761ef7ef2d327fea8d034eb39b81a9f2087ee2ecfe3f89386f5e0572a1e1ea03c329b91d95d6fe47c3cd1916743d837dfeca4ab813f12efdcfd841a25e040d35167fbedc3715b287a7da2efc941918ad0229e2e0794250e23508540301df312a9fe3c65ac3b58254da01afbb3f06937ebb017e042041a7f71fd15cdc8803738420cd071327f0a5c97e288ac4033298713addada14b400b185b4ee01ad3cbe510ef94ebeb86f46d06a3c1a5cd6055fdbd3a326bceaeef2ce3435e10fb454691194de8af8fae37032905c53ccf50fc7f40421e7a25fec665bfde2cf7a679ebc67269ea88b619e0e9607d04a596a9687c294504e9b56f60d99cacd9fd9fba15271c6acd675ab388616534b4b9cdbd00f6535d7ddbe2ac2eeda666cd9090c22af59a19cd142dd82f520037688b4d83c95560d26c78a9d87891172451a28d1282ea53ec4a455cce02d0c089d2be49dbe7619a87a01bfa11680df4839490195f27531792edc76ebbbc7193bdc2e622b0d5465e0b0a93fe5839a72754b9b15401a7e22d90f4b4dc570d81410243f56b0264e060034dabff7be04d4fa907162d563876923e2d17d558a0518dc60b1353236ca5b87629437a28b28632f919c20317bb3d537101d624e57b"})
ioctl$BTRFS_IOC_INO_LOOKUP(r5, 0xd0009412, &(0x7f00000013c0)={r6, 0x1})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r7=>r0}, './file0\x00'})
setsockopt$bt_BT_RCVMTU(r7, 0x112, 0xd, &(0x7f0000002400)=0x6, 0x2)
fcntl$setflags(r4, 0x2, 0x1)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000380)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r8=>r2, @ANYBLOB="ffd71c006b88efef1b66bfcccd16c6966a331a00002c0a000000000000bddd"])
setsockopt$inet_mreq(r8, 0x0, 0x20, &(0x7f0000000300)={@remote, @rand_addr=0x64010102}, 0x8)
mount$bind(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2000868, 0x0)

02:32:04 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:04 executing program 4:
r0 = socket$inet(0x2, 0x80003, 0xff)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r7=>0x0})
r8 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r9 = dup(r8)
ioctl$SG_IO(r9, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VT_ACTIVATE(r9, 0x5606, 0xfffffffffffffff7)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)=ANY=[@ANYBLOB="02000000", @ANYRES16=r5, @ANYBLOB="01000000000000000000220000000c00018008000100", @ANYRES32=r7, @ANYBLOB], 0x20}}, 0x0)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)={0x1e8, 0x12, 0x400, 0x70bd26, 0x25dfdbfc, {0xf, 0x7f, 0xf9, 0x7, {0x4e23, 0x4e22, [0x2, 0x3, 0x2, 0x7], [0x4ec, 0x3f, 0xfff, 0x100], r7, [0x0, 0x2]}, 0x4, 0x200}, [@INET_DIAG_REQ_BYTECODE={0xa0, 0x1, "00111071f9ccfe9278e3cc87e85be55f45309617c8108dec6ffce6c904154f35f5de14f54a1076964d912df8c98cc3cecbee99366a6997538026c462ffd5c55c90f9dc039a1e04893d0e6b346c0947a791d59cacbcfdbbfbd1de9e7cec320702cde622eb4c728e729f041152e7d7e6e5d41989075847dbed65abdf20d690450400c5a6276a44c77f397e005bcddbd6b7a89927a32a5ff92593cf25ea"}, @INET_DIAG_REQ_BYTECODE={0x56, 0x1, "7405a2ab6fecdcfd093c40c10d4d470831cae1cccf7172fdabd0c14470882b61b5e71ec360407310f6e7ed8b04a4f07ecd0304af20fcbfdc6a99060158591b70817a2e82620ed8c87821842069a9b2d877f8"}, @INET_DIAG_REQ_BYTECODE={0x19, 0x1, "376e74771541cc65b5f4e8a7c6883f67e584759acd"}, @INET_DIAG_REQ_BYTECODE={0x88, 0x1, "f8f565104688f0dce0343962c150d8ec237ca61875907feafeb02ff37fb1efd2c34d93d6eb462a06e1eb335ded8f0ac3ebfc74880c6d9b97c6729cd1371a27e79724c224ee4c2f5eab615e7dd308f91cfe2887b521400792d064e8830e6a57679be7c8847de49e17c572b5e99c9e15429f1cf10de758a348d74dd02fa759cfc86addb7b0"}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x4004}, 0x2400c894)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'sit0\x00', <r10=>0x0})
sendmmsg$inet(r0, &(0x7f0000000b40)=[{{&(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000100)="f55924060000607c63062cae65f9ae806d06fc41", 0x14}], 0x1, &(0x7f0000000280)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @rand_addr, @multicast1}}}], 0x20}}], 0x1, 0x0)

[  186.580255] validate_nla: 6 callbacks suppressed
[  186.580272] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.588344] syz_tun: refused to change device tx_queue_len
[  186.591876] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.596272] loop0: detected capacity change from 0 to 256
[  186.639876] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.644455] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  186.645829] =======================================================
[  186.645829] WARNING: The mand mount option has been deprecated and
[  186.645829]          and is ignored by this kernel. Remove the mand
[  186.645829]          option from the mount to silence this warning.
[  186.645829] =======================================================
[  186.650797] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  186.651894] syz_tun: refused to change device tx_queue_len
[  186.693847] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.697456] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  186.723122] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:32:04 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:32:04 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:04 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

[  186.746500] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  186.751512] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:32:04 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x1d, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000500100000f000000000000000000000004000000000002000020000020000000def4655fdef4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000008000000018000000c20500002b0200000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e35373134333434333800"/192, 0xc0, 0x400}, {&(0x7f0000010100)="000000000000000000000000e58ca12e13a240e2b1a22f8d07e8e55f010040000c00000000000000ddf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="0100000000000500400000000000000000000000000000003400000000000000", 0x20, 0x560}, {&(0x7f0000010300)="03000000040000000500000015000f0003000400"/32, 0x20, 0x800}, {&(0x7f0000010400)="ff070000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000ddf4655fddf4655fddf4655f00"/2080, 0x820, 0xc00}, {&(0x7f0000010d00)="ed41000000040000ddf4655fdef4655fdef4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1480}, {&(0x7f0000010e00)="8081000000300404ddf4655fddf4655fddf4655f00000000000001002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000", 0x60, 0x1700}, {&(0x7f0000010f00)="c041000000300000ddf4655fddf4655fddf4655f00000000000002002000000000000800000000000af301000400000000000000000000000c00000020000000", 0x40, 0x1900}, {&(0x7f0000011000)="ed41000000040000def4655fdef4655fdef4655f00000000000002002000000000000800030000000af30100040000000000000000000000010000005000000000000000000000000000000000000000000000000000000000000000000000000000000004511418000000000000000000000000000000000000000000000000ed8100001a040000def4655fdef4655fdef4655f00000000000001002000000000000800010000000af301000400000000000000000000000200000060000000000000000000000000000000000000000000000000000000000000000000000000000000521cdd1d000000000000000000000000000000000000000000000000ffa1000026000000def4655fdef4655fdef4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3537313433343433382f66696c65302f66696c65300000000000000000000000000000000000000000000073f249de000000000000000000000000000000000000000000000000ed8100000a000000def4655fdef4655fdef4655f00000000000001004000000000000800010000000af301000400000000000000000000000100000070000000000000000000000000000000000000000000000000000000000000000000000000000000964fcfce800000000000000000000000000000000000000000000000ed81000028230000def4655fdef4655fdef4655f00000000000002002000000000000800010000000af30100040000000000000000000000090000009000000000000000000000000000000000000000000000000000000000000000000000000000000001aae9ff000000000000000000000000000000000000000000000000ed81000064000000def4655fdef4655fdef4655f00000000000001002000000000000800010000000af3010004000000000000000000000001000000a000000000000000000000000000000000000000000000000000000000000000000000000000000001a8985c00"/768, 0x300, 0x1980}, {&(0x7f0000011300)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009403090166696c652e636f6c64000000", 0x80, 0x4000}, {&(0x7f0000011400)="0b0000000c0001022e00000002000000f40302022e2e00"/32, 0x20, 0x8000}, {&(0x7f0000011500)="00000000000400"/32, 0x20, 0x8400}, {&(0x7f0000011600)="00000000000400"/32, 0x20, 0x8800}, {&(0x7f0000011700)="00000000000400"/32, 0x20, 0x8c00}, {&(0x7f0000011800)="00000000000400"/32, 0x20, 0x9000}, {&(0x7f0000011900)="00000000000400"/32, 0x20, 0x9400}, {&(0x7f0000011a00)="00000000000400"/32, 0x20, 0x9800}, {&(0x7f0000011b00)="00000000000400"/32, 0x20, 0x9c00}, {&(0x7f0000011c00)="00000000000400"/32, 0x20, 0xa000}, {&(0x7f0000011d00)="00000000000400"/32, 0x20, 0xa400}, {&(0x7f0000011e00)="00000000000400"/32, 0x20, 0xa800}, {&(0x7f0000011f00)="00000000000400"/32, 0x20, 0xac00}, {&(0x7f0000012000)="504d4d00504d4dffdef4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033350075782f746573742f73797a5f6d6f756e745f696d6167655f650500"/128, 0x80, 0x10000}, {&(0x7f0000012100)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d803050766696c653100"/64, 0x40, 0x14000}, {&(0x7f0000012200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x18000}, {&(0x7f0000012700)='syzkallers\x00'/32, 0x20, 0x1c000}, {&(0x7f0000012800)="000002ea0100000001000000270f240c000000000000000000000000000000000601f8030000000006000000779b539778617474723100000601f00300000000060000007498539778617474723200"/96, 0x60, 0x20000}, {&(0x7f0000012900)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xattr2\x00\x00xattr1\x00\x00', 0x20, 0x203e0}, {&(0x7f0000012a00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x28000}], 0x0, &(0x7f0000012b00))
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8000, 0x100)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'})

02:32:04 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  186.889255] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
[  186.896334] loop0: detected capacity change from 0 to 256
[  186.903610] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.904473] syz_tun: refused to change device tx_queue_len
[  186.929408] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  186.933903] loop4: detected capacity change from 0 to 1024
02:32:04 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

[  186.958766] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  186.960320] syz_tun: refused to change device tx_queue_len
[  186.978137] EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8.
[  186.983107] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  186.992520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
02:32:04 executing program 3:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f00000000c0)={0x4, 0x30, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})

02:32:04 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:32:04 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000001b40)}}, {{0x0, 0x0, &(0x7f0000000200)}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0x15a}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040), 0xfffffffffffffd5a, 0x4090)
shutdown(r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

[  187.002243] ext4 filesystem being mounted at /syzkaller-testdir022124466/syzkaller.xgLmgN/15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.059980] loop0: detected capacity change from 0 to 256
[  187.170788] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
02:32:12 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:12 executing program 3:
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000780)=[{{&(0x7f0000000380), 0x6e, &(0x7f0000000640)=[{&(0x7f0000000400)=""/47, 0x2f}, {&(0x7f0000000440)}, {&(0x7f0000000480)=""/227, 0xe3}, {&(0x7f0000000580)=""/26, 0x1a}, {&(0x7f00000034c0)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/75, 0x4b}], 0x6, &(0x7f00000006c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r2=>0x0}}}], 0xb0}}], 0x1, 0x55d01d4fcd2e60c7, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xa8022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000340), 0x2}, 0x8, 0x1, 0x0, 0x0, 0x8000}, r2, 0xffffffffffffffff, r1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
close_range(r3, r0, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r5 = syz_open_dev$sg(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x1ff)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000001480)=ANY=[@ANYBLOB='\x00'/12])
pwritev2(r4, &(0x7f00000002c0)=[{&(0x7f0000000140)="19db3d2b14c78b0a10bd8048ac64bae18275e95e982eb094110db27ba13a7e939884eb73eff2e87b52ffbecedf1628e5bd9bac858c0f715a921cc6b9aa1f6b66cbaf8f05ee7535ee88a0dcf1918cc13b9b71d16cc0445832720fe45e7e9bd2ab45878732bdb30db7764b9c4ffccdc5f74026366cc354e9a024d40edb1bd22131e68b89faca7f7508ee2eab4a4bd63c1e4e9f3e6b88de863bd1cdf758e9d871b521360fa8758462a1aa59f263bac9682caa49d819dfcfda6d1616de307d0d36251e343325265d24e2e816c1686d4ad9af90f0fbb4514270e2e4a27a48d2b061872a1adf0f508fea6d", 0xe8}, {&(0x7f00000014c0)="ba2093e7d9e332fb2f44f23e6bfe0487724a1ecd278ec2c9fd4e9558db895aeef5f7ec0cb8cea3baaf6c2be6fe2318bb8712e0c43bb3f2e959c8ccb8a6b3c0923eeffc1ad02239f0dc4f7df624dc610b50cb1aa3372e400219159029706c40c07395ef5b6e3891a90a72a72de2bb366bc0ccfa43002ae73044c4ed294e67d7d9e5815cc633c654c296e91889465f6d0d27a5522de1252a39380fa485f343b35571b5da2d7ec10cfcc84171945e91d5b2977193195d2962a9efd4852729085653e973d325c551eb639e87a09f2965018b5bc6ae313eea6d68c5b6099cb8f74d453b6fd35d0ce90a8938e56e6a61992f7b3f5a77b69062e2c68d43883ca7f23dda9baefcca1e5a0aadb3aa4a44f6584129d62c71803682717ec42921d359bec39e648084f66a732c9a06db59fabcd5007211519ddb2ea96437613b27ea28d873d5725a35ff6ad7fb911e1090479636b1388d3360cc9759a8fdac270cc8ee357bc5909bf6a107ce1e4e5538dd3e6608453bad56c6d7744976bcbed2feb23da03c7f172487dcc6761445c97375813b5b1a537b20fff05eb8b2c7b288d293db461d3bed3dcd37ea7dd2b0c54881ff180f0a6dff912041f92e5012ea3d775f1cff6ec7432433ceb4cfface6a332cb79938edb5d184467e6b4dd91d205194581674015088298ba5716520d92c199faac08c0528610e91044498730554b75a7759904479c61596960530a14e4e6cc9c30d75e995c47320b2eb546ab223370decee504ba5e3a0949d2b7f5a8b5e94038fea709cf41c71b6a9149fa651c163003be2d29769df5c2a4d6b1ea51989a4ac09cfca53bca822bcbc2984b70ae2adfafdcdb1bd6c58211b39b0c954d8419f6678c7f3bcee10af691d2fca971c9ceb90b9c7c0f73b3399627fa618032629eab8fdd5555bc391f7e9c28fb85f6d0e952b1b34fbee5942783acf1397a98e172f7ef6703d516d0607e105662b7fecc65671f16b58d07e03efec8e798ad75b84926a591b536a2e933e6733f99cff3f93585d7b1f7012d2362d4a7a45bf0f6f0639dbdbb7838228f5da566ccb9c9f58e9d19e92ed74e277de3c3c0fc650953b46c54cb9082f43dbeb592ff4bf67da9022d393f2cc64c8d2099799e603d6b70839c4d73751f0dca66b92d1d38798e81f416730bc8637b6d864efcec3931f28de3730cd62d5124ed6c35713bbaf4ee4325c11e054fb0ca5ef6ba5ecda1733326ab52df2f1560fda9499caa252bc224719016372bf368b91206e94a5d3905c649df8f5e54d8ec832088cd17490280b50656150d4e1d6492bce1ec6f6549a8b4a7e7d9edcc252e6347c8da345d129bb9455b524f86d2beb03e108fca8e8d38579d524a394d7f9b0947ed4cac661d8ef47952e8344a8fa57d381531b1a2da90de1c8b208da98d739c48ef3361ea933f787c1f7d8ccb721d5bf6f66c31140e99d4d65a06ad0b6a2f8e2e208ff7d353d17628078be2469b876f786001e28e3c3b93644c44f8b2c2bb91a99574f160433ddf4d85ace1deeac534064cff7374339a8721439e011f0498c6017e6f5f3125c06247c9592a727f31a8c15ec5aed18ec509c339f26d5eec9e4a269628c57d82f81e655a2c319e041a1b4be342e67cdd117ada6ad05f35c2fd37fad91243eba7336ae2601f931c82025321265b71ee0aecd24d9090e5aa4ac2a06d4f0da8320d851962c2b789ba9730f538d9da9ddf59b7e94d6f41b9dbf60e7da1391721ad8b26ba216c0b55d5c97f1ecc71736496d79dc157180e7801afe551b65793dddaae6097bef5ede230e94c59306062d063141dc869ff075cf3cf47243c67647c9786c698913bb125c3b0e7276e5d1f48df7c01573e713e3183fbd23a58bc56752217fc3f8c99c22caaa9d3e8c50c6a2ca5bc4434cfa1135a9d4722e7b363e266403e0d8015ce5d773ff652b033e542305ba63f1416b41e24baf5636f6776e1b4fad7fc6e1bf073218a15391b7ab00fc735baee6891f1a7afa6bd11d481f510602ef66ba37ee0dddc17993e5abe49d60e8d1d99b15e557cf5b07db6efbf6697873ce2e930080ebea6255b051197179ddb59b540abc4b591d69f1b84ea4ec5740fb9917e397953a67dbd34af20748a73645ab3517099a0ba603eb25cafa78988cc77278c94177c155c857632a24392c709177353087f98e3aa075f5c84220aa4bff2fecd5323cc4e8e2fa28f7544cc21f309cfde53faeb750e956eca2f04aaf985666e607aba16b578c129690a4f9a6df94fb2e618babd276baa2e461cc7f87e54bfd524c0443d3deeccaaa319ee1f950674ea02d3ea2c6b68e15f7480d0b3dd25842d1c672ba29654b03264dbdf69697ff1267b60aa60e925f445b6d2a0ffb1701a638a3bee4ed3768a6be11821817884a3b97d9cf70cf1ece0a06f3fd92d9917344d8fd18aa77fef64f216784e75057905f1fcbc79fa6c0d92c3a53ba7cfdd0b5e51d3b605e0f73feab936c0dd91abe0dcdb1c589459a2dc30aa6caa0996de6f0b9e2e33e0b943d6e231057dc5f30b76d763f9ca34a861bf9758169fe1414b0906ac8cb5db37129e313854855e0c987419bad80ac275861a843e1020ae5beddf8e308a0fb006414ad8047d86a0881f905cf42fc782b88ec728a68b1f61e37838a7a05a951e989f5854f677768d2ad8d168cd9d9ecf5b9a21ae13cedf71429c2c8d3b72a41f9b423f19c886d2dde00cbc9185744ae859d41a50927cbd8825de8b97ed55f80a7c8d93dfc82e7bef1b1c572c6ea849ed019970cdad53a48c03e7b8b2a149935b547421d3435093251b5de4bd7361969598dc3ae4d8517dff2039f041025018aced2bf622cbdf2febb78712c64cba75a7ad909ded0c9dc8c5ee01dae7487e8b496235ba757f052af3dfa55b8ca54f7c995daf04449920c4e45d7a4859c0a401d8e34e871aac69adb77f1ca4be5758517b6d1db1b9c622a35ac20c421597e4516e78e3335f335e94bb21c03882dfa123a07a66700d24a41510395496b7d9983733a805143d6b48ceb228ec8fbbfab8ca2df24296b7b17aa98131eadbc03620c15b0de9c9d43d99139ba34595fc6b8f7d8f94a9d79de3f79b8dd765731af2002e519dd29533c99ccc47f62f2e4e7e0610b521e837b225e4e6645d6fdc2c512eec871ae0661b60c731c4110a6c92c58523bfc6bd557157c431570240d211c9da8d492bfd9c6d49b430e758a02b26bc730a798613104bd9ae801fad3791864078a8b48b242b09de24bf4a3e72a59454d575883b5f266ae4bede488ce6e9990c76da24193d13f65b116f49e9d6803a568d1e0c44f0e15abfd8116d948a7af6820d5e4262ad086af096f03506b2e92d21e078ab114513edcbed583b8990cbd6a11391dce44158b102a27a182ba03bfab193ccefa5679c6c440b3a1ffd21e33c48b08401409083df1c46d8a619b60486a830e336d1286e07f45e376f7972d3c6866b4f73c0ef71ec1b6aa823ad67b2673ac992d6e054fb4bbee8feafb02ec6de991314b9448a3d2e39ac72114d2ec899c9effe38214c8e79ea303884504d97981569a4cef1f5d72e082aa21163bed2679614b2d72d365e2eda074c66b5e438188cb47d770729e2e86a558d9b2bf454002e9a55aa5dfbe1d85d82a0c331f72556dde820ca0c5d3269bb87d3f99671a45cfaa31c72f04421ec57d9009f73ea17929a6f29fb284b23ad29dfc3d8f4a740b7b0f7b50bd3009a0508b96cde46d19a219bbd29ead0dbca92e2e6d137e0e51d61162dacef7be885f1d1d786c79263fa0c9ec37cb03e2c7248d5f1b2a92c91e04a849a2bf11ef24a49f1bf91aaa26bcb9c6b09af5c1a0477a1569919693fb205b377aa1bb9da30ec9690308ad178342f9c0f720d3aec048256947d9b278c4fdac187634116fbdb31fea8d32da40c18fefeca8b3b0c11fb20cc130dcbdbc9e64a032782e94968d983bb2593b87986d6d9d467b47650b9c27a17bb964f3285e422b61e9d699f5f4edc08dd50c9eb0af820b52f0b21708ab417429f8f56c1dd9e89fadc01a7e77761de8a3dfceed63a78937e3787ec38608cb17ba088b0693f9f10d40594e8b00e48870d5bb9ef6100962d912059bc30200e0a6829b7f3ab50ec65fef71145654a0736af41c13f6e2eca7e29e7e041b62c8feee1034111709e12ae5089bccfb1a11f873210e76f5723a7887257e2dc9e9e276d3ae0f1f4985d8b88fd8ce3a4b0a13de2338ebec492f9fb88b6c70977000b22e1ff490a48a671b42ed13fcc51a2928870d651ce8d88497f7c13821b7491a77faa5e358179475a009fa73fadb20c248ff3152a4a7d455e9dbcc06e66f6ba28eac59f15cdb755e1494e149e0a9b66a5b50e38f0ba460f615cb2cbd93356ae299c7d05b54f720719d391ea952d3352cd193df172c803a70f65269f5470d0a9ed4e8fd6b4d00e42951cd02982ea6f097eceab8b72ecef764d77a79d98731befd9f120f152d9551b6564964c3b86040a3c01d667faca8b3592863343e727db41b27c60f22715bac5efc32778cd045331fa5e7c36ba03d0855ab5b548bfa3a7f7fcc4bca101e4c063fe745f396a0ceebf9f282c65f44dc03b79f7bd24bab6de859c7bc0d52a5fe6b578176caed463f8f2f89114c3c6cfd1db1a7bb0cd94ac8c9fdf14c156d81467ba2a29ba00bdae0c9393e1c9ac0dc72c2bb3259d0aa0ef09dc109c2149ae33b3acf76451247a8a20d0fb157155cfa0af3f8a00d54d969b35777b380b92b68bd1c25f3c2e3a3f1a4a42896b8b15e8d2f37e1008d25c65d029554dede540ff4ea3dd9d49784e124dca49736109b57a7d5995297ee147ee094b18dbf8d66721b21f755a702db63b02127b3eb609fe421cc450138619c5575cf69ebe435465f7419c58c41c711f458f1f52a38106aeef15fbf54e73315ef0b93cc3beabca1ccf7a6d10147b99badda863b64073c2185af145c0fa2c158f93264d1ebda990562de7e91127dff6b435f01c188cc32b029659be058ff631549f162a2582d7722804d8407ffdb8cc3a7a645e2daf5646d23e476b9b61b29c11e38a4caabaf12caa9e026f89a73c2329fe55afbb0a02dfa00872c6bda8801b183de18a2bf3dd04ca60184710e3b8e21519e84dd80fec1e6d5144142b31db5fa045a3bbe1c233b9c0a7522a5d8ebfb0120a17ec4dd530f30f9b6c84027b4a19d6b518f7e32439002f8321c34ade77838f42796fe0cdda21c71167c170d20d3c06f981b03c07abcbbf4db423de33a560bee29abfc3b7fc44c73e0af89bcdfabbd5902628fca13367cb7efd5881021e9cc4496fc2bb926a373d09aee0ba97cc09223df9884da7616524e1a01cbb25807841059720792084019b20a91d7ba75b13eddc1131ce84fdb55228412f9dc8a77f0e58f25824740f1e3c3be56dab25a2f18bee226c5af26c0748b70eab6a1fb0fc061ed249dbc2e76710f86e4dd9815460ddd0cceb3c36dad809ffef284ec5152eef8c26e482bd18a0db9a31f3519ca48676b196881cecc132e671c8fe3e54fbdc0d5e52374fd39bdfc797c37ddd831bca60f113f3fce9f68aa1335f198b66cc7e8460d5e9f2f8a59edfc022615d5bb3c51a2a87f0db28d97cd852f33a10bcf0477b2133d4399792b1a492413243e70601d68f1beffda19d4d4415d1e895e53648ce135a6fac6daae8d238d88281ffe3668acd84789ea468c168ff19243b2ac58244345064c6f3a16fb741b60020314f45cfae0c35eecc74ea08dcbd01e198187a696cfb63e55f9b9ca46824366e0109f67fb795c616d03e1bdda698f5821", 0x1000}, {&(0x7f00000024c0)="f2441d8accec474524a0ccf958625408f2c5bf0f775633d8508d18f65b97808a6ddecd577ff51ed6e53bdf4b8350669be05a65c775a3f40a5a3daa1e11a58def0db1fc427632393712ded646ff0f10dcf979afcf23100367dc9f75d2509b645b8c690defdffc9a683240a0cb20b81e4ac75fb01edd00d6ffee8074355063dc8ef02685ff0b73736de1c771e7bec1ca08d1edd15967d51536906bcaeb10397181bfe7b59b53ea49cd8b0a9e453dfff1cfde71b3d83e57dca6c03fc1361098372b8f42d654668c63fe2d0b099f64866cc7bc5e49c7c62cf60bd7b658433d5a1fe385a5dcfeddb114c2803d558cfdc43ee0a9f95e81518c7571b91c0b5488cadce3fdf7a415871177b158c97539d4e2ff1abd8bc8f801e33e9660256b7f525fe6656265cd5118b86fe6e3e265d26c0dd55e4b80fbb6a75b4b415bf834bcd5fa404c2a05ddac076786b7c9b1185d7940be4bd23376ab6836a7c5a7fd9478410ed072c91d176cfd998112edc07d0de897a941685b1cd05d8d7c396725c48d1c73a7160d35a7dcf0670e90a30db68dff99cb48a758a754cb1fa1db8a71ab57377c829feef561cf9324d18eb2c848a21dcce08192fe26843bbb945c027ca354b205e737dd3c10e3629744d8a9e65496f14ce9d9d30f4f88e1fd59e82d61ad156e68fd1edbf9a1e340f2473f2febdb96b49e7788d443a4b717b18656209ec6b3df615120154ff4255bff1998fe41442b53bf3289bb44808e5b142706a3ea0d27e52d064260c3d7383317deb3b1c1286f9347bce14526c3ba196758fdb2b3007e53f3b46c2d02be51b0612591c39e5f15cd74613cc687664ab0e9246121590939ca701eb090efbe4398b07ccc6674f7edda9617c337892d8ec23172d2a005b7d8a56821161f36b39cc67b636274467048de830f877072fc1d7fe47269cd4d2cc7338d89d8faa49a1e860557b4ba60b7aa6647587b189dc485df968bae2e279a983d81286ceaa0ed0680d524c69ca348c40dd050ae978d5beee4399733591d1ba5facedada00590e5bfb556b3baf9f486bd63871cf0bad5309b85628d7aaf9d6ebd0261f366f8adff7a1617f1160bee404b2d1302f92c927327c38a6dad8c07855c38aeac2cb9199e71bbf125512ad8971ae51f4c2a0a98a9d642923b6690a0566c9b32b41862224a06b2e29d83a073ffe4292d35d668c8310dd25d3dfadcef3e8e0a9575f336b9cee5b279b7c2b9692de1bc98adb3b58e7bf26d746ddf1d2f3494dc1fb7a2805db4547321755b405d723e67bc76c971aed5af712bcbe5ba90345431ed03a8d4e1f0484069b3b1ae5aba607f1d95b0c705003552ecbfeb24fd9f9b936ba2299300ac11f61a9796fab358230e6c291c707714b93fd0f8bec61306437b4e65de43e6a4b55f2c93a410fab1b3ec5178232a8adda7b9d31f5ac5bf67fe758d85fc46d7ce62d8ae4daa0f29cf4b7b0a7b234960e1bb336be818e041396099a090e6ca3ad8acac1104fc02d576aa1ad64bed11b1a7be575a740b6bfc2f7d9ac6fcfbc428dcb8fab6853a144a0ba04413bff842bd93c52f184497700ba1f5f93b3e8ac5ab2df0ff7bed221f2f946a7123312a3b4f9f702832e3e6638be770b210cea9f12911bd7058af89f1a41879109a341a0ebbff4ac9f2fc908b5832b169ae7f46f566c9dbc1da3805dbabed0b9a45b96c1f498d0eda968bc94231f751626a2694bcbb4e8b4d2fa3273a93cb38fd1f9f2abc6beccf29133497e2684daeb51fde2c77aa338c7f75f84d25ca90ee7463b57d0e15be92fc85b96886ed6dfa8c89e1126cdc634e0d252ec5563055dc740d4f1fd89f25b7db93813023a8bd976e01c9253229c8ff1d7fd5b24d6c820665949a09cc79191c361f5696ddcd251387c876418e07716d050b057dfff2b98304a7b7b7d104b4621b883124c783070e02377aa8a64237b9dd103e5075b056df090c345b2d48d2e17b6d196929947bdd192d5ffa43d9c15b715d940ebf0a96cc800e4ac9429b0f644fabcf402a4800b3abc4a2963c58b2a22d5786ad148b3c6beeaf74e81f26649c38ffc514e50a29e7a11038f015de2f4f88826935326013a3fa002ddc2338adbbffbafec0466f38a758a4b21f7860c06ff0ae6e84f56496a55b2be94fdb5d59b4a83b5ba2ed5a1ec2db780c9a5f0e5e0f0cb03757c3314ded18123ab8276d11c63acd1043b2f5dbe9381626d21074a11bc2733a8bf38bdbbc03871e499c46d308c0063e9bc553bffd44db72dde0612e7848c9b377818f811174ffeba0cc5bbf3b402455db2d67f12f009aa40e8f9f779d006932305e96ce72188d6ab40987fd6b15b5292e91af20e08f99e2fe85f5f57f0270592c3ea03e96a3550a61abfb8818a5e5590ffaee8831838d0a1ef21f540a2ac4d5d39a35e844c76bccf553d01dd1ca71ef06b8b67135a71d3a4a933d2764181611d44489749b1ad24a743fb55e47726c68dcb119e0c5c4b8ba1f0534e61e14af34e0645ee849318cbec0cb67ab8a62fd4ef9ed38160053da72dea695291b8ee041375eda55b91884e41bd3ec0d28a588798999ba92a0473eb6e76365f86ee5dde44ae78e3ec8f8d730d34e0d43da2f071b1ce4312a90cbd1b395f3cfc3427ec8535456664234610a5880f3aef42afdf2323a54ff7a0d9b5612588d3fa9bc506ee9bc1b8334652c5faa7c9da5475330919955e90c3e2c73d1a29cedd2871aeaeb67769b13b5968519a3af67af122b8e691726f963c3c66f299688792d689d23bb6358f2a4618ce94b34db23a6716f825bf9ad569133fa8c320463478b89faf1f8c264b70f958a31db685783662e92c1318f3b78c0568dc87acc9e5df100cfa5066b27d757e660c41f720cba14a925b9d3ef6f387502841de422fb298e19d8d1e99a53751993f4afc8c282051b31520b53f5264178c1f6c95184f9f9f32b85ab0ebdbbf9bd6e8cb0651ada100111f819d4ae2aba1025877dbaf6b9340e6d34889d8c00818ae685bcb5218ee34d746b8dda7b30ae75292dbc6d94a79f41bdf0db355a057b92dc922fd60e39c5aef5d47970b29ca1e77c7c8b5321baf14ec119c66b1d8cd1c4c831b3922b4ee3c0db572119873cda4b10fa6207f7841096175af531d0a8b67a8538c65ada52e42858a8c1798690b0e3d372278d59c46a9b4381c8b49c483425034c77f6f61dfb44e69fa02b275413e7f0152424c9fe4d78d531131a6dbddba76709d2c2dc7889d619b6b4fe0656065f8969fdde3e741c0e1ec3fa8fb7799520c9d9efdae976cb476fd44ac0f05319f65f3b11da0355cf2c7f49781d3849afb613dcd903d5b4bf484a9df213db7ec5da7333357a84101f061f36975ec50289926967143c8bc210ef98c021d7976938a79b3a603f83c8240c59035bdf01ca0b042e31a290897893ac6a538954bef3c00e4313c0e6cd71afce0ddbb26dbbaa1ad0a07543cc267fb83528f010d18801ce0c55941367281f1ea7035a1f746ddd931c8f7204ba88eb3314b1055d377c25983088208ed8a367829de4b917ab359223f5590fc1c209f779b1fe7413521a85546241872e2a93d3f0725fc18b1791b277c97e853ec7d431ad5fa4639a3a415721af6dc623795b5595f2633d722847090a77ec72b522a9522a9d7d912fe43d1e0ad91b560bf44e30f2453251dd1d35a752af8081067a3196cbfdcf307af758a10a0633dc4795a223b5c017efa45d4bb2d6ac4b4752b7774e24c82bd90a76be0d879c16775b4727a5403ac87ab9cc3b1c82dcac3b0322c188e3556e646740f54342cd0ae793379a836bbf2215524700b8a13e9b0388dbc0ed72b1b617b0508875ba40681e203a755a8e2569b19dace2098ca492124944f60b6c831291249ab51c42bc3a3befa962282ce1159c4ab73ce7c874c2b7f69d02790688626e29da47d7799061e452f37cfb463adbb4ef30eefc4a2ca4051959697794cbd980eb02547c0d88c3d08d265be4c7b4baa9a56ad2f7d1a6d824110dcc3f7dfe9b34b708c907fcddea03f01ef703fd6e2f3655bc3c61331e25934d02123975e8e4e27cf471499f52c4a4a5d0787f1f912ed24ad8b53458610016af241e3bf9df86ccedbab3520260163925813b934c438c1668c1e0432e4166065234bdf2ecb00f033baa1f4512d217be15168880b5529ee6719f9aa4f966a9d3fb68ec59cbb65d24293db5d6932461d07e1cfbdfe391f84d768563020823a77c4abbfc964a16e59b8925162aa127def241cd1d1a17b5966e602654c02070fdecdc6911f5c497449ef109ab0ce61b88939eb40ea237145424cbe57462b82a15a5b0796335206f2aec966732ad089fc0c76c3168782ea815f8f548efe7888cfac89b16118ef988ca07d111907b3859d7670cb4655ecd62b7b2dfec9aecfd55ddbbc60a0660c5ebe24298603190d3849543bdd0e602bbd5ba600a1eb6e9130dd7f36c7a0215dec404b90c9c3fd6d3c627238ffa89a42e6d0cf8e534c3bdc9fed2db6bced35630b9d4ac0a95dfeb2c399771fa9075b0382f11ec20715161f493632e2856ad448e748319ddca4094ab3d32f1799d9ca219e3a6017164e09c72de7bb497e55b20981f7af2c42482ea9e1eaaf2c372614cc10281af57b441a9074d52d2250355f06f7629fdbf6569a79d2b58911476ec8db4f6aca6d601b24c3b811f116f5fa18163ed2c1475545b3ea3104835e035d3e15a9a10b8998870cf419aa20a0c624cc50b31493a83ba5532a3c2c8da720d3e4e700f1504bf1df958effb01ddf41f3d7bd73fc0e18d27b4148d6f3a30af43054c9b9190d173775c8bcd8789be9d27587ade855695725e8ab461e6ee5529c86ed9da896daa23ef94018dabea38315c3a07a2c991c3f1be4cb08bb3f2c2ea52c2d0b45ff02a684707130941dce4740cd9fba92d018ed091cae0b4b93818fea0d5cce5ad46ddf282fe9905bb53e22587d9968190a093bc24b6f2fc89179145c388a7642435d3c4a477a13c04250d3771655e0cd015cd496709548b1f0b77e8ad940b430e6c9b9d4a1a630e470f540a00c0b844021ad5e49bd84560ad518d3e6b3f85236c3aa299d85653525a9c92f1ecdc2e084025a9edbfa311e7209cf3d7197c548aa1afb960e88a85a3a1bf95438402f2d5c49e160e5a1aef64788ea08202c164803b549cc6f19a7c4e9304faaa128825bbc67e3738b624652b8e4ef5f005af7722f47e5bee623613416cbf896b3b47585294914ecbb46acc6b5502f6fc96baf76a5a7c71a09c9b4a06696fc8dce0b388bca692889aa9e7daa79e958ac55a1f85c1638d0bad877addee8cbca49300b6a490ea66536a2269d25f2cdee3dcaf3bf8038e9995c88fd280e1cf6473501919b96148c03079a49f93eac3761f9dad31ad7d1ebc363eaac8fde7fe3d33ce95e2128fc6183a65ddeec590414888f196b2da9bea038c3ac5284b23dc61e972899bd7949e5efec71cb2f471fd4d500553299d2089ef7d6e2f58aa6f4a02b1f73d09dbdab4af6f2eca8027a10c32c40c3011b7e9826b7417c09656607399fdf033843551bc4fc9e122204d8c86d8f5208e03e2cfdc8f17bfb98565ffcd985b583cdaaaa86c3f02164394e9d60a372186a979c76777a9405cb50d5ac77d2307062a0292373b3bf9a964b128a940aa1f1bd23d5f2a5d78060ff725a552314d22b21dd4ee1b28090f6a384becb4dce1d66cf1da813e0e948a42fe33e77e4965103006b6eeb1a5528b4405306e34e4924ec622e9de095173288770c798d5b7b7ea2c67a8eaca8ead9cc7f98b8db720073bd49462c", 0x1000}, {&(0x7f0000000240)="40acd6476e470f4236e00cb2d347b4c8dcfa0f1c814d43b6da7bcfb30fffbca7223a34ecdeef8a6fa84d16aa1267d364738e46783e3c96ac1fb5f9b484cda37403cb9393d9e6eb0603cd4dce855b9f458401fe01606f3c200c8692fb8a7919c5ee9a2378582981919cad", 0x6a}], 0x4, 0x3, 0x3, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
write(r4, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r4, 0x4, 0x44000)
sendfile(r4, r6, 0x0, 0xfdef)

02:32:12 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000001b40)}}, {{0x0, 0x0, &(0x7f0000000200)}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0x15a}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040), 0xfffffffffffffd5a, 0x4090)
shutdown(r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

02:32:12 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:12 executing program 6:
clone3(&(0x7f0000000500)={0xa2807700, &(0x7f0000001600)=<r0=>0xffffffffffffffff, 0x0, 0x0, {}, &(0x7f0000000180)=""/224, 0xe0, 0x0, 0x0}, 0x58)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
getsockname(r1, &(0x7f0000000280)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000040)=0x80)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000)={0x0, <r3=>0x0}, &(0x7f0000000140)=0xc)
setuid(r3)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x4000)
pidfd_send_signal(r0, 0x0, 0x0, 0x2)

02:32:12 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:12 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000200)})
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
fsetxattr$security_selinux(r0, &(0x7f0000000140), &(0x7f0000000180)='system_u:object_r:locale_t:s0\x00', 0x1e, 0x0)
syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), r1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r2, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4041}, 0x4000000)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r4)
sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_CHANNEL={0x5}]}, 0x1c}}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000240), r4)
write(r3, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r3, 0x4, 0x44000)
sendfile(r3, r6, 0x0, 0xfdef)

02:32:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  194.882597] loop0: detected capacity change from 0 to 256
[  194.945833] validate_nla: 6 callbacks suppressed
[  194.945846] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  194.948372] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  194.949253] syz_tun: refused to change device tx_queue_len
[  194.957276] audit: type=1400 audit(1768789932.601:11): avc:  denied  { relabelfrom } for  pid=4245 comm="syz-executor.4" name="" dev="pipefs" ino=7196 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1
[  194.962777] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  194.970984] syz_tun: refused to change device tx_queue_len
[  194.983146] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  194.986474] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  194.990710] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  194.996948] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  194.999711] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  195.021397] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  195.032329] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:32:23 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:23 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:23 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:32:23 executing program 6:
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x4}, 0x0, 0x7f}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$iso9660(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
umount2(&(0x7f0000000240)='./file0\x00', 0x0)
r1 = fork()
r2 = fork()
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff8120001a}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ptrace(0x10, r2)
waitid(0x0, r2, &(0x7f0000000080), 0x8, 0x0)
clone3(&(0x7f0000000500)={0x1021300, &(0x7f0000000140), &(0x7f0000000200), &(0x7f0000000240)=<r3=>0x0, {0x33}, &(0x7f0000000280)=""/233, 0xe9, &(0x7f0000000400)=""/158, &(0x7f00000004c0)=[r2, r1, r2, 0x0, r2, r2, r1, r1], 0x8}, 0x58)
waitid(0x0, r3, &(0x7f0000000580), 0x1000000, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000380)={0x20200, 0xd3, 0x18}, 0x18)
perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x4, 0x81, 0x9, 0x9, 0x0, 0x0, 0xc004, 0xd, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffd0d, 0x0, @perf_config_ext={0x3, 0x7}, 0x42853, 0x9, 0x1000, 0x1, 0x2, 0x4, 0x1, 0x0, 0x401, 0x0, 0x3}, r3, 0xe, r0, 0xa)
r4 = fork()
ptrace(0x10, r4)
ptrace$poke(0x1, r1, &(0x7f00000003c0), 0x80)

02:32:23 executing program 1:
symlink(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file1\x00')
syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]})
umount2(&(0x7f0000000000)='./file1\x00', 0x0)
umount2(&(0x7f0000000040)='./file1/file0\x00', 0x0)

02:32:23 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000140)='memory.swap.max\x00', 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000180)=0xc)
syz_open_procfs(r3, &(0x7f0000000200)='wchan\x00')
fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000040), &(0x7f0000000100), 0x2, 0x2)

02:32:23 executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x3, 0x8}, 0x46e08, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x12140, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup/syz0\x00', 0x1ff)
r2 = perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x42, 0x9, 0x1, 0x1, 0x0, 0x1d, 0x81085, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000002c0), 0x8}, 0xc048, 0x4000000000000102, 0x0, 0x4, 0x8001, 0x106, 0x3, 0x0, 0x7, 0x0, 0x3ff}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x8)
signalfd(r2, &(0x7f00000004c0)={[0x80000000]}, 0x8)
perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0x7a, 0x1, 0x40, 0x3, 0x0, 0x7ff, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x40, 0x4, @perf_config_ext={0x2, 0xfffffdfffffff3a7}, 0x24, 0x6, 0x0, 0x0, 0x2, 0x20, 0x12, 0x0, 0x7fffffff, 0x0, 0x2}, 0x0, 0xb, 0xffffffffffffffff, 0x9)
r3 = socket$unix(0x1, 0x1, 0x0)
poll(&(0x7f0000000740)=[{r3}], 0x1, 0x7fffffff)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e24, 0x4, @mcast2, 0x10001}, 0x1c)
ppoll(&(0x7f0000000180)=[{r3}, {r1, 0x1000}, {r1, 0x200}, {r2, 0x1031}], 0x4, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f0000000380)={[0xfd]}, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x1ff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
signalfd(r4, &(0x7f0000000280)={[0x10000]}, 0x8)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000500), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

[  205.666117] audit: type=1400 audit(1768789943.310:12): avc:  denied  { tracepoint } for  pid=4263 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  205.677544] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.679272] syz_tun: refused to change device tx_queue_len
[  205.685216] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.694781] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  205.695609] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.696634] syz_tun: refused to change device tx_queue_len
02:32:23 executing program 1:
symlink(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file1\x00')
syz_mount_image$tmpfs(&(0x7f00000005c0), &(0x7f0000000600)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]})
umount2(&(0x7f0000000000)='./file1\x00', 0x0)
umount2(&(0x7f0000000040)='./file1/file0\x00', 0x0)

[  205.707506] No source specified
[  205.719345] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
02:32:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:32:23 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  205.744539] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  205.760808] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:32:23 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

[  205.777918] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  205.796291] No source specified
[  205.819080] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:32:23 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:32:23 executing program 5:
write$tun(0xffffffffffffffff, 0x0, 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  205.853744] No source specified
[  205.870359] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.871270] syz_tun: refused to change device tx_queue_len
[  205.881379] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.893657] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  205.923939] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
02:32:31 executing program 3:
prctl$PR_SET_NAME(0xf, &(0x7f00000000c0)=':\x00')
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x100, 0xc002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc00, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)
pidfd_open(r1, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000140))
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000080)=0x5)

02:32:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}], 0x8000, &(0x7f00000000c0))

02:32:31 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:32:31 executing program 1:
io_setup(0x8, &(0x7f0000000040)=<r0=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x70)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
io_submit(r0, 0x3, &(0x7f0000000340)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x8, r3, &(0x7f00000000c0)="4f91e4c314a32564ba4e8e11c28fd80510c2afe3424bbc1026a9237ce070bf72e052d1d89aface9948f38e13a5222a5f7f551a94ee988c1952f61e73ba45", 0x3e, 0x7, 0x0, 0x1}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x8, r4, &(0x7f0000000140)="a2ce1b522ce257f6f308ea5ea8732c96b5d5b6fccca434634a9721d837dbecec8da2850ea45a98d7b31668707f214566ea9d69783b7b446d061a8b62f80527bf53d26f6b8ad09b3eb115ce1b6963a29ef5ecfd98f2d310a7ce90b0277a395768e4252d3cb9f5da8d717b3cd8630dd30142ed3b76d0a7cb3b28d6a2fd7f6b54947607f845917a5c97496d99d94faad09618ba5617ab3d3f94caf49ad4b96beb28c3da4a3e9a305e526df5024734fa07a13fbe9073248860a6e3c44110a5f6ac46d7661b8901a8baa61af01b5aa88f77ab01973cc72c2ca3e15e86d57c073fbf85865b620d6f0bedd620d1", 0xea, 0x7fff, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x242, r5, &(0x7f0000000280)="5ead9aee071cf88c4e9b93e659648cf30bd561a80c5aefa6b6c33860a38a9bfa887edfbe5a5e43fd708b6593a731a14a7e0aec566dcea4792fbe98243622bc629d7e904aa5493aa5dc25188c904946648aba799b0dfbdc45b94702bb9990d51577079272e43331124da9", 0x6a, 0x6, 0x0, 0x1}])
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_aout(r1, 0x0, 0x0)

02:32:31 executing program 4:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000180)=""/201, 0xc9}, {&(0x7f0000000100)}, {&(0x7f0000000280)=""/189, 0xbd}, {&(0x7f00000003c0)=""/33, 0x21}, {&(0x7f0000000400)=""/172, 0xac}, {&(0x7f00000004c0)=""/136, 0x88}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000600)=""/232, 0xe8}], 0x8, &(0x7f0000000780)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [<r3=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x118}, 0x10020)
dup2(r0, r1)
r4 = fsmount(r1, 0x1, 0x70)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000900)={{0x1, 0x1, 0x18, <r5=>r3}, './file0\x00'})
splice(r2, &(0x7f0000000100)=0x8, r5, &(0x7f0000000940)=0x800, 0x5, 0x8)
lseek(r4, 0x2, 0x3)
futex(&(0x7f00000000c0), 0x4, 0x0, 0x0, &(0x7f0000000140), 0x0)
clock_gettime(0x2, &(0x7f0000000000))

02:32:31 executing program 5:
write$tun(0xffffffffffffffff, 0x0, 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:31 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:31 executing program 6:
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
dup(r0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/faux', 0x103ac0, 0x159)
mq_notify(r1, &(0x7f0000000080)={0x0, 0x2a, 0x4, @tid=0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000001500)={@private2}, 0x14)
sendmmsg$inet6(r3, &(0x7f0000002c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffdaf0}, 0x1c, &(0x7f0000000980)=[{&(0x7f0000000280)="23b61f15574cad0fda48a68c7340efa6fcbf082a07443acea8", 0x19}, {&(0x7f00000003c0)="6a068a51686415e558326606ee41cb2a2b786255b60a51e09c7f2fd44c5f8202f3c4572e810fd829b59352a124cd21a8c3b4301b028e126699ecddd4ebed6f918f4dbd33d7765995c103e9c3bf25f784dda166a2e1ac6c95b5d975d2772c8e075361bfd44c82e39bcb55eea128fdb9b23b0d3ff4", 0x74}, {&(0x7f0000000440)="be342edd46b2e4d9852039ea64c4ee28002f34c0873e0d115b0a78b063c213bb00569b52ec3e4c861342a2b3500eb98e790f4f4e899bf3eb3ccf9f402f1e6b0ccb578dc202cbcb4262906c437d1d0375a867597c9ef328482494a18ca24cd467014a76b4b673e1a6da946bf683e82de6d22477abb866495ff5522a43011cbd899a770d3a24d18aeb399e1f3dd4cfa18a4d7484e4554bf9b2f80661e25156ffb7b85d0260fed80a651608c9df3b885194d857d1c1b218bc49a1d33df3bffdfb9669bccc6522f0c181fd17f5ad0ecb2121bfdd118ab1e128277d87", 0xda}, {&(0x7f0000000540)="e838baab8b07aa5feec125fcfcc14da2ddad7a76a0408e3500752c91de33f16fbfcc80b143d4f3d8ae1cf046db57fa6522367f77dff1b88e035bc2ee672833baf4ecb167986a971712aff13554686a8808fd11d354d9aff180791863ef674594690ff311bd0730cf0773f551901c82509a541492b431", 0x76}, {&(0x7f00000005c0)="322a7164766fd002af20a10e796060c54e1f9a139b83b0d049cf89bc18afea635beb5df190243c9908e0334575f8a75fa26d4013f0eb462a939fafb95f7bb3643fd8e8bc10b90029370d9b89b62607a9cfa69dac8565c8dbd8ca276a1d0e5dbc9f6b9e6d53a7f73831a2b7a032e40ff25481d531395617751d11eeb669db3f6b974df53d069caacdd44b290417df3362c99c91841256d2dafd1d12def10d98a1baec51745f1703ad2f8d17f6d014da95837820", 0xb3}, {&(0x7f0000000680)="737f98f63644967518a5d0c5b4fb0b73fdf3349c1863bcc6a47c72ec523b245c0a314e82736b822e573c0933ced6ba0b4b357493c6adcaab271d0e816bc4ae3c91174caabf67aba958ccc025315fcf112f1b751349c091778b968cb74bab4fdb33", 0x61}, {&(0x7f0000000700)="4fd5cf019e6dd6aa2a12c3fe45c38b4a25240e04ee37e96f2e00a5e032f62782f08293fe939b4bde3ddf541f0ab1365ff73d7c61477fa6a26955008dd7049edf75f50555192ff2f43a3e3828b29c43da159e1ed4813e6379ff0963d78f241f03c72e4bea4a595249d3ff743a73d5feb788fbf08eadca57d0eb157bdb6b4b5721bfaee86c2a2c15c1a3f36664acd192b57a153ef0e5a206d0f41a549a9f544108e5e8b7832d97de244b5e4af55e6e1502", 0xb0}, {&(0x7f00000007c0)="b965d927cddcaaa91a3f1e15f47a29ee6ea7cca4f07457a59b4443ebf90d7a15e11c1962053090235de9f8b0eb34073bffac9c4aa05f9eb61efc5e98fdee945a845775bd0700895a3533659becf23b79207ae6587a1e73df09cf20709249ba6de6134e5f0bfe937c4c0743d55f9efed4ff84684f4d5f9545394942e9393ff7b2630506919c6f5962a4ba5fc6c81428162e1479aa1806dfc4d09086243feeef55661b684f8c07d5c2e9f8", 0xaa}, {&(0x7f0000000880)="972e4e0938dd2ac06b8f2ea070970552483c27f34aecc6925dc4ebbb650774ae71e877a4f2eca23f8cfcce7c05a258f3ab76d4ef16f9d2b26e29582e3f859cba2098239bac850da53d47c14bd3d0f7f9a918ccc7768118b45585b5616b7b7f04b81cdeea24fd261c0be34653e813693ef8920922d07168367487ad77764160fed7ff88ad82d605b37a90a7270a1886c7e1041b16942f146bf795ff299d9454ce42850a722a283a72030cfc57286802b350af011d9dedd3aab643d0ea3b1ea2e4fecbe9c5231c822de2b99ec8", 0xcc}], 0x9, &(0x7f0000000a40)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x7}}, @hopopts_2292={{0x238, 0x29, 0x36, {0x3c, 0x43, '\x00', [@enc_lim={0x4, 0x1, 0x2}, @generic={0x80, 0xfc, "3f6a91c02f721089a5a0a1c5a131f5c455bbf88fbb377415bdf0f4d3f1127a9fcbd408ac844691f1a5323c40224c58c0106f6196971af6d5dc3aba8f95cb0372b2e3f56d9b666becee4abf23998e0b958d8aa580a382cee8b1ccee1f08ed0df1a7510bcb8260b2583f6ca5da0fff0cafa11e5070f3d4be28f5031720c8caecb3cac028376a330800a8ab8bb47bcd123187bfb19e403529ede0ff334fe5330b29daeb5a4908f7db1315ef6e5089a7f9cece2a477c4c216caf998748ad735360ca418b5e97b39707d1ec3e704c51f6171cac263b763e5c7ddd3f1da9e942dd48015cde142d2617af5e13ad06de8522b2be051788c132670ca248685598"}, @generic={0x1f, 0xe9, "94db3dfb6ff881edcd2c4b56749df65c1c644b03c61b881d1c5069a35f8b18ff4e802f83a4034232fd110d1c18db4c81e3e58fc6a5b7a5906fabee064ab9a380d059ee883f3fc121323a5dd4579e5533647a94021d5e38cdb195eb5a5d1a2ca5e371bd3e17e7576e95f5e3b3904a06374ff7e0a648a48204d06a9cdd418fe875451cfa4fe94d04e65a28b09f85252fab19a4f0774d9d7857bb5a0f0004c454f733e0a0c2d0152c2298a13582092adfe6c2177336b19cf35e2fe5419019fe187445ca847c60fdc9c628a9e57fa3f6d917b74f23b0d7636d736d01fb62000e4ee07d540fe662ee1a5278"}, @pad1, @enc_lim={0x4, 0x1, 0x2}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @enc_lim={0x4, 0x1, 0xe0}]}}}], 0x250}}, {{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000000cc0)="11be5efd84add42bdf59f0c9628ab8d660476d9920bc60d03848ae9c05f9106d144c2164085cc7d293398d9aa9bae34c4c1848c720c460dfcbace49a58231def4e38c1c34b8f4b80", 0x48}, {&(0x7f0000000d40)="9b4f8f2971448e946f05ece42e79c76517cdc743ed2035a3e2006ac276eaa752ecd56419f92ead32ebd86ae834c0b8bc3dce4dc8419c13e389c6cf5d917b0b3ed726026b1af8350979e3d0eacdda9494f2c0961705923a367037066351e799a58568d7c51c916cb0ef1e1a2f8a48868dd4ad3f991b56e0dc8bacf36bde8660e189f1ec336dbf879480c694b3db73a5a8da610c20b7f8ce3c8bdf3a869f89ba149e4e830a6a340e1ab1d34d5ea12cba091e5d4d6938049e5511b984de076b6dadaa6dc2b4aae199060c71d80d9e6d6bb7887cf9918ac39fb7baeb16d47c7d5e8424db6176edac31f60ba6e5a4c92e714ebac1c06a425ff91e274c43771ee5e234a5cdbf30c037b78e5a2b7fd9a548e58d1385e36a666cb387155dd2183085ed655c73e92c8ef1e6502cff1cba2c194a326aec24e4497cd3b1751ed67bf650d89408bfb132580742ca8819357b4b97c5c5e157f75c59a23874ca9a160a48a13132ea262410ac07af996f3de99b4eab44b3d22a4b48825aa954085db30f133ed9d0940cfd3779c19f845e8f7c5e07bcc8efcaff37082ebca9d5986721bd637bf9cad7867ab1102f456cb4e29b95959f8e7f68968264aa2c042447d36cef932435e5e8042065dd6fb53a496fe8691f98856cc51eb38c38264296d0d39981f31e106191a03449b53a9a02252d5918cfdf7d6dd30558b686d40f1f105d1e37737803c6a449e7af18292029fb0b85e0ba841204d5edc708417e96b4130700abb8fe39afef9d3dbacbaeda4da8d2bda35079338a6b55835640db124b5888c7ef4d65a6e5dc24d0703061c59ad1397eb547a33572ec2cdca18191c905151764b6350a756115718168a0e836a77ab77f4484100649ffb1691230e1ab9299d9005f86f5fd318936444477308c942d7246e8cfccfa169fe1d43ed48ca5284b2eed0ed913fba016cd6b520163c622b86852ee98f80fec8b6e9e7f444b66b6a4bb45ec7c2e4513e73f5b9ef617ddf3426103f6381ab10a93289d3bbcbd4b40e63cdac7f07f790f5eb251204cc0bac35d658675f599c6eac39ec0ec42847625e25fb3f8a28af31cbb570fc2ea94eec0f35ebcc0632e812124f2b31fb3b77f32e280e98d4c2731bc7297a172eada85a325eb159e1823b6c22ce92fc77d6a669438bea63a21affd5866cdcc710372d21df13e2c901ebfb361a79d8e12d02a80ece715b19d9a2ad7da40ac5c9dd8381f233195f109fe1b9888e6f9dce8d454704c054dd0afca727563bde9def8041731d791b6942c78d028671dad1a8dc14ae101b303ee3d38a86002d550142d4516572e4181a938a69fd8ddf80d29c5f539d890bdce739b8fc92bfa12b07e4a86f4e4d6f38d579497c1e2173d3388def89f6be551f670173511eb4616905f17fd5b42aad0639be184b96f430f95ba7fdcf595532b7e22eaf0ee639e703d50d11b88f02b087df44997300a5cb23dbbb9efefb93594604d4fe599136a254457908f69f1c8a2cbea0925d293f7db2524d9982c715576bf6d08bc298548626133e402186d8bc191d7761a9e1cd05dbe8352461292e27b1075a009218658aa8e4ca73cf1537cf86cf66b22ad2eadc708b49d1b6fec322b3140a90838ca872624b3a796afa2181ec3f12129fefde1b8413f1ed416628a5f59a6e1911fb6048cee1e4bef86e4b33b32b835e06d1b4c2eb2f195be0e1c6c46a637de431c01ee4e7976caae2be152483c13f8ab96132aab7cc3af2c31867eb0f3ecdd8a94f26b4d8178ff0e8534985898de40e32f288a28ebcf33a3a3848dd8bd7274f57f5985107ae7bce2a2184dbb7e6dbae200daef0c0ebd941c823e95e64e697177dd43f19b0edcb1d1cce3fb979757856a97a3a792c380144edbaad8057c93db899ee2f1a92c45719953f0cebbfc3462a1831348e6234d7568783e4fea758a79000dbbd8286c816ee735d3864138d1d9ce8a42aa4a5ead005ebc2336fce2fa4292546aa044687a9e77a112121e40d059cdbefaf77155eb3112fc43dbd6c5fe12d0265663ae85b34390a63454c88ceac4a145805da11b01ee756f73cbc8eccf535fb7485bf88a4fcacdde324d0237af36f9dba4e7e72b614b1f1e78e79f18ecdd6a21f9d1148a74c7c75d081835441f65aeb3fc1019680f3949f087e79c46d517e94332fdda3c18154afbd1c50e82f61814cd5c5293393fdcf6ba33d51c2e19fc840dfaed9f8b594389015831223de301325af4812523edd5513cb134f108ae8c9755ddb938f2da7e7090857b3ba05e1794f8e2f18764ac22662fa61b4ddde624500521848637f469fd59a446ccdfbe21aa0a696e15e326705da16b67e68e87b772e2f468efa2ef3d695085c501e7eb2015264b45c6694212cbe8f688d18b498d8252065c58a439ee497f87056cae3b18b0edf7b42231d8f9562289b0653d2cf3e5289d2bebeec33de0c8ec6b38be57f2008e650f63ad286b39ba115d7f43e0b76ec462cb0b9bd3f8fac13697aa903915db6802b21254a849de29e76871db26b18465b888fe38b4febf2ea3c319547cb585049060b0ccd2d7246667176c4660393415bbabcb0a04ed08d70d7b112f27c4939838a669623a85750f7f08250f1b6e9625c642029d23fc5a86d509cdcf4992bcbfdf05a407257e21f41e5e39ad155397ee7ef26b6f218fc57f7d6299ba98c9242bf42e9343cb11eb3cee8a95365036feedfc057df295f73c409c02ff3e14f24e1589872c70b63d1813288b4295c275bff718f5710cdadc66bbb7b18506eeeb10969bed80a51aa26787ce727af7283c256cc51f21a39fc02e2aa9cae83716fb7e28d2e78999ee21fa04ffe94d3301ea466a2faa78dd4b9f0c4ccd309e4f9cae7668bbd420f7cde5f43d9c0d5da8a20a3c32ccb137c69739ef127eb0f45b9fc8f604c259a3ff272a6e32fa6cb0e9a8dc6dcd6089eb0097a0b556b46a4e1b7d5a14d9fca3d62d55230c81bead94fe0d91e58d694c30de2901e37e27b54d4474ca219235dfab12d66dece26e7250a2e732d5eebdba42bc1d7079f2ba2de02fc62921f340112cab4b1749f9549991b2b71cd71f1894b9ed875512446d10c879388390f36e21296ac7e734ee758e0aaecaab472bcec27906ee26ce9e8f642ba1ad576ea1e89f5a1e2e410b0cd6048f6c2a3ef1311b2224750e17fb0bce9b523919d2478fdadb034813fd6199918f5970ee88de7390c28a78d658727fca01d03953171191aff513baf0168803d59fbbe8dc1f007dc513785ae516647c4209bb98c153f833e7eee310bfee5c79c3e4ed214f85f0932fad48663d07f35a9e332b07dba86ad2ddc336136bd05bc7b433ad2fd3ec1e77a5083ea92550e44218693dce14e9fae83f7ca1d827072bcbe6999073f5f82fd91b34186010969c90a587c6cd586c36664f6d86159441d6e10a26734168fb3edd9e0c1c309954ee577566c9b8764ab40fc581f6f372fc64924d9320e4e7cea8573671bf4c66226d0af8425e5340876a263172c99f85101becfcc81241f54445ec94540e7badf4c0886f70be27354f6ae660af65f086fa54ea9664d2a36f18bf449457cd9840503efd9c91ce6d623c9e68fabc3241b6ee6c9a0a0c9693af120e29872101ee9657d23fb55aa5a9d3ecb59c6a46b992fc4c9e33efbd00e3d5e6c0bd53089183d0ee180543ac1b041ccdadc27bb9473688380bf243ec662cf22113997d55a182b2781d28f7528249dd4a55d94bc5000c8f1a8e814f7512e0d8501bc69977423812171aaa7bdbf5303bebfdf233bf343f8a7ec996fd56716ea9c63997ef3a6d1db649988a4b5842f09b7dd53b8075397153a5d5ad040964d7495cd71e5cf56020f5557a8c479ad794af0960de36e18495b95305db7c48e54585167527e0742fe610ff02d519ddf7d96b173785fec0005a92f7ed1522002275440d6e827a199ced45983ec2fa5edd0a26000b2e66bdc19580743eb38ca6409919a9686c2a74c32068848dfbff36ae43ea1db3f7c9e13f2f30a264a84444c7d0e8c51ed1bf8fbbc8aaf7586dcf42f619b51d759a995650a5803188aa959c1c098dfb403e8405311d8efab7d5f31326b94403b3c38e901092993b7bf2c7b33a5f69dec71bedc41fe623f497d08b0a0ed334d08403b47d8702276e90de8e69fc44b52b7f2d9f7b2572467dd967c9285d4d171499165a264dd9ee11114cbdf98715dcb9f57a44bf1f5fc138e7ee1741d878c04445169afdce872720216126d70ecd8ddfe27c124e41942b55e3ab6343153eb1bc7cc4956789c328e6e00dfb8d1e60d4aaf4d6911af199af814e627becb899c0f91c3404700d0fe9aa2a8b551b43c5d9cf5741a0250928b7ed7f36f6ebfa812083d099dff3144930837189c31178a4883009474cd85cec24f12ad319026cfd2052ab7e80258041c2fee1eed1a2e56632756109f266ef90f5be2f253b630a7f462b633bfbb746e80cfb95c1e28aa7d5cb522c3be4907fa6e96b7b304d6d5c0e4b1f7a3261a7571c33c127878e8ceee4baf48ed70b460057f13f74d48aaa6e191263eefae6e7b2aeaa52701c533055506e2aae166cfca800510b3a089f4043655f3293414044cbae794fba37642922b1c9dc0bdf8edd36e09f42cb9c3c1b084ab98ad1163b478ecc13f5ece101d4b2bf04eb536cff03843f0dc0712c653e7eb9deaae5754ccb8c443f842f526ce0c302f69717782a64900265643771262caff2ce3aad8e2324bac37bbdc9fc7fdc30809795abb10d0fda244833588a67bbeae3bbc0b608084c32eee312064dd33b78b00a8fd525981d12c6da00c1dc4dafad0c663da4c7c7b4fc6f053372bccc7cfc2329ae978db0bfd8af6c99f694f891cd91f27f4af61c24c0af484d14bf75143d45d36af03ac21c6f02138b2ff7c985a6a4012f8f272d5ceb80897ae90971a7b4fb1453a27300180441a96128633079e9995322ed3da77c8f423ccdfe02bbd99fac43274d8106602befa21120464273fd57814ddfc05c15df5d4f302059063960be7638b7719161bad449ed5cb6095f22c9d39d02ae924cdc72511f0d2f25ed535b73d4252a346b2a4e7d27734694445984463baeb276f8ecb82386c55d4935fa3cd1b0b6c0dd64b9e6195f682c3f951ae23d145a411897d3020b29405417851cbf8daf964823f9e6e170327581398bd538a926c3da96a52cfc70048c16f7907486dbbd7f44ecd1dcb45d856a69a7c6fd1ca7fa487781c5080932dd23baa6703556c2fcc697ce7911e4a073202dc1e1125d987ee9705f425e3100f579019aafebd8196339818e1cede13fb89f256c7c27fa27788f9e2b4700113c3f230bedd74eb5ec805dd2cd262378adb7fe4b6f18e8ebcbbe59ae285d7c5eb0ca99afd33058b74b1025eb065c6dd19dc304ab047453722265339e58430f6427b909afe65eaf91f481b36eab3b4d2e7e8b27ac6f6952b38d0715656f0019a49d385ed870b7f52260511a3c90acd98bfbee230278527fb3c7a3c7f1076b30cddb05406901f2541ecd918059449cd7e0c37c56a692963ffb6a7324e313af3e26669f84e162fc8dcccfc19fed3e27a89160a876b343a78342c0884ca269a79458712681ea45d74795b253ab56865cea513c8a688a769153f0167805cee40167f5f6a6c0f36839911cec6da4818d71093832c1d2c6b047bc5116be2a00358a8bf314b2746ba1689f50a9bf063f5e03f66dab33d31b9cbb69413436767af68dd56cc6c1767360ac5ebb56bbf81bcb975f90e9e0c2623479d459e6da385248f2ddf64b86cc7652b87067c5c4d834b65d", 0x1000}, {&(0x7f0000001d40)="4f1d3929d0f802b3e2be5aeb3a7e89fc7d8de3860f1596dbda881bc59aefbcb6be7fa04b6d0e777040117652700a28bc1b48293cd810f6ec7f145852c1407aba38bc4ac823bc27bcd03f13a6210f2800d0ac7c94e6f1b3cf8f9e594e3efdbb4ddae51926bb80d4077e7416e52be0cb172605c0e83de455f376492907228eaeb8d953c17f5fba84a90d94c3ed595ff67a7ddf80109250e1a0adc028c7cbe3d7276b28f97f3e723b43b0483b27ba6d7a3dbfd8ca5624cd970f950217d1123ee9787f1b1b329f85", 0xc6}, {&(0x7f0000001e40)="368705660c284aceed7a8bd2112b3dfbce44f3087176e0e6ee3854720af63a402c575e29c8608662e15c121f52eebd205cc66f36d31dafeaac39f279b297e05463037cb76ec1f8ea5a0a117885e48311b48b810fb32b41fac9fdfb6efbe0543488b17842f8a0864f6d52d1a4255988952c18d3c041a7ecc0c64c9d8f4b325b201d6c9c61266734c3e7a2a977b4b0a9703feb4ff4508eb4277d1be5e79a7ebae4f40d5a67e39bf4acb256d01cdee12522bb04c3bfb7dbba3a297e1268f1abf8ba67509438ef6ab3f94255b3d37e88152966d85fc43a2273d02471164f8dba54c490d3d705f14977ac4d8af60c0a42fde39d", 0xf1}, {&(0x7f0000001f40)="4bcd22b3721b72da678d205b386bbe666ab00ffa6961f37934389af547bce4f0b849b3b358630bdfc227a343cab2455bfd681ca0da5772e68ff764dfc2bac86762fb22582892a3ce7168ace7219151fb29e8cf24564ea292ca5c56e694c107732419f4cc05f7c67bb9ba1bf98cab19567b79edb76d2aaa592a519c4d505348d8d2e18148b2a2cba6fd0c34c0e8740ab0b78c2eb83619040ef711f73355d4ca211becb651fd1172a17a689368cb2a26cd7e4c0b420a032bfa7d75584300baa74a239959734cfec3de934e2237990d74", 0xcf}, {&(0x7f0000002040)="f602646557235edd2b0c13b912d4b3aaa270430b796ffb3a58553d0dfa6fed3af31f4cb85807035c49f31ede12d5c13f245cc5734676e012c071f983b2429b62f427745b58562f5b0469843f8e4c14238962bbe8c0aefedd452fb9351643e633c6933369f65cc063d4646b917d283325d3459a", 0x73}, {&(0x7f00000020c0)="21d3a7ac1ae97436e29fbafa237fb6706680feaffff3a390e4a267eb3f88ed27d9154d8c6e9a28139c6fe8e14691c9d7a6f7b5e93e7fb38acd5b60dcefc19cb4506591c9a4af7d1138584362a4c4c11d94bb2c908657abdecd6677daf22993b7a5d7665a37d18b38e213d6115c0f89f886fe7a47f34c3ad9f8bf46d43f067226dbd2aae1f478fca0eaaae8c7c51ea2e8371be44e4f6cceb575d434bd4f02f4a255b9fe4879af1b393ce76e8912ec822e20a4aa97418c024afda162703b329ff286be413e007846f570b6ebd7b2958f245806347b75bc426a1e559d1da687c3490227156b", 0xe4}], 0x7, &(0x7f0000002240)=[@tclass={{0x14, 0x29, 0x43, 0x80}}, @flowinfo={{0x14, 0x29, 0xb, 0x5}}, @flowinfo={{0x14, 0x29, 0xb, 0x6}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}, @hoplimit={{0x14, 0x29, 0x34, 0x2f5}}, @hoplimit={{0x14, 0x29, 0x34, 0x7}}, @dontfrag={{0x14, 0x29, 0x3e, 0x1}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6}}, @hopopts_2292={{0x60, 0x29, 0x36, {0x5c, 0x9, '\x00', [@ra={0x5, 0x2, 0x200}, @pad1, @jumbo={0xc2, 0x4, 0x1000}, @calipso={0x7, 0x30, {0x0, 0xa, 0xac, 0xc783, [0x7, 0x10000, 0x9, 0x2, 0x100000001]}}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}], 0x130}}, {{&(0x7f0000000340)={0xa, 0x4e, 0x81, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}, 0x1c, &(0x7f00000027c0)=[{&(0x7f0000002380)="e676b3fee9609d78781ffb353d51cf816bf29a6a91c4a0f46cdcccc35a1d8542a38c6bd75410ebb34ded531d43d13625f2396b9b858efd96b30d76c26759809609e46d74662c1d68df0141f8a8c36a8eca2937", 0x53}, {&(0x7f0000002400)="23737a3ece89ea8a2add14580182fdaa21272d342825cdee2b2858385fd731deb77a8f6945b90288e88a5a7851a35d52bce061084643491859ae97079794160747b3e68fafc8e6c05423f82cc7876eec887902f06076a90a6d31c95657ba0de1ff00a4a3c4ca5f97701423e356aa3bae31efd4", 0x73}, {&(0x7f0000002480)="19ad0ed7c72f9795ca45c9ff53615f3df8", 0x11}, {&(0x7f00000024c0)="c755d4ebabb8f9b384f1a240c56837772e88ca5516bb947261882c954352e11f3ab8266ed2fa313a678b3686a6977012b4c266759b9db1020a41c3aab34e8928c5ce975f2baf595b21fc63246e38ebebb97e7e946a0cb5c219a72525a97cb34afc04967b247e14fb11fb00c2fd41523fddde2373e68d08ef13c0f6baf548", 0x7e}, {&(0x7f0000002540)="92ef55785fab3f57c88d3a579fffff12d2a704769f00da2576aed841062a1396e24b4c595ffe5c2526aad1bb4d858aedcbb483424fd87a229f09bf893e880f996eba2c243a604ee762056c0b50dea9c015d24f4bb8eeb08f6eaa7aee27c1364e950ec6764c18130751abdcc5affdca180ee7a063bfc547", 0x77}, {&(0x7f00000025c0)="e9a9891fb9a9e8ff27fc6b6ce8b59894dcf6b8a7fed2f36b6a44c9b77f8fbb0c609ad4a92b1300d5fe57381b097ef6d17f1f24ae30427bfd78df5efa7b74e728ba62588b5a0ef0f6c71dc84965475ec531c2925be4d932c2dff25e359afe6f1e3b7743fe887687a6134fc820b18014c2636a59ce8a2ad90db9056730b6f318ed0e65b39539b690dd0cd48305800e0ef6340bc5ca1a0711fc801a1954171b248be858dce2a38b7daafc1462534dc87993f2a9772c1d4d027ed0da57f5b26a9be9122b3ce48e6e5a3f1aaf60b8b77c6398b182f4cd5339d14431a047aeda8cb6ebeff7362ef301", 0xe6}, {&(0x7f00000026c0)="f96cdf1ce5b79477681a501a6ead6c3fa42ec7a77d4c0aae64ad3a584369b245f21fa027505e7c30010237b7c0407d152f431e527765617a9c4bdb9f2b997bd956cd43ba6fef31b66a080673816bbae2df5738c0ad42c130169038d21398263927104ece2a1af84267702f528aa585c10de6c79dc7a69cbed4bb11223aae1d6e98ec11ba8ca1b0e3a4aeba2d1140ddbdcfe43b8139adaa06b54b7909435047dfb437a198422a9e94a6d6c549fb1c0678aa858510c2d2b9a98295ed90e89f71272f737576137e48fa2043c89c210a11", 0xcf}], 0x7}}, {{&(0x7f0000002840)={0xa, 0x4e22, 0x8, @mcast1, 0x6}, 0x1c, &(0x7f0000002900)=[{&(0x7f0000002880)="7bc16d91ce25a7b84fcb78731e8efa310844e52827bd904b8705a319f0438ff73540c5a9c60e6ffa4705929490d57e922de6fdb9fac69ea38becce281ec6fbea372723f7ecf495cb9ac3c6591e066f8912d0257a6ca1508f9106b57dd26dcb7af49cb5fde8c691447ed2291a6a20de2c3e54089031312ff76b4011591f87", 0x7e}], 0x1, &(0x7f0000002940)=[@rthdrdstopts={{0x108, 0x29, 0x37, {0x2c, 0x1d, '\x00', [@generic={0x9, 0xcb, "872ad83b89cd822c79ce7d365b8393777bbae316a51862384f6ba07599014ab84dd9ce2de63f35f5eaedb9780a2cca2b647cbb8541c9263eaeb216806ae500ec3130d439f2e32341f4ebcd6e88037b3cde7ac7c2ab7e6486640d74e532bac03d1fcc3f23c81d61dd287aa581b75009963de8ec022e9d830980a6461f9b79c39ae9b731524a9da2a9ad395eda6ea72a53c54b1056e1a841d7e563a22a2e02491f719ac1bd70a5da71c2470f7e26863a4daaaf7be87b8ad51e9455f587b73a4a02e079a58263119c554d8316"}, @enc_lim={0x4, 0x1, 0x39}, @pad1, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x2, 0x2, 0xfc, 0x7, [0x2]}}]}}}, @rthdr={{0x78, 0x29, 0x39, {0xc, 0xc, 0x1, 0x7, 0x0, [@dev={0xfe, 0x80, '\x00', 0x28}, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x9}}, @rthdr_2292={{0x48, 0x29, 0x39, {0x67, 0x6, 0x0, 0x6c, 0x0, [@dev={0xfe, 0x80, '\x00', 0x27}, @mcast1, @mcast1]}}}, @hopopts_2292={{0x88, 0x29, 0x36, {0x81, 0xd, '\x00', [@jumbo={0xc2, 0x4, 0x2}, @ra={0x5, 0x2, 0xfeff}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xe}}}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x48, {0x3, 0x10, 0x0, 0x0, [0xff, 0x1, 0x5, 0x7, 0x3, 0x0, 0x81, 0x3]}}]}}}, @rthdrdstopts={{0xa0, 0x29, 0x37, {0x2e7e8655de7ee1d1, 0x10, '\x00', [@pad1, @generic={0x1, 0x22, "8ce80dbccccf85aea4962f3cfd1e63f5970fd3d15e661dd9c4719b0360e59e8ec87e"}, @pad1, @hao={0xc9, 0x10, @local}, @pad1, @pad1, @calipso={0x7, 0x40, {0x1, 0xe, 0x8, 0x800, [0xe363, 0x3, 0x80, 0x76a, 0x5b3, 0x9, 0x80]}}]}}}], 0x308}}], 0x4, 0x14)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)={0x1c, 0x32, 0x1, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}]}, 0x1c}], 0x1}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000002d80)={{0x1, 0x1, 0x18, r1, {0x3ff}}, './file0\x00'})
r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x4, 0x10100)
mq_timedsend(r4, &(0x7f0000000100)="6ea5bc97fce1a87cd8112b3d377bca9e469422d98dc13bd1aa2097fbbd3c4c2123eb89bbf163d39a867866838fca4d883c40497c3cbeea78b4a14f303bdc40d8d25b1ae5fdd5a9ecd8c9ed09cd5e04e6cf759fc559a04ceb768fe2611d0501ad2b5a45819f2e", 0x66, 0x9, 0x0)
clone3(&(0x7f00000002c0)={0x61020100, &(0x7f00000056c0), 0x0, 0x0, {0x37}, &(0x7f00000001c0)=""/81, 0x51, 0x0, &(0x7f00000000c0)}, 0x58)

[  214.216547] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  214.218964] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  214.225216] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  214.226303] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  214.227753] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  214.228605] syz_tun: refused to change device tx_queue_len
[  214.230564] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  214.240200] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
[  214.242067] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  214.244054] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  214.265338] FAT-fs (loop0): unable to read boot sector
[  214.270581] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  214.274297] syz_tun: refused to change device tx_queue_len
[  214.274842] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'.
[  214.286878] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:32:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}], 0x8000, &(0x7f00000000c0))

02:32:31 executing program 5:
write$tun(0xffffffffffffffff, 0x0, 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:31 executing program 1:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdab39eac554c6bee, @perf_bp={0x0}, 0x0, 0x0, 0x1000000, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4feaabdf}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_setup(0x0, &(0x7f0000000080))
r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000100000000000000000000000000000000000000000000531a0000000000000000000000000000000000000000000000000000000000000002000000d9530000790b000000000000010000000100000003ddfffffffffffffe0000000000000000000000000000000000000000000000000000000000000006000000070000de565f6cff4586c2670008000000000000000900000000000000090000000002000000000000b200000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/256])
io_setup(0x4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000100)=0x4)
syz_open_dev$vcsa(&(0x7f00000002c0), 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x10000002})

02:32:31 executing program 4:
r0 = openat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x400, 0x81, 0x4}, 0x18)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x9000, &(0x7f0000000400)={0x100005, 0x100000, 0x60000, {r0}}, 0x20)
r1 = msgget$private(0x0, 0x0)
msgsnd(r1, &(0x7f0000000c40)=ANY=[@ANYRES16], 0x401, 0x800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/ipv6', 0x0, 0x20)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0x5)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r6=>r5, {0x5}}, './file0\x00'})
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x228, 0x3, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_SEQ_ADJ_ORIG={0x24, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1c0}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7fff}]}, @CTA_LABELS={0x14, 0x16, 0x1, 0x0, [0x1, 0x100, 0x5, 0x7]}, @CTA_NAT_DST={0xcc, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x14, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x80}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @broadcast}, @CTA_NAT_V4_MINIP={0x8, 0x1, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast1}, @CTA_NAT_V6_MINIP={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}]}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x19}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}, @CTA_SEQ_ADJ_REPLY={0x24, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xffff}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x23}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_SEQ_ADJ_ORIG={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}, @CTA_TUPLE_MASTER={0xd0, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x5}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0x4}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0x228}, 0x1, 0x0, 0x0, 0x48004}, 0x408d4)
close(r2)
getpgrp(0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff, 0xcb3})
r8 = msgget(0x1, 0x0)
msgrcv(r8, &(0x7f0000000000)={0x0, ""/120}, 0x80, 0x0, 0x3800)

[  214.314807] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  214.334456] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
02:32:31 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)

02:32:32 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

[  214.384491] FAT-fs (loop0): unable to read boot sector
02:32:32 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c170000080000000000000010050000009ee2000d800c00"/62], 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:32 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x34500)
fcntl$setsig(r0, 0xa, 0x0)
close(r0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x54, 0x0, &(0x7f0000000080)=[@register_looper, @increfs_done={0x40106308, 0x1}, @enter_looper, @clear_death={0x400c630f, 0xffffffff}, @increfs={0x40046304, 0x1}, @acquire_done={0x40106309, 0x1}, @acquire={0x40046305, 0x1}, @exit_looper], 0x6a, 0x0, &(0x7f0000000100)="60e21ecc01958cd2e0dc0d5f2bb9ea7625f2d297346d2f19be9636258197fdc9d1432bb1e4c0e045bd44c1a12f95222be87f34611baf70a0979685acb858d342f613292f9b5a938f1b4b60eec94d964490102a3d0aa14841e2b9225c57c72639bfb8eeaf73b5b580162d"})
ioctl$BTRFS_IOC_QGROUP_CREATE(r1, 0x4010942a, &(0x7f00000001c0)={0x0, 0xfffffffffffffffb})
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r1, 0x80049367, &(0x7f0000000000)=0x2)

[  214.449302] syz_tun: refused to change device tx_queue_len
[  214.450123] syz_tun: refused to change device tx_queue_len
[  214.504617] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'.
[  214.510659] syz_tun: refused to change device tx_queue_len
[  214.517312] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.7'.
[  214.547802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
02:32:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}], 0x8000, &(0x7f00000000c0))

02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:40 executing program 4:
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="01434430303101004c490100000000000000202020202020202020202020202020202020202020204344524f4d20202020202020202020202020202020202020202020202020202000000000000000002900000000000029000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000140)="0243443030310100004c0049004e0055005800200020002000200020002000200020002000200020004300440052004f004d0020002000200020002000200020002000200020002000000000000000002900000000000029252f", 0x5a, 0x8800}], 0x0, &(0x7f0000000100)={[{@mode}, {@nojoliet}]})
name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@isofs={0x14, 0x1, {0x4, 0x4, 0x0, 0x4, 0x200, 0xb2e}}, &(0x7f00000001c0), 0x1400)
fchmodat(r0, &(0x7f0000000240)='./file0\x00', 0x113)

02:32:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:40 executing program 3:
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000080)={0x0, 0x4, 0x0, [0xfffffffffffffc01, 0x2cf3, 0x5, 0x7fffffff, 0x10d], [0x1ff, 0x5, 0x7f, 0x3, 0x401, 0x100000000, 0x10, 0x200, 0x9, 0xd2, 0x6e, 0x1, 0xa7d, 0x401, 0x6, 0x1f, 0x4, 0xff, 0xe19, 0x8, 0x0, 0x0, 0x7f, 0x8, 0x4, 0x1, 0x7ff, 0x1ff, 0x1, 0x8000, 0x37, 0x50, 0x8000, 0x1, 0x8, 0x9, 0x6, 0x32656591, 0x200, 0x3ff, 0x7, 0x7, 0x10001, 0x8, 0x1f, 0x400, 0x3f, 0x1e20, 0x1, 0x0, 0x6, 0xfff, 0x7, 0x75, 0x15, 0x200, 0x7a04, 0xfffffffffffffffa, 0x2c, 0x1, 0x3, 0xfffffffffffffff8, 0x6, 0x0, 0xc, 0x9, 0x2, 0x5, 0x0, 0x87c, 0x49ca, 0x2, 0x6, 0x0, 0x0, 0x7, 0x4, 0x6, 0x9, 0x4, 0x3, 0xffff, 0xbfa7, 0x8, 0x7f, 0xccd, 0x3, 0x4, 0x1000, 0x1, 0x3, 0x5, 0x80000001, 0x70, 0x736, 0x7, 0x2, 0x6, 0x1, 0x9, 0x80000001, 0x9, 0x0, 0xa009, 0x9, 0x6, 0x4, 0x8, 0x2, 0x7, 0x7, 0x0, 0x9, 0x80, 0x0, 0x1ff, 0x10000, 0xab3, 0x13255dc6, 0x6666, 0x7]})
r0 = clone3(&(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = gettid()
getpriority(0x0, r2)
pidfd_open(r2, 0x0)
getpgrp(r0)
getpgrp(r0)
r3 = gettid()
pidfd_open(r3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
r4 = syz_open_dev$vcsa(&(0x7f00000004c0), 0x1, 0x3)
recvmmsg(r4, &(0x7f0000002bc0)=[{{&(0x7f0000000500)=@in6, 0x80, &(0x7f0000001a00)=[{&(0x7f0000000580)=""/107, 0x6b}, {&(0x7f0000000600)=""/128, 0x80}, {&(0x7f00000006c0)=""/200, 0xc8}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/9, 0x9}, {&(0x7f0000001800)=""/60, 0x3c}, {&(0x7f0000001840)=""/186, 0xba}, {&(0x7f0000001980)=""/90, 0x5a}], 0x8, &(0x7f0000001a80)=""/101, 0x65}}, {{&(0x7f0000001b00)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000001b80)=""/91, 0x5b}, {&(0x7f0000001c00)=""/234, 0xea}, {&(0x7f0000001d00)=""/175, 0xaf}, {&(0x7f0000001dc0)=""/83, 0x53}], 0x4}, 0x1b5}, {{&(0x7f0000001e80)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000002300)=[{&(0x7f0000001f00)=""/10, 0xa}, {&(0x7f0000002a00)=""/222, 0xde}, {&(0x7f0000002040)=""/109, 0x6d}, {&(0x7f00000020c0)=""/72, 0x48}, {&(0x7f0000002140)=""/19, 0x13}, {&(0x7f0000002180)=""/146, 0x92}, {&(0x7f0000002240)=""/155, 0x9b}], 0x7, &(0x7f0000002380)=""/31, 0x1f}, 0x3}, {{&(0x7f00000023c0)=@caif=@util, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002440)=""/125, 0x7d}], 0x1, &(0x7f0000002500)=""/213, 0xd5}, 0x40004}, {{&(0x7f0000002600)=@isdn, 0x80, &(0x7f0000002900), 0x0, &(0x7f0000002940)=""/86, 0x56}, 0x5}, {{&(0x7f0000002680)=@caif=@dgm, 0x80, &(0x7f0000002b40)=[{&(0x7f0000002700)=""/232, 0xe8}, {&(0x7f0000000680)}, {&(0x7f0000002800)=""/162, 0xa2}, {&(0x7f00000028c0)=""/82, 0x52}], 0x4, &(0x7f0000002b80)=""/13, 0xd}, 0xffff}], 0x6, 0x10020, &(0x7f0000002b00)={0x0, 0x3938700})
r5 = gettid()
pidfd_open(r5, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000680)=']\x81:],,\x00', &(0x7f00000029c0)='./file0\x00', r1)
r6 = gettid()
pidfd_open(r6, 0x0)
pidfd_open(r6, 0x0)

02:32:40 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000e40)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="d935048200000000000007000000"], 0x14}}, 0x0)
r1 = syz_io_uring_complete(0x0)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r2, 0x100, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x3f2, 0x1, 0x70bd27, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x14)
ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f0000000400)={'netdevsim0\x00'})
sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r3, @ANYRESHEX=r4, @ANYBLOB="93ae2aec805070cb88b38d0c78ac9c74c9e0bdeb8e008625", @ANYRESDEC, @ANYBLOB="5be0c3ed"], 0x54}, 0x1, 0x0, 0x0, 0x4040001}, 0x800)
close(r0)

02:32:40 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0xa, 0x0, 0x5, "f53579097437668c7403"})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000))
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
request_key(&(0x7f0000000280)='dns_resolver\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)='keyring\x00', 0x0)
r2 = add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, r2)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0x0)

02:32:40 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

[  222.911755] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  222.913192] validate_nla: 11 callbacks suppressed
[  222.913201] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  222.915231] loop4: detected capacity change from 0 to 136
[  222.934325] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  222.936080] isofs_fill_super: get root inode failed
[  222.942853] loop4: detected capacity change from 0 to 136
[  222.943084] syz_tun: refused to change device tx_queue_len
[  222.949696] FAT-fs (loop0): unable to read boot sector
[  222.951480] isofs_fill_super: get root inode failed
[  222.951669] syz_tun: refused to change device tx_queue_len
[  222.953952] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  222.954262] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  222.975823] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  222.985456] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  222.985693] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  223.000399] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  223.031250] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  223.035564] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
02:32:40 executing program 4:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000880)={0x1, 0x7}, 0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000340)=ANY=[@ANYBLOB="18b7743c7adb917d7e047f36bb80ab7cea2d70281d76a32cec25580bdb164e0b7518713680b003a538bd58940435efbbd1d8cbca5606d77b1068ed2d894fcf869d00d21ee476a9b9dce621f2fa9afbc983de03d27a085ce2e73ae9ea1f8c2d7f74243615aa2942acfbc4e9f48ac8d8e6750f2e09887090d8b2a11ddc54fc", @ANYRES16=r6, @ANYBLOB="01000000000000000000220000000c00018008000100", @ANYRES32=r8, @ANYBLOB], 0x20}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xa8, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4}, 0x4040000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r9=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r9, 0x2, 0x6, @link_local}, 0x10)
r10 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r11=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r11, 0x1, 0x6, @random="a2836ee8dbe1"}, 0x10)
syz_io_uring_setup(0x1e20, &(0x7f0000000000), &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0)
close_range(r0, r10, 0x0)

02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  223.066195] syz_tun: entered allmulticast mode
[  223.068615] syz_tun: entered promiscuous mode
02:32:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0}], 0x8000, &(0x7f00000000c0))

02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:40 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7821}, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000300), &(0x7f00000003c0)={'fscrypt:', @desc4}, &(0x7f0000000400)={0x0, "bc0330c33da90abd3b2fef784ce168da86f58aa2b50f68ac994614fae41d1c7bb46c413da7cb2fe39cd2feb36de1b76d7e89c58515f940893b0c3fbfd9eacadc"}, 0x48, r0)
r2 = request_key(&(0x7f0000000000)='.request_key_auth\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='85baa174f0cb1142', 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, r2, 0x0, &(0x7f00000000c0)='keyring\x00', &(0x7f0000000100))
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r1, 0x0, r4)

[  223.114656] syz_tun: left promiscuous mode
[  223.115320] syz_tun: left allmulticast mode
02:32:40 executing program 6:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000140)={0x6, &(0x7f0000000080)=[{0x7, 0x9}, {0x73d6, 0x6}, {0x1, 0x3}, {0x9ae5, 0x70}, {0xc45}, {0x7, 0x7}]})
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="0d8fbb9dc2850f669541b114ee023e286e456b5d46b3928107ff5dabb2205855628ec5c71c8f82ed775629e1e7ad5c9eebfa38f51b5bc6b4b43b2defe569d74a08b9547b166104407a99ce9323d1fae48108d54c68312152b74460953c99e3bcdb8a09cfb7d6ec98842f2bdb8893024a29ae7c6742b7301b", 0x78}], 0x1)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x3, 0x800, 0x7})
r1 = signalfd4(r0, &(0x7f00000000c0)={[0x404]}, 0x8, 0x800)
ioctl$KDADDIO(r1, 0x4b34, 0x40)

[  223.152039] syz_tun: entered allmulticast mode
[  223.171477] syz_tun: left allmulticast mode
02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:40 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xe5e}}, './file0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team_slave_1\x00'})
getsockopt$packet_buf(r0, 0x107, 0x18, 0x0, &(0x7f0000000240))

02:32:40 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  223.213880] FAT-fs (loop0): unable to read boot sector
[  223.215602] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  223.227379] syz_tun: refused to change device tx_queue_len
[  223.241051] syz_tun: refused to change device tx_queue_len
02:32:40 executing program 4:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000480)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000002000028", 0x5d, 0x400}, {&(0x7f0000010400)="02000000030000000400000030000f000300040000000000000000000f008ec4", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040008000000000000000500000008", 0x29, 0x4200}, {&(0x7f0000000280)="e0c18519cd33669a9ad402d407c3ed117a8b9f9db5c724f793295aeecc00fe9f1ebdcd19ae1e94957c885297bbb812d14a89ce7192d2f45dc161be21a01caaf64ff307a3dbc4322f1f94f1c0541c0b222c647ba9ecf890f51b44e4e154f9cd2cb3b403e4f0156669640e6fe62eeddd3074424472565f5ecc5016921278dc1a09dddc72d7746f5ed2c633199d0510aeaf881ec10114736a2be72029bb861154bd879f830adfc1d42b44c00d86c14415a9cb251b54982c75e18fa58a7accde8bf285e626a4f71b326fafe4b7", 0xcb, 0x1}, {&(0x7f0000000040)="fecbd969d829fb0070d29e0a000d348c0e15b3102a1359ed16b44e5aaabbdf35215b1a168e64708098145e135bd0b7fe458d25227102c8803e14490e148cee2c41d7e6b014bc40f2d76acaa2fad0ba5ac06b2278ebce6eb5edec71766061747219d573", 0x63, 0xffffffffffff0001}, {&(0x7f0000000380)="302fd29bdfff4545a83568c0d1563eb8eb059f1da08155834d45921a532157c396111f9a4a3c9bd233f0a9fa1fd9442eeccf6b293b5eec3d54dde01bafdbc57be40901e318ff5f3e2b47abd4d0e776154cd42c77420c13557744d202c717aa5013637366fc1bd4006372823ecd4ee15fd1785d766bfdcefe44e78d5ecc143d211bd7371b1643ca668e99042636f6b60bfb1ba35dc9d1e4418b7a8afb05d2d100e1b9249cf88115e3b4bb787f7551d4c5abdee1918ec5b6b563d1b1821aea3e167b94aa007861f1929fcd5eae22632d99f8d1891c2a04cedb4ee9ea7239ae45d8976bf2ffbbe04393fbf62adcf6f7f8216ef5f0706b", 0xf5, 0x7134}, {&(0x7f0000000140)="d671a27ca1460314da81638a31543c6103b9773be58f725788f854489cd0b00998ac8ab9ead3e7f01d21486722170e693e22b0bc4f126192665c4b98c720d8e34daa9d85d75af282b9dd2f77d667ee97c56dd77376ebf3bd008c06cc74", 0x5d, 0x1}], 0x0, &(0x7f0000013a00))
getdents(r0, 0x0, 0x0)

02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  223.273735] loop4: detected capacity change from 0 to 16128
[  223.295714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
02:32:40 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:40 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:32:40 executing program 6:
ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000580)={0x3, 0xfff})
ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f00000005c0)={0x9, 0xd4ab})
r0 = socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[], 0x0)
r1 = gettid()
pidfd_open(r1, 0x0)
syz_open_procfs(r1, &(0x7f0000000600)='net/ptype\x00')
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0xffffffffffffffb6}}, {{&(0x7f0000000000)=@x25={0x9, @remote}, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)=""/45}, {&(0x7f00000000c0)=""/168}, {&(0x7f0000000180)=""/228}, {&(0x7f0000000280)=""/160}, {&(0x7f0000000340)=""/136}, {&(0x7f0000000400)=""/19}]}, 0x9}], 0x2, 0x60, 0x0)
ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x1)

02:32:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0}], 0x8000, &(0x7f00000000c0))

02:32:40 executing program 3:
syz_emit_ethernet(0x3e, &(0x7f0000000900)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6003253200081100fe8000008f9902a35b5412406dffff000000bb0000000000000000000000000000000000000000000000bb2e62c0288ac087489d8fdd5c882f2e46cfa2b3ebc069413ab81297babc29d80cc30b7eca83b8e3c8dfd4826d4581b8aa20b0e11c5fa220520701cd71e9e65e41ddbff26a5d73d7103f078967658b4f670738c23ca45640f9b5c10c78b0781395d56debb90dfbeb4a9386cbe828409ca95ab5d4dbf8b2baf78d8280486c485a19086dc06d3ce6ad27234de28a5d1455c6b5d8ab797ff3eaa89cc5f23f321a5629997978a5390667abed"], 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x8296}}, './file0\x00'})
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r2 = dup(r1)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
fchmodat(r2, &(0x7f0000000180)='./file0\x00', 0x10)
recvmmsg(r0, &(0x7f0000000880)=[{{&(0x7f0000000080)=@hci, 0x80, &(0x7f0000000580)=[{&(0x7f0000000100)=""/103, 0x67}, {&(0x7f00000001c0)=""/32, 0x20}, {&(0x7f0000000200)=""/236, 0xec}, {&(0x7f0000000300)=""/14, 0xe}, {&(0x7f0000000340)=""/243, 0xf3}, {&(0x7f0000000440)=""/87, 0x57}, {&(0x7f00000004c0)=""/10, 0xa}, {&(0x7f0000000500)=""/117, 0x75}], 0x8, &(0x7f0000000600)=""/84, 0x54}, 0xfffffffd}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000680)=""/45, 0x2d}, {&(0x7f00000006c0)=""/101, 0x65}], 0x2, &(0x7f0000000780)=""/231, 0xe7}, 0x1}], 0x2, 0x40000000, 0x0)

[  223.373095] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.392508] syz_tun: refused to change device tx_queue_len
[  223.428134] syz_tun: refused to change device tx_queue_len
[  223.465545] FAT-fs (loop0): unable to read boot sector
[  224.700840] Bluetooth: hci0: command 0x0406 tx timeout
[  224.701713] Bluetooth: hci3: command 0x0406 tx timeout
[  224.702871] Bluetooth: hci6: command 0x0406 tx timeout
[  224.703893] Bluetooth: hci1: command 0x0406 tx timeout
[  224.704534] Bluetooth: hci7: command 0x0406 tx timeout
[  224.704559] Bluetooth: hci2: command 0x0406 tx timeout
[  224.705209] Bluetooth: hci4: command 0x0406 tx timeout
02:32:50 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:32:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0}], 0x8000, &(0x7f00000000c0))

02:32:50 executing program 3:
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x14000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0xec, 0x0, 0x8, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x27}}}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x6}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x5}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1644}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x80}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xb}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x25}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfff}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2c0}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x99e}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1f}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xec}, 0x1, 0x0, 0x0, 0x4}, 0x8004)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x100010, r1, 0xd139c000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="20000000c6f2010000000000000041b2ac41e0ff020000000000000003f30080"], 0x20}], 0x1}, 0x0)
dup(r2)

02:32:50 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:50 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = gettid()
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x1, 0x42)
perf_event_open(&(0x7f0000000140)={0x9, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x5}, 0x0, 0x0, 0x3f, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, r0, 0xc, 0xffffffffffffffff, 0x0)

02:32:50 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:32:50 executing program 4:
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil)
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000080)=ANY=[@ANYBLOB="e2ff14007175", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
dup3(r1, r0, 0x80000)
munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
r2 = timerfd_create(0x8, 0x40800)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
copy_file_range(0xffffffffffffffff, 0x0, r3, 0x0, 0x0, 0x0)
timerfd_settime(r2, 0x0, &(0x7f0000000040)={{0x77359400}}, 0x0)

02:32:50 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x70240)
r3 = dup(r2)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r4=>r1, 0x1000, 0x3ff})
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, 0xfffffffffffffffc)

[  233.269306] FAT-fs (loop0): unable to read boot sector
[  233.286490] validate_nla: 10 callbacks suppressed
[  233.286511] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  233.293582] syz_tun: refused to change device tx_queue_len
[  233.305850] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:32:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  233.346135] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  233.350838] syz_tun: refused to change device tx_queue_len
[  233.363126] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  233.372642] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  233.378567] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62150 sclass=netlink_route_socket pid=4471 comm=syz-executor.3
02:32:51 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:32:51 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:32:51 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000180)=@gcm_128={{}, "9c2eee105da2009e", "b7a6367ea3579c28838118de2dba16f0", "941835b9", "1d87abef1743734e"}, 0x28)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f00000002c0)={0x4, &(0x7f0000000100)=[{0x5, 0x1000, &(0x7f00000003c0)="115669379d6ea2b1567c1e0b8e2de279003a62a0670ee82dbe2b45861c31367f511a165a276d7ad34389c7d03b33fd29b76a26567900998217c0c4918de923fb54bebb86172b2bc52f6688bab03aef67de007cd51706e8025b0f6f093417eb7775c9ab6a0ba9ccafa884a3c59bdd24feb890552fea868f25cef81a07522863f9f01b58b658a060639e08fcb405e17f38785993a4bf06280020613032477cc7f62dbff3eed5cdad3bdf705d0305aaf39b128873691d8707e9bceed5d5d91eea43d3cedb27a15e8093d83c0fe4377d76d9b5abb29a003731ff72922a1be02960c25d1fafbaf534bc575785f3ba0652beef16df243a77a78350193a715f227ce5cddf210e57fce95163a86f96708d42e98d3b94942623c368f3148acbbe252b46b660c8f337421bd51d05fce2cc88efbaed9aec93c70599c760be7257f1ac69654c2b86aac442261d2351243bb5b7e01350356bdddf88d82b527e117a65bed94e668660e2b24dec283fde8a35f84af7caff65ef17d78850d627ac713c34ba4aed7e8993ee0dea1f1400648bc19809bbe58ad796822cc45cd66b1b79d77b16790ac970fe231e61b88671817af6d0df43b2dfcf222716a295d72ddaa790e8f1c5d07ebb5e672d63e0cee299623d283a06f9f53e36ad15da881561e2887905067229e269ba010155a94cefc6e710c3c4adce121adc27990271ea5a07c5196046f085a32feb4688d613b41ed1d16358748b786f23533dd7f5b2c9f5f91cdbe0f9c8c7ad939c4d8f98ffc1adaeee47eb6bb3973533665710b736dd73dbe6b351df8bff2f4dd069a8ee66987a1498a9f5c48f695535a136727325492e3571bc9cc7a4fc25a69fa37b4d2a8981ce9d1c0993a1524fa1e90149c13619e76a2411522980761c197b493e45032319b074427867b874a4e9afea670e84a22bc0281c4e822db63948931c9a57f02205d2a33488b606e0e8c9edd33b254abbe181f1842be7cbbb28a87a8c32bf6f4580b27d6d2cc515c3890f118d51b4f2069cdbb46a8f519dffe91097ec05b63bebb469de3c7ee786aaa13bfc5ec1087daa6d50f719583f8ca4fcd20dcafd67b0accacb64c81f0a398c972ca254640fdefd700da7a63d765ecf4c3dff7ade367546a1320801125d6fa27d5846364ec7c9fe3340d90a2714cb76f555e3214c45748e35f8cfa0baa49d7a160f710be15072b7b1b485f7cb71a95c487744f9325cc488f29dcce149dfb03237b93ac5c63eb51e9e0b995b4134d957b3179520436497531fe34df09941e46e1008ad424fd80d63e18b0865eee2cc04a02a93742c8d2ba7f450fcddd42f957deca52572a4728342a0164d09f361046c6748aca021274d89996cb6e9ce22b2ca2017c05115839596f1f2efb22777b3944c1cfd1f7770c8f26a279d4d734a3628d77f92c3b1628ca6072d415a52f8f14f1b9f5f1bc0798eef2ce747c7f99cf26b731ef9236d933fdd86715c4cbae4dbb747f593d0b745ddc097d34acfe1436f530e82ea1455664bd62829ac0e078587520c3759478bf813b9c51a509dcfd5e3de90d27c7d24bd2fcf95fb1230e7aa2941aa0156fae1f40491898218de6b57ea18809bb41ceee426ba820f79addb12a75dc5d307ca5ec50062cd8d5384c7f4cc0f8a196ea5d87a420a2f06979fcf254114bbe1725631b57087777a34fe297d4b2239426106e751d75add650c99a5782bba248b48a1bfcffc05103e32569c94b4530e5149f562574135f4bd7e08134f99cee49c61ff9718a7ae4766346719dfec577dfc07642dfc13f4b39344ebcfa10170706a9c2c1ba1849178ab62c91059d9d91909739a400a356f701d6c72afc5571a14edab2ce2dcd8bf9004de8912cfa764c65982e485a94b7a9c4b3dd9217e435963a56ff0ca9052ff4007662af58d2f288d09951b5009a28009bc34a9dd5c7adfb09d9d7ae4d46af99bfac4313a2036c06d4c55ba09c0f2759e30295555ca2636567f169352642ac7ec8a108c0b4bb524b60b0a559127c434a2a6977b99926ac2646e3bbbeb4d097703ffa751436da057232ded53a6a46d213cfd720070d3da939a7d3b9462acdac9f7a947567955ab63745f510ee075ee9a10a999748b76ec676ba3718d5af9ab601841ae174af8beaad791dfb1d7a47c883a4fcc2349e6e48c82107033f259a30744b071181b651fed1596dd409f9ee424a8c5b4562b15c64122c5aa95c18e93cfdc27073a9561907832d53fc0af7873c9b17fb60600c564f481c478fa554e9cb6a23999b12457a71bd9f669215257375a2d8161b923e6dd4bc8ec245694def8ce6851842e46cfc7edfeaac00a0d24b2f16bf8477e1515d87eb6011d0cffe7808948e9000a99c51d34b941936bf99d3a53f198991811929dc15b1053954da4e08a4ff34467517c71fb95e1eb5f781b1c9e73152f8efc6dae4a587927ce48ab36f6a455dcde575bec5a2f4e992a7988665cd97157226920b271377b29afd4e0d8bc28642e616858867681d94949089d04db66afe07e3d8c0c798b49e81167472cf3036f4ef6a094091dcee4165785c9b3806d514a1691472044795e379c109ba4f463da1c50ebe069d4926cbb0ced02c3878d5a2f1a892e2f751493d4d7d95627ba30e6e6d0e6ec1de1f08828a6f669425049e724685226c81786752384c3d7e9b005904b7212fcc0f6543c876460ca4e69ecd4c433f49deadcdbaad7a3e7e5e342f54a81594dbd7a9ed739e6a2b54a621dd585c32189dc1e81da29315efc4c9d7b5a58c38fa540bb2acaf12ba49ef025ea46839d21c3cb5c2298325cd034e315b89837476aae322d1c96ad33318f3a20d526cdab31a87e9142da45e1eb8ea45053e7e9fd626d1e44697d41d1bbd699157a63bfdfc7f4d31bebe5bc943496111507db0d0124ecdde32fa6789d8eb5d46969f1756fbec97b28a39b097879046093aa2ab4a7c36c3cab94a3ca6c1811ff36b59dfc4ea7c7d748d47803fa15069863dcc83b727a1247d80606f345ab7b55df610afc0930b6ca78a0f260bc1bff9a708700baff40cd7213deae63b6c223a7fb9175b9e67788d83de3bbfed149f3f3992a90f40e599584151cb11b6a861b5aaf95c1ac50811fb1b2fb6250333cf0520104566e37e87930f8f777434a84b633a6cafdbc11e776838c8317ef47c08296bf8d3ccab2e3f18bb85bcc593d69f4e6d480b0dfb55d8086b1e41db4ba331910c469be26d844f7c6b34b836db1db89c9f742ec81010ef40bdfa079d1d61e60b723646ea726314465ceb0ccd01c0d50b3b0881d0a9bfd919a273ca9ce47e53aecca0ebece53c719b5d657f23433f1026abc6c1c81d711e31faee210cd7941f9e9bb5e19cc5eb7004d4ecaaec14d03b30a74c98ca9baaf061fc16450ef04acf3a849e3d058f2aac5c0e7478408b841e4b21bddd94ad19187edb68c3ce600c75ec79c5e6b920ad257f2acd04f770bbe4bb77b2685bf0f9888c5f92ab086f244dd4214df7ca87c366e3d93a2838bf62aa533a24aeb7bd6890e41487e6d9bc70e5b9fe4ac5b482f23e43679e0bf9f54a78ad1ffab6200fea681db689405a3fc254fd828caca3239031afa25891d0456707e7b2d99ef8248612115478d74b5ccae282744529bb010a74faf35aa91a475750e85a269e70cc8eafca08767e328a050f1656b49bf64754a30bfb6beeaddffd6205ac1f1db69fffc45abf8b09dd420c19653bea45619e3452f28882b24e28850da0e641e1ef993528b1b38338743f6e314c8124fd78dcea68cea4e68dded7dba805c113b584017bc25ed648350fc82bca1785d4592800e3dce33825956a8fe12c6947c3a5bba3ad2a9a0c724d34a8d1157ae934362f73a22e061cc001df5316e99bda41fdc85d93301e7dd850340a6f5c515baa305ebbba3fc211ff7e1235eebb55730596641c0b7fb221a35df91e8479b23fc909f705a942b97f719af702a187fff6eea771bb359b4cdf688d9514046c27f808307266ac191190dbfd0bf3a82e2cff1410eac97862bdb334d99d864f70bce13de349aefb975b5fc54c021929536c6e51c2974c2f5d1e2a4d472a41018e6e4c48018b3aef7c2f8f67c1e4fafaa8b8d96ab255827d8500fc801fcfb00e807fd72d3c6452ad7b75acc0503a3504697c550305a738b6041b426f73625d3b7a64b6ad009ac073072fc4556b784ee84275ee579c66a92f25c7c159327d0e9f8fb82f39606ba723a1ff76a76e6204d401ccb781fed1da64041a2c51def22a12416e2a07577ce2f9ef3e82e618ebc818ba7e0f393eed67c4391b2ae5bdde2eabcb352b69bec711318aaa8f26aacea4f33fe164a8150ae09e25a25c1a89fa2b4085b94deea93f352229648707a14cf7ce57965c96bfeddb07802da977b5b98cd9621c67b4d8a3dcf7bbda4bcf2ecee7feec80b7975df33417095dd4901f7bd46e16e5f90b04e6377dcf0f76bc1d9c9158f93147db3026015cf0d0a856b31eafdd8d1d0df315b3600778786ba59a571700f6ea9675adf8e2f27783fc1af2ea4f442ab030e0f95cfbdbc20f87311d436fcf412683c463909a94cdc6aace22ad84684d8e6023c92aab0c11ae4a73a75af20c40660a0118f990cfd56572af1b9dc0462082e1b50adbcc4332a8f0ba20a6ddc2281271ef9b58e8b558b586b7e5e1079230305258614fc144b76130c0404dcf4b151308c12562643bdb871cdc5b43afba6e2925aad798ad0ea442726de9dd1104dc600b3bb6f6c27530974cd73babbc441fb3408cf57b981ac9921d1799eb98483ee5220e28e4af5cb9dd8da9b84d4351b12c59c19e639c86c078df7f97122d6c6e0dc4907cc02bc2caae6804412190fd70e139784da6c21a6e81aca562a6c6ddfa7c311eeddf3bd2b53bad4543209697cdd82889cf4cf48a4dc749382d0c03a2b08911f378457c58f9ec4cde5b5e54ee3d8d6e855fae8006b45d3e6ca31da83d1126e912894ba8201d0e3e5a435759828c178346657ba71c457225d2e950a229b27585f75c3391c05e8518742c8de25836debf727a6bcbffd51d1ae23024d95a181e97eecf0a6ef70c78ca633d5eed4f03344c692ccc86162b422e7b3e6027a18725bb247ca20ca128c094416013ff5263066752b899f0a1b3c37d55b303b466c21eec8f7a6d4fd135f487dae5c897537d5a4ee0c53a262a07490428786d30834315d46ecc8f01c2391c935979b252a315abfc7dcfb1e2453741a6094138eff893dd87f95628ae42481809625eff8028fa623109c2cad6f7bcf0fadc142b2f8328857f767d03540dd8226768b4017a2a88a98426e9afb34b5860986a6afcb74e2f7568aeab60fb70d76cb3e18b52fb355a1f29fed5e94320a888a3d8b15a58507d229d314f586e1e90319d18bd3894cce9f3668f44581f53dfd5b625c78c4d238ebaa3231304f099b67feb3d9fc49d26d8784251196a1680a556fc61ce3f5b2db51d456562bd9c5b7badf14a190eb6482468dab5f048e53f4a197ac4e84de61774e4e602aba15f59673a8b6346ca95e4a714674dcf4ba1f73266b4c818b503bc66761b7443396601b114156f6c1827aebc68b0abf7699da604ab8a8d268ab73f1310e7a374822722ec7428d1a50d8d0fabd46a7d74fe4377e4552fa35de737cf0e1c6059fe722790d53aaab319678cd0af72471dea199a2486a791fe7ad16dd8384d4a00e705728de9b074d98c0bea282f68edb6557d7b6a02841216985220f5a18b3e17de01bbf85c45cde6f957f2163895ac6c8e33e2bbe5e979ca24b0db4545fbe6eec4b0b109301cb411741", 0x1, 0x1}, {0x3, 0xe5, &(0x7f0000000000)="b4801ae5dc19adb9cc19a238ed3b14fc917c1d7454853bad119c9d1dd9170ea9abb2878cdba6036f9921933c4629d9742da961ce62467507e77912476721ccb982014ae034ef336583e32be600cd9f226f60406e0b2ef4840c94f9153ef9f53cf83b9aed4778d3d4e040ab676a8ecea9125ed1a458a73904d6533dae669d9ebe559745f1e9853d4eab4cf796c6c30156be54aa5195cfd2584249c2ed9d953132059facfe673d1039cebdbc3411a010ba0dd84838434bb09c2d95ab9df8fc9b6127c048e05b76243ef03cfc3720be66106187b2b57e294f0d2a50968f95721d21218db1aabb"}, {0x1, 0xee, &(0x7f00000001c0)="b53eeda12c09e880c0979c8872f0e2b5aa9e0199beb53cd13d321aad677d1467d5bbd77c060b4efe232ac32bc629a11783ef9d27993034f286a137aaa3e132f78026c2439a49f08e5e9197a8855238ffe14d789577a657f11579451bfbc802546fd2655901ca06ebee8056c6e98317213b914362841f5dd24bb4f5529a85285cbee17af2d8d76333354dff16dd528773d51ff3b8d1f319cce9b1561dd20a67b4e1b6385e623208cac01e0213448da7fa1b12b34d1306efa265d42ff38bf3b4808a738972fd86d3a91e06ecb973796680ca7a46be82f9be9fc472df8616ec3af8bb0526034d732227ba428a1bf345", 0x1}, {0x9, 0xa4, &(0x7f00000013c0)="b499ef98a8ce2c5f6330a06c872603bcd0f396723a128daf9d60105e5c9eea2032af8538a12cddff168df27165733c16eca024c2ee6fb8f9e7270d84e887a29a5ba9c37b0c4a64ef7d6e5fb0e438d44deeeee74be0e5302fe6540121605dd8c0c619dfaaf02178c291d6124084c80d00af481d394beb1213cde3a824dcbc6ac27bff35968f177e1095bcfbf024cc03fc4638afe899877e6271f9f76f7b76d98b0afce942", 0x0, 0x1}]})

[  233.450944] loop0: detected capacity change from 0 to 256
[  233.483262] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  233.485280] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62150 sclass=netlink_route_socket pid=4471 comm=syz-executor.3
[  233.485373] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  233.492178] syz_tun: refused to change device tx_queue_len
[  233.494630] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  233.517632] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
02:33:01 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:33:01 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100f0000000000000002100000009001f0070687930000000000c00050000000000000000000500200000000000"], 0x34}}, 0x0)

02:33:01 executing program 6:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = dup(r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000000)={0x2, 'veth0_to_team\x00', 0x3}, 0x18)

02:33:01 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:01 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:01 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f88"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:01 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  243.711583] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  243.712765] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  243.713980] syz_tun: refused to change device tx_queue_len
[  243.720305] syz_tun: refused to change device tx_queue_len
[  243.725660] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  243.728576] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  243.734993] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  243.735947] loop0: detected capacity change from 0 to 256
[  243.736492] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  243.737793] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  243.740453] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  243.750440] syz_tun: refused to change device tx_queue_len
[  243.754233] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  243.786442] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:33:01 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="0b0000000000000085080200341e3cea1a8fb642a152ee"])
r1 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000140)={{r1}, "c019be81058b72b2992f2f0e634edc0b80f291fb7f6b74aa5345ed00e6de662d20ecd47d2737bec9a93bceb585c329dd330bad57583a4c48f3f7669317501bef528a2a9224da4d787352d94117bec62437be9d195ba4c4bce95a6d368d0cfbeda18b0c94b95bb006dda4263881123918661599bee8cfc9a27cc47eac8ae02efe6314455b312f8b15171ed911c7f21e61cb07d3e80782946493832534b6b1ae4488439c27cf6fe52e3db8d6abdc22c7520058880723fb2bc409dd36bacddd0f17aa82a5596cceebdaa87b85fa70a735cad104b40888d5254dd52879ac89c5c72ff3e59dadf668a959e0ec30e8c4c534a911fdcc0f9f710eeaf8ad5718daf374dd2637ada447e287ac2165362202ed9659c38138c194491919acb441e35b7754cbaee5c6c0ee0a5e282adeb97772e46539d73ff2c1369ab1244a73b5157408bde87cf77e8ddd6e278640aefc8c9665c43e170cccb5ae171fd156ece654c4e0f5f6c895a8d75bff595dab81033b62ec6f2b8d0d123398752ca39d4fde39c631af9a29c57138a809027828b465aa8989f6bcf1d47ab897481b2b39da0c48cac1da456f50ef5a8ba2de3d280e906f98a62e1da43928d5fb1c5ed4168999bbdb0c081b5421b8e6e0e3c245a3b4ce5733906fe52aeb066e676d7e34f7e2c7700d83751972f6e071724b5125826bb8902a9a5b842be30a6ab0f2aee108c986b76627372da0817942e92b7b0ad33ae6bd819bace1093a8880c71f36935eb67bdc8ec6d3ac8e75422463cafd060115db828b2d97eeb4668994e41f8e8d7798b0a5d4b8c22cb8e7c8877c981f895c6f95d69537620be4ca218f0a22dbaa062a5288f1e85e8457d58dd14020c9b80086fa49a3a1ec75e85a902742cfa9aca39982e91ac91a9017628a396b563fd5df6c0564fcf00ee3a6d71dca73f552f56f8f487dfba57948461c679e93e4c18f7e131b230790e611040d6a4aff4f5fc89896441d7c9393d0a8b1cde130ac233b783cc21acd14256f30eddfa1b5a9863e0922605937618ed2f96f46389df2829652d1f38f632be5412046dee7f307afe4a8a89f6e41d8dee3c7c70bd9d99521ec9ade7463d92e79378529899d3e14ef85e809f5b49b90b25763af93f54fb2f9df0fe3b1eb84c490a5b0427dcaf98917d32f7ac16448535d8ad452137ffc8e786f7aa780756b0862d32a84f768f88a831737b48870ca09148842926f697192cefc0f3c4d5576874222068f97221b593a766c426a56c0f76d9b5bae1a7f32a1f8d48a5c10f4ce7f02f1d00923c1d31c7b89499481796dbad88ada2464fa399a7c93a36c1cdfe2bfe3905512d115b5b2b6177b6468e004fc86afa7ace4c54a58ac0a4a9bd1a70aebbe21debae466575c50c18b5775884c7daf4e35a22588abb721aff36ecceae32e1e80a77428dd80b91ebc705e19be503d71559110a06989d244d8f33818381570f6831cef9d07f637693775339a5070e249cd583e0f698101599339b66029440b76dc426a1dfa62cde7f0c1d654bf6ff9dd039b91b3ef154bae9a3fe70aebffa3d7886edebcc472ab708139005ee79ca2360355a3c7e093749456521d71090b76eb1ec3cb133689a8252db28b19db1b4934d09748b3faed18603b8b47c4f58358e62101e542ff9ec02f6f6c3a02e4ad90acbbd99890a05af2a6d7f9df6b17b1cfc5bd55fcb36e1d144482bef6f40dc741443b66e3e412357f6ab69e76ad0b81f1726f0937d42795f30450a4cc85ec70257cd58469f450bc9632302d91bb72785a605525526c987efead903f3cebc78f5c76649c0e12bbc241489dcf8c82214e374f7662fb5ba0b9e89bdc6e385694cba9409f34ead1cdb31973e273384e676595517abb38e0c512083f63b59a10988ad2de6f4c88a2bbede56339c2b565b8eb543afe497978a7f6c5305743df564bc4dd869e5079b7965993970a60ae64381515d9bc2cde4006f583fa7d5f48d10d99becd4ecd56c062e98287341164769d9faceee5131413ad8304ec8fb54cac0c49e1e2ba7414653f8d1730a917ecaf6eed1064d740d101892bdd0add8b81503621c6580850c4662500eb1054bf0b4b6a9509634acbfd06ff6c70f5d7f909cc6e03ee8cce1e24b606c98dc78fadb4c0536c73164cdfa82ac76d371f7cc4af0b282d51e53a7a894da632fa9150fc5b1bce8772eccc776e23c76d7859c401386c871ed5e6f62346c1a5f866f3e57840df608089ca1e591850282a04daff39e9c19ae414e3871ce0c18c7d33b733d18284f3c6a95385e3756523740ba1d498db74b6f65ca9cc0eeae3027a3b9d23905b176bbbba60a38eed80adcec3cb0d3efafed41a5fe332fb3c47c1074f163433c07115180f9b10b9eb512230d173490b6623e5977daf8a76c70429f8329f2b76c038abb02069519830d8d8eafe9869aa76d34b102313b97a08b294fec0335dfafd8a5bac0ce41bd363fbefcd2619c3dfd8e667b4c9dafb937ff8f318ccab801fbdfe4fc6e9108db4602355c7f8fd33c9b0986ee3192ff0e5704884ba130f195b30c7bcf8f30e3a372ef86aba777d4f46f168e310cbae53af5b805947d82ef83baf43ee789045f02ef76e5699fdb697b1fd2c5085fd5f4f874e690dbe5d340890f55b3af5446909d989783f8a2ac4f66fbd49144f3d0def94f6302764bda971601bfdc3ee46d30cc7698a9ceb16180b5be6f0e214fc5a948e5fbb34c741a63f458d6164696bd99e6bdc015ac947b2ccce4358fce8f77fe7985ba73e07940a35ff711e0e3ad27bf903ef6ffbee2989e20acc0cfc8937bfbaca50c6326b8208f8180faee961eae04098bb0ea718f83d92a5cb0b241a7a5bb27293c6e571555b2a2755768613a3afed10a62c7bf8045c61cdccca4830a8a485a219a0b16cf7a21420781e857e48f06fc1e6f97361c5f19b9aab66e88251fb5fff9d53f956cbcb3c5b925cfdec74157950b55becca3caf2701071d47dd045f6314e5fe37e4618c634c725099c49c493ef7b215d745ded9f9b89b1e888bda7fe493262fab3a1c7ac1528b8cd0873c0a855eb8be9e9fbe82aaa9cda21b98d43cf653890e8302dffb904b3b47706cdf1ab4adde87e639a241df28072745784df3f67f2d687f8d817a844e53371fa53b7c635cfe7f1c4aa969a3117327156be49e8ae3e6f2ea368c4c193e2138c8b7eada4ea84bfe94f6379047f216e3c848441ddb7ce07d15f62e2c705216e12433b58a149dc3b6f7b6e59e66904b3b0d03c32d26b415d025ad9730d22205787a689afa3db57bf28baf04614d8af4c42ea991026a77747bf8339522ec98250713f5676dcfc2fa8c201f6f8eaa1541f911c7c66fa8f848a973b976bdcfe50057e331ed9213c4373ac52fe1955513e4e134b2f38d2fae3f36d0eb54f7342a7f58167b9a15b6128b91ea22b76bc1b2ba6e9c9c358fb9e0de110576ceb6bd59edbb1bacdec46beec1e0a880b977ad8e788ccd6dcb2ea20217ec46436dabd2d483411d8ae257cc7ff86df3a95278ea429867875db32b11598d26e3daf31bc9be0e36155b3ef066f36e83dd004f98a8ff2e044cc4117f68ad6480c5d69c76d6d4547b4d3421e388b87e3a465da9fbfbb4ab12c91bb39c23704502be8cc11a9ed7af5975e07fbc31152310be4e377a3b9f2e0101b12854c58d7cae5d0eb8fd795c39dd251989d19a26861b93f07027c8b7a449218e5019df6389dffe767b99b6ff8cc80db576b4804f24c4a17815d88a9bb048888cd572352d64e9a6bcd2f6b5ce326a5f7ca2634f15a8b39895dcef92df9168db6877f915536584e7b5edf4c6540fb85a10b1aee06f3bcbdc4226f6b7c57735981f0b41d950ecf9c4090c1dc320df11506ab70a255417ee31241d67636ef20cccf709c6eaf3afa3a70f2413ca75ce69eec3673889c9172bc6a15c9ec5976129cfea983544f002f186bdfbe0e3e3479f712cdfc52d47354ab968187c9eddfc9af49b271862b620fdc8c8d72d494eeccbb7049716f921ef614c67f5642b11ffc5c55a7e099f18070d474b9b50b85dd7f6b9ec8c76fd108c11a4959effef904001256936654e7ba39c12c21de17ade99c87dd61965b7a2198096e314e12a023b99cbd0e39d68951f4a7239a8e8fa90132bb022861228b01fef98ab1e1f81a9926013f17e0ddbc391a0e72db8c888b8e7a45d42d546bc0fe086a45644970a084d207f21805aa62818af8452fff6dcb71c5a6686b21f05108ab129a69e6231a70113c344f7e7b9658be7d9861c5191e2c60988660dbfd8768499c65f7be6c585e36a052453211967db1da294571af8b2527cd5adaf032306d0aa713f34a96e5c6f140c3d5a81c744337b8e2713ea51221e1924d6f2f3985a2314a71a41c26fe2b673286b30a9708648d33b4082bf2339481520034ae5fd0d9ce50d97e34350e76124bbca6bf524619151e8410b74d3440b8d35474dbf1dcdb5eaf9bbbd189626f162e330733cd6fca5d70d57fdb2b9da5bb17a4b8c14b28ca6de99a9b3e387299215dcd8774ba0a55f7dfd51a8977bba86b77a9cc3193361df2491585580802d010833ad5cb5a945efdefc1ff0fb9796d05bd5f6d500aacbedba27992a8a918cffa4e73bf9e74d69fa316efb9d53306311619066a746fc6219247db576ae31234aa272ff6022123efb6b4fb353413ad53d3e7bb7d233905432b75fc98b0fe06fe8eb9ce1ee885410ff95b47e5df7c94d6dc07fc44780d6de3365a0ab8f7659442feb102d9ddce747feca23cb2d0c373e4ba43790a3b97288b20e7598de4756846318ffb8398fd500fe22a20977c7269786d3509a8f993d59ab4bba01beaa52d0deff285d5fb0753ecb7eb2d1e9076782f1a9677b476c5ec65df13f02bb29c4b99f210bf9552c2cba99ed2934f96c405f1f4b01694f755c2cb704129c509827bbbbac21b0021194d7fdf1e7ae3ad05f19f57fdf4c131457c3c686c211011afdd2309c2bb9933e95c9165ff3d081241aa4b7b0c76d4e22986d5992dc8c1a1efdc3c425520f74820a8e020051357eff6618c8a8e447451c32f2c49fc1944b5d4a88f5bc60fb11795ca904b7095fbf67c6fcc94e714e01f499dfc1283b52e08e9fcb61310576ab01e662c60debbcfd2159204eb7521eec76526be1c4299eb2f3911ba850c98ab1bc214da554a3cdb2d6faa80039c5afbc5c95a5ab7062d7b2e52396ac9310ab1c57de71d53a73cdec10cc70e902d61a51f70a99527299f49359e91df51a149724b8f3a6999831c2c1de630dcec02456de533ac8a0a7840c774a53a284db156d5f73d6ed7ea0451e1024dc3249f1f36f7020df4ac1f6ada4c7d0f6517bd9b05289e910fd9bd3ddc0c4bbf55983aae8b8cd46ca3ca8af08a6b4094dacb994883fb9efc7f8eb57e4842496d9847a3ec21529a8e4e9b29359a7b6fe2c6821fb5540fcef6221d1c1bfb18fe3f41be3cbb336fbbb4549642b5033e950f4c5a1b08a6a364e5e93103023d9a511f2b12cf298adbda863ff8643c3616b2e44a4c2c0b6b240ffb44dd631787de0ecc8cf5923089bbe42115404051e2edc9345e2949c1bb437106c943b5feebfce7c3391572b58582bf23611d676e502444554fb5bfa3074f7383f0963763ec600ca9734c22caab8519640a5b40f30100a1762c725ce785ee5b45339eb43b0fcd49ee2d975d575a5069ccd823938a104c862f4ba32714e521fe55eaac973c796ac2f53e8fbe354f8bfe7af6eeedad598e98874957a8fa33de4fa006329d1e40213f5696df7bbfed8b4151b7ffcfdf3341d4b52"})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000000))

[  243.802970] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
02:33:01 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:01 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f88"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  243.829791] syz_tun: refused to change device tx_queue_len
[  243.840598] program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  243.864324] syz_tun: refused to change device tx_queue_len
02:33:01 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  243.913431] loop0: detected capacity change from 0 to 256
02:33:01 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f80000200040000000000000000000010000000000000002", 0x2d}, {0x0, 0x0, 0x800}, {&(0x7f0000010200)}], 0x0, &(0x7f0000011000))
r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0xfffffffffffffffd, 0x321a00)
r1 = dup(r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0x8, 0x3, 0x91, 0x1, 0x0, 0x6, 0x2010, 0x5, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x5, 0xffffffffffff0001}, 0x40030, 0x101, 0x80, 0x3, 0x9, 0x4, 0xa618, 0x0, 0x7f, 0x0, 0xcad5}, 0xffffffffffffffff, 0x1, r1, 0x1)

[  243.980786] syz_tun: refused to change device tx_queue_len
[  244.060774] loop4: detected capacity change from 0 to 8
[  244.070584] FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  244.072793] FAT-fs (loop4): FAT read failed (blocknr 32)
[  244.080145] loop4: detected capacity change from 0 to 8
02:33:10 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000100))
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0/file0\x00', 0xa42, 0x0)
openat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x1, 0x5}, 0x18)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x795a, 0x5, &(0x7f0000000180)=0x1)
open_tree(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0\x00', 0x0)

02:33:10 executing program 4:
ioctl$CDROM_LAST_WRITTEN(0xffffffffffffffff, 0x5395, 0x0)
r0 = syz_io_uring_setup(0x65e0, &(0x7f0000001e80)={0x0, 0x3, 0x4}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001f00), &(0x7f0000000040))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
close_range(r0, r1, 0x2)

02:33:10 executing program 1:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
r4 = getpid()
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x30, r1, 0x1, 0x0, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc}}}, [@NL80211_ATTR_PID={0x8, 0x52, r4}]}, 0x30}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x54, r6, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x3}, {0x5}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x54}}, 0x0)
sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0xc0, r6, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x50, 0x8, 0x0, 0x1, [{0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x18c3daf6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfe}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1d5ea3df}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4eb09b02}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x55c87531}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x729ac56}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x71}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x54, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x39}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x54}]}, {0x4}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7affcf6a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x15b3a741}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x79}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}]}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4020010}, 0x8)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, r7, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x400c020)

02:33:10 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:10 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:10 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f88"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:10 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  253.228090] validate_nla: 6 callbacks suppressed
[  253.228106] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  253.236355] syz_tun: refused to change device tx_queue_len
[  253.237376] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  253.239052] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'.
[  253.243917] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:33:10 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  253.250827] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  253.251812] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  253.257299] syz_tun: refused to change device tx_queue_len
[  253.258523] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  253.259315] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  253.264930] syz_tun: refused to change device tx_queue_len
[  253.274589] loop0: detected capacity change from 0 to 256
[  253.277591] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  253.280370] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  253.301803] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
02:33:10 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:10 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:10 executing program 6:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x80000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400028001000240000004f80100200040000000000000000000800029d9e437f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ffffffffffffff00"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ffffffffffffff00"/32, 0x20, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000c1e770325132510000e770325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000c1e770325132510000e770325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000c1e770325132510000e770325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000c1e770325132510000e7703251070064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000c1e770325132510000e77032510300000000002e2e2020202020202020201000c1e770325132510000e770325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000c1e770325132510000e770325104001a040000", 0x80, 0x10e00}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x20e00}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x30e00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x50e00}], 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0014f0ba92e63f858bb75b7573e4e6fa57dce3e705c06200ea868091fce50da2bcac068e1495d3ddbd088c9f4a2a7fb11d62685af0954c49"])
r1 = open(&(0x7f0000000080)='./file0\x00', 0x900, 0x84)
linkat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00', 0x1000)
connect$802154_dgram(r1, &(0x7f0000000140)={0x24, @short={0x2, 0xffff, 0x555e}}, 0x14)

02:33:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  253.364059] syz_tun: refused to change device tx_queue_len
02:33:11 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  253.389599] syz_tun: refused to change device tx_queue_len
02:33:11 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x5a48, 0x10001, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r2 = dup(r1)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x10, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="cbdaa6ba4ebacbe51d891279ab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
write$rfkill(r2, &(0x7f00000000c0)={0x0, 0x7, 0x3, 0x1}, 0x8)
dup2(r0, r0)

02:33:11 executing program 1:
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f00000005c0)="5ed0b2ff68d76fb346352b602a2a", 0xe)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r1, r1, &(0x7f00000001c0)=0x4, 0x2)
sendfile(r0, r1, 0x0, 0xfdef)
r2 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r3 = dup(r2)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r5 = dup(r4)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r7 = accept4$unix(r3, &(0x7f0000000200), &(0x7f0000000280)=0x6e, 0x80000)
r8 = syz_open_dev$sg(&(0x7f00000003c0), 0x2, 0x48c600)
r9 = fsmount(r3, 0x0, 0x6)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000340)=[r6, r2, r2, r2, r7, r2, r8, r9], 0x8)
sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x3f7, 0x300, 0x70bd2d, 0x25dfdbfc, {0x17, 0x7, './file0', './file0'}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000010}, 0x40c5)
pread64(r1, &(0x7f0000000000)=""/176, 0xb0, 0x0)

02:33:11 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  253.447855] loop0: detected capacity change from 0 to 256
[  253.459212] syz_tun: refused to change device tx_queue_len
[  253.474562] syz-executor.1 (4594) used greatest stack depth: 24136 bytes left
02:33:19 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(0x0, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000001b40), 0x9}}, {{0x0, 0x0, &(0x7f0000000200), 0x1}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000500)="10bd6348835407c57831572764eac6c98f2ec5894cd88c934dbe57bf616c9097964b0af09df277e0325d5b12fcf1ff841821c1a8032e0ab36a4ea38fc836c31cd9e195f8a516df871c66b454ec41777cdeded3b3fd7c59a89801ffc3655853827504844259929714eb5cfb6aa325bd985dae842053ac61a0937b1c6498430d4b71835a32ba1a28b7f0769f14ce5e5bb84c1ae2b732dd9c2558afeaf8a729da36a256894a931da37ba46f32c82c2f3dffe996d84895f75f4ed1811b3f356126d2521913908aaadec642297a72ff2524eb7d1c02f7ee9cb95e04a06cb40191113948fc028a5f16c0f492500c2406d989f81955a32f2eea795fcf07317be390514b77c6757f023b3ea7ecdcbf47debc5e0bafd155abd68b38b36a8641eed7852af3f9f935bcc0946b570e7709e252356ab2abc550f51410f7540d28d97a066d9bc8012c4cd17565852bfa79bf9c9f84c4fec05eb8427a60d2fa5eb9", 0xfb}, {&(0x7f0000000380)="e6b11dab9605361aa6b119381bf955564f7bd15284e6b3cf4e2c4abf", 0x1c}], 0x2}}], 0x3, 0x44890)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000180)=0x2d9c2bd3, 0x4)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e21, 0x5, @remote, 0x100009c}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @local}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040), 0x3, 0x4c890)
shutdown(r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @private1, 0xfffffff9}, 0x1c)
shutdown(r0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
clone3(&(0x7f0000000100)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x38}, 0x0, 0x0, &(0x7f0000000240)=""/10, 0x0}, 0x58)

02:33:19 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:19 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x7, 0x6, 0x0, 0x0, 0x0, 0x8858, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000011100))
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
getdents(r0, &(0x7f0000000140)=""/231, 0xe7)

02:33:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:19 executing program 6:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2c, r0, 0x3fd, 0x0, 0x10000000, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x49}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)

02:33:19 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:19 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  262.268974] validate_nla: 9 callbacks suppressed
[  262.269599] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  262.271523] loop0: detected capacity change from 0 to 256
[  262.273633] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  262.276728] syz_tun: refused to change device tx_queue_len
[  262.280949] syz_tun: refused to change device tx_queue_len
[  262.282813] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  262.285113] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  262.289359] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  262.297569] syz_tun: refused to change device tx_queue_len
[  262.306260] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  262.312556] FAT-fs (loop4): unable to read boot sector
02:33:19 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:33:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:19 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  262.359576] FAT-fs (loop4): unable to read boot sector
[  262.374493] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  262.381775] syz_tun: refused to change device tx_queue_len
02:33:20 executing program 6:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2c, r0, 0x3fd, 0x0, 0x10000000, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4e}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x49}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)

[  262.388793] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  262.393908] loop0: detected capacity change from 0 to 256
02:33:20 executing program 4:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="200000001100010000000000000000000c00000000000104000080"], 0x20}], 0x1}, 0x0)

02:33:20 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  262.441734] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  262.444287] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  262.497707] syz_tun: refused to change device tx_queue_len
[  262.498478] syz_tun: refused to change device tx_queue_len
02:33:29 executing program 6:
r0 = syz_mount_image$tmpfs(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@nr_inodes={'nr_inodes', 0x3d, [0x65]}}], [{@obj_role={'obj_role', 0x3d, 'tmpfs\x00'}}]})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8300, 0x82)
mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x1, 0x1)

02:33:29 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)

02:33:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:29 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:29 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:29 executing program 4:
syz_emit_ethernet(0x81, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @void, {@llc_tr={0x11, {@llc={0xd4, 0x0, "3511", "269da5ca15c3957e0e6e2488e197915098a89284414540ac697db8842fe8c6489691b47396ab53000000000081352bfe9a93f432ff08000000c593de9c609ce6b2a837db2675efb133e13c621594563e60235468602345c656eb46c1eee5e80edaaf00"/111}}}}}, 0x0)

02:33:29 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:29 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = open_tree(0xffffffffffffffff, &(0x7f0000006440)='./file0\x00', 0x8000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000006480)='ns/uts\x00')
r6 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000064c0), 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000006500)={{0x1, 0x1, 0x18, r0, {<r8=>r0}}, './file0\x00'})
r9 = eventfd2(0x5, 0x0)
r10 = syz_open_dev$mouse(&(0x7f0000006540), 0x3ff, 0xa0700)
r11 = openat$full(0xffffffffffffff9c, &(0x7f0000006580), 0xa00, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r12, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(r0, &(0x7f0000006700)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc, &(0x7f00000062c0)=[{&(0x7f0000000100)={0xc4, 0x32, 0x200, 0x70bd29, 0x25dfdbfe, "", [@typed={0x8, 0x3e, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x5c, 0x0, 0x1, [@typed={0x5, 0x51, 0x0, 0x0, @str='\x00'}]}, @nested={0x40, 0x6f, 0x0, 0x1, [@typed={0x31, 0x1c, 0x0, 0x0, @binary="c5f44e429b609175e83e959e256ff614c6d499c9bb185fbc92ff0a1a38af929db9d87c6f2f5e9db9905b71f168"}, @generic, @typed={0x8, 0x63, 0x0, 0x0, @pid}]}, @typed={0x14, 0x36, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @generic="286c223ca807066e45ae4b364c0c83c4ddd93c156b278336b84a2666f95a0d661a0dafcaf605f7327f3372b4ba5e6f936b3a15cf07923180aefa0a84921935a3cc3d668eafd2307d66"]}, 0xc4}, {&(0x7f00000003c0)={0x394, 0x3f, 0x400, 0x70bd2c, 0x25dfdbfd, "", [@generic="f7129263272efc9a500ef82e4cc7c698d69fd17a6fc15508c5018095c3a781c07bbd33210df8719a5563d81293ed6ae5f4567eec139c710bf66f64994131e941964a86593180aaa6871d1a845dc54c581b0e16824394287c2d5b5df329007b1853b528f3c3cc446ede", @typed={0x8, 0x61, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0x8d, 0x0, 0x0, @fd}, @typed={0x8, 0x77, 0x0, 0x0, @fd=r0}, @generic="3fb8e1b44f954bc1baaa1d1548e57e2fdea024f26e36e555859fe32a90c991256484eb9f38478e99d12639b9b299372037a8d0f32a278fc699cddbf202d1fbeba731db6d1deb6804d9caf1d760b837f7bf27e0e81259e5f2fac6f4b4fd04b6b8ce6d08d68d143a9731958ea5f2eba30f938934131c37af69cb0f83a5c340987c1b17362cf2719d9e9b318930553934e1341abe9bb4b8895974a1d2d78ea647330d5a75b96dd3cb32e58d27b241dd", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@local}, @nested={0x24a, 0x17, 0x0, 0x1, [@generic="cf18d976", @typed={0x6d, 0x61, 0x0, 0x0, @binary="99b81f37343e77850de510664d5fef372d4ff6f344b509692c875ddddcb86b73f0396689115709b6c0c36e18cbce4d8e09f4bd7811138c12b10053b9d942c3ace468580c1e31e66c0fc289ef4dc38d12fa28cd12c099bec7348cd1138c628cea9c25c3b84c91f839e6"}, @typed={0x8, 0x5b, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="7aff1c17279e1b561382724455701890ddcfaa32d4a1a3939ee428e2305c0e813f5b845dec4d1eb77f4a3ddc355092c375ee926fceb7f21e2a8af972ffd44c62663e64b245c3bd513d0b6cdca2df162cc31e2be833278ffbeb4ce6bf4f3ee63017a340ea9749f70edef9c8dadf50d4ff8209ae523903a48abed30a2caa6b3e9f7c3e5aff5fa662348b4e035ccb7777adaffbb7a31d6a305d27a7db6ecbcd27f2f0383267ce53833c1790db91a3cfe3d9473f7e067b66f26577d26bc4f1a85cfae0f9ebd49e31c7abcfe318080d6de46b24a08ad1a6fcebfd4e5ef83876b78fbe43", @generic="fe1ab8a3e168a28570eae91205095139c86847779660e37716aaac6c743c5b3c02aec35f0f6033b5c9f04845f7c3e49b47053f3f4881b9579ada0ffbba6e983c5838268e32d72cb77c0282473af2f5bc7e23f5eeaba972cca2cf1d6db577c08e5a76e8cd8c47766176d89f3d3ac7f69baa05ea9e39506452ce9ca60ae1c022e1a1019498d17860205780d475d60a8fe4fa2bd22c22fb307743ab6057a4454a46ce541adab7b144a8ca459cc8cfd1778fe194c021cf3f078db540184a843ea1ffd72bc5a616947aa6a0b15a4ea5321562d25f61b925370adb52a003ef4840bf944798f622d41d4e7452"]}]}, 0x394}, {&(0x7f0000004f80)={0xe0, 0x1d, 0x1, 0x70bd2d, 0x25dfdbfc, "", [@generic="eb9251ae2eb32421cf68c57f6129555c033e70da4b2071fe375acefb43e4f83b7668fad44e153bd5110fb4ec8f0bb4f529601bf0b978ecab4e0a0ba9a45d6721f6e33cabfcf1f6edc3bfa83f44de8f6ce460b5ae09101c2fd53b4088c4fe99efab48cc2f9ad9d0fa6bf64facff9eba193c57df1e3ac65bfe21ab95b9c2e72c84da8cf3f6834594327df95b917c650214d15a687b3118e351765fd765c7d66ed54637b518fec0734464b023437d16a803063484bd529fe5fd2c3c1ba96dcb6ddc68b026d5266626", @typed={0x8, 0x3b, 0x0, 0x0, @pid}]}, 0xe0}, {&(0x7f0000005080)={0x1234, 0x3d, 0x4, 0x70bd29, 0x25dfdbff, "", [@nested={0x1d0, 0xf, 0x0, 0x1, [@generic="e544244d07c6108ee68eff8cdb129a1c1c53e2cbfdd02ec33c3d1f4e918eea4613d54e9d8b92c7d7bbfff729521dab4ab9fcb87d82", @generic="7df6913be26555958d7e44cb433d614cb1c7da653987133d7c5964c52bbe38a0eace6d238b506dd693c79bdfebbc5808f2dd5830928c43eb86fc6eca1480cd7f626b1673bd864c0852334bdd5b168c84365f5a071f1870b51c14b330e1e587025f4b8066822c1e2a4bc27db7567638a76216806e78a6c95708fb073ecd5ffbeeead764411be5a5437f8af4d2e710e59e884fbe0d5eb4f63b2cace17625dbd3e418334aef0f8b3a24513d0e11f812ab9f102555ae8b84a88cfcf3d9ca2e1ec53c26979787b2e9f5b5226c929dbb7520f7bc57dcca3c71f179", @typed={0x8, 0x78, 0x0, 0x0, @uid}, @generic="1c0af51e3b5ecbe34b50d17398b0db9082160d6ced7cf184e39a104dcdcd12e6fdfc2fbccf6cf112482c2b0362c57b805b3b22c0f62b8b897d042ae680609949e911d786e8fba93f35be39436f304b05c0e3bf2ea2cf56845c72cacdf9ee54e6c12b97eea21e0385a6b273a8d82c427053ae79a7eb55395017f8024a11c7e387ed0f34a043d0431f19a69c41ec0b3b3834a36fe9fe2e6710b3d27620a0fb2539ed61adde268a0f3b8335", @typed={0x8, 0x5b, 0x0, 0x0, @uid=0xee00}, @generic="e043b2bee0"]}, @typed={0x14, 0x64, 0x0, 0x0, @ipv6=@local}, @generic="e5dda8a7708a9769e47bd1fe", @nested={0x1034, 0x37, 0x0, 0x1, [@typed={0x14, 0x94, 0x0, 0x0, @ipv6=@local}, @generic="3f3b97a1f5245a1d8712b12cd14084fbc2bb39cf12df22b45a8a22a3dbb1bfe034f726a25c769abe8ad39429cd9d24364acb551d8c7e127027b0cc4191ea22b0bf83069d2399217dc94b5e6a78ac4d15a6368c37297bd10f920dbcdecd989ebe26cc21732fa72bc68576701efd9aa98d7fdd0168db3b3ff1eca36f7fd1a0604081508ec16455755bafd7f3a2c08efa020d675b948cef3a64dcccf7f8903d964c422ec1f4549e58728e6b0fa5066dc419f49a4795878c871d92fa818da45787817f793f7a9cd375aacf35c12839c13f35268a6fa027fb317119e22a397c61626795b8a742bb64eed9b0e63dea9357cf52353f08e2700f92ac9b8acad81dd913c03d7c464874cfd10ec65225d2c5ce2df16e2f4b23dc1a76982c980ac3d77051a9507146bd779fdc168e24b9406918d75778bbaa0f9712990650288f094ac4597b131507c70f054de66094cb02a27c4903aab55f8eaf5c6f570e03f67a746ecb8973711ad887fbee69bf6e9d3ef4da048c3b1850050e40f5f994985c6e1b2c5679fa70f04a95073fa2b76824cbbbf460566c0cda0cc68e3bf5bc4821dcb39715e2feb7a79152c533a99428d1b7db506c391c98b31e661e6c5261e251d1d19d5c6738f820ee48fa356049d56ad43b1dfe72d7b9c956729e1e8772b2bdaf386d6183066aa98847c33c1e7d541b5fdceb4b6096fcc95b1532848ed4d5202b4b4136f6dc447b8c185a56aed212a19d293ffe85e09fa764a10aead6ef0905e4b3af7450dde2371c088bb6a26ceedbc5c328859bd8ed6353a25548838619bc2225e4e9d64475867622b9b950ea1860ca94bb42c863a7939a6d71ea2ae65786b4175fa0883f425654b3097af769bf2fc8bbf9698d44ad402cb8aab049f4e11179f0b4bb388461baad7ba8fe7fcd28c2290c3f63a144508e7dc8a777665383aab5b5dda520d972aafda6e70c05411ab2998901acbb198aeed10c24d5c5b750069f507a0e93053d0ce2c592e5f2c8d2014f6c7a2bdb453961fb2a87ec2103b9553c749b5d7fc3667a2dace7facd5e65547d3d33706feb62fe3677812719ea744dab9c73388e8f57f01df96ea512f9e47b2698105b2b9023da0218a077e9a8539f46f4b1c17dfe1f19443816b5b90cb1323fa5f3e59bdb4c835e173afdd0849727582725901a5480301fb7902ef86ac3034f7af4361f164c58f786b56555dab4f07da3a87b7f45aaf008693f80b07c0b2a4c8344510eb78a65326f29a2a78f748307380ca2bafe8b6ab8cb94c03e6eae227b91c70b33f32e7151bf15af4ea85d320ced66ba76b64b179d82168ed7fb1e864c32fee04fd53901595a163e1a0838952708548a202d336376ccfb8e9433558ffb79540649ab55421b22ba8b7a8a25411c7cc3f3254c3583f602692aa38927851030d5f2c98c9d7240bce7ddb7167f42071453166e2793f351fcab2bbc41bc2c28fb08ac54264276573c65c007f54bb64cc4f4779323b11222fd4d00c1be1327db63f2239837c7768ce2569d276cc9606aad0777eb0585d4cb2254587a259ff60444728626171ddb45523c1f02ce8aef4f91b1ea136391d87052dc6437677c521abca12d5c1eec0f911254166fb982f0ddfcf7952ef1efa66ebe25cb0e956b3a4730bda77aa862de0d0d131846582ad148607b9d50a97aa5940b786699670827c7c8302e1e1e49e6850f6d40742e82d39dacd2861f922c8eb463d50da8da3700502172e1cecd6d601b207c44837545ce7faf358d8aab6502bec4213a58a24d4f4d5cdf643875dbb24c9e7ad07e2733dd3aedd5f5cc3c369b1828c8ed1fd2c919cb08c10e2ff91664ff75d171e20d475b7ca20a9cb19233243be9225888daf79b22c7f0d0bccd85ad3ca9e96f037b144f9c77c172e7feb1f52274dd24fc8cc0469e9e1d77634d04bb4c4c4a6d43ef724b93777c01157e083bd4b3f84e19e749b18760ecdc7b373e93f110cac60c8b07c346cb7e1f2c7b383147a8c80e2221ebc195d1e293707a754dbea8bbf650a5bdc4616cc0d8fcfad882969e3b0c820a5b7a4b3c979ab49c02722b4971ce414e5885cb6f44af73c80e5150c58f1dbd8058cf56e2fde03eaaf75efdde057c9d1d5d3f385dc32ce05a38262bafe1bbb23198c16047bb6981b91db7c2d47370e2b5d55a3db317561b838d7935632c51cb9cae800f39ce25cb053e90f62f67e3f55767f1211f93e13b635c8c30fb0465a5379c43d5d1a9544707d54e47f6749ce2ae1b1417e6bb151df2507cb0a5d48df92b00247f726a8afe8571f2b20a51943a7bcfc85bf1b48c9ef64055b7f77807aeff1b9a479c24d12757f460783a74ff44659d96767cd77f002d4960903e118b851fb2e32639ef1656f4f1c5149e46ef7aec82566e9c48cd98f54f40701201351bf09cc208d4f2e6f019d51ed4d2be3eda0df9ab0bfc27aafe457572c408ada935bea072426c9da0ce60d7a064a4dbffd73f7036cc4e772bd22d50661d23aa14120957a46ff6053ed4433945333fc72813dd02e121dce50b12fc5eb1c23b3a0dd7eadd9c226de23574656a1288a2a3a17f4e704b2ce1c0eeb8f794f2f3cb3c0fbd2d57b812930161afa9c378adad3f87dbeb061cf20a5e3300ad0a94126831cd3f30fd6870f74bf38af8a49d1a2a7652b42d093b12556736c735208a1a7bf7706603949ad11c00e386b45a40ca89685a14f65a973d5138d5645b7c30499b92fdd93b01c05d664c944c85da860a7aae1407996f4f5be7abd71508ea1439f1c2427c3b3321f48b13ab1b9cb19b8dba8044248d3b2f3a84d50864f955aad1cc21d72623be810bf7d9a3e13cd867838eceba343d81e73ec08cc91c07921f492cb3fe20c3000607aee1e8a6477b0f0ed819fabad0cdb9112fcf0138adc5cfe36f4b4a336f574e1db87699a8146e89fb34097c5c2f70a80b671d56fe83b7bad817c06122d81dc72d29c2fe98af5691d0f948d92d1b6c9015d5c0e1bbe7cfef278f68f2b974ac6763ae73e0ed1d64cc6886d81483148a3a1c874d66761872da00477b42ef62ad1874e07b323c05c516b9825eecc7cef4b5b964fe3b47e3418b3ccfee0d92b1392f69e6a67fdc39aac327bd3775abf54f18a6187b6a869d018b2bde07a73f08bdeec1c572aa5c86fa9c1e8b86fdbd4b048e13a818b2a25cf1699305c12f44402883cb5e56fd5f5859cee545cc663dc3ba35fde377d9d02b9c69a5941a53dae621a7202dd6e3bd0ecca6bd8f1c2deba21a6ea3507c7addf588eb22100d34ea5693d58e0416c01a0ecb9aa2a1ae25572c1a634b456375de1e873292a9dd3e3afca1b215a808ecb7d6241c5fb31797a0920fe916a554942be91673b47b0e5ae385bfdb871a139525f42c032fefb77ccfbb55ce4448b985dc4bcf2707a394b0ff60b1ada8ffbdc2cce12bfa7da4e9fb905faed9fa34ce332ad0f8b9e2f5911c1a1f860649bbc6aee50a5bef397c56caf899cd2c3ac81aa62ce6cdbc2c588b77a5a85ec010f20b06622b3b1cb5a230bcd44943cf4429fc3adf7c10151715fcec0052e6d5ab138c9e66fd9dbcf2fb60d6259fd766d50334ba59dc88a2697742a6a13e84189b4a77c45eabb1a6e354a921ec49367c8fcc04ebeba722069880d298681ec30efab7fc97168f9115a6a25432c22686cd5a640c7ab970b89d67c379d44916ae265b24e845b1b6850bc06163117cbbe4df72a17124f349f56d4912b2375aa1991798f88dfadca7f8244bce76c92bb03ed10b561b4c42eac410737a39eaeb270a7387bae1619a4ad5cb5b101ff0df6f09bc14c556bb46839c03123d050bd4ae27dc02bd3366e38062c9b32acfbf3786af9cdc099d8295b5fa827ea26e0f3ea50131daada807c391b23543056d0e8c30e37a485e58821ed5053b6331e41f1f8161b8b0bf5b393fa593c9977602c4bbf508a03aaa4fd382a789d98be109f3885fcf414c7b8210f403a0b060a0edee9bf1572b3017b4fe616036dd85ebfbe92aaa38f74102766072e64341911e7d90e46cadd6b713699ef408f8241b68d19972eba9512cb1626cd3123e9ee3332ab698034bac09d2fdb9704e202ba0dbb43ef89d63040d49852f33c0f0b3fd65409dd9740f3c6714726bf064931a345903601fbe86cdd52116365a0d8466b222a09017058a55b8ea30bf7f227d6874394f59ed81211e651cb10d916aa0fbb729d4a69de3973d8157525f50f9f31744c185b244f76236b7f09ec277c2b92971351e3ecb947345799433855393b8bad9d7b56c6f3dde8b7a052025644acf82df4c2d757fce5b5cec7ff3860a385e76bf29931ce342fc515b005834dedd96c255e2ab018d558c09096621aff7c2bfcc08eb189397f9b2671d3c1d172a9c7cec7fb5a8d0326d7a7d203e3c56dd82fc5b568d0b7ee2ca4258e944b2cf9c91c4eb207c3ef7384a517e55606cbb485cb5a71626dacbf51d1be7f781975c6422f5047f49fda1882e1af2d0123570d656c68833cffea8bb9c830af364ab89fa817a39bc898bc587a68ce032e29cd0a713abeb2a2bf7eaa7c52ce579a12fe176052d3ec9d84acb14d16194c0d741a45787d7e90e69602f4737fa30360f522e06481e3fe5ba8ab06383c86d8dd33ce0ac3bd32ca4ab200965d507fa005bf6cdd0295e14caf8c794db78faf350d0c167a8004de2c0e5580123a7aa5e1a1fe6d6066c0111a18ee8caa293dfd85af882edead8601564c4f1eaa68e8767b6b26ee540aaf803d275faa4c47b74fac576bf3cec30d8e01d64d5c75294262b3c7c777cfb714b94d25851c673ea6a7c0339183477256b50cc296fc657078b9efad87160bee80c1648031476bd4c484cfeab80f8bd9bff7aef7a32274bc0265cf54772a7571a9757a7b05fe31569733b1d5d03a091f3a696a28e22feb130f7b892944f70e3e5b18e1f55e28feef37235b8775ba0309730cd197d16426977d56edd45067564473ad54f4e063aa457736244a87a429399625398e81baa6fea509e8fa40a97ee31a2854f443b370ff02bc0e4301b76f04d91d24d1951b516fd97601002de53d149fb040c958bf5e5bbe52cb56c7e36d0fa8345d326412dc105c996c9f8bafab0a301d24a8203bd7e19d401fbea37c179f864d1da87e269e2a206efffe69b2386bcb3b82d4bd95595adf112aa300281b459e70abd657435096f3bc57d5b6df6110ee7c132782afd1ce31195051b8768227eb515016097ac6f6fb466891cc3aa9539887f2f974a6595c63d479a329d50295376eee5b22e42ad58c25c7fcf2d9f3156dec612e1855b4803af4d19fe4f97cd988dc7b4f920d8ad0ada69b74fd4c0c2259baf17161f9e71836aa68012b6ddcc2bd06da44ef7c2d7286167c6f03174c40ed31fdc24aea250fbcb83802b74b1ab991ccdb1462fe3fd3bd6a5621412917b1e8c5aab97e566867791573752a635daa9320a6d6cc4d22de0eb1b3b079b857eee3969005ed7a5b08a72566a05d9663683d0a57d6a8b68938614d55cf1b807ebd70d2ec9a21cbde2dc9557bfc04e4423d49e739d854cfcfc400b0b32900609eeb56b8899a63017c8e84896be004958cf72234b852463d18ca44ac8477301c7121a81878bfc055b27e4697adc4859b0da6e1aa6e3055f9df9bbf17ac312ae98c275e748463779a22c18d5c5959803a4c49da6abef82a8dc62d4a1a9258a5e0d80daaed5cbc96fde24f557d9153748915bc29f8b2a4a3e6b5f98df60edf3ba0df76382771e04310d2b4a637fc4c990c3686ba476adff235fd348b35d17cf9b57975d283b2293d61dd66f718e1dbdb54329", @typed={0x5, 0x23, 0x0, 0x0, @str='\x00'}, @typed={0x14, 0x53, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}]}, 0x1234}], 0x4, &(0x7f00000065c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, r1, r0, r0]}}, @rights={{0x18, 0x1, 0x1, [r0, r2]}}, @rights={{0x24, 0x1, 0x1, [r0, r3, 0xffffffffffffffff, r0, r4]}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}, @rights={{0x2c, 0x1, 0x1, [r0, r5, r0, r0, r6, r7, r8]}}, @rights={{0x30, 0x1, 0x1, [r9, r10, 0xffffffffffffffff, r0, r11, r12, r0, r0]}}], 0x120, 0x4044024}, 0x40)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)={0x18, 0x5e, 0xee01, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xee01}]}, 0x18}], 0x1}, 0x0)

[  272.159226] loop0: detected capacity change from 0 to 256
[  272.164946] validate_nla: 2 callbacks suppressed
[  272.164969] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  272.167330] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  272.167821] tmpfs: Unknown parameter 'obj_role'
[  272.173808] syz_tun: refused to change device tx_queue_len
[  272.178510] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  272.178681] tmpfs: Unknown parameter 'obj_role'
[  272.179962] syz_tun: refused to change device tx_queue_len
[  272.183801] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  272.186323] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  272.188047] syz_tun: refused to change device tx_queue_len
[  272.191678] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  272.193277] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  272.195170] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  272.209176] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
02:33:29 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  272.233591] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
02:33:29 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)={{0xcc, 0x1, 0x3, 0x3be, 0x2ae, 0x7, 0xe2, 0x80}, "dfdced1af6122b4ee947e0a10c0d6b1ff4f530660517da6244308618069396c616b23f88f35d8b6fea1d26dd8a48c54df7ae5d94efa5c15f622980d0a6759b", ['\x00', '\x00']}, 0x25f)
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x20, 0x40, 0x5, 0xfe, 0x0, 0x1000, 0x400, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_bp={&(0x7f00000000c0), 0xa}, 0x0, 0x0, 0x9, 0x4, 0x80000000, 0x9, 0x4, 0x0, 0xa3a, 0x0, 0x7}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
sendfile(r0, r1, 0x0, 0xfdef)

02:33:29 executing program 6:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x8059]}, 0x8, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000080)={0x6, 0x7fff, 0x9907, 0xa6})
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x4a082, 0x30)
io_uring_setup(0x5187, &(0x7f0000002dc0)={0x0, 0xfffffffe, 0x2, 0x0, 0x349, 0x0, r1})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x8000000)

02:33:29 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:29 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)

02:33:29 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  272.383106] syz_tun: refused to change device tx_queue_len
[  272.391872] loop0: detected capacity change from 0 to 256
[  272.395389] syz_tun: refused to change device tx_queue_len
[  272.402040] syz_tun: refused to change device tx_queue_len
02:33:30 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:30 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:30 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:33:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400", 0xc}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:30 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020820000400008000f8000020004000030000000000000001", 0x25}, {&(0x7f0000000140)="f8ffff0bffffff0ff894ffff0f", 0xd, 0x4000}], 0x0, &(0x7f0000000340)=ANY=[])
mkdirat(r0, &(0x7f0000000240)='./file0\x00', 0x0)
r1 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r2 = dup(r1)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
unlinkat(r2, &(0x7f0000000040)='./file0\x00', 0x0)

02:33:30 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  272.594394] syz_tun: refused to change device tx_queue_len
[  272.606584] syz_tun: refused to change device tx_queue_len
[  272.608433] loop1: detected capacity change from 0 to 64
[  272.614877] syz_tun: refused to change device tx_queue_len
[  272.626028] loop0: detected capacity change from 0 to 256
[  272.634729] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
02:33:30 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/unix\x00')
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x85, 0x0, 0x0, 0x0, 0x6e6}, 0x0, 0x0, r0, 0x2)
r1 = socket(0xa, 0x3, 0x6)
r2 = getuid()
r3 = getegid()
r4 = getegid()
r5 = getgid()
setfsgid(r5)
setgid(r4)
clock_gettime(0x0, &(0x7f0000000100)={<r6=>0x0, <r7=>0x0})
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x1030}, {0xffffffffffffffff, 0x4484}], 0x2, &(0x7f0000000140)={r6, r7+60000000}, &(0x7f0000000180)={[0x38000]}, 0x8)
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000000)={{0x1, r2, r3, 0x0, r4, 0x8}, 0x0, 0x0, 0x9, 0x4, 0x5, 0xc3b3, 0x9, 0x1, 0x0, 0x1f})
sendto(r1, 0x0, 0x2, 0x10, &(0x7f0000000040)=@phonet={0xa}, 0x80)

02:33:30 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:33:30 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:30 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  272.756489] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[  272.810521] syz_tun: refused to change device tx_queue_len
[  272.818163] syz_tun: refused to change device tx_queue_len
[  272.980247] syz-executor.4 (4676) used greatest stack depth: 23800 bytes left
02:33:39 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:33:39 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:33:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:39 executing program 1:
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x41000020)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000000080)=""/162, 0xa2)

02:33:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400", 0xc}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:39 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:39 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff)
write(r0, &(0x7f0000000900)="5ed0b2ff68d76fb346352b602a2a1295cbe01cb3f64fbed9e7f9bc9be0f300cb97f6a204cc586e45dfb949002f61f8fb969dd435dd0c37c5077e5b10cfeafd75205e215b167323a3b971b0ec98e6c3d4d825cae01271cb35cdd091e4872367f354e0dc81a7e4ac79775bc1dcaafe2f5079da79d1989f1ddce6722fc438a7217526cfe75d53471624d6f091e19a7fb699ea27efa9e0fd1914e7c35f297afd9b9b85ff0ce7a982f4fa0c172ea5f06479eec302f30e5df66273717e028f4ca7d4c5b6bc8a3c3c67f688195f22488a15d9e1f7e5fed3a6c2aba7bc308b0e2c5657f4538f4a3bf9b975bb887a901ab3c85261be3e331b741313e78b5ad63b7b1b378e9c79dc4a95b2b4d15cd1d1b808844378f882a72af1e5b0eefd356e0247246e60643204c3b46183dbe4e066c55cb1dcdaa7b70ef43ab2fa4d2b8c4c1a89cb0e325fd9716874d3856cf368efd1f92d21214e55e4de647c37c71887d11f74f9afe1616e3054ceae601e4b3555e243c1882ad42c7730caeb309e7714ad87c55e9fba308cfc4161e562abde3ac4f3d7e0a3584d4928100197f102307c05c0b4b4898b0591bc1433af443478979f28e6136ffb21aaeac2be5490475a08e96bb94fd9d9d3aa2f8a1e147a80ba9bfd04dac3f476ff128476c693ea71f7be47a508c98eddc479eb703d6f17cc5be2182f7c39b0a47eb23e0808b5d87dd2a9ce88eb48a601", 0x200)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r1=>r0, @ANYBLOB="4b0e00009786d269e2363cfc49e05dea1d891575ed3973aaa281a23813939ce4da769c437eaac20cfa13d2ae33dd6f2f27a78a5f0a28c243d8425346d28717e0c5167111a4d71d1c6f3406bc4586a939eb12d0dd7519f45148487e0b2a07b76e6b8a0852fce2d8a8e438218b5615a3c2da4feb3a652961f36530f68d323986fa1b65a989ef6b7db15c131f348037ae69f13796e184257d122ebc81c8fd591f58b8edde9da5f74fe46fdac6324f74c1042b8fb96495b6c24f91d89d454219df9b320d46d4a64084a5b3cd69cfc46971819800c045bbe0a325b29cf8"])
r2 = socket$packet(0x11, 0x2, 0x300)
dup2(r2, r2)
r3 = perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = dup2(r3, r3)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40042409, 0x0)
setsockopt$packet_int(r4, 0x107, 0x9, &(0x7f00000001c0)=0x5, 0x4)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r6=>0x0})
bind$packet(r2, &(0x7f0000000100)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000180)={@remote, r6}, 0x14)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xedec)

[  282.048827] validate_nla: 17 callbacks suppressed
[  282.048849] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  282.055709] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  282.060693] syz_tun: refused to change device tx_queue_len
[  282.062093] syz_tun: refused to change device tx_queue_len
[  282.067516] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  282.078207] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  282.080863] loop0: detected capacity change from 0 to 256
[  282.081926] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  282.083673] syz_tun: refused to change device tx_queue_len
[  282.091849] syz_tun: refused to change device tx_queue_len
[  282.136177] audit: type=1400 audit(1768790019.779:13): avc:  denied  { read } for  pid=4733 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
02:33:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  282.234149] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  282.235647] syz_tun: refused to change device tx_queue_len
[  282.250518] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  282.261509] syz_tun: refused to change device tx_queue_len
[  282.275602] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:33:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400", 0xc}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:49 executing program 4:
r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
io_setup(0x3, &(0x7f0000000100)=<r1=>0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10782, 0x0)
r3 = creat(&(0x7f00000003c0)='./file0\x00', 0x0)
io_submit(r1, 0x1, &(0x7f0000000180)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, 0x0, 0x5a, 0x1000}])
write$binfmt_script(r0, &(0x7f0000000400)=ANY=[], 0xff)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x8}, 0x2000, 0x0, 0x0, 0x6, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
fcntl$setstatus(r0, 0x4, 0x6800)
sendfile(r0, r2, 0x0, 0xfdef)

02:33:49 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:49 executing program 1:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x4, @perf_config_ext={0x800, 0x1f}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x20003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x3f, 0x6, 0x3, 0x9, 0x0, 0x23, 0x3be9c, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x4d059, 0xbaf, 0x7, 0x3, 0x6, 0x9, 0x101, 0x0, 0x7, 0x0, 0x5}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000002180)={@in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000400)={&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000003c0)="0774ab99a781e3ec6073783e60c49cc523db2b588bcc07967e307f8405a6345f037cb601e182637d6bdeab0ed2", 0x2d}, 0x68)
bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x400, @remote, 0x3f}, 0x1c)
r2 = signalfd(r0, &(0x7f0000000380)={[0x8]}, 0x8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e24, 0x105, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffff9}, 0x1c)
shutdown(r1, 0x1)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x15aa}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/9, 0x0}, 0x58)

02:33:49 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:33:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:49 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca32"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  292.010511] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  292.012226] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  292.017320] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  292.018954] syz_tun: refused to change device tx_queue_len
[  292.023313] syz_tun: refused to change device tx_queue_len
[  292.025084] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  292.027497] syz_tun: refused to change device tx_queue_len
[  292.031227] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  292.035886] syz_tun: refused to change device tx_queue_len
[  292.046045] loop0: detected capacity change from 0 to 256
02:33:59 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca32"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:33:59 executing program 1:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x4, @perf_config_ext={0x800, 0x1f}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x20003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x3f, 0x6, 0x3, 0x9, 0x0, 0x23, 0x3be9c, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x4d059, 0xbaf, 0x7, 0x3, 0x6, 0x9, 0x101, 0x0, 0x7, 0x0, 0x5}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000002180)={@in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000400)={&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000003c0)="0774ab99a781e3ec6073783e60c49cc523db2b588bcc07967e307f8405a6345f037cb601e182637d6bdeab0ed2", 0x2d}, 0x68)
bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x400, @remote, 0x3f}, 0x1c)
r2 = signalfd(r0, &(0x7f0000000380)={[0x8]}, 0x8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e24, 0x105, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffff9}, 0x1c)
shutdown(r1, 0x1)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x15aa}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/9, 0x0}, 0x58)

02:33:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:33:59 executing program 4:
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$inet6(0xa, 0x80000, 0x2)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x80010, r1, 0x53c15000)
ioctl$TCXONC(r0, 0x5608, 0x1)

02:33:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:33:59 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:33:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200", 0x12}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:33:59 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  302.364622] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  302.371321] syz_tun: refused to change device tx_queue_len
[  302.372145] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  302.383846] loop0: detected capacity change from 0 to 256
[  302.408173] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  302.429720] syz_tun: refused to change device tx_queue_len
02:34:00 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:00 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca32"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  302.439204] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:34:00 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200", 0x12}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:00 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:00 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  302.564497] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  302.568216] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:34:00 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  302.602378] syz_tun: refused to change device tx_queue_len
[  302.606394] loop0: detected capacity change from 0 to 256
02:34:00 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:00 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  302.682680] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  302.686312] syz_tun: refused to change device tx_queue_len
[  302.699310] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  302.772784] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:34:09 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:09 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200", 0x12}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:09 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:09 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:09 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:09 executing program 1:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x4, @perf_config_ext={0x800, 0x1f}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x20003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x3f, 0x6, 0x3, 0x9, 0x0, 0x23, 0x3be9c, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x4d059, 0xbaf, 0x7, 0x3, 0x6, 0x9, 0x101, 0x0, 0x7, 0x0, 0x5}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000002180)={@in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000400)={&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000003c0)="0774ab99a781e3ec6073783e60c49cc523db2b588bcc07967e307f8405a6345f037cb601e182637d6bdeab0ed2", 0x2d}, 0x68)
bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x400, @remote, 0x3f}, 0x1c)
r2 = signalfd(r0, &(0x7f0000000380)={[0x8]}, 0x8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e24, 0x105, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffff9}, 0x1c)
shutdown(r1, 0x1)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x15aa}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/9, 0x0}, 0x58)

02:34:09 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  312.371481] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  312.378311] syz_tun: refused to change device tx_queue_len
[  312.389149] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  312.399315] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  312.404832] loop0: detected capacity change from 0 to 256
[  312.407228] syz_tun: refused to change device tx_queue_len
[  312.408596] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  312.410171] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  312.413917] syz_tun: refused to change device tx_queue_len
02:34:10 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:10 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  312.427297] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:34:10 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:10 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:10 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:10 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  312.555626] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:34:10 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  312.575348] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
02:34:10 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  312.582066] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:34:10 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

[  312.593857] loop0: detected capacity change from 0 to 256
[  312.607447] syz_tun: refused to change device tx_queue_len
[  312.608719] syz_tun: refused to change device tx_queue_len
[  312.622372] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  312.658097] syz_tun: refused to change device tx_queue_len
02:34:19 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:19 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:19 executing program 1:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x4, @perf_config_ext={0x800, 0x1f}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x20003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x3f, 0x6, 0x3, 0x9, 0x0, 0x23, 0x3be9c, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x4d059, 0xbaf, 0x7, 0x3, 0x6, 0x9, 0x101, 0x0, 0x7, 0x0, 0x5}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000)=0xe7, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000002180)={@in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x0, 0x46, 0x0, "517d60a8dfa1273239320761b00773d2e8f22425183aa153e711c2d0dd3cc9d9f1c02db522d62e4c37b5657865e2021923d37da8da241753db27b862a5d8891bc0d0ae95046fc0b8bf7164a2d54af890"}, 0xd8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000400)={&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00000003c0)="0774ab99a781e3ec6073783e60c49cc523db2b588bcc07967e307f8405a6345f037cb601e182637d6bdeab0ed2", 0x2d}, 0x68)
bind$inet6(r1, &(0x7f0000000740)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x400, @remote, 0x3f}, 0x1c)
r2 = signalfd(r0, &(0x7f0000000380)={[0x8]}, 0x8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="db4d31d6805ecdac87307b14c169d9d9", 0x7ffff000}, {&(0x7f0000000200)="ee91b199cbde153a80cc89fff10933ca330cad7d5e0f004c6e6896c0909b95c3eebca1ddbf38aeb052c2cf7f3c5445bfa4c9cc966edb83bd3436a22c2a8e1cafade0533901774eb216d833be627e96c9a9c78fc0ad06be165d206fdd35dbde963942c7cb29ed300d6551b21ee9c57532", 0x70}], 0x2}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000300)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a00)='m', 0x1}], 0x1}}], 0x3, 0x44894)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e24, 0x105, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffff9}, 0x1c)
shutdown(r1, 0x1)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x15aa}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz1\x00', 0x1ff)
clone3(&(0x7f0000005880)={0x7b804100, 0x0, &(0x7f0000000280), 0x0, {0x1e}, 0x0, 0x0, &(0x7f0000000240)=""/9, 0x0}, 0x58)

02:34:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:19 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  321.869165] loop0: detected capacity change from 0 to 256
[  321.881205] validate_nla: 2 callbacks suppressed
[  321.881223] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  321.885177] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  321.888209] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  321.891234] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  321.892875] syz_tun: refused to change device tx_queue_len
[  321.897721] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  321.900537] syz_tun: refused to change device tx_queue_len
[  321.902866] syz_tun: refused to change device tx_queue_len
[  321.909406] syz_tun: refused to change device tx_queue_len
[  321.916606] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:34:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:19 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:19 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:19 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)

02:34:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  322.055903] loop0: detected capacity change from 0 to 256
[  322.078333] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  322.100116] syz_tun: refused to change device tx_queue_len
[  322.101939] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  322.105711] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  322.107279] syz_tun: refused to change device tx_queue_len
[  322.108913] syz_tun: refused to change device tx_queue_len
[  322.116959] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  322.126949] syz_tun: refused to change device tx_queue_len
02:34:19 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:19 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:19 executing program 1:
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/pid\x00')
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x8004b706)
r1 = syz_open_dev$mouse(&(0x7f0000000040), 0x9, 0xe0800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0)
r4 = dup(r3)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000001140)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001040)="129bab5b93a0", 0x0, 0x0, 0x0, 0x0, 0x0})
io_submit(0x0, 0x2, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x6, 0xffff, r1, &(0x7f0000000080)="6ef22eb97777f3ecbf5cd669cc18276b221407f1933d1e5ab1655f70e2b7d3c9db9ed9b22b077bb5ef62645834466af96772b52f0f4b05c22039626b8d526e50669a10b03e1b8857c352c02ce614927e4b5f994b339074c4c32cf4d1025c216e602a4fe0be0fe42c7e5cea5edb6b40d9463800cfd55602418456961482a423dffed8d2224a537095de2f373ae9f2c8f08c317d971f62e6f94671dc86bdbfd6c4bead40a50ca7d5ef4f4166fb342f126fa113ac31d8637b3f71191e718da46d1889cfb7630bd6d164772cdd06d3ee4407e7f839fbd5ecfad63a3e296799163b83d3ebdfe1ee7301d80d1df4a28d", 0xed, 0x2, 0x0, 0x1}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x6, 0x0, r2, &(0x7f0000000240)="e29683df9ba4dd94df70d77e3da36e415dd5b2bfd49d7daa48852cdbaa2ca5830ae33b7844b3cf59862ae948d57a82dca8e79bc0cb1925245f5065c8a67cdc775c8dd93674f370bc01351d3eb13d07be9a74a0e11dff3e1fc52105b1f3520a4ed2b8236aad30912c161d6e552226173bf58f42ba82186a37dea91550d022ae27513e343fe38615b5576994982c911bdc07", 0x91, 0x2f3f, 0x0, 0x2, r4}])

02:34:19 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  322.273689] syz_tun: refused to change device tx_queue_len
[  322.283451] syz_tun: refused to change device tx_queue_len
02:34:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:28 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:28 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_ttl={{0x14}}], 0xf}, 0x0)
recvmmsg(r0, &(0x7f0000002e00)=[{{&(0x7f0000000040)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/197, 0xc5}, {&(0x7f00000001c0)=""/80, 0x50}, {&(0x7f0000000340)=""/172, 0xac}, {&(0x7f0000000280)=""/15, 0xf}, {&(0x7f0000000400)=""/162, 0xa2}], 0x5, &(0x7f0000000540)=""/220, 0xdc}, 0x80}, {{&(0x7f0000000640)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000001bc0)=[{&(0x7f00000002c0)=""/44, 0x2c}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/16, 0x10}, {&(0x7f0000001700)=""/84, 0x54}, {&(0x7f0000001780)=""/248, 0xf8}, {&(0x7f0000001880)=""/224, 0xe0}, {&(0x7f0000001980)=""/173, 0xad}, {&(0x7f0000001a40)=""/3, 0x3}, {&(0x7f0000001a80)=""/79, 0x4f}, {&(0x7f0000001b00)=""/153, 0x99}], 0xa, &(0x7f0000001c80)=""/135, 0x87}, 0x1}, {{&(0x7f0000001d40)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000001dc0), 0x0, &(0x7f0000001e00)=""/4096, 0x1000}, 0x5}], 0x3, 0x40000101, 0x0)

02:34:28 executing program 6:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:28 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:28 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:28 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:28 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  331.361494] loop0: detected capacity change from 0 to 256
[  331.364250] validate_nla: 6 callbacks suppressed
[  331.364263] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  331.367325] syz_tun: refused to change device tx_queue_len
[  331.372161] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  331.409207] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  331.410058] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  331.410302] syz_tun: refused to change device tx_queue_len
02:34:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  331.437557] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  331.510319] loop0: detected capacity change from 0 to 256
02:34:39 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x5d8f5533de79e3af)

02:34:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:39 executing program 6:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:34:39 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:34:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

02:34:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  342.057451] loop0: detected capacity change from 0 to 256
[  342.058899] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  342.062518] syz_tun: refused to change device tx_queue_len
[  342.065464] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  342.066808] FAT-fs (loop0): count of clusters too big (79870)
[  342.067545] FAT-fs (loop0): Can't find a valid FAT filesystem
02:34:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

[  342.123229] loop1: detected capacity change from 0 to 256
[  342.134429] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  342.138057] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  342.139806] syz_tun: refused to change device tx_queue_len
[  342.163583] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  342.183422] loop0: detected capacity change from 0 to 256
[  342.186720] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  342.197695] FAT-fs (loop0): count of clusters too big (79870)
[  342.198380] FAT-fs (loop0): Can't find a valid FAT filesystem
02:34:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

[  342.208254] syz_tun: refused to change device tx_queue_len
[  342.211095] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:34:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:39 executing program 6:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:39 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

02:34:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

02:34:39 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ftruncate(0xffffffffffffffff, 0x7f)

[  342.280281] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:34:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:34:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

02:34:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  342.366386] loop1: detected capacity change from 0 to 256
[  342.375485] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  342.377201] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:34:40 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

[  342.412583] syz_tun: refused to change device tx_queue_len
[  342.414679] syz_tun: refused to change device tx_queue_len
02:34:40 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

[  342.483508] Zero length message leads to an empty skb
02:34:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:34:49 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

02:34:49 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:34:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

02:34:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:49 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:34:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  351.419976] loop0: detected capacity change from 0 to 256
[  351.422096] validate_nla: 3 callbacks suppressed
[  351.422105] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  351.424838] syz_tun: refused to change device tx_queue_len
[  351.427422] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  351.449640] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  351.452842] syz_tun: refused to change device tx_queue_len
02:34:49 executing program 7:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  351.458637] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:34:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

[  351.463525] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  351.476147] loop1: detected capacity change from 0 to 256
[  351.499930] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  351.508238] syz_tun: refused to change device tx_queue_len
02:34:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

[  351.516567] loop0: detected capacity change from 0 to 256
[  351.522155] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  351.593393] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:34:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:57 executing program 1:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 1)

02:34:57 executing program 7:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:34:57 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:34:57 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:34:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:34:57 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x5d8f5533de79e3af)

[  360.037671] loop1: detected capacity change from 0 to 256
[  360.041169] FAULT_INJECTION: forcing a failure.
[  360.041169] name failslab, interval 1, probability 0, space 0, times 1
[  360.046737] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  360.053857] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  360.054087] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  360.055408] syz_tun: refused to change device tx_queue_len
[  360.059289] CPU: 0 UID: 0 PID: 5052 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  360.059321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  360.059335] Call Trace:
[  360.059343]  <TASK>
[  360.059351]  dump_stack_lvl+0xfa/0x120
[  360.059406]  should_fail_ex+0x4d7/0x5e0
[  360.059447]  ? __do_sys_memfd_create+0x1e5/0xa90
[  360.059483]  should_failslab+0xc2/0x120
[  360.059508]  __kmalloc_cache_noprof+0x80/0x730
[  360.059551]  ? __do_sys_memfd_create+0x1e5/0xa90
[  360.059585]  __do_sys_memfd_create+0x1e5/0xa90
[  360.059620]  ? ksys_write+0x1a3/0x240
[  360.059643]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  360.059676]  ? irqentry_exit+0xee/0x650
[  360.059697]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  360.059728]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  360.059766]  do_syscall_64+0xbf/0x420
[  360.059794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.059819] RIP: 0033:0x7f8c4a31db19
[  360.059837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  360.059859] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  360.059882] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  360.059898] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  360.059912] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  360.059926] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  360.059940] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  360.059970]  </TASK>
[  360.091420] syz_tun: refused to change device tx_queue_len
[  360.097338] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  360.134179] syz_tun: refused to change device tx_queue_len
[  360.136767] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:34:57 executing program 1:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:34:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:34:57 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:34:57 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:34:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 2)

[  360.245227] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:34:57 executing program 7:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  360.255715] syz_tun: refused to change device tx_queue_len
[  360.257976] loop1: detected capacity change from 0 to 256
02:34:57 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0)

[  360.324389] loop0: detected capacity change from 0 to 256
[  360.338968] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  360.346815] syz_tun: refused to change device tx_queue_len
[  360.358559] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  360.394451] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  360.404647] syz_tun: refused to change device tx_queue_len
[  360.414776] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:35:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:06 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0)

02:35:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:06 executing program 1:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:35:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:35:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:35:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 3)

02:35:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

[  369.063675] FAULT_INJECTION: forcing a failure.
[  369.063675] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  369.065341] CPU: 1 UID: 0 PID: 5095 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  369.065369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  369.065382] Call Trace:
[  369.065390]  <TASK>
[  369.065398]  dump_stack_lvl+0xfa/0x120
[  369.065430]  should_fail_ex+0x4d7/0x5e0
[  369.065469]  strncpy_from_user+0x3b/0x2f0
[  369.065500]  __do_sys_memfd_create+0x21e/0xa90
[  369.065535]  ? ksys_write+0x1a3/0x240
[  369.065557]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  369.065587]  ? irqentry_exit+0xee/0x650
[  369.065607]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  369.065636]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  369.065672]  do_syscall_64+0xbf/0x420
[  369.065698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.065721] RIP: 0033:0x7f8c4a31db19
[  369.065738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  369.065757] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  369.065779] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  369.065793] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  369.065806] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  369.065819] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  369.065832] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  369.065860]  </TASK>
[  369.065968] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:35:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  369.094507] loop1: detected capacity change from 0 to 256
[  369.116508] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  369.123621] syz_tun: refused to change device tx_queue_len
02:35:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:35:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:35:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:35:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 4)

02:35:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  369.205954] FAULT_INJECTION: forcing a failure.
[  369.205954] name failslab, interval 1, probability 0, space 0, times 0
[  369.214269] CPU: 0 UID: 0 PID: 5106 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  369.214287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  369.214294] Call Trace:
[  369.214299]  <TASK>
[  369.214303]  dump_stack_lvl+0xfa/0x120
[  369.214327]  should_fail_ex+0x4d7/0x5e0
[  369.214350]  ? shmem_alloc_inode+0x27/0x50
[  369.214363]  should_failslab+0xc2/0x120
02:35:06 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="00001e74408d0000a6e834b50f474f6edaeb1ff9648613cf5ad74457b1ff00000000645f0ae3094e59e50bfee32de576970308a41f0dd6c2cf47288f8895dca6e8681f1f7d4666d7035828c4690bca329e"], 0x52)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'netdevsim0\x00'})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0)

[  369.214377]  kmem_cache_alloc_lru_noprof+0x84/0x770
[  369.214400]  ? shmem_alloc_inode+0x27/0x50
[  369.214412]  shmem_alloc_inode+0x27/0x50
[  369.214422]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  369.214433]  alloc_inode+0x67/0x250
[  369.214451]  new_inode+0x1e/0x160
[  369.214468]  __shmem_get_inode+0x17c/0xe80
[  369.214484]  __shmem_file_setup+0x108/0x370
[  369.214501]  __do_sys_memfd_create+0x4cc/0xa90
[  369.214520]  ? ksys_write+0x1a3/0x240
[  369.214532]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  369.214550]  ? irqentry_exit+0xee/0x650
[  369.214562]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  369.214579]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  369.214600]  do_syscall_64+0xbf/0x420
[  369.214614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.214627] RIP: 0033:0x7f8c4a31db19
[  369.214637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  369.214648] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  369.214660] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  369.214667] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  369.214675] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  369.214682] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  369.214689] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  369.214704]  </TASK>
02:35:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 5)

02:35:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

[  369.282538] loop1: detected capacity change from 0 to 256
[  369.292700] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  369.297407] loop0: detected capacity change from 0 to 256
[  369.305441] syz_tun: refused to change device tx_queue_len
[  369.321622] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  369.322937] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  369.325343] syz_tun: refused to change device tx_queue_len
02:35:16 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:35:16 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:16 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:35:16 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:16 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 6)

02:35:16 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:16 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:16 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  378.892833] loop1: detected capacity change from 0 to 256
[  378.893915] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  378.895403] syz_tun: refused to change device tx_queue_len
[  378.903846] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  378.906401] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  378.914625] syz_tun: refused to change device tx_queue_len
[  378.942874] FAULT_INJECTION: forcing a failure.
[  378.942874] name failslab, interval 1, probability 0, space 0, times 0
[  378.944512] CPU: 0 UID: 0 PID: 5147 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  378.944539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  378.944552] Call Trace:
[  378.944559]  <TASK>
[  378.944568]  dump_stack_lvl+0xfa/0x120
[  378.944598]  should_fail_ex+0x4d7/0x5e0
[  378.944636]  ? security_inode_alloc+0x3e/0x130
[  378.944669]  should_failslab+0xc2/0x120
[  378.944694]  kmem_cache_alloc_noprof+0x80/0x760
[  378.944724]  ? __pfx_map_id_range_down+0x10/0x10
[  378.944754]  ? __create_object+0x59/0x80
[  378.944786]  ? security_inode_alloc+0x3e/0x130
[  378.944819]  security_inode_alloc+0x3e/0x130
[  378.944853]  inode_init_always_gfp+0xc9d/0xff0
[  378.944882]  alloc_inode+0x8d/0x250
[  378.944911]  new_inode+0x1e/0x160
[  378.944941]  __shmem_get_inode+0x17c/0xe80
[  378.944971]  __shmem_file_setup+0x108/0x370
[  378.945006]  __do_sys_memfd_create+0x4cc/0xa90
[  378.945038]  ? ksys_write+0x1a3/0x240
[  378.945058]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  378.945089]  ? irqentry_exit+0xee/0x650
[  378.945108]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  378.945136]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  378.945171]  do_syscall_64+0xbf/0x420
[  378.945197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.945220] RIP: 0033:0x7f8c4a31db19
[  378.945237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  378.945257] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  378.945278] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  378.945292] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  378.945305] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  378.945318] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  378.945330] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  378.945358]  </TASK>
[  378.949186] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  378.949584] syz_tun: refused to change device tx_queue_len
[  378.965087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5149 comm=syz-executor.3
02:35:16 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:35:16 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

[  379.029823] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  379.072678] loop1: detected capacity change from 0 to 256
02:35:26 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:35:26 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:26 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:35:26 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 7)

02:35:26 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:26 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:26 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  389.271681] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  389.273453] syz_tun: refused to change device tx_queue_len
[  389.274602] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5170 comm=syz-executor.3
[  389.279379] No source specified
[  389.288188] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  389.288924] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  389.292901] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  389.294399] syz_tun: refused to change device tx_queue_len
[  389.300525] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  389.302893] syz_tun: refused to change device tx_queue_len
[  389.306395] loop0: detected capacity change from 0 to 256
[  389.307278] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  389.314912] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  389.318424] syz_tun: refused to change device tx_queue_len
02:35:26 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:35:26 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:35:27 executing program 4:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:27 executing program 2:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  389.446283] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5181 comm=syz-executor.3
[  389.455409] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  389.464592] syz_tun: refused to change device tx_queue_len
[  389.470176] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:35:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 8)

[  389.490808] No source specified
[  389.514417] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  389.523043] syz_tun: refused to change device tx_queue_len
02:35:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  389.529588] syz_tun: refused to change device tx_queue_len
[  389.574715] FAULT_INJECTION: forcing a failure.
[  389.574715] name failslab, interval 1, probability 0, space 0, times 0
[  389.576820] CPU: 1 UID: 0 PID: 5193 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  389.576845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  389.576857] Call Trace:
[  389.576864]  <TASK>
[  389.576871]  dump_stack_lvl+0xfa/0x120
[  389.576900]  should_fail_ex+0x4d7/0x5e0
[  389.576936]  ? __d_alloc+0x34/0x9c0
[  389.576958]  should_failslab+0xc2/0x120
[  389.576988]  kmem_cache_alloc_lru_noprof+0x84/0x770
[  389.577019]  ? find_held_lock+0x2b/0x80
[  389.577058]  ? __d_alloc+0x34/0x9c0
[  389.577077]  __d_alloc+0x34/0x9c0
[  389.577098]  ? mpol_shared_policy_init+0x24f/0x390
[  389.577133]  d_alloc_pseudo+0x1d/0xc0
[  389.577161]  alloc_file_pseudo+0xbe/0x220
[  389.577188]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  389.577212]  ? __shmem_get_inode+0x684/0xe80
[  389.577240]  __shmem_file_setup+0x1a8/0x370
[  389.577265]  __do_sys_memfd_create+0x4cc/0xa90
[  389.577295]  ? ksys_write+0x1a3/0x240
[  389.577313]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  389.577341]  ? irqentry_exit+0xee/0x650
[  389.577359]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  389.577384]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  389.577415]  do_syscall_64+0xbf/0x420
[  389.577439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.577460] RIP: 0033:0x7f8c4a31db19
[  389.577475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  389.577494] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  389.577513] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  389.577526] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  389.577538] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  389.577550] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  389.577561] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  389.577586]  </TASK>
02:35:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000000c0))

02:35:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  389.644778] syz_tun: refused to change device tx_queue_len
[  389.651365] No source specified
02:35:36 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 9)

02:35:36 executing program 4:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:36 executing program 2:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:36 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:36 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)

02:35:36 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:35:36 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}], 0x8000, &(0x7f00000000c0))

02:35:36 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  398.536050] loop0: detected capacity change from 0 to 256
[  398.539231] validate_nla: 5 callbacks suppressed
[  398.539247] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  398.549427] syz_tun: refused to change device tx_queue_len
[  398.554969] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  398.558465] FAT-fs (loop1): unable to read boot sector
[  398.563656] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  398.567207] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  398.568584] syz_tun: refused to change device tx_queue_len
[  398.584471] syz_tun: refused to change device tx_queue_len
[  398.592053] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  398.601152] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:35:36 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:36 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}], 0x8000, &(0x7f00000000c0))

02:35:36 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 10)

02:35:36 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:35:36 executing program 4:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:36 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  398.713718] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  398.716276] FAULT_INJECTION: forcing a failure.
[  398.716276] name failslab, interval 1, probability 0, space 0, times 0
02:35:36 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  398.726422] syz_tun: refused to change device tx_queue_len
[  398.727576] CPU: 1 UID: 0 PID: 5226 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  398.727602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  398.727613] Call Trace:
[  398.727619]  <TASK>
[  398.727626]  dump_stack_lvl+0xfa/0x120
[  398.727653]  should_fail_ex+0x4d7/0x5e0
[  398.727684]  ? alloc_empty_file+0x58/0x1e0
[  398.727706]  should_failslab+0xc2/0x120
[  398.727726]  kmem_cache_alloc_noprof+0x80/0x760
[  398.727752]  ? d_instantiate+0x92/0xb0
[  398.727778]  ? alloc_empty_file+0x58/0x1e0
[  398.727798]  ? _raw_spin_unlock+0x1e/0x40
[  398.727822]  alloc_empty_file+0x58/0x1e0
[  398.727845]  alloc_file_pseudo+0x12b/0x220
[  398.727869]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  398.727898]  __shmem_file_setup+0x1a8/0x370
[  398.727922]  __do_sys_memfd_create+0x4cc/0xa90
[  398.727951]  ? ksys_write+0x1a3/0x240
[  398.727967]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  398.727999]  ? irqentry_exit+0xee/0x650
[  398.728015]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  398.728041]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  398.728070]  do_syscall_64+0xbf/0x420
[  398.728091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.728110] RIP: 0033:0x7f8c4a31db19
[  398.728124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  398.728141] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  398.728159] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  398.728171] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  398.728181] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  398.728192] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  398.728202] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  398.728225]  </TASK>
[  398.754562] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  398.756618] FAT-fs (loop1): unable to read boot sector
02:35:36 executing program 2:
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  398.792244] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  398.793532] syz_tun: refused to change device tx_queue_len
[  398.803151] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
02:35:36 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}], 0x8000, &(0x7f00000000c0))

02:35:36 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:36 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

[  398.891907] syz_tun: refused to change device tx_queue_len
[  398.897298] FAT-fs (loop1): unable to read boot sector
[  398.924841] syz_tun: refused to change device tx_queue_len
[  398.927889] syz_tun: refused to change device tx_queue_len
02:35:44 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:44 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)

02:35:44 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:35:44 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 11)

02:35:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:35:44 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0}], 0x8000, &(0x7f00000000c0))

02:35:44 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  407.043534] validate_nla: 6 callbacks suppressed
[  407.043551] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  407.058254] FAT-fs (loop1): unable to read boot sector
[  407.063327] loop0: detected capacity change from 0 to 256
02:35:44 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

[  407.080383] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  407.080855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5268 comm=syz-executor.6
[  407.081647] syz_tun: refused to change device tx_queue_len
02:35:44 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:44 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  407.099097] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  407.172117] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:35:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0}], 0x8000, &(0x7f00000000c0))

02:35:53 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 12)

02:35:53 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:35:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:35:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {0xffffffffffffffff, 0x20c2}, {0xffffffffffffffff, 0x100}, {r0, 0x4000}, {r1}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)

02:35:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  415.953454] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5287 comm=syz-executor.6
[  415.978414] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  415.995731] FAULT_INJECTION: forcing a failure.
[  415.995731] name failslab, interval 1, probability 0, space 0, times 0
[  416.000131] syz_tun: refused to change device tx_queue_len
[  416.006210] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  416.006249] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  416.016266] FAT-fs (loop1): unable to read boot sector
02:35:53 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

[  416.022048] CPU: 1 UID: 0 PID: 5295 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  416.022081] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  416.022094] Call Trace:
[  416.022102]  <TASK>
[  416.022110]  dump_stack_lvl+0xfa/0x120
[  416.022142]  should_fail_ex+0x4d7/0x5e0
[  416.022180]  ? security_file_alloc+0x35/0x130
[  416.022204]  should_failslab+0xc2/0x120
[  416.022229]  kmem_cache_alloc_noprof+0x80/0x760
[  416.022259]  ? __create_object+0x59/0x80
[  416.022294]  ? security_file_alloc+0x35/0x130
[  416.022315]  security_file_alloc+0x35/0x130
[  416.022339]  init_file+0x95/0x480
[  416.022366]  alloc_empty_file+0x76/0x1e0
[  416.022394]  alloc_file_pseudo+0x12b/0x220
[  416.022423]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  416.022459]  __shmem_file_setup+0x1a8/0x370
[  416.022489]  __do_sys_memfd_create+0x4cc/0xa90
[  416.022522]  ? ksys_write+0x1a3/0x240
[  416.022541]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  416.022572]  ? irqentry_exit+0xee/0x650
[  416.022592]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  416.022620]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  416.022656]  do_syscall_64+0xbf/0x420
[  416.022682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.022704] RIP: 0033:0x7f8c4a31db19
[  416.022722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  416.022742] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  416.022764] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31db19
[  416.022778] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8c4a3770fb
[  416.022791] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  416.022804] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  416.022817] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  416.022845]  </TASK>
02:35:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:35:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

[  416.119025] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5303 comm=syz-executor.6
02:35:53 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:35:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0}], 0x8000, &(0x7f00000000c0))

02:35:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:35:53 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  416.204301] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  416.212848] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  416.216869] syz_tun: refused to change device tx_queue_len
[  416.222373] syz_tun: refused to change device tx_queue_len
[  416.224898] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  416.227624] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  416.228862] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:35:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 13)

[  416.274150] FAT-fs (loop1): unable to read boot sector
[  416.345678] loop0: detected capacity change from 0 to 256
02:36:03 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 14)

02:36:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:36:03 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

02:36:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:03 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:03 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:03 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  425.752157] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  425.755038] syz_tun: refused to change device tx_queue_len
[  425.756811] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  425.763222] loop1: detected capacity change from 0 to 256
[  425.764313] FAULT_INJECTION: forcing a failure.
[  425.764313] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  425.766160] CPU: 1 UID: 0 PID: 5340 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  425.766187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  425.766201] Call Trace:
[  425.766208]  <TASK>
[  425.766216]  dump_stack_lvl+0xfa/0x120
[  425.766248]  should_fail_ex+0x4d7/0x5e0
[  425.766287]  should_fail_alloc_page+0xe0/0x110
[  425.766314]  prepare_alloc_pages+0x1eb/0x550
[  425.766338]  ? __lock_acquire+0x451/0x2250
[  425.766370]  __alloc_frozen_pages_noprof+0x186/0x25b0
[  425.766404]  ? lock_acquire+0x15e/0x2d0
[  425.766430]  ? __is_insn_slot_addr+0x2e/0x290
[  425.766455]  ? find_held_lock+0x2b/0x80
[  425.766489]  ? __is_insn_slot_addr+0x136/0x290
02:36:03 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  425.766512]  ? lock_release+0xc8/0x270
02:36:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

[  425.766539]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  425.766583]  ? lock_is_held_type+0x9e/0x120
[  425.766607]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  425.766641]  ? policy_nodemask+0xeb/0x4e0
[  425.766675]  alloc_pages_mpol+0xed/0x340
[  425.766705]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  425.766733]  ? filemap_get_entry+0x1bb/0x3b0
[  425.766764]  ? __pfx_filemap_get_entry+0x10/0x10
[  425.766799]  folio_alloc_mpol_noprof+0x38/0x2a0
[  425.766835]  shmem_alloc_folio+0x11b/0x140
[  425.766861]  shmem_get_folio_gfp.constprop.0+0x4ea/0x13b0
[  425.766897]  ? find_held_lock+0x2b/0x80
[  425.766933]  ? __pfx_shmem_get_folio_gfp.constprop.0+0x10/0x10
[  425.766964]  ? do_raw_read_trylock+0x92/0xb0
[  425.767005]  ? simple_xattr_get+0x173/0x1d0
[  425.767039]  shmem_write_begin+0x194/0x3b0
[  425.767069]  ? __pfx_shmem_write_begin+0x10/0x10
[  425.767098]  ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190
[  425.767133]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  425.767159]  ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0
[  425.767194]  generic_perform_write+0x391/0x810
[  425.767229]  ? __pfx_generic_perform_write+0x10/0x10
[  425.767259]  ? file_update_time_flags+0x367/0x4f0
[  425.767291]  shmem_file_write_iter+0x111/0x140
[  425.767316]  vfs_write+0xbe9/0x1150
[  425.767337]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  425.767380]  ? __fget_files+0x34/0x3b0
[  425.767402]  ? __pfx_vfs_write+0x10/0x10
[  425.767442]  __x64_sys_pwrite64+0x1f1/0x260
[  425.767465]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  425.767496]  do_syscall_64+0xbf/0x420
[  425.767522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.767545] RIP: 0033:0x7f8c4a2d0ab7
[  425.767562] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  425.767582] RSP: 002b:00007f8c47892f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  425.767603] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0ab7
[  425.767617] RDX: 0000000000000017 RSI: 0000000020010000 RDI: 0000000000000004
[  425.767630] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff
[  425.767643] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  425.767656] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000
[  425.767683]  </TASK>
[  425.817141] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  425.818671] syz_tun: refused to change device tx_queue_len
[  425.820381] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:03 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x0, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  425.896177] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  425.910613] loop0: detected capacity change from 0 to 256
[  425.951225] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  425.953633] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  425.954530] syz_tun: refused to change device tx_queue_len
[  425.958519] syz_tun: refused to change device tx_queue_len
[  425.968133] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:13 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:36:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:13 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:36:13 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 15)

[  435.534495] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  435.537529] FAULT_INJECTION: forcing a failure.
[  435.537529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  435.546019] CPU: 0 UID: 0 PID: 5373 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  435.546036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  435.546044] Call Trace:
[  435.546048]  <TASK>
[  435.546053]  dump_stack_lvl+0xfa/0x120
[  435.546072]  should_fail_ex+0x4d7/0x5e0
[  435.546090]  ? page_copy_sane+0xce/0x2b0
[  435.546109]  copy_folio_from_iter_atomic+0x383/0x1850
[  435.546133]  ? simple_xattr_get+0x173/0x1d0
[  435.546151]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  435.546171]  ? shmem_write_begin+0x1ab/0x3b0
[  435.546188]  ? __pfx_shmem_write_begin+0x10/0x10
[  435.546204]  ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190
[  435.546224]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  435.546240]  ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0
[  435.546260]  generic_perform_write+0x1d7/0x810
[  435.546279]  ? __pfx_generic_perform_write+0x10/0x10
[  435.546295]  ? file_update_time_flags+0x367/0x4f0
[  435.546313]  shmem_file_write_iter+0x111/0x140
[  435.546327]  vfs_write+0xbe9/0x1150
[  435.546339]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  435.546351]  ? __fget_files+0x34/0x3b0
[  435.546363]  ? __pfx_vfs_write+0x10/0x10
[  435.546385]  __x64_sys_pwrite64+0x1f1/0x260
[  435.546401]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  435.546422]  do_syscall_64+0xbf/0x420
[  435.546437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.546450] RIP: 0033:0x7f8c4a2d0ab7
[  435.546460] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  435.546471] RSP: 002b:00007f8c47892f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  435.546482] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0ab7
[  435.546490] RDX: 0000000000000017 RSI: 0000000020010000 RDI: 0000000000000004
[  435.546497] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff
[  435.546504] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  435.546511] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000
[  435.546526]  </TASK>
[  435.552135] loop1: detected capacity change from 0 to 256
[  435.558588] loop0: detected capacity change from 0 to 256
[  435.563700] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:13 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:36:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

[  435.598470] syz_tun: refused to change device tx_queue_len
[  435.612291] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:13 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  435.617399] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:36:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 16)

02:36:13 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:36:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:13 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:36:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:36:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  435.713460] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:36:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  435.750072] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  435.756620] FAULT_INJECTION: forcing a failure.
[  435.756620] name failslab, interval 1, probability 0, space 0, times 0
02:36:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:36:13 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  435.778130] CPU: 0 UID: 0 PID: 5386 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  435.778148] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  435.778156] Call Trace:
[  435.778160]  <TASK>
[  435.778169]  dump_stack_lvl+0xfa/0x120
[  435.778189]  should_fail_ex+0x4d7/0x5e0
[  435.778212]  ? do_getname+0x2b/0x3d0
[  435.778228]  should_failslab+0xc2/0x120
[  435.778242]  kmem_cache_alloc_noprof+0x80/0x760
[  435.778260]  ? vfs_write+0x169/0x1150
[  435.778273]  ? do_getname+0x2b/0x3d0
[  435.778286]  do_getname+0x2b/0x3d0
[  435.778302]  do_sys_openat2+0xa0/0x210
[  435.778318]  ? __pfx_do_sys_openat2+0x10/0x10
[  435.778339]  __x64_sys_openat+0x142/0x200
[  435.778354]  ? __pfx___x64_sys_openat+0x10/0x10
[  435.778376]  do_syscall_64+0xbf/0x420
[  435.778390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.778403] RIP: 0033:0x7f8c4a2d0a04
[  435.778413] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  435.778425] RSP: 002b:00007f8c47892ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  435.778436] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0a04
[  435.778445] RDX: 0000000000000002 RSI: 00007f8c47893000 RDI: 00000000ffffff9c
[  435.778452] RBP: 00007f8c47893000 R08: 0000000000000000 R09: ffffffffffffffff
[  435.778459] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  435.778466] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  435.778481]  </TASK>
[  435.806599] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:36:13 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  435.821651] loop1: detected capacity change from 0 to 256
[  435.835640] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  435.849446] syz_tun: refused to change device tx_queue_len
[  435.855802] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  435.863212] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:36:22 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 17)

02:36:22 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:22 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:22 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:36:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:36:22 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  445.065255] loop0: detected capacity change from 0 to 256
[  445.077482] loop1: detected capacity change from 0 to 256
[  445.089229] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  445.096447] syz_tun: refused to change device tx_queue_len
[  445.097036] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  445.098226] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  445.119347] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  445.120966] syz_tun: refused to change device tx_queue_len
02:36:22 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  445.135241] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:22 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 18)

02:36:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:22 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  445.228293] loop1: detected capacity change from 0 to 256
[  445.229784] FAULT_INJECTION: forcing a failure.
[  445.229784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  445.234050] CPU: 0 UID: 0 PID: 5440 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  445.234068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  445.234077] Call Trace:
[  445.234081]  <TASK>
[  445.234086]  dump_stack_lvl+0xfa/0x120
[  445.234108]  should_fail_ex+0x4d7/0x5e0
[  445.234132]  strncpy_from_user+0x3b/0x2f0
[  445.234149]  do_getname+0x70/0x3d0
[  445.234168]  do_sys_openat2+0xa0/0x210
[  445.234185]  ? __pfx_do_sys_openat2+0x10/0x10
[  445.234207]  __x64_sys_openat+0x142/0x200
[  445.234223]  ? __pfx___x64_sys_openat+0x10/0x10
[  445.234246]  do_syscall_64+0xbf/0x420
[  445.234261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.234275] RIP: 0033:0x7f8c4a2d0a04
[  445.234285] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  445.234297] RSP: 002b:00007f8c47892ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  445.234310] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0a04
[  445.234318] RDX: 0000000000000002 RSI: 00007f8c47893000 RDI: 00000000ffffff9c
[  445.234326] RBP: 00007f8c47893000 R08: 0000000000000000 R09: ffffffffffffffff
[  445.234334] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  445.234341] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  445.234356]  </TASK>
[  445.275567] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  445.283608] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  445.288318] syz_tun: refused to change device tx_queue_len
02:36:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 19)

02:36:31 executing program 5:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:36:31 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:31 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:36:31 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:31 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

[  453.487335] loop1: detected capacity change from 0 to 256
[  453.489950] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  453.518398] FAULT_INJECTION: forcing a failure.
[  453.518398] name failslab, interval 1, probability 0, space 0, times 0
[  453.519320] CPU: 0 UID: 0 PID: 5463 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  453.519336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  453.519343] Call Trace:
[  453.519347]  <TASK>
[  453.519352]  dump_stack_lvl+0xfa/0x120
[  453.519373]  should_fail_ex+0x4d7/0x5e0
[  453.519395]  ? alloc_empty_file+0x58/0x1e0
[  453.519411]  should_failslab+0xc2/0x120
[  453.519425]  kmem_cache_alloc_noprof+0x80/0x760
[  453.519443]  ? __is_insn_slot_addr+0x136/0x290
[  453.519457]  ? lock_release+0xc8/0x270
[  453.519475]  ? alloc_empty_file+0x58/0x1e0
[  453.519488]  alloc_empty_file+0x58/0x1e0
[  453.519504]  path_openat+0xee/0x2d60
[  453.519516]  ? __kernel_text_address+0xd/0x40
[  453.519533]  ? unwind_get_return_address+0x59/0xa0
[  453.519546]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  453.519563]  ? arch_stack_walk+0x9c/0xf0
[  453.519581]  ? __pfx_path_openat+0x10/0x10
[  453.519594]  ? __lock_acquire+0x451/0x2250
[  453.519612]  do_file_open+0x209/0x460
[  453.519624]  ? __pfx_do_file_open+0x10/0x10
[  453.519642]  ? find_held_lock+0x2b/0x80
[  453.519660]  ? alloc_fd+0x2c1/0x560
02:36:31 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  453.519679]  ? lock_release+0xc8/0x270
[  453.519695]  ? _raw_spin_unlock+0x1e/0x40
[  453.519713]  ? alloc_fd+0x2c1/0x560
[  453.519728]  do_sys_openat2+0xe7/0x210
[  453.519744]  ? __pfx_do_sys_openat2+0x10/0x10
[  453.519765]  __x64_sys_openat+0x142/0x200
[  453.519780]  ? __pfx___x64_sys_openat+0x10/0x10
[  453.519802]  do_syscall_64+0xbf/0x420
[  453.519816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.519829] RIP: 0033:0x7f8c4a2d0a04
[  453.519838] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
02:36:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  453.519849] RSP: 002b:00007f8c47892ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  453.519861] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0a04
[  453.519868] RDX: 0000000000000002 RSI: 00007f8c47893000 RDI: 00000000ffffff9c
[  453.519875] RBP: 00007f8c47893000 R08: 0000000000000000 R09: ffffffffffffffff
[  453.519883] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  453.519889] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  453.519904]  </TASK>
[  453.528014] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  453.555169] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
02:36:31 executing program 5:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 20)

[  453.571579] loop1: detected capacity change from 0 to 256
02:36:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  453.586092] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  453.634426] loop0: detected capacity change from 0 to 256
[  453.658278] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5479 comm=syz-executor.4
02:36:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 5:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 21)

02:36:39 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

[  461.858258] FAULT_INJECTION: forcing a failure.
[  461.858258] name failslab, interval 1, probability 0, space 0, times 0
[  461.859296] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  461.861708] CPU: 0 UID: 0 PID: 5494 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  461.861725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  461.861733] Call Trace:
[  461.861737]  <TASK>
[  461.861742]  dump_stack_lvl+0xfa/0x120
[  461.861762]  should_fail_ex+0x4d7/0x5e0
[  461.861786]  ? security_file_alloc+0x35/0x130
[  461.861800]  should_failslab+0xc2/0x120
[  461.861815]  kmem_cache_alloc_noprof+0x80/0x760
[  461.861833]  ? __create_object+0x59/0x80
[  461.861852]  ? security_file_alloc+0x35/0x130
[  461.861864]  security_file_alloc+0x35/0x130
[  461.861877]  init_file+0x95/0x480
[  461.861893]  alloc_empty_file+0x76/0x1e0
[  461.861909]  path_openat+0xee/0x2d60
[  461.861922]  ? __kernel_text_address+0xd/0x40
[  461.861939]  ? unwind_get_return_address+0x59/0xa0
[  461.861952]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  461.861969]  ? arch_stack_walk+0x9c/0xf0
[  461.861994]  ? __pfx_path_openat+0x10/0x10
[  461.862007]  ? __lock_acquire+0x451/0x2250
[  461.862027]  do_file_open+0x209/0x460
[  461.862039]  ? __pfx_do_file_open+0x10/0x10
[  461.862056]  ? find_held_lock+0x2b/0x80
[  461.862076]  ? alloc_fd+0x2c1/0x560
[  461.862088]  ? lock_release+0xc8/0x270
[  461.862104]  ? _raw_spin_unlock+0x1e/0x40
[  461.862121]  ? alloc_fd+0x2c1/0x560
[  461.862137]  do_sys_openat2+0xe7/0x210
[  461.862153]  ? __pfx_do_sys_openat2+0x10/0x10
[  461.862174]  __x64_sys_openat+0x142/0x200
[  461.862190]  ? __pfx___x64_sys_openat+0x10/0x10
[  461.862211]  do_syscall_64+0xbf/0x420
[  461.862226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.862239] RIP: 0033:0x7f8c4a2d0a04
[  461.862249] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  461.862260] RSP: 002b:00007f8c47892ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  461.862272] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a2d0a04
[  461.862280] RDX: 0000000000000002 RSI: 00007f8c47893000 RDI: 00000000ffffff9c
[  461.862287] RBP: 00007f8c47893000 R08: 0000000000000000 R09: ffffffffffffffff
[  461.862295] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  461.862302] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  461.862316]  </TASK>
[  461.876181] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5498 comm=syz-executor.4
[  461.881068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5492 comm=syz-executor.7
[  461.884943] loop1: detected capacity change from 0 to 256
[  461.886323] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  461.899124] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  461.900085] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:39 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:36:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:39 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

[  461.973606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5506 comm=syz-executor.7
[  461.980412] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:36:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 22)

[  462.006079] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
02:36:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:39 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:39 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  462.040090] loop0: detected capacity change from 0 to 256
[  462.042837] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  462.057212] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
02:36:39 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  462.106520] loop1: detected capacity change from 0 to 256
[  462.111054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5521 comm=syz-executor.4
[  462.120136] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5520 comm=syz-executor.7
[  462.138766] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  462.142841] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
02:36:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 23)

02:36:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:36:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784", 0xb}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:49 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  471.924921] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  471.925719] loop1: detected capacity change from 0 to 256
[  471.928109] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  471.930432] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  471.940565] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  471.943726] FAULT_INJECTION: forcing a failure.
[  471.943726] name failslab, interval 1, probability 0, space 0, times 0
[  471.945382] CPU: 1 UID: 0 PID: 5546 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  471.945410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  471.945424] Call Trace:
[  471.945432]  <TASK>
[  471.945440]  dump_stack_lvl+0xfa/0x120
[  471.945471]  should_fail_ex+0x4d7/0x5e0
[  471.945510]  ? __kernfs_new_node+0xd3/0x940
[  471.945540]  should_failslab+0xc2/0x120
[  471.945565]  kmem_cache_alloc_noprof+0x80/0x760
[  471.945597]  ? __pfx_avc_has_perm+0x10/0x10
[  471.945627]  ? __kernfs_new_node+0xd3/0x940
[  471.945656]  __kernfs_new_node+0xd3/0x940
[  471.945684]  ? __lock_acquire+0x451/0x2250
[  471.945722]  ? __pfx___kernfs_new_node+0x10/0x10
[  471.945756]  ? lock_acquire+0x15e/0x2d0
[  471.945782]  ? kernfs_root+0x23/0x2a0
[  471.945811]  ? find_held_lock+0x2b/0x80
[  471.945844]  ? kernfs_root+0xee/0x2a0
[  471.945873]  ? lock_release+0xc8/0x270
[  471.945897]  ? lock_is_held_type+0x9e/0x120
[  471.945923]  kernfs_new_node+0x13c/0x1e0
[  471.945962]  kernfs_create_dir_ns+0x4d/0x1a0
[  471.945993]  internal_create_group+0x440/0xeb0
[  471.946025]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  471.946054]  ? __pfx_internal_create_group+0x10/0x10
[  471.946084]  ? blk_validate_limits+0xe47/0x15d0
[  471.946115]  ? lock_is_held_type+0x9e/0x120
[  471.946138]  loop_configure+0xc46/0x15a0
[  471.946191]  ? __pfx_loop_configure+0x10/0x10
[  471.946235]  ? avc_has_extended_perms+0x107/0xf20
[  471.946260]  ? find_held_lock+0x2b/0x80
[  471.946293]  ? avc_has_extended_perms+0x23b/0xf20
[  471.946318]  ? lock_release+0xc8/0x270
[  471.946347]  lo_ioctl+0x674/0x1cb0
[  471.946382]  ? __pfx_lo_ioctl+0x10/0x10
[  471.946410]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  471.946443]  ? lock_acquire+0x15e/0x2d0
[  471.946469]  ? __virt_addr_valid+0x1c6/0x5d0
[  471.946494]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  471.946525]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  471.946552]  ? lock_release+0xc8/0x270
[  471.946578]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  471.946612]  ? blkdev_common_ioctl+0x1c3/0x2860
[  471.946667]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  471.946700]  ? __fget_files+0x34/0x3b0
[  471.946723]  ? find_held_lock+0x2b/0x80
[  471.946756]  ? __fget_files+0x203/0x3b0
[  471.946779]  ? __pfx_lo_ioctl+0x10/0x10
[  471.946808]  blkdev_ioctl+0x365/0x6d0
[  471.946835]  ? __pfx_blkdev_ioctl+0x10/0x10
[  471.946862]  ? selinux_file_ioctl+0xb9/0x280
[  471.946897]  ? __pfx_blkdev_ioctl+0x10/0x10
[  471.946926]  __x64_sys_ioctl+0x18f/0x210
[  471.946961]  do_syscall_64+0xbf/0x420
[  471.946986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.947009] RIP: 0033:0x7f8c4a31d8d7
[  471.947026] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  471.947046] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  471.947067] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  471.947081] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  471.947094] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  471.947107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  471.947119] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  471.947146]  </TASK>
02:36:49 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:36:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:36:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:49 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  472.065052] loop0: detected capacity change from 0 to 256
[  472.114818] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  472.122526] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
02:36:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  472.133713] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  472.218158] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:36:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 24)

02:36:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:36:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784", 0xb}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:59 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:36:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  481.549396] loop0: detected capacity change from 0 to 256
[  481.563151] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
[  481.563898] loop1: detected capacity change from 0 to 256
[  481.569465] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  481.570762] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
[  481.594131] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:36:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:36:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:36:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:36:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784", 0xb}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:36:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:36:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 25)

02:36:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:59 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  481.725491] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
[  481.762164] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  481.776856] loop1: detected capacity change from 0 to 256
[  481.789526] FAULT_INJECTION: forcing a failure.
[  481.789526] name failslab, interval 1, probability 0, space 0, times 0
[  481.791197] CPU: 1 UID: 0 PID: 5597 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  481.791225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  481.791237] Call Trace:
[  481.791245]  <TASK>
[  481.791253]  dump_stack_lvl+0xfa/0x120
[  481.791285]  should_fail_ex+0x4d7/0x5e0
[  481.791323]  ? __kernfs_new_node+0xd3/0x940
[  481.791354]  should_failslab+0xc2/0x120
[  481.791378]  kmem_cache_alloc_noprof+0x80/0x760
[  481.791418]  ? __kernfs_new_node+0xd3/0x940
[  481.791446]  __kernfs_new_node+0xd3/0x940
[  481.791474]  ? __lock_acquire+0x451/0x2250
[  481.791506]  ? __pfx___kernfs_new_node+0x10/0x10
[  481.791540]  ? lock_acquire+0x15e/0x2d0
[  481.791566]  ? kernfs_root+0x23/0x2a0
[  481.791594]  ? find_held_lock+0x2b/0x80
[  481.791629]  ? kernfs_root+0xee/0x2a0
[  481.791658]  ? lock_release+0xc8/0x270
[  481.791682]  ? lock_is_held_type+0x9e/0x120
[  481.791708]  kernfs_new_node+0x13c/0x1e0
[  481.791747]  __kernfs_create_file+0x55/0x360
[  481.791775]  sysfs_add_file_mode_ns+0x21c/0x430
[  481.791807]  ? __pfx_dev_attr_store+0x10/0x10
[  481.791843]  internal_create_group+0x662/0xeb0
[  481.791882]  ? __pfx_internal_create_group+0x10/0x10
[  481.791913]  ? blk_validate_limits+0xe47/0x15d0
[  481.791944]  ? lock_is_held_type+0x9e/0x120
[  481.791967]  loop_configure+0xc46/0x15a0
[  481.792035]  ? __pfx_loop_configure+0x10/0x10
[  481.792079]  ? avc_has_extended_perms+0x107/0xf20
[  481.792106]  ? find_held_lock+0x2b/0x80
[  481.792139]  ? avc_has_extended_perms+0x23b/0xf20
[  481.792164]  ? lock_release+0xc8/0x270
[  481.792193]  lo_ioctl+0x674/0x1cb0
[  481.792227]  ? __pfx_lo_ioctl+0x10/0x10
[  481.792255]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  481.792289]  ? lock_acquire+0x15e/0x2d0
[  481.792314]  ? __virt_addr_valid+0x1c6/0x5d0
[  481.792340]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  481.792371]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  481.792398]  ? lock_release+0xc8/0x270
[  481.792423]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  481.792458]  ? blkdev_common_ioctl+0x1c3/0x2860
[  481.792513]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  481.792547]  ? __fget_files+0x34/0x3b0
[  481.792570]  ? find_held_lock+0x2b/0x80
[  481.792603]  ? __fget_files+0x203/0x3b0
[  481.792626]  ? __pfx_lo_ioctl+0x10/0x10
[  481.792655]  blkdev_ioctl+0x365/0x6d0
[  481.792682]  ? __pfx_blkdev_ioctl+0x10/0x10
[  481.792710]  ? selinux_file_ioctl+0xb9/0x280
[  481.792745]  ? __pfx_blkdev_ioctl+0x10/0x10
[  481.792774]  __x64_sys_ioctl+0x18f/0x210
[  481.792809]  do_syscall_64+0xbf/0x420
[  481.792835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.792857] RIP: 0033:0x7f8c4a31d8d7
[  481.792874] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  481.792894] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  481.792915] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  481.792930] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  481.792942] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  481.792955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  481.792968] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  481.792995]  </TASK>
[  481.842898] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  481.847166] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
02:36:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:36:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:36:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:36:59 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:36:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  481.968229] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  481.975789] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  481.987669] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
[  482.000254] loop0: detected capacity change from 0 to 256
02:37:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002", 0x11}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:37:08 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 26)

02:37:08 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:37:08 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

[  490.839369] loop0: detected capacity change from 0 to 256
[  490.844022] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  490.860634] loop1: detected capacity change from 0 to 256
[  490.873089] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.6'.
02:37:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:08 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 27)

[  490.908833] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  490.912234] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:37:08 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002", 0x11}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  490.942924] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  490.951689] FAULT_INJECTION: forcing a failure.
[  490.951689] name failslab, interval 1, probability 0, space 0, times 0
[  490.958062] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.6'.
[  490.961419] CPU: 1 UID: 0 PID: 5640 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  490.961436] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  490.961444] Call Trace:
[  490.961449]  <TASK>
[  490.961453]  dump_stack_lvl+0xfa/0x120
[  490.961475]  should_fail_ex+0x4d7/0x5e0
[  490.961497]  ? __kernfs_new_node+0xd3/0x940
[  490.961516]  should_failslab+0xc2/0x120
[  490.961530]  kmem_cache_alloc_noprof+0x80/0x760
[  490.961552]  ? __kernfs_new_node+0xd3/0x940
[  490.961567]  __kernfs_new_node+0xd3/0x940
[  490.961582]  ? __lock_acquire+0x451/0x2250
[  490.961600]  ? __pfx___kernfs_new_node+0x10/0x10
[  490.961619]  ? lock_acquire+0x15e/0x2d0
[  490.961633]  ? kernfs_root+0x23/0x2a0
[  490.961649]  ? find_held_lock+0x2b/0x80
[  490.961668]  ? kernfs_root+0xee/0x2a0
[  490.961683]  ? lock_release+0xc8/0x270
[  490.961696]  ? lock_is_held_type+0x9e/0x120
[  490.961711]  kernfs_new_node+0x13c/0x1e0
[  490.961732]  __kernfs_create_file+0x55/0x360
[  490.961748]  sysfs_add_file_mode_ns+0x21c/0x430
[  490.961765]  ? __pfx_dev_attr_store+0x10/0x10
[  490.961785]  internal_create_group+0x662/0xeb0
[  490.961807]  ? __pfx_internal_create_group+0x10/0x10
[  490.961823]  ? blk_validate_limits+0xe47/0x15d0
[  490.961841]  ? lock_is_held_type+0x9e/0x120
[  490.961854]  loop_configure+0xc46/0x15a0
[  490.961883]  ? __pfx_loop_configure+0x10/0x10
[  490.961907]  ? avc_has_extended_perms+0x107/0xf20
[  490.961923]  ? find_held_lock+0x2b/0x80
[  490.961941]  ? avc_has_extended_perms+0x23b/0xf20
[  490.961954]  ? lock_release+0xc8/0x270
[  490.961970]  lo_ioctl+0x674/0x1cb0
[  490.961994]  ? __pfx_lo_ioctl+0x10/0x10
[  490.962009]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  490.962027]  ? lock_acquire+0x15e/0x2d0
[  490.962041]  ? __virt_addr_valid+0x1c6/0x5d0
[  490.962057]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  490.962074]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  490.962089]  ? lock_release+0xc8/0x270
[  490.962103]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  490.962123]  ? blkdev_common_ioctl+0x1c3/0x2860
[  490.962153]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  490.962171]  ? __fget_files+0x34/0x3b0
[  490.962185]  ? find_held_lock+0x2b/0x80
[  490.962203]  ? __fget_files+0x203/0x3b0
[  490.962215]  ? __pfx_lo_ioctl+0x10/0x10
[  490.962231]  blkdev_ioctl+0x365/0x6d0
[  490.962246]  ? __pfx_blkdev_ioctl+0x10/0x10
[  490.962261]  ? selinux_file_ioctl+0xb9/0x280
[  490.962281]  ? __pfx_blkdev_ioctl+0x10/0x10
[  490.962296]  __x64_sys_ioctl+0x18f/0x210
[  490.962316]  do_syscall_64+0xbf/0x420
[  490.962331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.962344] RIP: 0033:0x7f8c4a31d8d7
[  490.962353] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  490.962365] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  490.962377] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  490.962386] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  490.962393] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  490.962400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  490.962407] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  490.962422]  </TASK>
[  491.003066] loop1: detected capacity change from 0 to 256
[  491.033735] loop0: detected capacity change from 0 to 256
02:37:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 28)

02:37:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:37:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002", 0x11}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:37:18 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:18 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:18 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:18 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  500.568828] loop1: detected capacity change from 0 to 256
[  500.572697] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  500.574721] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.6'.
[  500.574867] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  500.591158] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
[  500.595818] loop0: detected capacity change from 0 to 256
02:37:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:37:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:18 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:37:18 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:18 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:18 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:37:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 29)

02:37:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002000080", 0x14}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  500.787602] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  500.795741] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
[  500.798487] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
[  500.804611] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  500.821610] loop1: detected capacity change from 0 to 256
[  500.842877] FAULT_INJECTION: forcing a failure.
[  500.842877] name failslab, interval 1, probability 0, space 0, times 0
[  500.844808] CPU: 1 UID: 0 PID: 5683 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  500.844840] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  500.844854] Call Trace:
[  500.844863]  <TASK>
[  500.844872]  dump_stack_lvl+0xfa/0x120
[  500.844907]  should_fail_ex+0x4d7/0x5e0
[  500.844951]  ? __kernfs_new_node+0xd3/0x940
[  500.844993]  should_failslab+0xc2/0x120
[  500.845021]  kmem_cache_alloc_noprof+0x80/0x760
[  500.845065]  ? __kernfs_new_node+0xd3/0x940
[  500.845098]  __kernfs_new_node+0xd3/0x940
[  500.845130]  ? __lock_acquire+0x451/0x2250
[  500.845166]  ? __pfx___kernfs_new_node+0x10/0x10
[  500.845205]  ? lock_acquire+0x15e/0x2d0
[  500.845234]  ? kernfs_root+0x23/0x2a0
[  500.845267]  ? find_held_lock+0x2b/0x80
[  500.845305]  ? kernfs_root+0xee/0x2a0
[  500.845338]  ? lock_release+0xc8/0x270
[  500.845366]  ? lock_is_held_type+0x9e/0x120
[  500.845395]  kernfs_new_node+0x13c/0x1e0
[  500.845439]  __kernfs_create_file+0x55/0x360
[  500.845471]  sysfs_add_file_mode_ns+0x21c/0x430
[  500.845507]  ? __pfx_dev_attr_store+0x10/0x10
[  500.845547]  internal_create_group+0x662/0xeb0
[  500.845592]  ? __pfx_internal_create_group+0x10/0x10
[  500.845627]  ? blk_validate_limits+0xe47/0x15d0
[  500.845662]  ? lock_is_held_type+0x9e/0x120
[  500.845688]  loop_configure+0xc46/0x15a0
[  500.845747]  ? __pfx_loop_configure+0x10/0x10
[  500.845798]  ? avc_has_extended_perms+0x107/0xf20
[  500.845828]  ? find_held_lock+0x2b/0x80
[  500.845866]  ? avc_has_extended_perms+0x23b/0xf20
[  500.845894]  ? lock_release+0xc8/0x270
[  500.845927]  lo_ioctl+0x674/0x1cb0
[  500.845966]  ? __pfx_lo_ioctl+0x10/0x10
[  500.845999]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  500.846037]  ? lock_acquire+0x15e/0x2d0
[  500.846066]  ? __virt_addr_valid+0x1c6/0x5d0
[  500.846095]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  500.846130]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  500.846161]  ? lock_release+0xc8/0x270
[  500.846190]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  500.846229]  ? blkdev_common_ioctl+0x1c3/0x2860
[  500.846292]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  500.846331]  ? __fget_files+0x34/0x3b0
[  500.846356]  ? find_held_lock+0x2b/0x80
[  500.846394]  ? __fget_files+0x203/0x3b0
[  500.846420]  ? __pfx_lo_ioctl+0x10/0x10
[  500.846453]  blkdev_ioctl+0x365/0x6d0
[  500.846484]  ? __pfx_blkdev_ioctl+0x10/0x10
[  500.846515]  ? selinux_file_ioctl+0xb9/0x280
[  500.846555]  ? __pfx_blkdev_ioctl+0x10/0x10
[  500.846588]  __x64_sys_ioctl+0x18f/0x210
[  500.846628]  do_syscall_64+0xbf/0x420
[  500.846657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.846683] RIP: 0033:0x7f8c4a31d8d7
[  500.846702] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  500.846725] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  500.846749] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  500.846765] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  500.846780] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  500.846794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  500.846809] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  500.846840]  </TASK>
[  500.966678] loop0: detected capacity change from 0 to 256
02:37:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 30)

02:37:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:27 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:37:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:37:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002000080", 0x14}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:37:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

[  509.684272] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  509.686353] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  509.710508] netlink: 'syz-executor.3': attribute type 63 has an invalid length.
[  509.711940] loop1: detected capacity change from 0 to 256
02:37:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

[  509.720198] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
02:37:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  509.733905] loop0: detected capacity change from 0 to 256
02:37:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  509.783809] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:37:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee5784000808200002000080", 0x14}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  509.791795] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:37:27 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  509.854059] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  509.867554] loop1: detected capacity change from 0 to 256
[  509.871601] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2
[  509.872656] netlink: 'syz-executor.6': attribute type 63 has an invalid length.
02:37:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)

02:37:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:37:37 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 31)

02:37:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

[  519.553799] FAULT_INJECTION: forcing a failure.
[  519.553799] name failslab, interval 1, probability 0, space 0, times 0
[  519.555462] CPU: 1 UID: 0 PID: 5735 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  519.555489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  519.555502] Call Trace:
[  519.555509]  <TASK>
[  519.555517]  dump_stack_lvl+0xfa/0x120
[  519.555548]  should_fail_ex+0x4d7/0x5e0
[  519.555587]  ? __kernfs_new_node+0xd3/0x940
[  519.555617]  should_failslab+0xc2/0x120
[  519.555641]  kmem_cache_alloc_noprof+0x80/0x760
[  519.555681]  ? __kernfs_new_node+0xd3/0x940
[  519.555709]  __kernfs_new_node+0xd3/0x940
[  519.555738]  ? __lock_acquire+0x451/0x2250
[  519.555769]  ? __pfx___kernfs_new_node+0x10/0x10
[  519.555803]  ? lock_acquire+0x15e/0x2d0
[  519.555829]  ? kernfs_root+0x23/0x2a0
[  519.555857]  ? find_held_lock+0x2b/0x80
[  519.555892]  ? kernfs_root+0xee/0x2a0
[  519.555921]  ? lock_release+0xc8/0x270
[  519.555945]  ? lock_is_held_type+0x9e/0x120
[  519.555971]  kernfs_new_node+0x13c/0x1e0
[  519.556017]  __kernfs_create_file+0x55/0x360
[  519.556045]  sysfs_add_file_mode_ns+0x21c/0x430
[  519.556077]  ? __pfx_dev_attr_store+0x10/0x10
[  519.556112]  internal_create_group+0x662/0xeb0
[  519.556152]  ? __pfx_internal_create_group+0x10/0x10
[  519.556183]  ? blk_validate_limits+0xe47/0x15d0
[  519.556213]  ? lock_is_held_type+0x9e/0x120
[  519.556236]  loop_configure+0xc46/0x15a0
[  519.556288]  ? __pfx_loop_configure+0x10/0x10
[  519.556333]  ? avc_has_extended_perms+0x107/0xf20
[  519.556359]  ? find_held_lock+0x2b/0x80
[  519.556392]  ? avc_has_extended_perms+0x23b/0xf20
[  519.556429]  ? lock_release+0xc8/0x270
[  519.556458]  lo_ioctl+0x674/0x1cb0
[  519.556492]  ? __pfx_lo_ioctl+0x10/0x10
[  519.556521]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  519.556554]  ? lock_acquire+0x15e/0x2d0
[  519.556579]  ? __virt_addr_valid+0x1c6/0x5d0
[  519.556606]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  519.556636]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  519.556663]  ? lock_release+0xc8/0x270
[  519.556689]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  519.556723]  ? blkdev_common_ioctl+0x1c3/0x2860
[  519.556779]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  519.556812]  ? __fget_files+0x34/0x3b0
[  519.556834]  ? find_held_lock+0x2b/0x80
[  519.556868]  ? __fget_files+0x203/0x3b0
[  519.556891]  ? __pfx_lo_ioctl+0x10/0x10
[  519.556920]  blkdev_ioctl+0x365/0x6d0
[  519.556946]  ? __pfx_blkdev_ioctl+0x10/0x10
[  519.556974]  ? selinux_file_ioctl+0xb9/0x280
[  519.557009]  ? __pfx_blkdev_ioctl+0x10/0x10
[  519.557038]  __x64_sys_ioctl+0x18f/0x210
[  519.557073]  do_syscall_64+0xbf/0x420
[  519.557098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.557121] RIP: 0033:0x7f8c4a31d8d7
[  519.557138] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  519.557158] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  519.557179] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  519.557193] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  519.557205] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  519.557218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  519.557231] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  519.557258]  </TASK>
[  519.565250] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  519.571322] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  519.578920] loop1: detected capacity change from 0 to 256
[  519.585052] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  519.587013] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  519.589330] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  519.615307] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  519.629124] loop0: detected capacity change from 0 to 256
02:37:37 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:37:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 32)

02:37:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  519.746268] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  519.751148] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5748 comm=syz-executor.5
02:37:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  519.764791] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  519.774715] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  519.791649] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:37:37 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  519.837875] loop0: detected capacity change from 0 to 256
[  519.839899] loop1: detected capacity change from 0 to 256
02:37:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  519.979767] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5768 comm=syz-executor.2
[  519.986422] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5769 comm=syz-executor.5
02:37:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:37:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:47 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000", 0x15}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:37:47 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:47 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:47 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:47 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 33)

[  529.907699] validate_nla: 6 callbacks suppressed
[  529.907719] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  529.910519] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5782 comm=syz-executor.2
[  529.916122] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  529.925565] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  529.937902] loop1: detected capacity change from 0 to 256
[  529.940323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5790 comm=syz-executor.5
[  529.943653] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  529.947900] FAULT_INJECTION: forcing a failure.
[  529.947900] name failslab, interval 1, probability 0, space 0, times 0
[  529.949857] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  529.959135] CPU: 1 UID: 0 PID: 5794 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  529.959167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  529.959180] Call Trace:
[  529.959187]  <TASK>
[  529.959196]  dump_stack_lvl+0xfa/0x120
[  529.959228]  should_fail_ex+0x4d7/0x5e0
[  529.959267]  ? __kernfs_new_node+0xd3/0x940
[  529.959298]  should_failslab+0xc2/0x120
[  529.959323]  kmem_cache_alloc_noprof+0x80/0x760
[  529.959365]  ? __kernfs_new_node+0xd3/0x940
[  529.959393]  __kernfs_new_node+0xd3/0x940
[  529.959421]  ? __lock_acquire+0x451/0x2250
[  529.959453]  ? __pfx___kernfs_new_node+0x10/0x10
[  529.959487]  ? lock_acquire+0x15e/0x2d0
[  529.959513]  ? kernfs_root+0x23/0x2a0
[  529.959542]  ? find_held_lock+0x2b/0x80
[  529.959576]  ? kernfs_root+0xee/0x2a0
[  529.959605]  ? lock_release+0xc8/0x270
[  529.959629]  ? lock_is_held_type+0x9e/0x120
[  529.959656]  kernfs_new_node+0x13c/0x1e0
[  529.959694]  __kernfs_create_file+0x55/0x360
[  529.959722]  sysfs_add_file_mode_ns+0x21c/0x430
[  529.959754]  ? __pfx_dev_attr_store+0x10/0x10
[  529.959792]  internal_create_group+0x662/0xeb0
[  529.959831]  ? __pfx_internal_create_group+0x10/0x10
[  529.959862]  ? blk_validate_limits+0xe47/0x15d0
[  529.959892]  ? lock_is_held_type+0x9e/0x120
[  529.959915]  loop_configure+0xc46/0x15a0
[  529.959990]  ? __pfx_loop_configure+0x10/0x10
[  529.960042]  ? avc_has_extended_perms+0x107/0xf20
[  529.960069]  ? find_held_lock+0x2b/0x80
[  529.960102]  ? avc_has_extended_perms+0x23b/0xf20
[  529.960127]  ? lock_release+0xc8/0x270
[  529.960156]  lo_ioctl+0x674/0x1cb0
[  529.960191]  ? __pfx_lo_ioctl+0x10/0x10
[  529.960219]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  529.960253]  ? lock_acquire+0x15e/0x2d0
[  529.960278]  ? __virt_addr_valid+0x1c6/0x5d0
[  529.960304]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  529.960335]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  529.960362]  ? lock_release+0xc8/0x270
[  529.960388]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  529.960422]  ? blkdev_common_ioctl+0x1c3/0x2860
[  529.960478]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  529.960512]  ? __fget_files+0x34/0x3b0
[  529.960550]  ? find_held_lock+0x2b/0x80
[  529.960583]  ? __fget_files+0x203/0x3b0
[  529.960606]  ? __pfx_lo_ioctl+0x10/0x10
[  529.960635]  blkdev_ioctl+0x365/0x6d0
[  529.960662]  ? __pfx_blkdev_ioctl+0x10/0x10
[  529.960690]  ? selinux_file_ioctl+0xb9/0x280
[  529.960725]  ? __pfx_blkdev_ioctl+0x10/0x10
[  529.960754]  __x64_sys_ioctl+0x18f/0x210
[  529.960789]  do_syscall_64+0xbf/0x420
[  529.960815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.960838] RIP: 0033:0x7f8c4a31d8d7
[  529.960855] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  529.960875] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  529.960897] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  529.960911] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  529.960924] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  529.960938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  529.960956] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  529.961000]  </TASK>
[  530.031531] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:37:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:47 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x0, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  530.072221] loop0: detected capacity change from 0 to 256
[  530.099720] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  530.106652] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5801 comm=syz-executor.2
[  530.115598] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  530.119860] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:37:56 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}], 0x8000, &(0x7f00000000c0))

02:37:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:56 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 34)

02:37:56 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

02:37:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  538.616727] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  538.621645] loop1: detected capacity change from 0 to 256
[  538.633019] FAT-fs (loop1): bogus number of FAT sectors
[  538.633479] FAT-fs (loop1): Can't find a valid FAT filesystem
[  538.639642] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  538.642902] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  538.645498] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  538.653725] loop0: detected capacity change from 0 to 256
02:37:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

02:37:56 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:56 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:37:56 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  538.739590] loop1: detected capacity change from 0 to 256
02:37:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

02:37:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  538.767093] FAT-fs (loop1): bogus number of FAT sectors
[  538.767557] FAT-fs (loop1): Can't find a valid FAT filesystem
02:37:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 35)

[  538.814572] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  538.817111] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  538.823323] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
02:37:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f00000000c0))

[  538.836900] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:37:56 executing program 6:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:37:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

[  538.892571] FAULT_INJECTION: forcing a failure.
[  538.892571] name failslab, interval 1, probability 0, space 0, times 0
[  538.894375] CPU: 1 UID: 0 PID: 5847 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  538.894405] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  538.894418] Call Trace:
[  538.894426]  <TASK>
[  538.894435]  dump_stack_lvl+0xfa/0x120
[  538.894468]  should_fail_ex+0x4d7/0x5e0
[  538.894509]  ? __kernfs_new_node+0xd3/0x940
[  538.894541]  should_failslab+0xc2/0x120
[  538.894566]  kmem_cache_alloc_noprof+0x80/0x760
[  538.894608]  ? __kernfs_new_node+0xd3/0x940
[  538.894639]  __kernfs_new_node+0xd3/0x940
[  538.894669]  ? __lock_acquire+0x451/0x2250
[  538.894702]  ? __pfx___kernfs_new_node+0x10/0x10
[  538.894739]  ? lock_acquire+0x15e/0x2d0
[  538.894766]  ? kernfs_root+0x23/0x2a0
[  538.894797]  ? find_held_lock+0x2b/0x80
[  538.894836]  ? kernfs_root+0xee/0x2a0
[  538.894867]  ? lock_release+0xc8/0x270
[  538.894893]  ? lock_is_held_type+0x9e/0x120
[  538.894921]  kernfs_new_node+0x13c/0x1e0
[  538.894962]  __kernfs_create_file+0x55/0x360
[  538.894999]  sysfs_add_file_mode_ns+0x21c/0x430
[  538.895033]  ? __pfx_dev_attr_store+0x10/0x10
[  538.895070]  internal_create_group+0x662/0xeb0
[  538.895112]  ? __pfx_internal_create_group+0x10/0x10
[  538.895145]  ? blk_validate_limits+0xe47/0x15d0
[  538.895177]  ? lock_is_held_type+0x9e/0x120
[  538.895202]  loop_configure+0xc46/0x15a0
[  538.895258]  ? __pfx_loop_configure+0x10/0x10
[  538.895306]  ? avc_has_extended_perms+0x107/0xf20
[  538.895334]  ? find_held_lock+0x2b/0x80
[  538.895370]  ? avc_has_extended_perms+0x23b/0xf20
[  538.895397]  ? lock_release+0xc8/0x270
[  538.895428]  lo_ioctl+0x674/0x1cb0
[  538.895465]  ? __pfx_lo_ioctl+0x10/0x10
[  538.895495]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  538.895531]  ? lock_acquire+0x15e/0x2d0
[  538.895559]  ? __virt_addr_valid+0x1c6/0x5d0
[  538.895586]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  538.895619]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  538.895648]  ? lock_release+0xc8/0x270
[  538.895675]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  538.895712]  ? blkdev_common_ioctl+0x1c3/0x2860
[  538.895771]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  538.895807]  ? __fget_files+0x34/0x3b0
[  538.895831]  ? find_held_lock+0x2b/0x80
[  538.895866]  ? __fget_files+0x203/0x3b0
[  538.895891]  ? __pfx_lo_ioctl+0x10/0x10
[  538.895922]  blkdev_ioctl+0x365/0x6d0
[  538.895951]  ? __pfx_blkdev_ioctl+0x10/0x10
[  538.895981]  ? selinux_file_ioctl+0xb9/0x280
[  538.896018]  ? __pfx_blkdev_ioctl+0x10/0x10
[  538.896049]  __x64_sys_ioctl+0x18f/0x210
[  538.896086]  do_syscall_64+0xbf/0x420
[  538.896114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.896138] RIP: 0033:0x7f8c4a31d8d7
[  538.896157] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  538.896179] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  538.896201] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  538.896217] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  538.896230] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  538.896244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  538.896257] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  538.896287]  </TASK>
[  538.921374] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  538.956875] syz_tun: refused to change device tx_queue_len
[  538.988955] loop0: detected capacity change from 0 to 256
02:38:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 36)

02:38:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

02:38:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:06 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)

02:38:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

02:38:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 1)

02:38:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x0, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  549.216910] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  549.220766] loop1: detected capacity change from 0 to 256
[  549.228475] loop0: detected capacity change from 0 to 256
[  549.233025] netlink: 'syz-executor.4': attribute type 63 has an invalid length.
[  549.235760] FAULT_INJECTION: forcing a failure.
[  549.235760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  549.237632] CPU: 0 UID: 0 PID: 5869 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  549.237663] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  549.237677] Call Trace:
[  549.237685]  <TASK>
[  549.237694]  dump_stack_lvl+0xfa/0x120
[  549.237729]  should_fail_ex+0x4d7/0x5e0
[  549.237772]  _copy_from_user+0x30/0xd0
[  549.237812]  copy_msghdr_from_user+0x88/0x150
[  549.237846]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  549.237888]  ? lock_acquire+0x15e/0x2d0
[  549.237923]  ___sys_sendmsg+0xdc/0x1b0
[  549.237955]  ? __pfx____sys_sendmsg+0x10/0x10
[  549.237999]  ? proc_fail_nth_write+0x97/0x220
[  549.238034]  ? lock_acquire+0x15e/0x2d0
[  549.238062]  ? __fget_files+0x34/0x3b0
[  549.238087]  ? find_held_lock+0x2b/0x80
[  549.238124]  ? __fget_files+0x203/0x3b0
[  549.238147]  ? lock_release+0xc8/0x270
[  549.238179]  ? __fget_files+0x20d/0x3b0
[  549.238212]  __sys_sendmsg+0x150/0x200
[  549.238242]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.238278]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  549.238312]  ? ksys_write+0x1a3/0x240
[  549.238335]  ? __pfx_ksys_write+0x10/0x10
[  549.238355]  ? irqentry_exit+0xee/0x650
[  549.238377]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  549.238406]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  549.238443]  do_syscall_64+0xbf/0x420
[  549.238471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.238497] RIP: 0033:0x7f80f610db19
[  549.238515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  549.238538] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.238561] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  549.238576] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  549.238590] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  549.238605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.238619] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  549.238649]  </TASK>
[  549.269312] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  549.284686] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:38:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

02:38:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:06 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)

02:38:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)

[  549.397602] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.7'.
[  549.403045] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  549.423579] netlink: 'syz-executor.4': attribute type 63 has an invalid length.
[  549.443086] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
02:38:07 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:07 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 2)

[  549.477623] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  549.565453] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.7'.
[  549.568024] FAULT_INJECTION: forcing a failure.
[  549.568024] name failslab, interval 1, probability 0, space 0, times 0
[  549.569187] CPU: 1 UID: 0 PID: 5893 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  549.569206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  549.569216] Call Trace:
[  549.569221]  <TASK>
[  549.569227]  dump_stack_lvl+0xfa/0x120
[  549.569251]  should_fail_ex+0x4d7/0x5e0
[  549.569282]  should_failslab+0xc2/0x120
[  549.569300]  kmem_cache_alloc_node_noprof+0x87/0x730
[  549.569323]  ? lock_release+0xc8/0x270
[  549.569344]  ? __alloc_skb+0x159/0x440
[  549.569368]  ? __alloc_skb+0x159/0x440
[  549.569385]  __alloc_skb+0x159/0x440
[  549.569403]  ? __alloc_skb+0x37d/0x440
[  549.569421]  ? __pfx___alloc_skb+0x10/0x10
[  549.569439]  ? netlink_autobind.isra.0+0x158/0x370
[  549.569468]  netlink_alloc_large_skb+0x69/0x150
[  549.569490]  netlink_sendmsg+0x66d/0xd80
[  549.569514]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.569542]  ____sys_sendmsg+0xa38/0xbf0
[  549.569559]  ? copy_msghdr_from_user+0xfb/0x150
[  549.569579]  ? __pfx_____sys_sendmsg+0x10/0x10
[  549.569599]  ? lock_acquire+0x15e/0x2d0
[  549.569620]  ___sys_sendmsg+0x10f/0x1b0
[  549.569641]  ? __pfx____sys_sendmsg+0x10/0x10
[  549.569664]  ? proc_fail_nth_write+0x97/0x220
[  549.569688]  ? lock_acquire+0x15e/0x2d0
[  549.569705]  ? __fget_files+0x34/0x3b0
[  549.569721]  ? find_held_lock+0x2b/0x80
[  549.569745]  ? __fget_files+0x203/0x3b0
[  549.569760]  ? lock_release+0xc8/0x270
[  549.569780]  ? __fget_files+0x20d/0x3b0
[  549.569801]  __sys_sendmsg+0x150/0x200
[  549.569821]  ? __pfx___sys_sendmsg+0x10/0x10
[  549.569847]  ? __pfx_ksys_write+0x10/0x10
[  549.569868]  do_syscall_64+0xbf/0x420
[  549.569887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.569903] RIP: 0033:0x7f80f610db19
[  549.569915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  549.569930] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.569945] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  549.569955] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  549.569964] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  549.569978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.569987] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  549.570007]  </TASK>
[  549.592783] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:38:15 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 3)

02:38:15 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:15 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)

02:38:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 37)

02:38:15 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:15 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:15 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, 0x0)

[  558.158402] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  558.159344] syz_tun: refused to change device tx_queue_len
[  558.171670] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  558.183361] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.7'.
[  558.184438] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:38:15 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 4)

[  558.193206] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  558.200171] loop1: detected capacity change from 0 to 256
[  558.203593] netlink: 'syz-executor.4': attribute type 63 has an invalid length.
02:38:15 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  558.221098] loop0: detected capacity change from 0 to 256
[  558.221555] FAULT_INJECTION: forcing a failure.
[  558.221555] name failslab, interval 1, probability 0, space 0, times 0
[  558.222464] CPU: 0 UID: 0 PID: 5914 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  558.222481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  558.222489] Call Trace:
[  558.222493]  <TASK>
[  558.222499]  dump_stack_lvl+0xfa/0x120
[  558.222519]  should_fail_ex+0x4d7/0x5e0
[  558.222543]  ? kobject_uevent_env+0x23a/0xfd0
[  558.222561]  should_failslab+0xc2/0x120
[  558.222577]  __kmalloc_cache_noprof+0x80/0x730
[  558.222595]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  558.222616]  ? ___ratelimit+0x149/0x940
[  558.222632]  ? kobject_uevent_env+0x23a/0xfd0
[  558.222650]  kobject_uevent_env+0x23a/0xfd0
[  558.222669]  ? __pfx_dev_uevent_name+0x10/0x10
[  558.222686]  ? lock_is_held_type+0x9e/0x120
[  558.222701]  loop_configure+0xe3d/0x15a0
[  558.222731]  ? __pfx_loop_configure+0x10/0x10
[  558.222757]  ? avc_has_extended_perms+0x107/0xf20
[  558.222773]  ? find_held_lock+0x2b/0x80
[  558.222795]  ? avc_has_extended_perms+0x23b/0xf20
[  558.222810]  ? lock_release+0xc8/0x270
[  558.222827]  lo_ioctl+0x674/0x1cb0
[  558.222847]  ? __pfx_lo_ioctl+0x10/0x10
[  558.222864]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  558.222883]  ? lock_acquire+0x15e/0x2d0
[  558.222898]  ? __virt_addr_valid+0x1c6/0x5d0
[  558.222913]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  558.222933]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  558.222949]  ? lock_release+0xc8/0x270
[  558.222963]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  558.222988]  ? blkdev_common_ioctl+0x1c3/0x2860
[  558.223020]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  558.223040]  ? __fget_files+0x34/0x3b0
[  558.223054]  ? find_held_lock+0x2b/0x80
[  558.223074]  ? __fget_files+0x203/0x3b0
[  558.223087]  ? __pfx_lo_ioctl+0x10/0x10
[  558.223104]  blkdev_ioctl+0x365/0x6d0
[  558.223119]  ? __pfx_blkdev_ioctl+0x10/0x10
[  558.223135]  ? selinux_file_ioctl+0xb9/0x280
[  558.223157]  ? __pfx_blkdev_ioctl+0x10/0x10
[  558.223173]  __x64_sys_ioctl+0x18f/0x210
[  558.223195]  do_syscall_64+0xbf/0x420
[  558.223210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.223223] RIP: 0033:0x7f8c4a31d8d7
[  558.223233] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  558.223245] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  558.223258] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  558.223266] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  558.223274] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  558.223281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  558.223289] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  558.223305]  </TASK>
02:38:15 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:15 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  558.263817] FAULT_INJECTION: forcing a failure.
[  558.263817] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.264749] CPU: 0 UID: 0 PID: 5918 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  558.264765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  558.264772] Call Trace:
[  558.264777]  <TASK>
[  558.264781]  dump_stack_lvl+0xfa/0x120
[  558.264796]  should_fail_ex+0x4d7/0x5e0
[  558.264818]  _copy_from_iter+0x27b/0x1610
[  558.264845]  ? lock_acquire+0x15e/0x2d0
[  558.264862]  ? find_held_lock+0x2b/0x80
[  558.264881]  ? __virt_addr_valid+0x2e8/0x5d0
[  558.264896]  ? __pfx__copy_from_iter+0x10/0x10
[  558.264917]  ? __virt_addr_valid+0x100/0x5d0
[  558.264931]  ? __check_object_size+0x5b3/0x980
[  558.264954]  netlink_sendmsg+0x800/0xd80
[  558.264981]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.265005]  ____sys_sendmsg+0xa38/0xbf0
[  558.265019]  ? copy_msghdr_from_user+0xfb/0x150
[  558.265036]  ? __pfx_____sys_sendmsg+0x10/0x10
[  558.265052]  ? lock_acquire+0x15e/0x2d0
[  558.265070]  ___sys_sendmsg+0x10f/0x1b0
[  558.265087]  ? __pfx____sys_sendmsg+0x10/0x10
[  558.265106]  ? proc_fail_nth_write+0x97/0x220
[  558.265125]  ? lock_acquire+0x15e/0x2d0
[  558.265140]  ? __fget_files+0x34/0x3b0
[  558.265153]  ? find_held_lock+0x2b/0x80
[  558.265172]  ? __fget_files+0x203/0x3b0
[  558.265184]  ? lock_release+0xc8/0x270
[  558.265201]  ? __fget_files+0x20d/0x3b0
[  558.265219]  __sys_sendmsg+0x150/0x200
[  558.265235]  ? __pfx___sys_sendmsg+0x10/0x10
[  558.265256]  ? __pfx_ksys_write+0x10/0x10
[  558.265268]  ? irqentry_exit+0xee/0x650
[  558.265280]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  558.265295]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  558.265315]  do_syscall_64+0xbf/0x420
[  558.265330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.265342] RIP: 0033:0x7f80f610db19
[  558.265352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  558.265365] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  558.265377] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  558.265385] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  558.265392] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  558.265400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  558.265407] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  558.265423]  </TASK>
02:38:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  558.355277] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:38:15 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x28, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}]}, 0x28}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 38)

02:38:15 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  558.359322] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  558.405436] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:38:16 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:16 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

[  558.416968] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  558.417877] loop0: detected capacity change from 0 to 256
[  558.435816] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  558.438829] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:38:25 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:25 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 5)

02:38:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

02:38:25 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 39)

02:38:25 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:25 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:25 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 1)

02:38:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  568.304181] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  568.305316] loop0: detected capacity change from 0 to 256
[  568.305861] FAULT_INJECTION: forcing a failure.
[  568.305861] name failslab, interval 1, probability 0, space 0, times 0
[  568.306951] CPU: 0 UID: 0 PID: 5948 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  568.306970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  568.306983] Call Trace:
[  568.306988]  <TASK>
[  568.306994]  dump_stack_lvl+0xfa/0x120
[  568.307016]  should_fail_ex+0x4d7/0x5e0
[  568.307042]  ? kobject_uevent_env+0x23a/0xfd0
[  568.307063]  should_failslab+0xc2/0x120
[  568.307080]  __kmalloc_cache_noprof+0x80/0x730
[  568.307099]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  568.307122]  ? ___ratelimit+0x149/0x940
[  568.307140]  ? kobject_uevent_env+0x23a/0xfd0
[  568.307161]  kobject_uevent_env+0x23a/0xfd0
[  568.307183]  ? __pfx_dev_uevent_name+0x10/0x10
[  568.307204]  ? lock_is_held_type+0x9e/0x120
[  568.307222]  loop_configure+0xe3d/0x15a0
[  568.307258]  ? __pfx_loop_configure+0x10/0x10
[  568.307288]  ? avc_has_extended_perms+0x107/0xf20
[  568.307306]  ? find_held_lock+0x2b/0x80
[  568.307330]  ? avc_has_extended_perms+0x23b/0xf20
[  568.307346]  ? lock_release+0xc8/0x270
[  568.307366]  lo_ioctl+0x674/0x1cb0
[  568.307389]  ? __pfx_lo_ioctl+0x10/0x10
[  568.307409]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  568.307426]  ? __lock_acquire+0x451/0x2250
[  568.307447]  ? update_load_avg+0x153/0x1c90
[  568.307470]  ? __lock_acquire+0x451/0x2250
[  568.307486]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  568.307510]  ? blkdev_common_ioctl+0x1c3/0x2860
[  568.307547]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  568.307570]  ? __fget_files+0x34/0x3b0
[  568.307584]  ? find_held_lock+0x2b/0x80
[  568.307605]  ? __fget_files+0x203/0x3b0
[  568.307621]  ? __pfx_lo_ioctl+0x10/0x10
[  568.307641]  blkdev_ioctl+0x365/0x6d0
[  568.307660]  ? __pfx_blkdev_ioctl+0x10/0x10
[  568.307677]  ? selinux_file_ioctl+0xb9/0x280
[  568.307700]  ? __pfx_blkdev_ioctl+0x10/0x10
[  568.307719]  __x64_sys_ioctl+0x18f/0x210
[  568.307743]  do_syscall_64+0xbf/0x420
[  568.307761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.307777] RIP: 0033:0x7f8c4a31d8d7
[  568.307788] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  568.307801] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  568.307816] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  568.307827] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  568.307836] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  568.307845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  568.307854] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  568.307872]  </TASK>
[  568.330443] FAULT_INJECTION: forcing a failure.
[  568.330443] name failslab, interval 1, probability 0, space 0, times 0
[  568.339906] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  568.343059] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  568.343748] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  568.346679] CPU: 1 UID: 0 PID: 5953 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  568.346711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  568.346724] Call Trace:
[  568.346732]  <TASK>
[  568.346740]  dump_stack_lvl+0xfa/0x120
[  568.346774]  should_fail_ex+0x4d7/0x5e0
[  568.346814]  ? __do_sys_memfd_create+0x1e5/0xa90
[  568.346847]  should_failslab+0xc2/0x120
[  568.346871]  __kmalloc_cache_noprof+0x80/0x730
[  568.346910]  ? __do_sys_memfd_create+0x1e5/0xa90
[  568.346942]  __do_sys_memfd_create+0x1e5/0xa90
[  568.346983]  ? ksys_write+0x1a3/0x240
[  568.347009]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  568.347040]  ? irqentry_exit+0xee/0x650
[  568.347061]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  568.347090]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  568.347126]  do_syscall_64+0xbf/0x420
[  568.347153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.347176] RIP: 0033:0x7f8b014a3b19
[  568.347193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  568.347214] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  568.347236] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  568.347250] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  568.347264] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  568.347277] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  568.347290] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  568.347318]  </TASK>
[  568.374441] syz_tun: refused to change device tx_queue_len
02:38:26 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)

[  568.379112] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
02:38:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  568.400513] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  568.470320] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
02:38:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 40)

02:38:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:35 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:35 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 6)

02:38:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 2)

02:38:35 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:35 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

[  577.518878] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  577.520595] FAULT_INJECTION: forcing a failure.
[  577.520595] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  577.520745] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  577.523622] loop1: detected capacity change from 0 to 256
[  577.530411] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  577.536209] netlink: 'syz-executor.4': attribute type 63 has an invalid length.
[  577.552442] loop0: detected capacity change from 0 to 256
[  577.558465] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  577.559908] CPU: 1 UID: 0 PID: 5978 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  577.559942] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  577.559957] Call Trace:
[  577.559965]  <TASK>
[  577.559982]  dump_stack_lvl+0xfa/0x120
[  577.560017]  should_fail_ex+0x4d7/0x5e0
[  577.560060]  _copy_from_iter+0x27b/0x1610
[  577.560096]  ? lock_acquire+0x15e/0x2d0
[  577.560129]  ? find_held_lock+0x2b/0x80
[  577.560167]  ? __virt_addr_valid+0x2e8/0x5d0
[  577.560194]  ? __pfx__copy_from_iter+0x10/0x10
[  577.560234]  ? __virt_addr_valid+0x100/0x5d0
[  577.560260]  ? __check_object_size+0x5b3/0x980
[  577.560303]  netlink_sendmsg+0x800/0xd80
[  577.560343]  ? __pfx_netlink_sendmsg+0x10/0x10
[  577.560409]  ____sys_sendmsg+0xa38/0xbf0
[  577.560438]  ? copy_msghdr_from_user+0xfb/0x150
[  577.560469]  ? __pfx_____sys_sendmsg+0x10/0x10
[  577.560501]  ? lock_acquire+0x15e/0x2d0
[  577.560532]  ___sys_sendmsg+0x10f/0x1b0
[  577.560563]  ? __pfx____sys_sendmsg+0x10/0x10
[  577.560599]  ? proc_fail_nth_write+0x97/0x220
[  577.560634]  ? lock_acquire+0x15e/0x2d0
[  577.560661]  ? __fget_files+0x34/0x3b0
[  577.560684]  ? find_held_lock+0x2b/0x80
[  577.560720]  ? __fget_files+0x203/0x3b0
[  577.560742]  ? lock_release+0xc8/0x270
[  577.560774]  ? __fget_files+0x20d/0x3b0
[  577.560806]  __sys_sendmsg+0x150/0x200
[  577.560836]  ? __pfx___sys_sendmsg+0x10/0x10
[  577.560877]  ? __pfx_ksys_write+0x10/0x10
[  577.560909]  do_syscall_64+0xbf/0x420
[  577.560936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.560960] RIP: 0033:0x7f80f610db19
[  577.560980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  577.561002] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  577.561025] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  577.561040] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  577.561071] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  577.561085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.561099] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  577.561128]  </TASK>
02:38:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 3)

02:38:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:35 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  577.627341] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  577.636079] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  577.639426] FAULT_INJECTION: forcing a failure.
[  577.639426] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  577.640975] CPU: 0 UID: 0 PID: 5992 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  577.640991] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  577.640999] Call Trace:
[  577.641003]  <TASK>
[  577.641008]  dump_stack_lvl+0xfa/0x120
[  577.641028]  should_fail_ex+0x4d7/0x5e0
[  577.641051]  strncpy_from_user+0x3b/0x2f0
[  577.641077]  __do_sys_memfd_create+0x21e/0xa90
[  577.641097]  ? ksys_write+0x1a3/0x240
[  577.641110]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  577.641126]  ? irqentry_exit+0xee/0x650
[  577.641137]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  577.641154]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  577.641174]  do_syscall_64+0xbf/0x420
[  577.641189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.641202] RIP: 0033:0x7f8b014a3b19
[  577.641212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  577.641223] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  577.641235] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  577.641243] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  577.641250] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  577.641257] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  577.641264] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  577.641279]  </TASK>
02:38:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  577.657097] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:38:35 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:35 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:35 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  577.737651] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  577.743454] netlink: 'syz-executor.4': attribute type 63 has an invalid length.
02:38:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 41)

02:38:35 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 7)

02:38:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 4)

02:38:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  577.803266] FAULT_INJECTION: forcing a failure.
[  577.803266] name failslab, interval 1, probability 0, space 0, times 0
[  577.813463] CPU: 0 UID: 0 PID: 6004 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
02:38:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

[  577.813479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  577.813488] Call Trace:
[  577.813492]  <TASK>
[  577.813497]  dump_stack_lvl+0xfa/0x120
[  577.813518]  should_fail_ex+0x4d7/0x5e0
[  577.813540]  ? shmem_alloc_inode+0x27/0x50
[  577.813554]  should_failslab+0xc2/0x120
[  577.813568]  kmem_cache_alloc_lru_noprof+0x84/0x770
[  577.813591]  ? shmem_alloc_inode+0x27/0x50
[  577.813602]  shmem_alloc_inode+0x27/0x50
[  577.813612]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  577.813623]  alloc_inode+0x67/0x250
[  577.813640]  new_inode+0x1e/0x160
[  577.813657]  __shmem_get_inode+0x17c/0xe80
[  577.813673]  __shmem_file_setup+0x108/0x370
[  577.813688]  __do_sys_memfd_create+0x4cc/0xa90
[  577.813708]  ? ksys_write+0x1a3/0x240
[  577.813720]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  577.813736]  ? irqentry_exit+0xee/0x650
[  577.813747]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  577.813764]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  577.813784]  do_syscall_64+0xbf/0x420
[  577.813799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.813812] RIP: 0033:0x7f8b014a3b19
[  577.813821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  577.813833] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  577.813845] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  577.813853] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  577.813860] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  577.813867] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  577.813875] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  577.813890]  </TASK>
[  577.830068] loop0: detected capacity change from 0 to 256
[  577.830554] FAULT_INJECTION: forcing a failure.
[  577.830554] name failslab, interval 1, probability 0, space 0, times 0
[  577.838021] CPU: 0 UID: 0 PID: 6008 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  577.838038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  577.838044] Call Trace:
[  577.838048]  <TASK>
[  577.838052]  dump_stack_lvl+0xfa/0x120
[  577.838065]  should_fail_ex+0x4d7/0x5e0
[  577.838085]  should_failslab+0xc2/0x120
[  577.838098]  __kmalloc_noprof+0xd6/0x830
[  577.838113]  ? __create_object+0x59/0x80
[  577.838128]  ? kobject_get_path+0xc8/0x200
[  577.838146]  ? kobject_get_path+0xc8/0x200
[  577.838160]  kobject_get_path+0xc8/0x200
[  577.838175]  ? kasan_save_track+0x14/0x30
[  577.838191]  kobject_uevent_env+0x260/0xfd0
[  577.838211]  ? lock_is_held_type+0x9e/0x120
[  577.838224]  loop_configure+0xe3d/0x15a0
[  577.838254]  ? __pfx_loop_configure+0x10/0x10
[  577.838277]  ? avc_has_extended_perms+0x107/0xf20
[  577.838293]  ? find_held_lock+0x2b/0x80
[  577.838312]  ? avc_has_extended_perms+0x23b/0xf20
[  577.838326]  ? lock_release+0xc8/0x270
[  577.838341]  lo_ioctl+0x674/0x1cb0
[  577.838360]  ? __pfx_lo_ioctl+0x10/0x10
[  577.838375]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  577.838393]  ? lock_acquire+0x15e/0x2d0
[  577.838407]  ? __virt_addr_valid+0x1c6/0x5d0
[  577.838422]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  577.838438]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  577.838453]  ? lock_release+0xc8/0x270
[  577.838466]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  577.838486]  ? blkdev_common_ioctl+0x1c3/0x2860
[  577.838517]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  577.838535]  ? __fget_files+0x34/0x3b0
[  577.838547]  ? find_held_lock+0x2b/0x80
[  577.838565]  ? __fget_files+0x203/0x3b0
[  577.838577]  ? __pfx_lo_ioctl+0x10/0x10
[  577.838593]  blkdev_ioctl+0x365/0x6d0
[  577.838608]  ? __pfx_blkdev_ioctl+0x10/0x10
[  577.838623]  ? selinux_file_ioctl+0xb9/0x280
[  577.838629] FAULT_INJECTION: forcing a failure.
[  577.838629] name failslab, interval 1, probability 0, space 0, times 0
[  577.838642]  ? __pfx_blkdev_ioctl+0x10/0x10
[  577.838659]  __x64_sys_ioctl+0x18f/0x210
[  577.838680]  do_syscall_64+0xbf/0x420
[  577.838695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.838707] RIP: 0033:0x7f8c4a31d8d7
[  577.838716] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  577.838728] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  577.838738] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  577.838747] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  577.838754] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  577.838761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  577.838768] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  577.838783]  </TASK>
[  577.904765] CPU: 0 UID: 0 PID: 6007 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  577.904785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  577.904793] Call Trace:
[  577.904797]  <TASK>
[  577.904801]  dump_stack_lvl+0xfa/0x120
[  577.904819]  should_fail_ex+0x4d7/0x5e0
[  577.904839]  ? rtnl_newlink+0xdd/0x1f90
[  577.904856]  should_failslab+0xc2/0x120
[  577.904869]  __kmalloc_cache_noprof+0x80/0x730
[  577.904886]  ? __is_insn_slot_addr+0x140/0x290
[  577.904904]  ? rtnl_newlink+0xdd/0x1f90
[  577.904919]  rtnl_newlink+0xdd/0x1f90
[  577.904937]  ? lock_acquire+0x15e/0x2d0
[  577.904951]  ? __pfx_rtnl_newlink+0x10/0x10
[  577.904965]  ? find_held_lock+0x2b/0x80
[  577.904988]  ? avc_has_perm_noaudit+0x11c/0x390
[  577.905003]  ? lock_release+0xc8/0x270
[  577.905019]  ? avc_has_perm_noaudit+0x141/0x390
[  577.905035]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  577.905064]  ? __lock_acquire+0x451/0x2250
[  577.905078]  ? __is_insn_slot_addr+0xe2/0x290
[  577.905092]  ? kernel_text_address+0x5b/0xc0
[  577.905111]  ? lock_acquire+0x15e/0x2d0
[  577.905124]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  577.905139]  ? find_held_lock+0x2b/0x80
[  577.905156]  ? __pfx_rtnl_newlink+0x10/0x10
[  577.905170]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  577.905185]  ? lock_release+0xc8/0x270
[  577.905199]  ? __pfx_rtnl_newlink+0x10/0x10
[  577.905214]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  577.905230]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  577.905250]  ? __lock_acquire+0x451/0x2250
[  577.905267]  netlink_rcv_skb+0x147/0x430
[  577.905285]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  577.905301]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  577.905316]  ? netlink_deliver_tap+0x103/0xcb0
[  577.905337]  ? netlink_deliver_tap+0x1af/0xcb0
[  577.905355]  netlink_unicast+0x5a7/0x870
[  577.905373]  ? __pfx_netlink_unicast+0x10/0x10
[  577.905389]  ? __virt_addr_valid+0x100/0x5d0
[  577.905408]  netlink_sendmsg+0x8a3/0xd80
[  577.905426]  ? __pfx_netlink_sendmsg+0x10/0x10
[  577.905448]  ____sys_sendmsg+0xa38/0xbf0
[  577.905462]  ? copy_msghdr_from_user+0xfb/0x150
[  577.905478]  ? __pfx_____sys_sendmsg+0x10/0x10
[  577.905493]  ? lock_acquire+0x15e/0x2d0
[  577.905509]  ___sys_sendmsg+0x10f/0x1b0
[  577.905525]  ? __pfx____sys_sendmsg+0x10/0x10
[  577.905543]  ? proc_fail_nth_write+0x97/0x220
[  577.905561]  ? lock_acquire+0x15e/0x2d0
[  577.905575]  ? __fget_files+0x34/0x3b0
[  577.905587]  ? find_held_lock+0x2b/0x80
[  577.905604]  ? __fget_files+0x203/0x3b0
[  577.905616]  ? lock_release+0xc8/0x270
[  577.905632]  ? __fget_files+0x20d/0x3b0
[  577.905648]  __sys_sendmsg+0x150/0x200
[  577.905664]  ? __pfx___sys_sendmsg+0x10/0x10
[  577.905684]  ? __pfx_ksys_write+0x10/0x10
[  577.905695]  ? irqentry_exit+0xee/0x650
[  577.905706]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  577.905721]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  577.905740]  do_syscall_64+0xbf/0x420
[  577.905754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.905766] RIP: 0033:0x7f80f610db19
[  577.905776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  577.905787] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  577.905799] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  577.905807] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  577.905813] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  577.905820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.905828] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  577.905843]  </TASK>
02:38:45 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 8)

02:38:45 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 42)

02:38:45 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 5)

02:38:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:45 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:45 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  587.983280] validate_nla: 5 callbacks suppressed
[  587.983301] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  587.986650] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  587.988619] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  587.992213] syz_tun: refused to change device tx_queue_len
[  587.993796] loop0: detected capacity change from 0 to 256
[  587.994730] loop1: detected capacity change from 0 to 256
[  587.998701] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  588.003223] netlink: 'syz-executor.5': attribute type 63 has an invalid length.
[  588.009485] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  588.021131] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:38:45 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:45 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 9)

[  588.168963] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  588.170251] FAULT_INJECTION: forcing a failure.
[  588.170251] name failslab, interval 1, probability 0, space 0, times 0
[  588.175445] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  588.181698] CPU: 1 UID: 0 PID: 6039 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  588.181731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  588.181744] Call Trace:
[  588.181753]  <TASK>
[  588.181761]  dump_stack_lvl+0xfa/0x120
[  588.181797]  should_fail_ex+0x4d7/0x5e0
[  588.181837]  should_failslab+0xc2/0x120
[  588.181862]  kmem_cache_alloc_node_noprof+0x87/0x730
[  588.181897]  ? mark_held_locks+0x49/0x80
[  588.181924]  ? __alloc_skb+0x159/0x440
[  588.181965]  ? __alloc_skb+0x159/0x440
[  588.182011]  __alloc_skb+0x159/0x440
[  588.182037]  ? __alloc_skb+0x37d/0x440
[  588.182064]  ? __pfx___alloc_skb+0x10/0x10
[  588.182092]  ? rtnl_prop_list_size+0x144/0x2c0
[  588.182122]  ? if_nlmsg_size+0x45a/0xae0
[  588.182152]  rtmsg_ifinfo_build_skb+0x82/0x290
[  588.182189]  rtnetlink_event+0xfd/0x200
[  588.182222]  notifier_call_chain+0xc0/0x320
[  588.182251]  ? __pfx___dev_notify_flags+0x10/0x10
[  588.182276]  ? __dev_change_flags+0x4cd/0x6b0
[  588.182305]  call_netdevice_notifiers_info+0xbe/0x110
[  588.182341]  netif_change_tx_queue_len+0x128/0x1e0
[  588.182369]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  588.182401]  ? netif_change_flags+0x10e/0x170
[  588.182431]  do_setlink.constprop.0+0xbc1/0x3e00
[  588.182470]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  588.182498]  ? __lock_acquire+0x451/0x2250
[  588.182531]  ? __lock_acquire+0x451/0x2250
[  588.182561]  ? find_held_lock+0x2b/0x80
[  588.182600]  ? lock_acquire+0x15e/0x2d0
[  588.182626]  ? rtnl_newlink+0x87d/0x1f90
[  588.182662]  ? __mutex_lock+0x9da/0x2380
[  588.182688]  ? rtnl_newlink+0x87d/0x1f90
[  588.182718]  ? __pfx___mutex_lock+0x10/0x10
[  588.182745]  ? security_capable+0x2f/0x90
[  588.182781]  ? ns_capable+0x20/0x120
[  588.182816]  ? netlink_ns_capable+0x101/0x140
[  588.182848]  rtnl_newlink+0x1501/0x1f90
[  588.182885]  ? __pfx_rtnl_newlink+0x10/0x10
[  588.182910]  ? find_held_lock+0x2b/0x80
[  588.182944]  ? avc_has_perm_noaudit+0x11c/0x390
[  588.182983]  ? lock_release+0xc8/0x270
[  588.183030]  ? avc_has_perm_noaudit+0x141/0x390
[  588.183069]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  588.183109]  ? __lock_acquire+0x451/0x2250
[  588.183135]  ? __is_insn_slot_addr+0xe2/0x290
[  588.183163]  ? kernel_text_address+0x5b/0xc0
[  588.183195]  ? lock_acquire+0x15e/0x2d0
[  588.183221]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  588.183249]  ? find_held_lock+0x2b/0x80
[  588.183281]  ? __pfx_rtnl_newlink+0x10/0x10
[  588.183307]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  588.183335]  ? lock_release+0xc8/0x270
[  588.183361]  ? __pfx_rtnl_newlink+0x10/0x10
[  588.183391]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  588.183421]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  588.183459]  ? __lock_acquire+0x451/0x2250
[  588.183489]  netlink_rcv_skb+0x147/0x430
[  588.183520]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  588.183551]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  588.183581]  ? netlink_deliver_tap+0x103/0xcb0
[  588.183619]  ? netlink_deliver_tap+0x1af/0xcb0
[  588.183653]  netlink_unicast+0x5a7/0x870
[  588.183687]  ? __pfx_netlink_unicast+0x10/0x10
[  588.183718]  ? __virt_addr_valid+0x100/0x5d0
[  588.183751]  netlink_sendmsg+0x8a3/0xd80
[  588.183786]  ? __pfx_netlink_sendmsg+0x10/0x10
[  588.183827]  ____sys_sendmsg+0xa38/0xbf0
[  588.183851]  ? copy_msghdr_from_user+0xfb/0x150
[  588.183880]  ? __pfx_____sys_sendmsg+0x10/0x10
[  588.183910]  ? lock_acquire+0x15e/0x2d0
[  588.183940]  ___sys_sendmsg+0x10f/0x1b0
[  588.183983]  ? __pfx____sys_sendmsg+0x10/0x10
[  588.184024]  ? proc_fail_nth_write+0x97/0x220
[  588.184056]  ? lock_acquire+0x15e/0x2d0
[  588.184082]  ? __fget_files+0x34/0x3b0
[  588.184104]  ? find_held_lock+0x2b/0x80
[  588.184139]  ? __fget_files+0x203/0x3b0
[  588.184160]  ? lock_release+0xc8/0x270
[  588.184190]  ? __fget_files+0x20d/0x3b0
[  588.184222]  __sys_sendmsg+0x150/0x200
[  588.184250]  ? __pfx___sys_sendmsg+0x10/0x10
[  588.184288]  ? __pfx_ksys_write+0x10/0x10
[  588.184308]  ? irqentry_exit+0xee/0x650
[  588.184328]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  588.184356]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  588.184391]  do_syscall_64+0xbf/0x420
[  588.184417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.184440] RIP: 0033:0x7f80f610db19
[  588.184459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  588.184479] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  588.184501] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  588.184516] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  588.184529] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  588.184542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.184555] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  588.184583]  </TASK>
[  588.256287] syz_tun: refused to change device tx_queue_len
02:38:56 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 10)

02:38:56 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:38:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 6)

02:38:56 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 43)

02:38:56 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  598.680553] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  598.685759] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  598.687609] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  598.690552] FAULT_INJECTION: forcing a failure.
[  598.690552] name failslab, interval 1, probability 0, space 0, times 0
[  598.691882] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  598.696246] netlink: 'syz-executor.5': attribute type 63 has an invalid length.
[  598.699475] CPU: 0 UID: 0 PID: 6059 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  598.699507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  598.699521] Call Trace:
[  598.699528]  <TASK>
[  598.699536]  dump_stack_lvl+0xfa/0x120
[  598.699568]  should_fail_ex+0x4d7/0x5e0
[  598.699608]  ? security_inode_alloc+0x3e/0x130
[  598.699642]  should_failslab+0xc2/0x120
[  598.699667]  kmem_cache_alloc_noprof+0x80/0x760
[  598.699699]  ? __pfx_map_id_range_down+0x10/0x10
[  598.699730]  ? __create_object+0x59/0x80
[  598.699764]  ? security_inode_alloc+0x3e/0x130
[  598.699797]  security_inode_alloc+0x3e/0x130
[  598.699834]  inode_init_always_gfp+0xc9d/0xff0
[  598.699862]  alloc_inode+0x8d/0x250
[  598.699893]  new_inode+0x1e/0x160
[  598.699924]  __shmem_get_inode+0x17c/0xe80
[  598.699955]  __shmem_file_setup+0x108/0x370
[  598.699994]  __do_sys_memfd_create+0x4cc/0xa90
[  598.700028]  ? ksys_write+0x1a3/0x240
[  598.700049]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  598.700081]  ? irqentry_exit+0xee/0x650
[  598.700101]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  598.700130]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  598.700166]  do_syscall_64+0xbf/0x420
[  598.700193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.700216] RIP: 0033:0x7f8b014a3b19
[  598.700234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  598.700255] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  598.700277] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  598.700292] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  598.700305] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  598.700319] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  598.700332] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  598.700361]  </TASK>
[  598.702588] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  598.718522] loop0: detected capacity change from 0 to 256
[  598.720210] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  598.745876] FAULT_INJECTION: forcing a failure.
[  598.745876] name failslab, interval 1, probability 0, space 0, times 0
[  598.747446] CPU: 1 UID: 0 PID: 6063 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  598.747474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  598.747487] Call Trace:
[  598.747494]  <TASK>
[  598.747503]  dump_stack_lvl+0xfa/0x120
[  598.747535]  should_fail_ex+0x4d7/0x5e0
[  598.747574]  should_failslab+0xc2/0x120
[  598.747601]  kmem_cache_alloc_node_noprof+0x87/0x730
[  598.747635]  ? mark_held_locks+0x49/0x80
[  598.747663]  ? __alloc_skb+0x159/0x440
[  598.747697]  ? __alloc_skb+0x159/0x440
[  598.747721]  __alloc_skb+0x159/0x440
[  598.747746]  ? __alloc_skb+0x37d/0x440
[  598.747772]  ? __pfx___alloc_skb+0x10/0x10
[  598.747800]  ? rtnl_prop_list_size+0x144/0x2c0
[  598.747829]  ? if_nlmsg_size+0x45a/0xae0
[  598.747859]  rtmsg_ifinfo_build_skb+0x82/0x290
[  598.747896]  rtnetlink_event+0xfd/0x200
[  598.747930]  notifier_call_chain+0xc0/0x320
[  598.747958]  ? __pfx___dev_notify_flags+0x10/0x10
[  598.747989]  ? __dev_change_flags+0x4cd/0x6b0
[  598.748017]  call_netdevice_notifiers_info+0xbe/0x110
[  598.748054]  netif_change_tx_queue_len+0x128/0x1e0
[  598.748082]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  598.748113]  ? netif_change_flags+0x10e/0x170
[  598.748142]  do_setlink.constprop.0+0xbc1/0x3e00
[  598.748179]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  598.748206]  ? __lock_acquire+0x451/0x2250
[  598.748239]  ? __lock_acquire+0x451/0x2250
[  598.748268]  ? find_held_lock+0x2b/0x80
[  598.748305]  ? lock_acquire+0x15e/0x2d0
[  598.748330]  ? rtnl_newlink+0x87d/0x1f90
[  598.748366]  ? __mutex_lock+0x9da/0x2380
[  598.748390]  ? rtnl_newlink+0x87d/0x1f90
[  598.748419]  ? __pfx___mutex_lock+0x10/0x10
[  598.748446]  ? security_capable+0x2f/0x90
[  598.748479]  ? ns_capable+0x20/0x120
[  598.748513]  ? netlink_ns_capable+0x101/0x140
[  598.748544]  rtnl_newlink+0x1501/0x1f90
[  598.748579]  ? __pfx_rtnl_newlink+0x10/0x10
[  598.748603]  ? find_held_lock+0x2b/0x80
[  598.748636]  ? avc_has_perm_noaudit+0x11c/0x390
[  598.748661]  ? lock_release+0xc8/0x270
[  598.748690]  ? avc_has_perm_noaudit+0x141/0x390
[  598.748719]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  598.748758]  ? __lock_acquire+0x451/0x2250
[  598.748783]  ? __is_insn_slot_addr+0xe2/0x290
[  598.748810]  ? kernel_text_address+0x5b/0xc0
[  598.748842]  ? lock_acquire+0x15e/0x2d0
[  598.748866]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  598.748893]  ? find_held_lock+0x2b/0x80
[  598.748925]  ? __pfx_rtnl_newlink+0x10/0x10
[  598.748950]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  598.748977]  ? lock_release+0xc8/0x270
[  598.749002]  ? __pfx_rtnl_newlink+0x10/0x10
[  598.749030]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  598.749060]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  598.749096]  ? __lock_acquire+0x451/0x2250
[  598.749125]  netlink_rcv_skb+0x147/0x430
[  598.749154]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  598.749184]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  598.749212]  ? netlink_deliver_tap+0x103/0xcb0
[  598.749248]  ? netlink_deliver_tap+0x1af/0xcb0
[  598.749282]  netlink_unicast+0x5a7/0x870
[  598.749326]  ? __pfx_netlink_unicast+0x10/0x10
[  598.749355]  ? __virt_addr_valid+0x100/0x5d0
[  598.749388]  netlink_sendmsg+0x8a3/0xd80
[  598.749421]  ? __pfx_netlink_sendmsg+0x10/0x10
[  598.749462]  ____sys_sendmsg+0xa38/0xbf0
[  598.749485]  ? copy_msghdr_from_user+0xfb/0x150
[  598.749513]  ? __pfx_____sys_sendmsg+0x10/0x10
[  598.749541]  ? lock_acquire+0x15e/0x2d0
[  598.749570]  ___sys_sendmsg+0x10f/0x1b0
[  598.749598]  ? __pfx____sys_sendmsg+0x10/0x10
[  598.749631]  ? proc_fail_nth_write+0x97/0x220
[  598.749662]  ? lock_acquire+0x15e/0x2d0
[  598.749687]  ? __fget_files+0x34/0x3b0
[  598.749708]  ? find_held_lock+0x2b/0x80
[  598.749741]  ? __fget_files+0x203/0x3b0
[  598.749761]  ? lock_release+0xc8/0x270
[  598.749790]  ? __fget_files+0x20d/0x3b0
[  598.749820]  __sys_sendmsg+0x150/0x200
[  598.749847]  ? __pfx___sys_sendmsg+0x10/0x10
[  598.749884]  ? __pfx_ksys_write+0x10/0x10
[  598.749914]  do_syscall_64+0xbf/0x420
[  598.749939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.749961] RIP: 0033:0x7f80f610db19
[  598.749978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  598.749997] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  598.750018] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  598.750032] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  598.750044] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  598.750057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  598.750069] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  598.750097]  </TASK>
02:38:56 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:38:56 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:38:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  598.865224] syz_tun: refused to change device tx_queue_len
02:38:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 7)

[  598.896857] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:38:56 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 11)

[  598.903374] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  598.909524] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  598.911607] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
[  598.953407] syz_tun: refused to change device tx_queue_len
02:38:56 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x4, 0xd}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:56 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  598.995105] loop1: detected capacity change from 0 to 256
02:38:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 44)

02:38:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:38:56 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

[  599.070362] loop0: detected capacity change from 0 to 256
[  599.096645] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
02:39:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 8)

02:39:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 45)

02:39:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 12)

02:39:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:39:06 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:39:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  608.741872] FAULT_INJECTION: forcing a failure.
[  608.741872] name failslab, interval 1, probability 0, space 0, times 0
[  608.743540] CPU: 0 UID: 0 PID: 6100 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  608.743567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  608.743579] Call Trace:
[  608.743586]  <TASK>
[  608.743594]  dump_stack_lvl+0xfa/0x120
[  608.743623]  should_fail_ex+0x4d7/0x5e0
[  608.743659]  ? __d_alloc+0x34/0x9c0
[  608.743682]  should_failslab+0xc2/0x120
[  608.743705]  kmem_cache_alloc_lru_noprof+0x84/0x770
[  608.743736]  ? find_held_lock+0x2b/0x80
[  608.743778]  ? __d_alloc+0x34/0x9c0
[  608.743799]  __d_alloc+0x34/0x9c0
[  608.743822]  ? mpol_shared_policy_init+0x24f/0x390
[  608.743860]  d_alloc_pseudo+0x1d/0xc0
[  608.743891]  alloc_file_pseudo+0xbe/0x220
[  608.743920]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  608.743947]  ? __shmem_get_inode+0x684/0xe80
[  608.743983]  __shmem_file_setup+0x1a8/0x370
[  608.744011]  __do_sys_memfd_create+0x4cc/0xa90
[  608.744043]  ? ksys_write+0x1a3/0x240
[  608.744062]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  608.744093]  ? irqentry_exit+0xee/0x650
[  608.744113]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  608.744140]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  608.744174]  do_syscall_64+0xbf/0x420
[  608.744199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.744221] RIP: 0033:0x7f8b014a3b19
[  608.744238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  608.744258] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  608.744278] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  608.744292] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  608.744306] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  608.744319] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  608.744331] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  608.744358]  </TASK>
[  608.771671] validate_nla: 5 callbacks suppressed
[  608.771688] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  608.783604] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  608.785947] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  608.786937] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  608.789502] syz_tun: refused to change device tx_queue_len
[  608.790342] loop0: detected capacity change from 0 to 256
[  608.791279] FAULT_INJECTION: forcing a failure.
[  608.791279] name failslab, interval 1, probability 0, space 0, times 0
[  608.808593] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
02:39:06 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

[  608.816082] CPU: 0 UID: 0 PID: 6104 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  608.816114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  608.816126] Call Trace:
[  608.816134]  <TASK>
[  608.816142]  dump_stack_lvl+0xfa/0x120
[  608.816173]  should_fail_ex+0x4d7/0x5e0
[  608.816210]  ? skb_clone+0x191/0x400
[  608.816238]  should_failslab+0xc2/0x120
[  608.816262]  kmem_cache_alloc_noprof+0x80/0x760
[  608.816292]  ? netlink_broadcast_filtered+0xe6/0xe90
[  608.816329]  ? skb_clone+0x191/0x400
[  608.816355]  skb_clone+0x191/0x400
[  608.816385]  netlink_broadcast_filtered+0xab1/0xe90
[  608.816426]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  608.816464]  netlink_broadcast+0x39/0x50
[  608.816494]  kobject_uevent_env+0xa88/0xfd0
[  608.816530]  ? lock_is_held_type+0x9e/0x120
[  608.816555]  loop_configure+0xe3d/0x15a0
[  608.816608]  ? __pfx_loop_configure+0x10/0x10
[  608.816653]  ? avc_has_extended_perms+0x107/0xf20
[  608.816679]  ? find_held_lock+0x2b/0x80
[  608.816714]  ? avc_has_extended_perms+0x23b/0xf20
[  608.816739]  ? lock_release+0xc8/0x270
[  608.816769]  lo_ioctl+0x674/0x1cb0
[  608.816803]  ? __pfx_lo_ioctl+0x10/0x10
[  608.816832]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  608.816865]  ? lock_acquire+0x15e/0x2d0
[  608.816891]  ? __virt_addr_valid+0x1c6/0x5d0
[  608.816916]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  608.816947]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  608.816983]  ? lock_release+0xc8/0x270
[  608.817008]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  608.817043]  ? blkdev_common_ioctl+0x1c3/0x2860
[  608.817098]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  608.817132]  ? __fget_files+0x34/0x3b0
[  608.817155]  ? find_held_lock+0x2b/0x80
[  608.817188]  ? __fget_files+0x203/0x3b0
[  608.817211]  ? __pfx_lo_ioctl+0x10/0x10
[  608.817240]  blkdev_ioctl+0x365/0x6d0
[  608.817267]  ? __pfx_blkdev_ioctl+0x10/0x10
[  608.817294]  ? selinux_file_ioctl+0xb9/0x280
[  608.817330]  ? __pfx_blkdev_ioctl+0x10/0x10
[  608.817363]  __x64_sys_ioctl+0x18f/0x210
[  608.817398]  do_syscall_64+0xbf/0x420
[  608.817435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.817458] RIP: 0033:0x7f8c4a31d8d7
[  608.817475] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  608.817495] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  608.817517] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  608.817531] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  608.817544] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  608.817557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  608.817569] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  608.817597]  </TASK>
[  608.844281] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:39:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 13)

[  608.910208] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  608.911654] syz_tun: refused to change device tx_queue_len
02:39:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 9)

02:39:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:06 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:06 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 14)

02:39:06 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:06 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)

02:39:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:39:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 46)

[  609.026600] loop1: detected capacity change from 0 to 256
[  609.063139] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  609.073558] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  609.080444] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  609.089795] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  609.094892] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  609.100371] syz_tun: refused to change device tx_queue_len
[  609.144383] loop0: detected capacity change from 0 to 256
02:39:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 47)

02:39:15 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 10)

02:39:15 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:39:15 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 1)

02:39:15 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:39:15 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:15 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 15)

[  618.331242] validate_nla: 1 callbacks suppressed
[  618.331256] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:39:15 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

[  618.344828] FAULT_INJECTION: forcing a failure.
[  618.344828] name failslab, interval 1, probability 0, space 0, times 0
[  618.345757] CPU: 0 UID: 0 PID: 6146 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  618.345773] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  618.345780] Call Trace:
[  618.345784]  <TASK>
[  618.345789]  dump_stack_lvl+0xfa/0x120
[  618.345808]  should_fail_ex+0x4d7/0x5e0
[  618.345831]  ? alloc_empty_file+0x58/0x1e0
[  618.345846]  should_failslab+0xc2/0x120
[  618.345861]  kmem_cache_alloc_noprof+0x80/0x760
[  618.345879]  ? d_instantiate+0x92/0xb0
[  618.345897]  ? alloc_empty_file+0x58/0x1e0
[  618.345910]  ? _raw_spin_unlock+0x1e/0x40
[  618.345927]  alloc_empty_file+0x58/0x1e0
[  618.345942]  alloc_file_pseudo+0x12b/0x220
[  618.345957]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  618.345981]  __shmem_file_setup+0x1a8/0x370
[  618.345998]  __do_sys_memfd_create+0x4cc/0xa90
[  618.346016]  ? ksys_write+0x1a3/0x240
[  618.346027]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  618.346044]  ? irqentry_exit+0xee/0x650
[  618.346055]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  618.346071]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  618.346091]  do_syscall_64+0xbf/0x420
[  618.346106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.346119] RIP: 0033:0x7f8b014a3b19
[  618.346128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  618.346139] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  618.346151] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  618.346159] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  618.346166] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  618.346173] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  618.346179] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  618.346194]  </TASK>
[  618.362535] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  618.387803] FAULT_INJECTION: forcing a failure.
[  618.387803] name fail_usercopy, interval 1, probability 0, space 0, times 0
02:39:16 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  618.394627] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  618.395456] CPU: 0 UID: 0 PID: 6154 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  618.395472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  618.395479] Call Trace:
[  618.395483]  <TASK>
[  618.395487]  dump_stack_lvl+0xfa/0x120
[  618.395503]  should_fail_ex+0x4d7/0x5e0
[  618.395523]  _copy_from_user+0x30/0xd0
[  618.395543]  copy_msghdr_from_user+0x88/0x150
[  618.395561]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  618.395581]  ? lock_acquire+0x15e/0x2d0
[  618.395598]  ___sys_sendmsg+0xdc/0x1b0
[  618.395614]  ? __pfx____sys_sendmsg+0x10/0x10
[  618.395632]  ? proc_fail_nth_write+0x97/0x220
[  618.395650]  ? lock_acquire+0x15e/0x2d0
[  618.395664]  ? __fget_files+0x34/0x3b0
[  618.395676]  ? find_held_lock+0x2b/0x80
[  618.395695]  ? __fget_files+0x203/0x3b0
[  618.395706]  ? lock_release+0xc8/0x270
[  618.395722]  ? __fget_files+0x20d/0x3b0
[  618.395739]  __sys_sendmsg+0x150/0x200
[  618.395754]  ? __pfx___sys_sendmsg+0x10/0x10
[  618.395771]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  618.395788]  ? ksys_write+0x1a3/0x240
[  618.395798]  ? __pfx_ksys_write+0x10/0x10
[  618.395808]  ? irqentry_exit+0xee/0x650
[  618.395819]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  618.395834]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  618.395852]  do_syscall_64+0xbf/0x420
[  618.395866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.395878] RIP: 0033:0x7fc23f4feb19
[  618.395887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  618.395898] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  618.395909] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  618.395917] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  618.395924] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  618.395931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  618.395938] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  618.395953]  </TASK>
[  618.403814] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  618.423755] loop0: detected capacity change from 0 to 256
[  618.431684] netlink: 'syz-executor.5': attribute type 63 has an invalid length.
[  618.442742] FAULT_INJECTION: forcing a failure.
[  618.442742] name failslab, interval 1, probability 0, space 0, times 0
[  618.447494] CPU: 1 UID: 0 PID: 6157 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  618.447525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  618.447538] Call Trace:
[  618.447545]  <TASK>
[  618.447553]  dump_stack_lvl+0xfa/0x120
[  618.447585]  should_fail_ex+0x4d7/0x5e0
[  618.447624]  ? skb_clone+0x191/0x400
[  618.447652]  should_failslab+0xc2/0x120
[  618.447676]  kmem_cache_alloc_noprof+0x80/0x760
[  618.447706]  ? netlink_broadcast_filtered+0xe6/0xe90
[  618.447742]  ? skb_clone+0x191/0x400
[  618.447769]  skb_clone+0x191/0x400
[  618.447799]  netlink_broadcast_filtered+0xab1/0xe90
[  618.447840]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  618.447878]  netlink_broadcast+0x39/0x50
[  618.447908]  kobject_uevent_env+0xa88/0xfd0
[  618.447944]  ? lock_is_held_type+0x9e/0x120
[  618.447977]  loop_configure+0xe3d/0x15a0
[  618.448029]  ? __pfx_loop_configure+0x10/0x10
[  618.448074]  ? avc_has_extended_perms+0x107/0xf20
[  618.448101]  ? find_held_lock+0x2b/0x80
[  618.448136]  ? avc_has_extended_perms+0x23b/0xf20
[  618.448161]  ? lock_release+0xc8/0x270
[  618.448190]  lo_ioctl+0x674/0x1cb0
[  618.448225]  ? __pfx_lo_ioctl+0x10/0x10
[  618.448253]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  618.448277]  ? __lock_acquire+0x451/0x2250
[  618.448307]  ? update_load_avg+0x153/0x1c90
[  618.448342]  ? __lock_acquire+0x451/0x2250
[  618.448367]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  618.448402]  ? blkdev_common_ioctl+0x1c3/0x2860
[  618.448457]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  618.448491]  ? __fget_files+0x34/0x3b0
[  618.448513]  ? find_held_lock+0x2b/0x80
[  618.448546]  ? __fget_files+0x203/0x3b0
[  618.448569]  ? __pfx_lo_ioctl+0x10/0x10
[  618.448598]  blkdev_ioctl+0x365/0x6d0
[  618.448624]  ? __pfx_blkdev_ioctl+0x10/0x10
[  618.448652]  ? selinux_file_ioctl+0xb9/0x280
[  618.448687]  ? __pfx_blkdev_ioctl+0x10/0x10
[  618.448716]  __x64_sys_ioctl+0x18f/0x210
[  618.448755]  do_syscall_64+0xbf/0x420
[  618.448780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.448803] RIP: 0033:0x7f8c4a31d8d7
[  618.448821] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  618.448841] RSP: 002b:00007f8c47892f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  618.448862] RAX: ffffffffffffffda RBX: 00007f8c4a367970 RCX: 00007f8c4a31d8d7
[  618.448877] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  618.448889] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  618.448902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  618.448914] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  618.448942]  </TASK>
[  618.451142] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  618.478490] FAULT_INJECTION: forcing a failure.
[  618.478490] name failslab, interval 1, probability 0, space 0, times 0
[  618.480239] CPU: 0 UID: 0 PID: 6156 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  618.480256] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  618.480263] Call Trace:
[  618.480268]  <TASK>
[  618.480272]  dump_stack_lvl+0xfa/0x120
[  618.480292]  should_fail_ex+0x4d7/0x5e0
[  618.480314]  should_failslab+0xc2/0x120
[  618.480330]  __kmalloc_noprof+0xd6/0x830
[  618.480347]  ? lock_is_held_type+0x9e/0x120
[  618.480361]  ? tun_device_event+0x185/0x1120
[  618.480376]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  618.480399]  ? tun_device_event+0x185/0x1120
[  618.480412]  tun_device_event+0x185/0x1120
[  618.480426]  ? __pfx_inetdev_event+0x10/0x10
[  618.480446]  ? lock_is_held_type+0x9e/0x120
[  618.480457]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  618.480474]  ? cfg80211_netdev_notifier_call+0x398/0xe90
[  618.480488]  ? igmp_netdev_event+0x35/0x7f0
[  618.480503]  ? ipmr_device_event+0x196/0x200
[  618.480521]  notifier_call_chain+0xc0/0x320
[  618.480537]  ? __pfx___dev_notify_flags+0x10/0x10
[  618.480552]  ? __dev_change_flags+0x4cd/0x6b0
[  618.480569]  call_netdevice_notifiers_info+0xbe/0x110
[  618.480588]  netif_change_tx_queue_len+0x128/0x1e0
[  618.480603]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  618.480620]  ? netif_change_flags+0x10e/0x170
[  618.480636]  do_setlink.constprop.0+0xbc1/0x3e00
[  618.480658]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  618.480673]  ? __lock_acquire+0x451/0x2250
[  618.480693]  ? __lock_acquire+0x451/0x2250
[  618.480710]  ? find_held_lock+0x2b/0x80
[  618.480731]  ? lock_acquire+0x15e/0x2d0
[  618.480745]  ? rtnl_newlink+0x87d/0x1f90
[  618.480765]  ? __mutex_lock+0x9da/0x2380
[  618.480779]  ? rtnl_newlink+0x87d/0x1f90
[  618.480794]  ? __pfx___mutex_lock+0x10/0x10
[  618.480809]  ? security_capable+0x2f/0x90
[  618.480829]  ? ns_capable+0x20/0x120
[  618.480848]  ? netlink_ns_capable+0x101/0x140
[  618.480867]  rtnl_newlink+0x1501/0x1f90
[  618.480886]  ? __pfx_rtnl_newlink+0x10/0x10
[  618.480900]  ? find_held_lock+0x2b/0x80
[  618.480917]  ? avc_has_perm_noaudit+0x11c/0x390
[  618.480933]  ? lock_release+0xc8/0x270
[  618.480950]  ? avc_has_perm_noaudit+0x141/0x390
[  618.480965]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  618.480992]  ? __lock_acquire+0x451/0x2250
[  618.481006]  ? __is_insn_slot_addr+0xe2/0x290
[  618.481021]  ? kernel_text_address+0x5b/0xc0
[  618.481038]  ? lock_acquire+0x15e/0x2d0
[  618.481052]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  618.481067]  ? find_held_lock+0x2b/0x80
[  618.481084]  ? __pfx_rtnl_newlink+0x10/0x10
[  618.481098]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  618.481113]  ? lock_release+0xc8/0x270
[  618.481127]  ? __pfx_rtnl_newlink+0x10/0x10
[  618.481142]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  618.481158]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  618.481179]  ? __lock_acquire+0x451/0x2250
[  618.481195]  netlink_rcv_skb+0x147/0x430
[  618.481212]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  618.481228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  618.481243]  ? netlink_deliver_tap+0x103/0xcb0
[  618.481264]  ? netlink_deliver_tap+0x1af/0xcb0
[  618.481282]  netlink_unicast+0x5a7/0x870
[  618.481300]  ? __pfx_netlink_unicast+0x10/0x10
[  618.481316]  ? __virt_addr_valid+0x100/0x5d0
[  618.481335]  netlink_sendmsg+0x8a3/0xd80
[  618.481353]  ? __pfx_netlink_sendmsg+0x10/0x10
[  618.481375]  ____sys_sendmsg+0xa38/0xbf0
[  618.481388]  ? copy_msghdr_from_user+0xfb/0x150
[  618.481404]  ? __pfx_____sys_sendmsg+0x10/0x10
[  618.481419]  ? lock_acquire+0x15e/0x2d0
[  618.481435]  ___sys_sendmsg+0x10f/0x1b0
[  618.481451]  ? __pfx____sys_sendmsg+0x10/0x10
[  618.481469]  ? proc_fail_nth_write+0x97/0x220
[  618.481486]  ? lock_acquire+0x15e/0x2d0
[  618.481500]  ? __fget_files+0x34/0x3b0
[  618.481522]  ? find_held_lock+0x2b/0x80
[  618.481540]  ? __fget_files+0x203/0x3b0
[  618.481551]  ? lock_release+0xc8/0x270
[  618.481567]  ? __fget_files+0x20d/0x3b0
[  618.481583]  __sys_sendmsg+0x150/0x200
[  618.481598]  ? __pfx___sys_sendmsg+0x10/0x10
[  618.481618]  ? __pfx_ksys_write+0x10/0x10
[  618.481629]  ? irqentry_exit+0xee/0x650
[  618.481639]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  618.481654]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  618.481673]  do_syscall_64+0xbf/0x420
[  618.481688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.481700] RIP: 0033:0x7f80f610db19
[  618.481710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  618.481721] RSP: 002b:00007f80f3683188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  618.481732] RAX: ffffffffffffffda RBX: 00007f80f6220f60 RCX: 00007f80f610db19
[  618.481740] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  618.481747] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  618.481754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  618.481761] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  618.481776]  </TASK>
[  618.521663] syz_tun: refused to change device tx_queue_len
02:39:24 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 16)

02:39:24 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x0)

02:39:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)

02:39:24 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 11)

02:39:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 2)

02:39:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 48)

[  626.795787] loop1: detected capacity change from 0 to 256
[  626.800852] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:39:24 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

[  626.838956] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  626.839806] syz_tun: refused to change device tx_queue_len
02:39:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  626.860852] loop0: detected capacity change from 0 to 256
[  626.864882] netlink: 'syz-executor.5': attribute type 63 has an invalid length.
[  626.876261] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:39:24 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 17)

[  626.908085] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:39:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 3)

02:39:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 12)

02:39:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:24 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  626.949801] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
02:39:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  626.958230] syz_tun: refused to change device tx_queue_len
[  626.958747] FAULT_INJECTION: forcing a failure.
[  626.958747] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  626.961544] CPU: 0 UID: 0 PID: 6190 Comm: syz-executor.6 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  626.961561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  626.961568] Call Trace:
[  626.961572]  <TASK>
[  626.961577]  dump_stack_lvl+0xfa/0x120
[  626.961595]  should_fail_ex+0x4d7/0x5e0
[  626.961627]  _copy_to_user+0x32/0xd0
[  626.961648]  simple_read_from_buffer+0xe0/0x180
[  626.961670]  proc_fail_nth_read+0x18a/0x240
[  626.961686]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  626.961702]  ? security_file_permission+0x22/0x90
[  626.961717]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  626.961732]  vfs_read+0x1eb/0xc70
[  626.961752]  ? __pfx___mutex_lock+0x10/0x10
[  626.961764]  ? __fget_files+0x34/0x3b0
[  626.961777]  ? __pfx_vfs_read+0x10/0x10
[  626.961795]  ? lock_release+0xc8/0x270
[  626.961813]  ? __fget_files+0x20d/0x3b0
[  626.961830]  ksys_read+0x121/0x240
[  626.961840]  ? __pfx_ksys_read+0x10/0x10
[  626.961855]  do_syscall_64+0xbf/0x420
[  626.961870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.961882] RIP: 0033:0x7f80f60c069c
[  626.961892] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  626.961903] RSP: 002b:00007f80f3683170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  626.961914] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f80f60c069c
[  626.961922] RDX: 000000000000000f RSI: 00007f80f36831e0 RDI: 0000000000000004
[  626.961929] RBP: 00007f80f36831d0 R08: 0000000000000000 R09: 0000000000000000
[  626.961935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  626.961942] R13: 00007ffc172223ef R14: 00007f80f3683300 R15: 0000000000022000
[  626.961957]  </TASK>
02:39:24 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:39:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 49)

[  626.987273] FAULT_INJECTION: forcing a failure.
[  626.987273] name failslab, interval 1, probability 0, space 0, times 0
[  626.988178] CPU: 0 UID: 0 PID: 6192 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  626.988193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  626.988200] Call Trace:
[  626.988204]  <TASK>
[  626.988209]  dump_stack_lvl+0xfa/0x120
[  626.988222]  should_fail_ex+0x4d7/0x5e0
[  626.988242]  ? security_file_alloc+0x35/0x130
[  626.988254]  should_failslab+0xc2/0x120
[  626.988268]  kmem_cache_alloc_noprof+0x80/0x760
[  626.988285]  ? __create_object+0x59/0x80
[  626.988304]  ? security_file_alloc+0x35/0x130
[  626.988316]  security_file_alloc+0x35/0x130
[  626.988329]  init_file+0x95/0x480
[  626.988343]  alloc_empty_file+0x76/0x1e0
[  626.988359]  alloc_file_pseudo+0x12b/0x220
[  626.988374]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  626.988394]  __shmem_file_setup+0x1a8/0x370
[  626.988410]  __do_sys_memfd_create+0x4cc/0xa90
[  626.988428]  ? ksys_write+0x1a3/0x240
[  626.988438]  ? __pfx___do_sys_memfd_create+0x10/0x10
[  626.988455]  ? irqentry_exit+0xee/0x650
[  626.988466]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  626.988482]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  626.988500]  do_syscall_64+0xbf/0x420
[  626.988514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.988526] RIP: 0033:0x7f8b014a3b19
[  626.988535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  626.988546] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  626.988557] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8b014a3b19
[  626.988565] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 00007f8b014fd0fb
[  626.988572] RBP: 0000000000000002 R08: 0000000000010000 R09: ffffffffffffffff
[  626.988579] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000
[  626.988586] R13: 0000000020000100 R14: 0000000000020000 R15: 00000000200000c0
[  626.988601]  </TASK>
02:39:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 13)

[  627.045890] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  627.046717] syz_tun: refused to change device tx_queue_len
[  627.051574] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  627.060339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  627.064300] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  627.065724] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  627.065813] loop1: detected capacity change from 0 to 256
02:39:24 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  627.087921] loop0: detected capacity change from 0 to 256
[  627.092623] FAULT_INJECTION: forcing a failure.
[  627.092623] name failslab, interval 1, probability 0, space 0, times 0
[  627.100512] CPU: 1 UID: 0 PID: 6205 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  627.100543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  627.100556] Call Trace:
[  627.100563]  <TASK>
[  627.100571]  dump_stack_lvl+0xfa/0x120
[  627.100602]  should_fail_ex+0x4d7/0x5e0
[  627.100640]  ? do_getname+0x2b/0x3d0
[  627.100667]  should_failslab+0xc2/0x120
[  627.100691]  kmem_cache_alloc_noprof+0x80/0x760
[  627.100723]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  627.100759]  ? do_getname+0x2b/0x3d0
[  627.100785]  do_getname+0x2b/0x3d0
[  627.100814]  __x64_sys_mkdir+0x5a/0xd0
[  627.100838]  do_syscall_64+0xbf/0x420
[  627.100864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.100887] RIP: 0033:0x7f8c4a31cc27
[  627.100904] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  627.100924] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  627.100946] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  627.100960] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  627.100981] RBP: 00007f8c47893040 R08: 0000000000000000 R09: ffffffffffffffff
[  627.100995] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  627.101012] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  627.101040]  </TASK>
[  627.108425] syz_tun: refused to change device tx_queue_len
02:39:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 14)

02:39:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 4)

[  627.173483] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  627.181512] FAULT_INJECTION: forcing a failure.
[  627.181512] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  627.182475] CPU: 0 UID: 0 PID: 6212 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  627.182491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  627.182498] Call Trace:
[  627.182502]  <TASK>
[  627.182507]  dump_stack_lvl+0xfa/0x120
[  627.182526]  should_fail_ex+0x4d7/0x5e0
[  627.182550]  should_fail_alloc_page+0xe0/0x110
[  627.182566]  prepare_alloc_pages+0x1eb/0x550
[  627.182580]  ? __lock_acquire+0x451/0x2250
[  627.182599]  __alloc_frozen_pages_noprof+0x186/0x25b0
[  627.182618]  ? lock_acquire+0x15e/0x2d0
[  627.182631]  ? __is_insn_slot_addr+0x2e/0x290
[  627.182646]  ? find_held_lock+0x2b/0x80
[  627.182665]  ? __is_insn_slot_addr+0x136/0x290
[  627.182678]  ? lock_release+0xc8/0x270
[  627.182692]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  627.182716]  ? lock_is_held_type+0x9e/0x120
[  627.182729]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  627.182748]  ? policy_nodemask+0xeb/0x4e0
[  627.182767]  alloc_pages_mpol+0xed/0x340
[  627.182783]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  627.182799]  ? filemap_get_entry+0x1bb/0x3b0
[  627.182815]  ? __pfx_filemap_get_entry+0x10/0x10
[  627.182835]  folio_alloc_mpol_noprof+0x38/0x2a0
[  627.182855]  shmem_alloc_folio+0x11b/0x140
[  627.182870]  shmem_get_folio_gfp.constprop.0+0x4ea/0x13b0
[  627.182890]  ? find_held_lock+0x2b/0x80
[  627.182909]  ? __pfx_shmem_get_folio_gfp.constprop.0+0x10/0x10
[  627.182926]  ? do_raw_read_trylock+0x92/0xb0
[  627.182945]  ? simple_xattr_get+0x173/0x1d0
[  627.182964]  shmem_write_begin+0x194/0x3b0
[  627.182985]  ? __pfx_shmem_write_begin+0x10/0x10
[  627.183001]  ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190
[  627.183020]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  627.183034]  ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0
[  627.183054]  generic_perform_write+0x391/0x810
[  627.183073]  ? __pfx_generic_perform_write+0x10/0x10
[  627.183089]  ? file_update_time_flags+0x367/0x4f0
[  627.183108]  shmem_file_write_iter+0x111/0x140
[  627.183121]  vfs_write+0xbe9/0x1150
[  627.183134]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  627.183147]  ? __fget_files+0x34/0x3b0
[  627.183159]  ? __pfx_vfs_write+0x10/0x10
[  627.183180]  __x64_sys_pwrite64+0x1f1/0x260
[  627.183193]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  627.183210]  do_syscall_64+0xbf/0x420
[  627.183224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.183238] RIP: 0033:0x7f8b01456ab7
[  627.183247] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  627.183259] RSP: 002b:00007f8afea18f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  627.183270] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456ab7
[  627.183278] RDX: 0000000000000016 RSI: 0000000020010000 RDI: 0000000000000004
[  627.183286] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff
[  627.183294] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  627.183301] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000
[  627.183316]  </TASK>
[  627.249704] loop1: detected capacity change from 0 to 256
[  627.250291] FAULT_INJECTION: forcing a failure.
[  627.250291] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  627.255009] CPU: 0 UID: 0 PID: 6215 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  627.255027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  627.255035] Call Trace:
[  627.255040]  <TASK>
[  627.255044]  dump_stack_lvl+0xfa/0x120
[  627.255064]  should_fail_ex+0x4d7/0x5e0
[  627.255087]  _copy_from_iter+0x27b/0x1610
[  627.255106]  ? lock_acquire+0x15e/0x2d0
[  627.255123]  ? find_held_lock+0x2b/0x80
[  627.255142]  ? __virt_addr_valid+0x2e8/0x5d0
[  627.255156]  ? __pfx__copy_from_iter+0x10/0x10
[  627.255175]  ? __virt_addr_valid+0x100/0x5d0
[  627.255188]  ? __check_object_size+0x5b3/0x980
[  627.255210]  netlink_sendmsg+0x800/0xd80
[  627.255231]  ? __pfx_netlink_sendmsg+0x10/0x10
[  627.255257]  ____sys_sendmsg+0xa38/0xbf0
[  627.255270]  ? copy_msghdr_from_user+0xfb/0x150
[  627.255286]  ? __pfx_____sys_sendmsg+0x10/0x10
[  627.255302]  ? lock_acquire+0x15e/0x2d0
[  627.255317]  ___sys_sendmsg+0x10f/0x1b0
[  627.255333]  ? __pfx____sys_sendmsg+0x10/0x10
[  627.255351]  ? proc_fail_nth_write+0x97/0x220
[  627.255369]  ? lock_acquire+0x15e/0x2d0
[  627.255384]  ? __fget_files+0x34/0x3b0
[  627.255396]  ? find_held_lock+0x2b/0x80
[  627.255414]  ? __fget_files+0x203/0x3b0
[  627.255426]  ? lock_release+0xc8/0x270
[  627.255442]  ? __fget_files+0x20d/0x3b0
[  627.255458]  __sys_sendmsg+0x150/0x200
[  627.255473]  ? __pfx___sys_sendmsg+0x10/0x10
[  627.255493]  ? __pfx_ksys_write+0x10/0x10
[  627.255505]  ? irqentry_exit+0xee/0x650
[  627.255516]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  627.255532]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  627.255550]  do_syscall_64+0xbf/0x420
[  627.255565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.255578] RIP: 0033:0x7fc23f4feb19
[  627.255587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  627.255599] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  627.255611] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  627.255619] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  627.255627] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  627.255634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  627.255642] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  627.255657]  </TASK>
02:39:33 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 15)

02:39:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 5)

02:39:33 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)

02:39:33 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:33 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:33 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 50)

[  636.254284] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  636.263234] validate_nla: 3 callbacks suppressed
[  636.263246] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  636.280148] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  636.280293] FAULT_INJECTION: forcing a failure.
[  636.280293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  636.284440] FAULT_INJECTION: forcing a failure.
[  636.284440] name failslab, interval 1, probability 0, space 0, times 0
[  636.285538] CPU: 0 UID: 0 PID: 6237 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  636.285557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  636.285567] Call Trace:
[  636.285572]  <TASK>
[  636.285578]  dump_stack_lvl+0xfa/0x120
[  636.285601]  should_fail_ex+0x4d7/0x5e0
[  636.285629]  ? rtnl_newlink+0xdd/0x1f90
[  636.285649]  should_failslab+0xc2/0x120
[  636.285666]  __kmalloc_cache_noprof+0x80/0x730
[  636.285687]  ? __is_insn_slot_addr+0x140/0x290
[  636.285710]  ? rtnl_newlink+0xdd/0x1f90
[  636.285735]  rtnl_newlink+0xdd/0x1f90
[  636.285757]  ? lock_acquire+0x15e/0x2d0
[  636.285777]  ? __pfx_rtnl_newlink+0x10/0x10
[  636.285794]  ? find_held_lock+0x2b/0x80
[  636.285817]  ? avc_has_perm_noaudit+0x11c/0x390
[  636.285836]  ? lock_release+0xc8/0x270
[  636.285855]  ? avc_has_perm_noaudit+0x141/0x390
[  636.285874]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  636.285901]  ? __lock_acquire+0x451/0x2250
[  636.285919]  ? __is_insn_slot_addr+0xe2/0x290
[  636.285935]  ? kernel_text_address+0x5b/0xc0
[  636.285957]  ? lock_acquire+0x15e/0x2d0
[  636.285978]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  636.285997]  ? find_held_lock+0x2b/0x80
[  636.286018]  ? __pfx_rtnl_newlink+0x10/0x10
[  636.286035]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  636.286054]  ? lock_release+0xc8/0x270
[  636.286071]  ? __pfx_rtnl_newlink+0x10/0x10
[  636.286089]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  636.286110]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  636.286134]  ? __lock_acquire+0x451/0x2250
[  636.286153]  netlink_rcv_skb+0x147/0x430
[  636.286175]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  636.286195]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  636.286213]  ? netlink_deliver_tap+0x103/0xcb0
[  636.286238]  ? netlink_deliver_tap+0x1af/0xcb0
[  636.286261]  netlink_unicast+0x5a7/0x870
[  636.286283]  ? __pfx_netlink_unicast+0x10/0x10
[  636.286303]  ? __virt_addr_valid+0x100/0x5d0
[  636.286325]  netlink_sendmsg+0x8a3/0xd80
[  636.286348]  ? __pfx_netlink_sendmsg+0x10/0x10
[  636.286375]  ____sys_sendmsg+0xa38/0xbf0
[  636.286391]  ? copy_msghdr_from_user+0xfb/0x150
[  636.286411]  ? __pfx_____sys_sendmsg+0x10/0x10
[  636.286430]  ? lock_acquire+0x15e/0x2d0
[  636.286450]  ___sys_sendmsg+0x10f/0x1b0
[  636.286469]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.286491]  ? proc_fail_nth_write+0x97/0x220
[  636.286513]  ? lock_acquire+0x15e/0x2d0
[  636.286530]  ? __fget_files+0x34/0x3b0
[  636.286545]  ? find_held_lock+0x2b/0x80
[  636.286568]  ? __fget_files+0x203/0x3b0
[  636.286582]  ? lock_release+0xc8/0x270
[  636.286602]  ? __fget_files+0x20d/0x3b0
[  636.286622]  __sys_sendmsg+0x150/0x200
[  636.286640]  ? __pfx___sys_sendmsg+0x10/0x10
[  636.286665]  ? __pfx_ksys_write+0x10/0x10
[  636.286678]  ? irqentry_exit+0xee/0x650
[  636.286692]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  636.286711]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  636.286734]  do_syscall_64+0xbf/0x420
[  636.286751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.286767] RIP: 0033:0x7fc23f4feb19
[  636.286779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  636.286794] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  636.286809] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  636.286818] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  636.286827] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  636.286836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  636.286845] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  636.286863]  </TASK>
[  636.296801] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  636.301011] CPU: 0 UID: 0 PID: 6234 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  636.301031] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  636.301039] Call Trace:
[  636.301043]  <TASK>
[  636.301049]  dump_stack_lvl+0xfa/0x120
[  636.301066]  should_fail_ex+0x4d7/0x5e0
[  636.301086]  ? page_copy_sane+0xce/0x2b0
[  636.301109]  copy_folio_from_iter_atomic+0x383/0x1850
[  636.301139]  ? simple_xattr_get+0x173/0x1d0
[  636.301161]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[  636.301184]  ? shmem_write_begin+0x1ab/0x3b0
[  636.301205]  ? __pfx_shmem_write_begin+0x10/0x10
[  636.301225]  ? balance_dirty_pages_ratelimited_flags+0x8f/0x1190
[  636.301249]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  636.301267]  ? ktime_get_coarse_real_ts64_mg+0x213/0x2a0
[  636.301291]  generic_perform_write+0x1d7/0x810
[  636.301315]  ? __pfx_generic_perform_write+0x10/0x10
[  636.301335]  ? file_update_time_flags+0x367/0x4f0
[  636.301357]  shmem_file_write_iter+0x111/0x140
[  636.301374]  vfs_write+0xbe9/0x1150
[  636.301387]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  636.301402]  ? __fget_files+0x34/0x3b0
[  636.301416]  ? __pfx_vfs_write+0x10/0x10
[  636.301443]  __x64_sys_pwrite64+0x1f1/0x260
[  636.301458]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[  636.301479]  do_syscall_64+0xbf/0x420
[  636.301496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.301510] RIP: 0033:0x7f8b01456ab7
[  636.301521] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  636.301534] RSP: 002b:00007f8afea18f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  636.301548] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456ab7
[  636.301557] RDX: 0000000000000016 RSI: 0000000020010000 RDI: 0000000000000004
[  636.301565] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff
[  636.301574] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  636.301582] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000
[  636.301600]  </TASK>
[  636.302002] loop1: detected capacity change from 0 to 256
[  636.312316] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  636.365285] syz_tun: refused to change device tx_queue_len
[  636.371613] loop0: detected capacity change from 0 to 256
02:39:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:39:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 51)

02:39:43 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:43 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 1)

02:39:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 16)

02:39:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:39:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 6)

02:39:43 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x2, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  645.797961] FAULT_INJECTION: forcing a failure.
[  645.797961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.802093] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  645.804507] CPU: 1 UID: 0 PID: 6255 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  645.804537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  645.804550] Call Trace:
[  645.804557]  <TASK>
[  645.804565]  dump_stack_lvl+0xfa/0x120
[  645.804596]  should_fail_ex+0x4d7/0x5e0
[  645.804634]  _copy_from_iter+0x27b/0x1610
[  645.804665]  ? lock_acquire+0x15e/0x2d0
[  645.804694]  ? find_held_lock+0x2b/0x80
[  645.804727]  ? __virt_addr_valid+0x2e8/0x5d0
[  645.804752]  ? __pfx__copy_from_iter+0x10/0x10
[  645.804787]  ? __virt_addr_valid+0x100/0x5d0
[  645.804811]  ? __check_object_size+0x5b3/0x980
[  645.804849]  netlink_sendmsg+0x800/0xd80
[  645.804885]  ? __pfx_netlink_sendmsg+0x10/0x10
[  645.804926]  ____sys_sendmsg+0xa38/0xbf0
[  645.804949]  ? copy_msghdr_from_user+0xfb/0x150
[  645.804986]  ? __pfx_____sys_sendmsg+0x10/0x10
[  645.805015]  ? lock_acquire+0x15e/0x2d0
[  645.805044]  ___sys_sendmsg+0x10f/0x1b0
[  645.805073]  ? __pfx____sys_sendmsg+0x10/0x10
[  645.805106]  ? proc_fail_nth_write+0x97/0x220
[  645.805138]  ? lock_acquire+0x15e/0x2d0
[  645.805163]  ? __fget_files+0x34/0x3b0
[  645.805185]  ? find_held_lock+0x2b/0x80
[  645.805218]  ? __fget_files+0x203/0x3b0
[  645.805239]  ? lock_release+0xc8/0x270
[  645.805269]  ? __fget_files+0x20d/0x3b0
[  645.805299]  __sys_sendmsg+0x150/0x200
[  645.805327]  ? __pfx___sys_sendmsg+0x10/0x10
[  645.805364]  ? __pfx_ksys_write+0x10/0x10
[  645.805383]  ? irqentry_exit+0xee/0x650
[  645.805403]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  645.805431]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  645.805465]  do_syscall_64+0xbf/0x420
[  645.805491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.805513] RIP: 0033:0x7fc23f4feb19
[  645.805530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  645.805550] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  645.805571] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  645.805586] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  645.805599] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  645.805611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.805624] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  645.805652]  </TASK>
[  645.830739] FAULT_INJECTION: forcing a failure.
[  645.830739] name failslab, interval 1, probability 0, space 0, times 0
[  645.834238] FAULT_INJECTION: forcing a failure.
[  645.834238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.836117] loop0: detected capacity change from 0 to 256
[  645.838093] syz_tun: refused to change device tx_queue_len
[  645.840815] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  645.843417] CPU: 1 UID: 0 PID: 6258 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  645.843447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  645.843459] Call Trace:
[  645.843466]  <TASK>
[  645.843474]  dump_stack_lvl+0xfa/0x120
[  645.843500]  should_fail_ex+0x4d7/0x5e0
[  645.843536]  _copy_from_user+0x30/0xd0
[  645.843570]  copy_msghdr_from_user+0x88/0x150
[  645.843600]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  645.843638]  ? lock_acquire+0x15e/0x2d0
[  645.843668]  ___sys_sendmsg+0xdc/0x1b0
[  645.843697]  ? __pfx____sys_sendmsg+0x10/0x10
[  645.843730]  ? proc_fail_nth_write+0x97/0x220
[  645.843761]  ? lock_acquire+0x15e/0x2d0
[  645.843787]  ? __fget_files+0x34/0x3b0
[  645.843808]  ? find_held_lock+0x2b/0x80
[  645.843841]  ? __fget_files+0x203/0x3b0
[  645.843862]  ? lock_release+0xc8/0x270
[  645.843891]  ? __fget_files+0x20d/0x3b0
[  645.843921]  __sys_sendmsg+0x150/0x200
[  645.843949]  ? __pfx___sys_sendmsg+0x10/0x10
[  645.843991]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  645.844022]  ? ksys_write+0x1a3/0x240
[  645.844041]  ? __pfx_ksys_write+0x10/0x10
[  645.844060]  ? irqentry_exit+0xee/0x650
[  645.844079]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  645.844105]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  645.844139]  do_syscall_64+0xbf/0x420
[  645.844164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.844185] RIP: 0033:0x7f7e70c05b19
[  645.844202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  645.844222] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  645.844242] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  645.844256] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  645.844269] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  645.844282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.844294] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  645.844322]  </TASK>
[  645.849055] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  645.849889] FAULT_INJECTION: forcing a failure.
[  645.849889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.857554] syz_tun: refused to change device tx_queue_len
[  645.861041] CPU: 0 UID: 0 PID: 6263 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  645.861074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  645.861086] Call Trace:
[  645.861094]  <TASK>
[  645.861103]  dump_stack_lvl+0xfa/0x120
[  645.861135]  should_fail_ex+0x4d7/0x5e0
[  645.861173]  ? do_getname+0x2b/0x3d0
[  645.861200]  should_failslab+0xc2/0x120
[  645.861224]  kmem_cache_alloc_noprof+0x80/0x760
[  645.861257]  ? vfs_write+0x169/0x1150
[  645.861282]  ? do_getname+0x2b/0x3d0
[  645.861307]  do_getname+0x2b/0x3d0
[  645.861336]  do_sys_openat2+0xa0/0x210
[  645.861365]  ? __pfx_do_sys_openat2+0x10/0x10
[  645.861404]  __x64_sys_openat+0x142/0x200
[  645.861432]  ? __pfx___x64_sys_openat+0x10/0x10
[  645.861472]  do_syscall_64+0xbf/0x420
[  645.861498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.861522] RIP: 0033:0x7f8b01456a04
[  645.861539] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  645.861559] RSP: 002b:00007f8afea18ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  645.861580] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456a04
[  645.861595] RDX: 0000000000000002 RSI: 00007f8afea19000 RDI: 00000000ffffff9c
[  645.861608] RBP: 00007f8afea19000 R08: 0000000000000000 R09: ffffffffffffffff
[  645.861621] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  645.861633] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  645.861660]  </TASK>
[  645.878048] CPU: 0 UID: 0 PID: 6264 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  645.878079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  645.878091] Call Trace:
[  645.878098]  <TASK>
[  645.878106]  dump_stack_lvl+0xfa/0x120
[  645.878132]  should_fail_ex+0x4d7/0x5e0
[  645.878167]  strncpy_from_user+0x3b/0x2f0
[  645.878197]  do_getname+0x70/0x3d0
[  645.878226]  __x64_sys_mkdir+0x5a/0xd0
[  645.878250]  do_syscall_64+0xbf/0x420
[  645.878275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.878296] RIP: 0033:0x7f8c4a31cc27
[  645.878313] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  645.878333] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  645.878353] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  645.878368] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  645.878381] RBP: 00007f8c47893040 R08: 0000000000000000 R09: ffffffffffffffff
[  645.878394] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  645.878407] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  645.878435]  </TASK>
02:39:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)

02:39:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 52)

02:39:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 17)

02:39:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 2)

[  645.990257] loop1: detected capacity change from 0 to 256
[  645.993234] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  645.995509] loop0: detected capacity change from 0 to 256
[  646.001381] FAULT_INJECTION: forcing a failure.
[  646.001381] name failslab, interval 1, probability 0, space 0, times 0
[  646.009087] CPU: 0 UID: 0 PID: 6274 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  646.009118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  646.009130] Call Trace:
[  646.009137]  <TASK>
[  646.009146]  dump_stack_lvl+0xfa/0x120
[  646.009176]  should_fail_ex+0x4d7/0x5e0
[  646.009213]  ? security_inode_alloc+0x3e/0x130
[  646.009247]  should_failslab+0xc2/0x120
[  646.009271]  kmem_cache_alloc_noprof+0x80/0x760
[  646.009301]  ? __pfx_map_id_range_down+0x10/0x10
[  646.009340]  ? security_inode_alloc+0x3e/0x130
[  646.009372]  security_inode_alloc+0x3e/0x130
[  646.009407]  inode_init_always_gfp+0xc9d/0xff0
[  646.009435]  alloc_inode+0x8d/0x250
[  646.009464]  new_inode+0x1e/0x160
[  646.009495]  __ext4_new_inode+0x35d/0x4cd0
[  646.009529]  ? avc_has_perm_noaudit+0x141/0x390
[  646.009559]  ? __pfx___ext4_new_inode+0x10/0x10
[  646.009587]  ? __pfx_avc_has_perm+0x10/0x10
[  646.009611]  ? __pfx___dquot_initialize+0x10/0x10
[  646.009656]  ext4_mkdir+0x331/0xb30
[  646.009696]  ? __pfx_ext4_mkdir+0x10/0x10
[  646.009726]  ? security_inode_permission+0x72/0xe0
[  646.009754]  vfs_mkdir+0x6d8/0xc00
[  646.009790]  filename_mkdirat+0x118/0x430
[  646.009817]  ? __pfx_filename_mkdirat+0x10/0x10
[  646.009856]  ? strncpy_from_user+0x21b/0x2f0
[  646.009892]  __x64_sys_mkdir+0x6e/0xd0
[  646.009916]  do_syscall_64+0xbf/0x420
[  646.009942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.009964] RIP: 0033:0x7f8c4a31cc27
[  646.009988] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  646.010008] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  646.010029] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  646.010043] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  646.010056] RBP: 00007f8c47893040 R08: 0000000000000000 R09: ffffffffffffffff
[  646.010070] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  646.010082] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  646.010111]  </TASK>
[  646.011926] FAULT_INJECTION: forcing a failure.
[  646.011926] name failslab, interval 1, probability 0, space 0, times 0
02:39:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 7)

02:39:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 18)

02:39:43 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  646.102218] CPU: 1 UID: 0 PID: 6277 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  646.102249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  646.102261] Call Trace:
[  646.102267]  <TASK>
[  646.102275]  dump_stack_lvl+0xfa/0x120
[  646.102305]  should_fail_ex+0x4d7/0x5e0
[  646.102341]  should_failslab+0xc2/0x120
[  646.102363]  kmem_cache_alloc_node_noprof+0x87/0x730
[  646.102392]  ? lock_release+0xc8/0x270
[  646.102418]  ? __alloc_skb+0x159/0x440
[  646.102449]  ? __alloc_skb+0x159/0x440
[  646.102471]  __alloc_skb+0x159/0x440
[  646.102494]  ? __alloc_skb+0x37d/0x440
[  646.102517]  ? __pfx___alloc_skb+0x10/0x10
[  646.102541]  ? netlink_autobind.isra.0+0x158/0x370
[  646.102577]  netlink_alloc_large_skb+0x69/0x150
[  646.102605]  netlink_sendmsg+0x66d/0xd80
[  646.102636]  ? __pfx_netlink_sendmsg+0x10/0x10
[  646.102674]  ____sys_sendmsg+0xa38/0xbf0
[  646.102695]  ? copy_msghdr_from_user+0xfb/0x150
[  646.102720]  ? __pfx_____sys_sendmsg+0x10/0x10
[  646.102747]  ? lock_acquire+0x15e/0x2d0
[  646.102773]  ___sys_sendmsg+0x10f/0x1b0
[  646.102800]  ? __pfx____sys_sendmsg+0x10/0x10
[  646.102830]  ? proc_fail_nth_write+0x97/0x220
[  646.102859]  ? lock_acquire+0x15e/0x2d0
[  646.102882]  ? __fget_files+0x34/0x3b0
[  646.102902]  ? find_held_lock+0x2b/0x80
[  646.102933]  ? __fget_files+0x203/0x3b0
[  646.102952]  ? lock_release+0xc8/0x270
[  646.102986]  ? __fget_files+0x20d/0x3b0
[  646.103013]  __sys_sendmsg+0x150/0x200
[  646.103039]  ? __pfx___sys_sendmsg+0x10/0x10
[  646.103073]  ? __pfx_ksys_write+0x10/0x10
[  646.103090]  ? irqentry_exit+0xee/0x650
[  646.103109]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  646.103134]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  646.103166]  do_syscall_64+0xbf/0x420
[  646.103189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.103210] RIP: 0033:0x7f7e70c05b19
[  646.103226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  646.103244] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  646.103264] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  646.103277] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  646.103288] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  646.103300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.103311] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  646.103336]  </TASK>
02:39:43 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 53)

[  646.149351] FAULT_INJECTION: forcing a failure.
[  646.149351] name failslab, interval 1, probability 0, space 0, times 0
[  646.150826] CPU: 1 UID: 0 PID: 6281 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  646.150851] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  646.150862] Call Trace:
[  646.150869]  <TASK>
[  646.150876]  dump_stack_lvl+0xfa/0x120
[  646.150899]  should_fail_ex+0x4d7/0x5e0
[  646.150931]  ? rtnl_newlink+0xdd/0x1f90
[  646.150955]  should_failslab+0xc2/0x120
[  646.150982]  __kmalloc_cache_noprof+0x80/0x730
[  646.151008]  ? __is_insn_slot_addr+0x140/0x290
[  646.151038]  ? rtnl_newlink+0xdd/0x1f90
[  646.151061]  rtnl_newlink+0xdd/0x1f90
[  646.151090]  ? lock_acquire+0x15e/0x2d0
[  646.151114]  ? __pfx_rtnl_newlink+0x10/0x10
[  646.151141]  ? find_held_lock+0x2b/0x80
[  646.151171]  ? avc_has_perm_noaudit+0x11c/0x390
[  646.151195]  ? lock_release+0xc8/0x270
[  646.151222]  ? avc_has_perm_noaudit+0x141/0x390
[  646.151248]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  646.151283]  ? __lock_acquire+0x451/0x2250
[  646.151306]  ? __is_insn_slot_addr+0xe2/0x290
[  646.151329]  ? kernel_text_address+0x5b/0xc0
[  646.151358]  ? lock_acquire+0x15e/0x2d0
[  646.151381]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  646.151405]  ? find_held_lock+0x2b/0x80
[  646.151433]  ? __pfx_rtnl_newlink+0x10/0x10
[  646.151456]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  646.151480]  ? lock_release+0xc8/0x270
[  646.151503]  ? __pfx_rtnl_newlink+0x10/0x10
[  646.151528]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  646.151556]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  646.151589]  ? __lock_acquire+0x451/0x2250
[  646.151615]  netlink_rcv_skb+0x147/0x430
[  646.151641]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  646.151668]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  646.151693]  ? netlink_deliver_tap+0x103/0xcb0
[  646.151726]  ? netlink_deliver_tap+0x1af/0xcb0
[  646.151756]  netlink_unicast+0x5a7/0x870
[  646.151786]  ? __pfx_netlink_unicast+0x10/0x10
[  646.151812]  ? __virt_addr_valid+0x100/0x5d0
[  646.151842]  netlink_sendmsg+0x8a3/0xd80
[  646.151872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  646.151908]  ____sys_sendmsg+0xa38/0xbf0
[  646.151928]  ? copy_msghdr_from_user+0xfb/0x150
[  646.151953]  ? __pfx_____sys_sendmsg+0x10/0x10
[  646.151979]  ? lock_acquire+0x15e/0x2d0
[  646.152005]  ___sys_sendmsg+0x10f/0x1b0
[  646.152031]  ? __pfx____sys_sendmsg+0x10/0x10
[  646.152061]  ? proc_fail_nth_write+0x97/0x220
[  646.152088]  ? lock_acquire+0x15e/0x2d0
[  646.152111]  ? __fget_files+0x34/0x3b0
[  646.152129]  ? find_held_lock+0x2b/0x80
[  646.152159]  ? __fget_files+0x203/0x3b0
[  646.152177]  ? lock_release+0xc8/0x270
[  646.152204]  ? __fget_files+0x20d/0x3b0
[  646.152231]  __sys_sendmsg+0x150/0x200
[  646.152255]  ? __pfx___sys_sendmsg+0x10/0x10
[  646.152288]  ? __pfx_ksys_write+0x10/0x10
[  646.152305]  ? irqentry_exit+0xee/0x650
[  646.152322]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  646.152346]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  646.152376]  do_syscall_64+0xbf/0x420
[  646.152399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.152418] RIP: 0033:0x7fc23f4feb19
[  646.152432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  646.152450] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  646.152468] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  646.152481] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  646.152492] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  646.152503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.152514] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  646.152539]  </TASK>
02:39:43 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)

[  646.212935] FAULT_INJECTION: forcing a failure.
[  646.212935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.221653] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  646.222966] syz_tun: refused to change device tx_queue_len
[  646.229192] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  646.232112] CPU: 0 UID: 0 PID: 6284 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  646.232144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  646.232157] Call Trace:
[  646.232164]  <TASK>
[  646.232171]  dump_stack_lvl+0xfa/0x120
[  646.232204]  should_fail_ex+0x4d7/0x5e0
[  646.232244]  strncpy_from_user+0x3b/0x2f0
[  646.232274]  do_getname+0x70/0x3d0
[  646.232305]  do_sys_openat2+0xa0/0x210
[  646.232333]  ? __pfx_do_sys_openat2+0x10/0x10
[  646.232373]  __x64_sys_openat+0x142/0x200
[  646.232401]  ? __pfx___x64_sys_openat+0x10/0x10
[  646.232442]  do_syscall_64+0xbf/0x420
[  646.232468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.232492] RIP: 0033:0x7f8b01456a04
[  646.232510] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  646.232530] RSP: 002b:00007f8afea18ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  646.232551] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456a04
[  646.232565] RDX: 0000000000000002 RSI: 00007f8afea19000 RDI: 00000000ffffff9c
[  646.232578] RBP: 00007f8afea19000 R08: 0000000000000000 R09: ffffffffffffffff
[  646.232592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  646.232604] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  646.232631]  </TASK>
[  646.235670] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  646.240662] loop0: detected capacity change from 0 to 256
[  646.244497] syz_tun: refused to change device tx_queue_len
[  646.300549] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:39:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)

02:39:43 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  646.378405] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  646.379647] syz_tun: refused to change device tx_queue_len
02:39:52 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x5, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:52 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 19)

02:39:52 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 3)

02:39:52 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 54)

02:39:52 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x2c, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x2c}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:39:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 8)

02:39:52 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)

[  654.533428] loop0: detected capacity change from 0 to 256
[  654.534749] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  654.536230] FAULT_INJECTION: forcing a failure.
[  654.536230] name failslab, interval 1, probability 0, space 0, times 0
[  654.537140] CPU: 0 UID: 0 PID: 6311 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  654.537156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  654.537164] Call Trace:
[  654.537168]  <TASK>
[  654.537173]  dump_stack_lvl+0xfa/0x120
[  654.537193]  should_fail_ex+0x4d7/0x5e0
[  654.537216]  ? security_inode_alloc+0x3e/0x130
[  654.537235]  should_failslab+0xc2/0x120
[  654.537250]  kmem_cache_alloc_noprof+0x80/0x760
[  654.537267]  ? __pfx_map_id_range_down+0x10/0x10
[  654.537290]  ? security_inode_alloc+0x3e/0x130
[  654.537308]  security_inode_alloc+0x3e/0x130
[  654.537327]  inode_init_always_gfp+0xc9d/0xff0
[  654.537344]  alloc_inode+0x8d/0x250
[  654.537361]  new_inode+0x1e/0x160
[  654.537378]  __ext4_new_inode+0x35d/0x4cd0
[  654.537397]  ? avc_has_perm_noaudit+0x141/0x390
[  654.537415]  ? __pfx___ext4_new_inode+0x10/0x10
[  654.537429]  ? __pfx_avc_has_perm+0x10/0x10
[  654.537443]  ? __pfx___dquot_initialize+0x10/0x10
[  654.537468]  ext4_mkdir+0x331/0xb30
[  654.537490]  ? __pfx_ext4_mkdir+0x10/0x10
[  654.537506]  ? security_inode_permission+0x72/0xe0
[  654.537522]  vfs_mkdir+0x6d8/0xc00
[  654.537542]  filename_mkdirat+0x118/0x430
[  654.537556]  ? __pfx_filename_mkdirat+0x10/0x10
[  654.537570]  ? strncpy_from_user+0x21b/0x2f0
[  654.537590]  __x64_sys_mkdir+0x6e/0xd0
[  654.537603]  do_syscall_64+0xbf/0x420
[  654.537618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.537631] RIP: 0033:0x7f8c4a31cc27
[  654.537641] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  654.537652] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  654.537664] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  654.537672] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  654.537679] RBP: 00007f8c47893040 R08: 0000000000000000 R09: ffffffffffffffff
[  654.537687] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  654.537694] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  654.537710]  </TASK>
[  654.538481] FAULT_INJECTION: forcing a failure.
[  654.538481] name failslab, interval 1, probability 0, space 0, times 0
[  654.553370] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  654.563898] CPU: 0 UID: 0 PID: 6310 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  654.563915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  654.563922] Call Trace:
[  654.563926]  <TASK>
[  654.563931]  dump_stack_lvl+0xfa/0x120
[  654.563945]  should_fail_ex+0x4d7/0x5e0
[  654.563970]  ? alloc_empty_file+0x58/0x1e0
[  654.563986]  should_failslab+0xc2/0x120
[  654.563999]  kmem_cache_alloc_noprof+0x80/0x760
[  654.564016]  ? __is_insn_slot_addr+0x136/0x290
[  654.564030]  ? lock_release+0xc8/0x270
[  654.564049]  ? alloc_empty_file+0x58/0x1e0
[  654.564063]  alloc_empty_file+0x58/0x1e0
[  654.564079]  path_openat+0xee/0x2d60
[  654.564091]  ? __kernel_text_address+0xd/0x40
[  654.564108]  ? unwind_get_return_address+0x59/0xa0
[  654.564121]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  654.564140]  ? arch_stack_walk+0x9c/0xf0
[  654.564159]  ? __pfx_path_openat+0x10/0x10
[  654.564173]  ? __lock_acquire+0x451/0x2250
[  654.564192]  do_file_open+0x209/0x460
[  654.564205]  ? __pfx_do_file_open+0x10/0x10
[  654.564223]  ? find_held_lock+0x2b/0x80
[  654.564243]  ? alloc_fd+0x2c1/0x560
[  654.564254]  ? lock_release+0xc8/0x270
[  654.564271]  ? _raw_spin_unlock+0x1e/0x40
[  654.564289]  ? alloc_fd+0x2c1/0x560
[  654.564305]  do_sys_openat2+0xe7/0x210
[  654.564322]  ? __pfx_do_sys_openat2+0x10/0x10
[  654.564344]  __x64_sys_openat+0x142/0x200
[  654.564360]  ? __pfx___x64_sys_openat+0x10/0x10
[  654.564383]  do_syscall_64+0xbf/0x420
[  654.564396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.564409] RIP: 0033:0x7f8b01456a04
[  654.564418] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  654.564430] RSP: 002b:00007f8afea18ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  654.564442] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456a04
[  654.564450] RDX: 0000000000000002 RSI: 00007f8afea19000 RDI: 00000000ffffff9c
[  654.564458] RBP: 00007f8afea19000 R08: 0000000000000000 R09: ffffffffffffffff
[  654.564465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  654.564473] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  654.564488]  </TASK>
[  654.598557] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:39:52 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:39:52 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 55)

[  654.608722] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  654.618808] syz_tun: refused to change device tx_queue_len
[  654.619943] syz_tun: refused to change device tx_queue_len
[  654.633805] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  654.635297] loop0: detected capacity change from 0 to 256
[  654.637430] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  654.638960] syz_tun: refused to change device tx_queue_len
02:39:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 9)

[  654.698010] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  654.698817] syz_tun: refused to change device tx_queue_len
02:40:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 10)

02:40:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 4)

02:40:00 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 20)

02:40:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)

02:40:00 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 56)

02:40:00 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x6, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:00 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  663.225554] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  663.228245] syz_tun: refused to change device tx_queue_len
[  663.231752] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  663.233690] loop0: detected capacity change from 0 to 256
[  663.234479] syz_tun: refused to change device tx_queue_len
[  663.243750] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  663.244539] syz_tun: refused to change device tx_queue_len
[  663.252718] FAULT_INJECTION: forcing a failure.
[  663.252718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  663.266175] CPU: 0 UID: 0 PID: 6346 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  663.266213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  663.266229] Call Trace:
[  663.266237]  <TASK>
[  663.266247]  dump_stack_lvl+0xfa/0x120
[  663.266284]  should_fail_ex+0x4d7/0x5e0
[  663.266330]  _copy_from_iter+0x27b/0x1610
[  663.266369]  ? lock_acquire+0x15e/0x2d0
[  663.266405]  ? find_held_lock+0x2b/0x80
[  663.266446]  ? __virt_addr_valid+0x2e8/0x5d0
[  663.266476]  ? __pfx__copy_from_iter+0x10/0x10
[  663.266518]  ? __virt_addr_valid+0x100/0x5d0
[  663.266548]  ? __check_object_size+0x5b3/0x980
[  663.266595]  netlink_sendmsg+0x800/0xd80
[  663.266640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  663.266689]  ____sys_sendmsg+0xa38/0xbf0
[  663.266717]  ? copy_msghdr_from_user+0xfb/0x150
[  663.266753]  ? __pfx_____sys_sendmsg+0x10/0x10
[  663.266788]  ? lock_acquire+0x15e/0x2d0
[  663.266823]  ___sys_sendmsg+0x10f/0x1b0
[  663.266859]  ? __pfx____sys_sendmsg+0x10/0x10
[  663.266899]  ? proc_fail_nth_write+0x97/0x220
[  663.266938]  ? lock_acquire+0x15e/0x2d0
[  663.266976]  ? __fget_files+0x34/0x3b0
[  663.267003]  ? find_held_lock+0x2b/0x80
[  663.267043]  ? __fget_files+0x203/0x3b0
[  663.267069]  ? lock_release+0xc8/0x270
[  663.267105]  ? __fget_files+0x20d/0x3b0
[  663.267142]  __sys_sendmsg+0x150/0x200
[  663.267176]  ? __pfx___sys_sendmsg+0x10/0x10
[  663.267221]  ? __pfx_ksys_write+0x10/0x10
[  663.267244]  ? irqentry_exit+0xee/0x650
[  663.267268]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  663.267303]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  663.267344]  do_syscall_64+0xbf/0x420
[  663.267375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.267402] RIP: 0033:0x7f7e70c05b19
[  663.267423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  663.267447] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  663.267473] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  663.267491] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  663.267507] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  663.267524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.267539] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  663.267573]  </TASK>
[  663.289504] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  663.300266] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  663.304312] loop1: detected capacity change from 0 to 256
[  663.305824] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:40:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 57)

02:40:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 11)

02:40:00 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x7, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)

[  663.337913] loop0: detected capacity change from 0 to 256
[  663.339080] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  663.339911] syz_tun: refused to change device tx_queue_len
[  663.345886] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  663.348449] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  663.350908] syz_tun: refused to change device tx_queue_len
[  663.351664] syz_tun: refused to change device tx_queue_len
02:40:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 58)

02:40:01 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 5)

02:40:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 12)

02:40:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 21)

02:40:01 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:01 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:01 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x8, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  663.448334] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  663.450187] syz_tun: refused to change device tx_queue_len
02:40:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  663.476347] syz_tun: refused to change device tx_queue_len
[  663.477149] syz_tun: refused to change device tx_queue_len
[  663.484691] syz_tun: refused to change device tx_queue_len
02:40:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)

[  663.511780] FAULT_INJECTION: forcing a failure.
[  663.511780] name failslab, interval 1, probability 0, space 0, times 0
[  663.525328] CPU: 0 UID: 0 PID: 6373 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  663.525361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  663.525375] Call Trace:
[  663.525383]  <TASK>
[  663.525391]  dump_stack_lvl+0xfa/0x120
[  663.525425]  should_fail_ex+0x4d7/0x5e0
[  663.525466]  ? security_file_alloc+0x35/0x130
[  663.525492]  should_failslab+0xc2/0x120
[  663.525518]  kmem_cache_alloc_noprof+0x80/0x760
[  663.525552]  ? __create_object+0x59/0x80
[  663.525588]  ? security_file_alloc+0x35/0x130
[  663.525612]  security_file_alloc+0x35/0x130
[  663.525637]  init_file+0x95/0x480
[  663.525667]  alloc_empty_file+0x76/0x1e0
[  663.525697]  path_openat+0xee/0x2d60
[  663.525721]  ? __kernel_text_address+0xd/0x40
[  663.525753]  ? unwind_get_return_address+0x59/0xa0
[  663.525778]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  663.525810]  ? arch_stack_walk+0x9c/0xf0
[  663.525847]  ? __pfx_path_openat+0x10/0x10
[  663.525873]  ? __lock_acquire+0x451/0x2250
[  663.525911]  do_file_open+0x209/0x460
[  663.525935]  ? __pfx_do_file_open+0x10/0x10
[  663.525979]  ? find_held_lock+0x2b/0x80
[  663.526027]  ? alloc_fd+0x2c1/0x560
[  663.526051]  ? lock_release+0xc8/0x270
[  663.526083]  ? _raw_spin_unlock+0x1e/0x40
[  663.526115]  ? alloc_fd+0x2c1/0x560
[  663.526147]  do_sys_openat2+0xe7/0x210
[  663.526177]  ? __pfx_do_sys_openat2+0x10/0x10
[  663.526219]  __x64_sys_openat+0x142/0x200
[  663.526250]  ? __pfx___x64_sys_openat+0x10/0x10
[  663.526294]  do_syscall_64+0xbf/0x420
[  663.526322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.526345] RIP: 0033:0x7f8b01456a04
[  663.526364] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  663.526387] RSP: 002b:00007f8afea18ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  663.526410] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b01456a04
[  663.526426] RDX: 0000000000000002 RSI: 00007f8afea19000 RDI: 00000000ffffff9c
[  663.526441] RBP: 00007f8afea19000 R08: 0000000000000000 R09: ffffffffffffffff
[  663.526456] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  663.526470] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  663.526500]  </TASK>
[  663.530051] loop0: detected capacity change from 0 to 256
02:40:11 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 22)

02:40:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 13)

02:40:11 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:11 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)

02:40:11 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x9, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:11 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 6)

[  674.191093] validate_nla: 7 callbacks suppressed
[  674.191108] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  674.196600] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  674.197723] loop1: detected capacity change from 0 to 256
02:40:11 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  674.227454] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  674.231239] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:40:11 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)

02:40:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 23)

[  674.248221] syz_tun: refused to change device tx_queue_len
[  674.254497] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  674.255516] loop0: detected capacity change from 0 to 256
[  674.259608] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  674.260608] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  674.261287] syz_tun: refused to change device tx_queue_len
[  674.273303] loop0: detected capacity change from 0 to 256
[  674.279095] syz_tun: refused to change device tx_queue_len
[  674.285061] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  674.289300] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:40:11 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 7)

[  674.307659] FAULT_INJECTION: forcing a failure.
[  674.307659] name failslab, interval 1, probability 0, space 0, times 0
[  674.308692] CPU: 0 UID: 0 PID: 6408 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  674.308709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  674.308717] Call Trace:
[  674.308722]  <TASK>
[  674.308727]  dump_stack_lvl+0xfa/0x120
[  674.308747]  should_fail_ex+0x4d7/0x5e0
[  674.308769]  ? __kernfs_new_node+0xd3/0x940
[  674.308787]  should_failslab+0xc2/0x120
[  674.308802]  kmem_cache_alloc_noprof+0x80/0x760
[  674.308820]  ? __pfx_avc_has_perm+0x10/0x10
[  674.308838]  ? __kernfs_new_node+0xd3/0x940
[  674.308853]  __kernfs_new_node+0xd3/0x940
[  674.308870]  ? __lock_acquire+0x451/0x2250
[  674.308888]  ? __pfx___kernfs_new_node+0x10/0x10
[  674.308906]  ? lock_acquire+0x15e/0x2d0
[  674.308920]  ? kernfs_root+0x23/0x2a0
[  674.308936]  ? find_held_lock+0x2b/0x80
[  674.308955]  ? kernfs_root+0xee/0x2a0
[  674.308975]  ? lock_release+0xc8/0x270
[  674.308988]  ? lock_is_held_type+0x9e/0x120
[  674.309004]  kernfs_new_node+0x13c/0x1e0
[  674.309028]  kernfs_create_dir_ns+0x4d/0x1a0
[  674.309044]  internal_create_group+0x440/0xeb0
[  674.309062]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  674.309078]  ? __pfx_internal_create_group+0x10/0x10
[  674.309095]  ? blk_validate_limits+0xe47/0x15d0
[  674.309112]  ? lock_is_held_type+0x9e/0x120
[  674.309125]  loop_configure+0xc46/0x15a0
[  674.309155]  ? __pfx_loop_configure+0x10/0x10
[  674.309179]  ? avc_has_extended_perms+0x107/0xf20
[  674.309193]  ? find_held_lock+0x2b/0x80
[  674.309211]  ? avc_has_extended_perms+0x23b/0xf20
[  674.309225]  ? lock_release+0xc8/0x270
[  674.309241]  lo_ioctl+0x674/0x1cb0
[  674.309260]  ? __pfx_lo_ioctl+0x10/0x10
[  674.309275]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  674.309293]  ? lock_acquire+0x15e/0x2d0
[  674.309307]  ? __virt_addr_valid+0x1c6/0x5d0
[  674.309321]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  674.309339]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  674.309355]  ? lock_release+0xc8/0x270
[  674.309369]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  674.309388]  ? blkdev_common_ioctl+0x1c3/0x2860
[  674.309418]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  674.309437]  ? __fget_files+0x34/0x3b0
[  674.309449]  ? find_held_lock+0x2b/0x80
[  674.309468]  ? __fget_files+0x203/0x3b0
[  674.309480]  ? __pfx_lo_ioctl+0x10/0x10
[  674.309496]  blkdev_ioctl+0x365/0x6d0
[  674.309511]  ? __pfx_blkdev_ioctl+0x10/0x10
[  674.309526]  ? selinux_file_ioctl+0xb9/0x280
[  674.309546]  ? __pfx_blkdev_ioctl+0x10/0x10
[  674.309561]  __x64_sys_ioctl+0x18f/0x210
[  674.309581]  do_syscall_64+0xbf/0x420
[  674.309596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.309609] RIP: 0033:0x7f8b014a38d7
[  674.309618] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  674.309630] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  674.309643] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b014a38d7
[  674.309650] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  674.309658] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  674.309665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  674.309672] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  674.309687]  </TASK>
[  674.363397] loop1: detected capacity change from 0 to 256
[  674.446680] FAULT_INJECTION: forcing a failure.
[  674.446680] name failslab, interval 1, probability 0, space 0, times 0
[  674.448376] CPU: 1 UID: 0 PID: 6411 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  674.448404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  674.448417] Call Trace:
[  674.448425]  <TASK>
[  674.448433]  dump_stack_lvl+0xfa/0x120
[  674.448466]  should_fail_ex+0x4d7/0x5e0
[  674.448504]  ? rtnl_newlink+0xdd/0x1f90
[  674.448532]  should_failslab+0xc2/0x120
[  674.448557]  __kmalloc_cache_noprof+0x80/0x730
[  674.448587]  ? __is_insn_slot_addr+0x140/0x290
[  674.448621]  ? rtnl_newlink+0xdd/0x1f90
[  674.448646]  rtnl_newlink+0xdd/0x1f90
[  674.448680]  ? lock_acquire+0x15e/0x2d0
[  674.448709]  ? __pfx_rtnl_newlink+0x10/0x10
[  674.448735]  ? find_held_lock+0x2b/0x80
[  674.448769]  ? avc_has_perm_noaudit+0x11c/0x390
[  674.448796]  ? lock_release+0xc8/0x270
[  674.448826]  ? avc_has_perm_noaudit+0x141/0x390
[  674.448855]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  674.448894]  ? __lock_acquire+0x451/0x2250
[  674.448921]  ? __is_insn_slot_addr+0xe2/0x290
[  674.448946]  ? kernel_text_address+0x5b/0xc0
[  674.448988]  ? lock_acquire+0x15e/0x2d0
[  674.449014]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  674.449042]  ? find_held_lock+0x2b/0x80
[  674.449074]  ? __pfx_rtnl_newlink+0x10/0x10
[  674.449100]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  674.449127]  ? lock_release+0xc8/0x270
[  674.449154]  ? __pfx_rtnl_newlink+0x10/0x10
[  674.449182]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  674.449213]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  674.449250]  ? __lock_acquire+0x451/0x2250
[  674.449279]  netlink_rcv_skb+0x147/0x430
[  674.449311]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  674.449342]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  674.449370]  ? netlink_deliver_tap+0x103/0xcb0
[  674.449408]  ? netlink_deliver_tap+0x1af/0xcb0
[  674.449442]  netlink_unicast+0x5a7/0x870
[  674.449475]  ? __pfx_netlink_unicast+0x10/0x10
[  674.449505]  ? __virt_addr_valid+0x100/0x5d0
[  674.449538]  netlink_sendmsg+0x8a3/0xd80
[  674.449573]  ? __pfx_netlink_sendmsg+0x10/0x10
[  674.449621]  ____sys_sendmsg+0xa38/0xbf0
[  674.449652]  ? copy_msghdr_from_user+0xfb/0x150
[  674.449690]  ? __pfx_____sys_sendmsg+0x10/0x10
[  674.449730]  ? lock_acquire+0x15e/0x2d0
[  674.449771]  ___sys_sendmsg+0x10f/0x1b0
[  674.449817]  ? __pfx____sys_sendmsg+0x10/0x10
[  674.449867]  ? proc_fail_nth_write+0x97/0x220
[  674.449914]  ? lock_acquire+0x15e/0x2d0
[  674.449949]  ? __fget_files+0x34/0x3b0
[  674.449984]  ? find_held_lock+0x2b/0x80
[  674.450038]  ? __fget_files+0x203/0x3b0
[  674.450071]  ? lock_release+0xc8/0x270
[  674.450112]  ? __fget_files+0x20d/0x3b0
[  674.450175]  __sys_sendmsg+0x150/0x200
[  674.450221]  ? __pfx___sys_sendmsg+0x10/0x10
[  674.450281]  ? __pfx_ksys_write+0x10/0x10
[  674.450312]  ? irqentry_exit+0xee/0x650
[  674.450342]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  674.450388]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  674.450438]  do_syscall_64+0xbf/0x420
[  674.450480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.450516] RIP: 0033:0x7f7e70c05b19
[  674.450550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  674.450583] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  674.450616] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  674.450640] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  674.450661] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  674.450682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.450702] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  674.450749]  </TASK>
02:40:20 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 8)

02:40:20 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 24)

02:40:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 14)

02:40:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:20 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)

02:40:20 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0xf, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  682.740288] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  682.743705] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  682.750061] loop1: detected capacity change from 0 to 256
[  682.754264] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  682.755081] syz_tun: refused to change device tx_queue_len
[  682.760408] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  682.761181] syz_tun: refused to change device tx_queue_len
[  682.779060] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  682.787177] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  682.789149] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  682.791773] loop0: detected capacity change from 0 to 256
02:40:20 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

[  682.794519] syz_tun: refused to change device tx_queue_len
[  682.798390] syz_tun: refused to change device tx_queue_len
02:40:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 25)

02:40:20 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x60, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  682.846202] loop0: detected capacity change from 0 to 256
[  682.848479] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  682.856747] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:40:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 9)

02:40:20 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)

02:40:20 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 15)

[  682.877777] loop1: detected capacity change from 0 to 256
[  682.878059] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  682.879426] syz_tun: refused to change device tx_queue_len
[  682.901250] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
02:40:20 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:20 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0xf0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  682.976422] FAULT_INJECTION: forcing a failure.
[  682.976422] name failslab, interval 1, probability 0, space 0, times 0
[  682.980351] CPU: 0 UID: 0 PID: 6451 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  682.980369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  682.980377] Call Trace:
[  682.980381]  <TASK>
[  682.980386]  dump_stack_lvl+0xfa/0x120
[  682.980406]  should_fail_ex+0x4d7/0x5e0
[  682.980428]  should_failslab+0xc2/0x120
[  682.980442]  kmem_cache_alloc_node_noprof+0x87/0x730
[  682.980461]  ? mark_held_locks+0x49/0x80
[  682.980477]  ? __alloc_skb+0x159/0x440
[  682.980497]  ? __alloc_skb+0x159/0x440
[  682.980510]  __alloc_skb+0x159/0x440
[  682.980523]  ? __alloc_skb+0x37d/0x440
[  682.980537]  ? __pfx___alloc_skb+0x10/0x10
[  682.980552]  ? rtnl_prop_list_size+0x144/0x2c0
[  682.980568]  ? if_nlmsg_size+0x45a/0xae0
[  682.980584]  rtmsg_ifinfo_build_skb+0x82/0x290
[  682.980604]  rtnetlink_event+0xfd/0x200
[  682.980621]  notifier_call_chain+0xc0/0x320
[  682.980636]  ? __pfx___dev_notify_flags+0x10/0x10
[  682.980650]  ? __dev_change_flags+0x4cd/0x6b0
[  682.980666]  call_netdevice_notifiers_info+0xbe/0x110
[  682.980686]  netif_change_tx_queue_len+0x128/0x1e0
[  682.980701]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  682.980718]  ? netif_change_flags+0x10e/0x170
[  682.980733]  do_setlink.constprop.0+0xbc1/0x3e00
[  682.980754]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  682.980769]  ? __lock_acquire+0x451/0x2250
[  682.980787]  ? __lock_acquire+0x451/0x2250
[  682.980803]  ? find_held_lock+0x2b/0x80
[  682.980824]  ? lock_acquire+0x15e/0x2d0
[  682.980838]  ? rtnl_newlink+0x87d/0x1f90
[  682.980858]  ? __mutex_lock+0x9da/0x2380
[  682.980872]  ? rtnl_newlink+0x87d/0x1f90
[  682.980888]  ? __pfx___mutex_lock+0x10/0x10
[  682.980903]  ? security_capable+0x2f/0x90
[  682.980921]  ? ns_capable+0x20/0x120
[  682.980941]  ? netlink_ns_capable+0x101/0x140
[  682.980959]  rtnl_newlink+0x1501/0x1f90
[  682.980983]  ? __pfx_rtnl_newlink+0x10/0x10
[  682.980996]  ? find_held_lock+0x2b/0x80
[  682.981015]  ? avc_has_perm_noaudit+0x11c/0x390
[  682.981029]  ? lock_release+0xc8/0x270
[  682.981045]  ? avc_has_perm_noaudit+0x141/0x390
[  682.981061]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  682.981082]  ? __lock_acquire+0x451/0x2250
[  682.981096]  ? __is_insn_slot_addr+0xe2/0x290
[  682.981112]  ? kernel_text_address+0x5b/0xc0
[  682.981130]  ? lock_acquire+0x15e/0x2d0
[  682.981143]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  682.981158]  ? find_held_lock+0x2b/0x80
[  682.981175]  ? __pfx_rtnl_newlink+0x10/0x10
[  682.981189]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  682.981204]  ? lock_release+0xc8/0x270
[  682.981218]  ? __pfx_rtnl_newlink+0x10/0x10
[  682.981234]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  682.981250]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  682.981270]  ? __lock_acquire+0x451/0x2250
[  682.981286]  netlink_rcv_skb+0x147/0x430
[  682.981302]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  682.981319]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  682.981334]  ? netlink_deliver_tap+0x103/0xcb0
[  682.981354]  ? netlink_deliver_tap+0x1af/0xcb0
[  682.981373]  netlink_unicast+0x5a7/0x870
[  682.981391]  ? __pfx_netlink_unicast+0x10/0x10
[  682.981407]  ? __virt_addr_valid+0x100/0x5d0
[  682.981425]  netlink_sendmsg+0x8a3/0xd80
[  682.981444]  ? __pfx_netlink_sendmsg+0x10/0x10
[  682.981466]  ____sys_sendmsg+0xa38/0xbf0
[  682.981479]  ? copy_msghdr_from_user+0xfb/0x150
[  682.981495]  ? __pfx_____sys_sendmsg+0x10/0x10
[  682.981510]  ? lock_acquire+0x15e/0x2d0
[  682.981526]  ___sys_sendmsg+0x10f/0x1b0
[  682.981542]  ? __pfx____sys_sendmsg+0x10/0x10
[  682.981560]  ? proc_fail_nth_write+0x97/0x220
[  682.981578]  ? lock_acquire+0x15e/0x2d0
[  682.981592]  ? __fget_files+0x34/0x3b0
[  682.981604]  ? find_held_lock+0x2b/0x80
[  682.981622]  ? __fget_files+0x203/0x3b0
[  682.981633]  ? lock_release+0xc8/0x270
[  682.981650]  ? __fget_files+0x20d/0x3b0
[  682.981666]  __sys_sendmsg+0x150/0x200
[  682.981681]  ? __pfx___sys_sendmsg+0x10/0x10
[  682.981701]  ? __pfx_ksys_write+0x10/0x10
[  682.981712]  ? irqentry_exit+0xee/0x650
[  682.981723]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  682.981738]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  682.981757]  do_syscall_64+0xbf/0x420
[  682.981771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.981783] RIP: 0033:0x7f7e70c05b19
[  682.981793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  682.981805] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  682.981817] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  682.981825] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  682.981832] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  682.981839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  682.981846] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  682.981862]  </TASK>
[  683.024281] syz_tun: refused to change device tx_queue_len
[  683.026418] FAULT_INJECTION: forcing a failure.
[  683.026418] name failslab, interval 1, probability 0, space 0, times 0
[  683.030888] CPU: 1 UID: 0 PID: 6452 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  683.030920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  683.030933] Call Trace:
[  683.030940]  <TASK>
[  683.030949]  dump_stack_lvl+0xfa/0x120
[  683.030987]  should_fail_ex+0x4d7/0x5e0
[  683.031026]  should_failslab+0xc2/0x120
[  683.031051]  __kmalloc_noprof+0xd6/0x830
[  683.031081]  ? lock_is_held_type+0x9e/0x120
[  683.031102]  ? tun_device_event+0x185/0x1120
[  683.031127]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  683.031165]  ? tun_device_event+0x185/0x1120
[  683.031189]  tun_device_event+0x185/0x1120
[  683.031214]  ? __pfx_inetdev_event+0x10/0x10
[  683.031249]  ? lock_is_held_type+0x9e/0x120
[  683.031270]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  683.031300]  ? cfg80211_netdev_notifier_call+0x398/0xe90
[  683.031324]  ? igmp_netdev_event+0x35/0x7f0
[  683.031351]  ? ipmr_device_event+0x196/0x200
[  683.031381]  notifier_call_chain+0xc0/0x320
[  683.031409]  ? __pfx___dev_notify_flags+0x10/0x10
[  683.031435]  ? __dev_change_flags+0x4cd/0x6b0
[  683.031464]  call_netdevice_notifiers_info+0xbe/0x110
[  683.031499]  netif_change_tx_queue_len+0x128/0x1e0
[  683.031527]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  683.031558]  ? netif_change_flags+0x10e/0x170
[  683.031588]  do_setlink.constprop.0+0xbc1/0x3e00
[  683.031622]  ? mark_held_locks+0x49/0x80
[  683.031653]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  683.031681]  ? finish_task_switch.isra.0+0x1fb/0x840
[  683.031709]  ? __lock_acquire+0x451/0x2250
[  683.031743]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  683.031774]  ? do_raw_spin_lock+0x123/0x260
[  683.031810]  ? mark_held_locks+0x49/0x80
[  683.031836]  ? __mutex_lock+0x179b/0x2380
[  683.031857]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  683.031884]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  683.031918]  ? __mutex_lock+0x179b/0x2380
[  683.031939]  ? __mutex_lock+0x709/0x2380
[  683.031963]  ? rtnl_newlink+0x87d/0x1f90
[  683.031994]  ? __pfx___mutex_lock+0x10/0x10
[  683.032025]  ? ns_capable+0x20/0x120
[  683.032060]  ? netlink_ns_capable+0x101/0x140
[  683.032091]  rtnl_newlink+0x1501/0x1f90
[  683.032127]  ? __pfx_rtnl_newlink+0x10/0x10
[  683.032153]  ? find_held_lock+0x2b/0x80
[  683.032186]  ? avc_has_perm_noaudit+0x11c/0x390
[  683.032213]  ? lock_release+0xc8/0x270
[  683.032243]  ? avc_has_perm_noaudit+0x141/0x390
[  683.032272]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  683.032312]  ? __lock_acquire+0x451/0x2250
[  683.032338]  ? __is_insn_slot_addr+0xe2/0x290
[  683.032364]  ? kernel_text_address+0x5b/0xc0
[  683.032396]  ? lock_acquire+0x15e/0x2d0
[  683.032422]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  683.032450]  ? find_held_lock+0x2b/0x80
[  683.032485]  ? __pfx_rtnl_newlink+0x10/0x10
[  683.032512]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  683.032540]  ? lock_release+0xc8/0x270
[  683.032566]  ? __pfx_rtnl_newlink+0x10/0x10
[  683.032594]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  683.032625]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  683.032662]  ? __lock_acquire+0x451/0x2250
[  683.032692]  netlink_rcv_skb+0x147/0x430
[  683.032723]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  683.032753]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  683.032781]  ? netlink_deliver_tap+0x103/0xcb0
[  683.032819]  ? netlink_deliver_tap+0x1af/0xcb0
[  683.032853]  netlink_unicast+0x5a7/0x870
[  683.032887]  ? __pfx_netlink_unicast+0x10/0x10
[  683.032916]  ? __virt_addr_valid+0x100/0x5d0
[  683.032950]  netlink_sendmsg+0x8a3/0xd80
[  683.032985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.033027]  ____sys_sendmsg+0xa38/0xbf0
[  683.033050]  ? copy_msghdr_from_user+0xfb/0x150
[  683.033078]  ? __pfx_____sys_sendmsg+0x10/0x10
[  683.033108]  ? lock_acquire+0x15e/0x2d0
[  683.033138]  ___sys_sendmsg+0x10f/0x1b0
[  683.033167]  ? __pfx____sys_sendmsg+0x10/0x10
[  683.033201]  ? proc_fail_nth_write+0x97/0x220
[  683.033233]  ? lock_acquire+0x15e/0x2d0
[  683.033259]  ? __fget_files+0x34/0x3b0
[  683.033281]  ? find_held_lock+0x2b/0x80
[  683.033315]  ? __fget_files+0x203/0x3b0
[  683.033336]  ? lock_release+0xc8/0x270
[  683.033366]  ? __fget_files+0x20d/0x3b0
[  683.033402]  __sys_sendmsg+0x150/0x200
[  683.033430]  ? __pfx___sys_sendmsg+0x10/0x10
[  683.033468]  ? __pfx_ksys_write+0x10/0x10
[  683.033488]  ? irqentry_exit+0xee/0x650
[  683.033507]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  683.033534]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  683.033568]  do_syscall_64+0xbf/0x420
[  683.033594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.033617] RIP: 0033:0x7fc23f4feb19
[  683.033635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  683.033655] RSP: 002b:00007fc23ca74188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  683.033677] RAX: ffffffffffffffda RBX: 00007fc23f611f60 RCX: 00007fc23f4feb19
[  683.033692] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  683.033705] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  683.033718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  683.033731] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  683.033759]  </TASK>
[  683.117011] syz_tun: refused to change device tx_queue_len
[  683.118405] syz_tun: refused to change device tx_queue_len
02:40:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 16)

02:40:30 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x107, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:30 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)

02:40:30 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:30 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c0200"/56], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 26)

02:40:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 10)

[  692.779843] validate_nla: 6 callbacks suppressed
[  692.779867] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  692.782929] loop0: detected capacity change from 0 to 256
[  692.797075] syz_tun: refused to change device tx_queue_len
[  692.811775] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  692.813483] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  692.815051] loop0: detected capacity change from 0 to 256
[  692.816790] loop1: detected capacity change from 0 to 256
[  692.818096] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  692.821943] syz_tun: refused to change device tx_queue_len
[  692.827442] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  692.836399] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  692.840880] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  692.848404] syz_tun: refused to change device tx_queue_len
[  692.858780] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  692.866550] syz_tun: refused to change device tx_queue_len
02:40:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 11)

02:40:30 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 17)

02:40:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 27)

02:40:30 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:30 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)

02:40:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x5, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:30 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x300, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  693.015161] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  693.023569] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  693.026125] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  693.031540] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  693.032768] FAULT_INJECTION: forcing a failure.
[  693.032768] name failslab, interval 1, probability 0, space 0, times 0
[  693.036766] CPU: 0 UID: 0 PID: 6486 Comm: syz-executor.5 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  693.036798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  693.036813] Call Trace:
[  693.036820]  <TASK>
[  693.036836]  dump_stack_lvl+0xfa/0x120
[  693.036869]  should_fail_ex+0x4d7/0x5e0
[  693.036910]  should_failslab+0xc2/0x120
[  693.036935]  __kmalloc_noprof+0xd6/0x830
[  693.036965]  ? lock_is_held_type+0x9e/0x120
[  693.036993]  ? tun_device_event+0x185/0x1120
[  693.037019]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  693.037056]  ? tun_device_event+0x185/0x1120
[  693.037080]  tun_device_event+0x185/0x1120
[  693.037105]  ? __pfx_inetdev_event+0x10/0x10
[  693.037141]  ? lock_is_held_type+0x9e/0x120
[  693.037161]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  693.037192]  ? cfg80211_netdev_notifier_call+0x398/0xe90
[  693.037217]  ? igmp_netdev_event+0x35/0x7f0
[  693.037244]  ? ipmr_device_event+0x196/0x200
[  693.037274]  notifier_call_chain+0xc0/0x320
[  693.037302]  ? __pfx___dev_notify_flags+0x10/0x10
[  693.037328]  ? __dev_change_flags+0x4cd/0x6b0
[  693.037358]  call_netdevice_notifiers_info+0xbe/0x110
[  693.037394]  netif_change_tx_queue_len+0x128/0x1e0
[  693.037421]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  693.037453]  ? netif_change_flags+0x10e/0x170
[  693.037482]  do_setlink.constprop.0+0xbc1/0x3e00
[  693.037522]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  693.037550]  ? __lock_acquire+0x451/0x2250
[  693.037585]  ? __lock_acquire+0x451/0x2250
[  693.037615]  ? find_held_lock+0x2b/0x80
[  693.037653]  ? lock_acquire+0x15e/0x2d0
[  693.037679]  ? rtnl_newlink+0x87d/0x1f90
[  693.037715]  ? __mutex_lock+0x9da/0x2380
[  693.037741]  ? rtnl_newlink+0x87d/0x1f90
[  693.037770]  ? __pfx___mutex_lock+0x10/0x10
[  693.037798]  ? security_capable+0x2f/0x90
[  693.037832]  ? ns_capable+0x20/0x120
[  693.037867]  ? netlink_ns_capable+0x101/0x140
[  693.037899]  rtnl_newlink+0x1501/0x1f90
[  693.037935]  ? __pfx_rtnl_newlink+0x10/0x10
[  693.037961]  ? find_held_lock+0x2b/0x80
[  693.037994]  ? avc_has_perm_noaudit+0x11c/0x390
[  693.038020]  ? lock_release+0xc8/0x270
[  693.038050]  ? avc_has_perm_noaudit+0x141/0x390
[  693.038080]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  693.038119]  ? __lock_acquire+0x451/0x2250
[  693.038155]  ? lock_acquire+0x15e/0x2d0
[  693.038181]  ? rtnetlink_rcv_msg+0x1fb/0xfc0
[  693.038209]  ? find_held_lock+0x2b/0x80
[  693.038240]  ? __pfx_rtnl_newlink+0x10/0x10
[  693.038267]  ? rtnetlink_rcv_msg+0x9a2/0xfc0
[  693.038294]  ? lock_release+0xc8/0x270
[  693.038320]  ? __pfx_rtnl_newlink+0x10/0x10
[  693.038366]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  693.038397]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  693.038434]  ? __lock_acquire+0x451/0x2250
[  693.038463]  netlink_rcv_skb+0x147/0x430
[  693.038494]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  693.038524]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  693.038552]  ? netlink_deliver_tap+0x103/0xcb0
[  693.038590]  ? netlink_deliver_tap+0x1af/0xcb0
[  693.038617]  ? __rcu_read_unlock+0x2b9/0x5c0
[  693.038648]  netlink_unicast+0x5a7/0x870
[  693.038682]  ? __pfx_netlink_unicast+0x10/0x10
[  693.038711]  ? __virt_addr_valid+0x100/0x5d0
[  693.038746]  netlink_sendmsg+0x8a3/0xd80
[  693.038780]  ? __pfx_netlink_sendmsg+0x10/0x10
[  693.038821]  ____sys_sendmsg+0xa38/0xbf0
[  693.038844]  ? copy_msghdr_from_user+0xfb/0x150
[  693.038873]  ? __pfx_____sys_sendmsg+0x10/0x10
[  693.038902]  ? lock_acquire+0x15e/0x2d0
[  693.038932]  ___sys_sendmsg+0x10f/0x1b0
[  693.038961]  ? __pfx____sys_sendmsg+0x10/0x10
[  693.038995]  ? proc_fail_nth_write+0x97/0x220
[  693.039027]  ? lock_acquire+0x15e/0x2d0
[  693.039052]  ? __fget_files+0x34/0x3b0
[  693.039075]  ? find_held_lock+0x2b/0x80
[  693.039108]  ? __fget_files+0x203/0x3b0
[  693.039129]  ? lock_release+0xc8/0x270
[  693.039159]  ? __fget_files+0x20d/0x3b0
[  693.039189]  __sys_sendmsg+0x150/0x200
[  693.039218]  ? __pfx___sys_sendmsg+0x10/0x10
[  693.039255]  ? __pfx_ksys_write+0x10/0x10
[  693.039275]  ? irqentry_exit+0xee/0x650
[  693.039294]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  693.039322]  ? lockdep_hardirqs_on_prepare+0xdb/0x190
[  693.039356]  do_syscall_64+0xbf/0x420
[  693.039383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.039406] RIP: 0033:0x7f7e70c05b19
[  693.039423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  693.039444] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  693.039466] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  693.039481] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  693.039494] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  693.039507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  693.039519] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  693.039548]  </TASK>
[  693.126863] loop0: detected capacity change from 0 to 256
02:40:30 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

[  693.152283] syz_tun: refused to change device tx_queue_len
[  693.154223] syz_tun: refused to change device tx_queue_len
[  693.154695] FAULT_INJECTION: forcing a failure.
[  693.154695] name failslab, interval 1, probability 0, space 0, times 0
[  693.158052] CPU: 1 UID: 0 PID: 6494 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  693.158084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  693.158097] Call Trace:
[  693.158104]  <TASK>
[  693.158113]  dump_stack_lvl+0xfa/0x120
[  693.158152]  should_fail_ex+0x4d7/0x5e0
[  693.158191]  ? __kernfs_new_node+0xd3/0x940
[  693.158222]  should_failslab+0xc2/0x120
[  693.158248]  kmem_cache_alloc_noprof+0x80/0x760
[  693.158287]  ? __kernfs_new_node+0xd3/0x940
[  693.158316]  __kernfs_new_node+0xd3/0x940
[  693.158344]  ? __lock_acquire+0x451/0x2250
[  693.158388]  ? __pfx___kernfs_new_node+0x10/0x10
[  693.158422]  ? lock_acquire+0x15e/0x2d0
[  693.158448]  ? kernfs_root+0x23/0x2a0
[  693.158477]  ? find_held_lock+0x2b/0x80
[  693.158511]  ? kernfs_root+0xee/0x2a0
[  693.158540]  ? lock_release+0xc8/0x270
[  693.158567]  ? lock_is_held_type+0x9e/0x120
[  693.158595]  kernfs_new_node+0x13c/0x1e0
[  693.158634]  __kernfs_create_file+0x55/0x360
[  693.158662]  sysfs_add_file_mode_ns+0x21c/0x430
[  693.158693]  ? __pfx_dev_attr_store+0x10/0x10
[  693.158730]  internal_create_group+0x662/0xeb0
[  693.158770]  ? __pfx_internal_create_group+0x10/0x10
[  693.158801]  ? blk_validate_limits+0xe47/0x15d0
[  693.158832]  ? lock_is_held_type+0x9e/0x120
[  693.158855]  loop_configure+0xc46/0x15a0
[  693.158908]  ? __pfx_loop_configure+0x10/0x10
[  693.158952]  ? avc_has_extended_perms+0x107/0xf20
[  693.158986]  ? find_held_lock+0x2b/0x80
[  693.159019]  ? avc_has_extended_perms+0x23b/0xf20
[  693.159044]  ? lock_release+0xc8/0x270
[  693.159074]  lo_ioctl+0x674/0x1cb0
[  693.159108]  ? __pfx_lo_ioctl+0x10/0x10
[  693.159137]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  693.159161]  ? __lock_acquire+0x451/0x2250
[  693.159191]  ? update_load_avg+0x153/0x1c90
[  693.159226]  ? __lock_acquire+0x451/0x2250
[  693.159252]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  693.159287]  ? blkdev_common_ioctl+0x1c3/0x2860
[  693.159343]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  693.159377]  ? __fget_files+0x34/0x3b0
[  693.159402]  ? find_held_lock+0x2b/0x80
[  693.159449]  ? __fget_files+0x203/0x3b0
[  693.159480]  ? __pfx_lo_ioctl+0x10/0x10
[  693.159523]  blkdev_ioctl+0x365/0x6d0
[  693.159561]  ? __pfx_blkdev_ioctl+0x10/0x10
[  693.159592]  ? selinux_file_ioctl+0xb9/0x280
[  693.159638]  ? __pfx_blkdev_ioctl+0x10/0x10
[  693.159667]  __x64_sys_ioctl+0x18f/0x210
[  693.159712]  do_syscall_64+0xbf/0x420
[  693.159742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.159765] RIP: 0033:0x7f8b014a38d7
[  693.159783] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  693.159805] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  693.159826] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b014a38d7
[  693.159841] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  693.159855] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  693.159868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  693.159882] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  693.159910]  </TASK>
[  693.162088] FAULT_INJECTION: forcing a failure.
[  693.162088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  693.172116] loop1: detected capacity change from 0 to 256
[  693.219558] syz_tun: refused to change device tx_queue_len
[  693.237652] syz_tun: refused to change device tx_queue_len
[  693.238555] CPU: 1 UID: 0 PID: 6489 Comm: syz-executor.4 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  693.238584] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  693.238597] Call Trace:
[  693.238604]  <TASK>
[  693.238613]  dump_stack_lvl+0xfa/0x120
[  693.238642]  should_fail_ex+0x4d7/0x5e0
[  693.238680]  _copy_to_user+0x32/0xd0
[  693.238716]  simple_read_from_buffer+0xe0/0x180
[  693.238754]  proc_fail_nth_read+0x18a/0x240
[  693.238784]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  693.238813]  ? security_file_permission+0x22/0x90
[  693.238839]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  693.238866]  vfs_read+0x1eb/0xc70
[  693.238903]  ? __pfx___mutex_lock+0x10/0x10
[  693.238924]  ? __fget_files+0x34/0x3b0
[  693.238946]  ? __pfx_vfs_read+0x10/0x10
[  693.238989]  ? lock_release+0xc8/0x270
[  693.239020]  ? __fget_files+0x20d/0x3b0
[  693.239051]  ksys_read+0x121/0x240
[  693.239070]  ? __pfx_ksys_read+0x10/0x10
[  693.239098]  do_syscall_64+0xbf/0x420
[  693.239125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.239147] RIP: 0033:0x7fc23f4b169c
[  693.239165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  693.239186] RSP: 002b:00007fc23ca74170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  693.239207] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007fc23f4b169c
[  693.239221] RDX: 000000000000000f RSI: 00007fc23ca741e0 RDI: 0000000000000004
[  693.239235] RBP: 00007fc23ca741d0 R08: 0000000000000000 R09: 0000000000000000
[  693.239248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  693.239261] R13: 00007ffc1f79fcaf R14: 00007fc23ca74300 R15: 0000000000022000
[  693.239289]  </TASK>
02:40:30 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x6, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:30 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c0000000300000000000000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 12)

[  693.387850] syz_tun: refused to change device tx_queue_len
[  693.393201] loop0: detected capacity change from 0 to 256
02:40:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x7, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 28)

02:40:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 13)

02:40:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:43 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x500, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

02:40:43 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:43 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  705.993594] loop0: detected capacity change from 0 to 256
[  706.001490] validate_nla: 8 callbacks suppressed
[  706.001508] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  706.003202] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  706.006375] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  706.009590] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  706.011411] syz_tun: refused to change device tx_queue_len
[  706.012329] loop1: detected capacity change from 0 to 256
[  706.014558] syz_tun: refused to change device tx_queue_len
[  706.015769] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  706.016098] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  706.024344] syz_tun: refused to change device tx_queue_len
[  706.028150] loop0: detected capacity change from 0 to 256
02:40:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

02:40:43 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:43 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x600, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  706.180949] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  706.185578] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  706.195783] syz_tun: refused to change device tx_queue_len
02:40:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 14)

02:40:53 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:40:53 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x700, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:40:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:40:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c02000000"], 0x38}], 0x1}, 0x0)

02:40:53 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 29)

[  715.450151] loop0: detected capacity change from 0 to 256
[  715.451560] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  715.466732] loop0: detected capacity change from 0 to 256
[  715.476537] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  715.480255] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  715.488654] syz_tun: refused to change device tx_queue_len
02:40:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

[  715.511872] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  715.515616] FAULT_INJECTION: forcing a failure.
[  715.515616] name failslab, interval 1, probability 0, space 0, times 0
02:40:53 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x9, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  715.517369] CPU: 0 UID: 0 PID: 6558 Comm: syz-executor.1 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  715.517399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  715.517420] Call Trace:
[  715.517430]  <TASK>
[  715.517441]  dump_stack_lvl+0xfa/0x120
[  715.517484]  should_fail_ex+0x4d7/0x5e0
[  715.517525]  ? __kernfs_new_node+0xd3/0x940
[  715.517565]  should_failslab+0xc2/0x120
[  715.517596]  kmem_cache_alloc_noprof+0x80/0x760
[  715.517638]  ? __kernfs_new_node+0xd3/0x940
[  715.517669]  __kernfs_new_node+0xd3/0x940
[  715.517699]  ? __lock_acquire+0x451/0x2250
[  715.517733]  ? __pfx___kernfs_new_node+0x10/0x10
[  715.517770]  ? lock_acquire+0x15e/0x2d0
[  715.517798]  ? kernfs_root+0x23/0x2a0
[  715.517829]  ? find_held_lock+0x2b/0x80
[  715.517865]  ? kernfs_root+0xee/0x2a0
[  715.517896]  ? lock_release+0xc8/0x270
[  715.517922]  ? lock_is_held_type+0x9e/0x120
[  715.517951]  kernfs_new_node+0x13c/0x1e0
[  715.518000]  __kernfs_create_file+0x55/0x360
[  715.518030]  sysfs_add_file_mode_ns+0x21c/0x430
[  715.518064]  ? __pfx_dev_attr_store+0x10/0x10
[  715.518102]  internal_create_group+0x662/0xeb0
[  715.518144]  ? __pfx_internal_create_group+0x10/0x10
[  715.518177]  ? blk_validate_limits+0xe47/0x15d0
[  715.518210]  ? lock_is_held_type+0x9e/0x120
[  715.518235]  loop_configure+0xc46/0x15a0
[  715.518291]  ? __pfx_loop_configure+0x10/0x10
[  715.518338]  ? avc_has_extended_perms+0x107/0xf20
[  715.518367]  ? find_held_lock+0x2b/0x80
[  715.518403]  ? avc_has_extended_perms+0x23b/0xf20
[  715.518430]  ? lock_release+0xc8/0x270
[  715.518461]  lo_ioctl+0x674/0x1cb0
[  715.518498]  ? __pfx_lo_ioctl+0x10/0x10
[  715.518528]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  715.518565]  ? lock_acquire+0x15e/0x2d0
[  715.518592]  ? __virt_addr_valid+0x1c6/0x5d0
[  715.518632]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
02:40:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  715.518666]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  715.518695]  ? lock_release+0xc8/0x270
[  715.518723]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  715.518760]  ? blkdev_common_ioctl+0x1c3/0x2860
[  715.518819]  ? debug_mutex_remove_waiter+0x1a0/0x3f0
[  715.518855]  ? __fget_files+0x34/0x3b0
[  715.518879]  ? find_held_lock+0x2b/0x80
[  715.518915]  ? __fget_files+0x203/0x3b0
[  715.518940]  ? __pfx_lo_ioctl+0x10/0x10
[  715.518971]  blkdev_ioctl+0x365/0x6d0
[  715.518999]  ? __pfx_blkdev_ioctl+0x10/0x10
[  715.519029]  ? selinux_file_ioctl+0xb9/0x280
[  715.519067]  ? __pfx_blkdev_ioctl+0x10/0x10
[  715.519098]  __x64_sys_ioctl+0x18f/0x210
[  715.519135]  do_syscall_64+0xbf/0x420
[  715.519162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.519187] RIP: 0033:0x7f8b014a38d7
[  715.519205] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  715.519227] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  715.519250] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b014a38d7
[  715.519266] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  715.519280] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  715.519294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  715.519308] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  715.519337]  </TASK>
[  715.563647] loop0: detected capacity change from 0 to 256
[  715.566405] syz_tun: refused to change device tx_queue_len
[  715.572684] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
02:40:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

[  715.589727] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  715.591747] 
[  715.591909] =====================================
[  715.592298] WARNING: bad unlock balance detected!
[  715.592709] 6.19.0-rc5-next-20260116 #1 Not tainted
[  715.593126] -------------------------------------
[  715.593517] syz-executor.0/6566 is trying to release lock (rcu_read_lock) at:
[  715.594101] [<ffffffff81c1dee5>] __wait_on_freeing_inode+0x105/0x350
[  715.594649] but there are no more locks to release!
[  715.595110] 
[  715.595110] other info that might help us debug this:
[  715.595746] 4 locks held by syz-executor.0/6566:
[  715.596223]  #0: ffff88800fdf03f8 (sb_writers#3){.+.+}-{0:0}, at: filename_create+0xf7/0x400
[  715.596967]  #1: ffff8880096ec698 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1b1/0x400
[  715.597925]  #2: ffff88800fdf4950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe32/0x12d0
[  715.598694]  #3: ffffffff85c16898 (inode_hash_lock){+.+.}-{3:3}, at: insert_inode_locked+0xf9/0x890
[  715.599463] 
[  715.599463] stack backtrace:
[  715.599821] CPU: 1 UID: 0 PID: 6566 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  715.599836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  715.599844] Call Trace:
[  715.599848]  <TASK>
[  715.599853]  dump_stack_lvl+0xca/0x120
[  715.599870]  ? __wait_on_freeing_inode+0x105/0x350
[  715.599885]  print_unlock_imbalance_bug+0x118/0x130
[  715.599901]  ? __wait_on_freeing_inode+0x105/0x350
[  715.599917]  lock_release+0x1ee/0x270
[  715.599932]  __wait_on_freeing_inode+0x10a/0x350
[  715.599952]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[  715.599976]  ? __pfx_var_wake_function+0x10/0x10
[  715.600002]  ? lock_is_held_type+0x9e/0x120
[  715.600015]  insert_inode_locked+0x25f/0x890
[  715.600032]  __ext4_new_inode+0x223d/0x4cd0
[  715.600050]  ? __pfx___ext4_new_inode+0x10/0x10
[  715.600064]  ? __pfx_avc_has_perm+0x10/0x10
[  715.600079]  ? __pfx___dquot_initialize+0x10/0x10
[  715.600101]  ext4_mkdir+0x331/0xb30
[  715.600120]  ? __pfx_ext4_mkdir+0x10/0x10
[  715.600135]  ? security_inode_permission+0x72/0xe0
[  715.600149]  vfs_mkdir+0x6d8/0xc00
[  715.600166]  filename_mkdirat+0x118/0x430
[  715.600179]  ? __pfx_filename_mkdirat+0x10/0x10
[  715.600192]  ? strncpy_from_user+0x21b/0x2f0
[  715.600209]  __x64_sys_mkdir+0x6e/0xd0
[  715.600221]  do_syscall_64+0xbf/0x420
[  715.600235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.600248] RIP: 0033:0x7f8c4a31cc27
[  715.600258] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  715.600270] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  715.600282] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  715.600290] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000020000100
[  715.600298] RBP: 00007f8c47893040 R08: 0000000000000000 R09: 0000000000000000
[  715.600305] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  715.600313] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  715.600324]  </TASK>
[  715.622245] ------------[ cut here ]------------
[  715.622634] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x25f/0x5c0, CPU#1: syz-executor.0/6566
[  715.637955] Modules linked in:
[  715.638322] CPU: 1 UID: 0 PID: 6566 Comm: syz-executor.0 Not tainted 6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  715.653389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  715.668410] RIP: 0010:__rcu_read_unlock+0x25f/0x5c0
[  715.668883] Code: f2 02 00 00 c7 43 58 01 00 00 00 bf 09 00 00 00 e8 d6 b7 de ff 4d 85 f6 0f 84 73 fe ff ff e8 38 8a 20 00 fb e9 68 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e e9 81 4d 74 03 e8 2c 5d 56 00 e9
[  715.685349] RSP: 0018:ffff88801e52f9e0 EFLAGS: 00010286
[  715.685777] RAX: 00000000ffffffff RBX: ffff88804b458000 RCX: ffffc9000088e000
[  715.700606] RDX: 0000000000000000 RSI: ffffffff81566100 RDI: ffff88804b4583fc
[  715.715467] RBP: ffff88804b458000 R08: 0000000000000000 R09: fffffbfff0ba7040
[  715.731607] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804b458000
[  715.759363] R13: 0000000000000001 R14: ffffffff85c0fe50 R15: ffff8880096ed8e0
[  715.759936] FS:  00007f8c47893700(0000) GS:ffff8880e5442000(0000) knlGS:0000000000000000
[  715.774889] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  715.789647] CR2: 0000001b2d521000 CR3: 000000000d060000 CR4: 0000000000350ef0
[  715.804483] Call Trace:
[  715.804725]  <TASK>
[  715.821583]  __wait_on_freeing_inode+0x10f/0x350
[  715.837396]  ? __pfx___wait_on_freeing_inode+0x10/0x10
[  715.855535]  ? __pfx_var_wake_function+0x10/0x10
[  715.886778]  ? lock_is_held_type+0x9e/0x120
[  715.901817]  insert_inode_locked+0x25f/0x890
[  715.960178]  __ext4_new_inode+0x223d/0x4cd0
[  715.994890]  ? __pfx___ext4_new_inode+0x10/0x10
[  716.025495]  ? __pfx_avc_has_perm+0x10/0x10
[  716.043478]  ? __pfx___dquot_initialize+0x10/0x10
[  716.153264]  ext4_mkdir+0x331/0xb30
[  716.223784]  ? __pfx_ext4_mkdir+0x10/0x10
[  716.245274]  ? security_inode_permission+0x72/0xe0
[  716.321515]  vfs_mkdir+0x6d8/0xc00
[  716.363727]  filename_mkdirat+0x118/0x430
[  716.378671]  ? __pfx_filename_mkdirat+0x10/0x10
[  716.393322]  ? strncpy_from_user+0x21b/0x2f0
[  716.419703]  __x64_sys_mkdir+0x6e/0xd0
[  716.420372]  do_syscall_64+0xbf/0x420
[  716.421232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.422943] RIP: 0033:0x7f8c4a31cc27
[  716.424186] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  716.425651] RSP: 002b:00007f8c47892fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  716.426294] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f8c4a31cc27
[  716.426869] RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000020000100
[  716.427476] RBP: 00007f8c47893040 R08: 0000000000000000 R09: 0000000000000000
[  716.428080] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000000
[  716.428640] R13: 0000000020000100 R14: 00007f8c47893000 R15: 00000000200000c0
[  716.431451]  </TASK>
[  716.431645] irq event stamp: 1765
[  716.431917] hardirqs last  enabled at (1765): [<ffffffff84ced36b>] irqentry_exit+0x17b/0x650
[  716.432694] hardirqs last disabled at (1764): [<ffffffff84cec06f>] sysvec_apic_timer_interrupt+0xf/0x80
[  716.433539] softirqs last  enabled at (1758): [<ffffffff812cda79>] kernel_fpu_end+0x59/0x70
[  716.434301] softirqs last disabled at (1756): [<ffffffff812ce94b>] kernel_fpu_begin_mask+0x1bb/0x300
[  716.435136] ---[ end trace 0000000000000000 ]---
[  716.446929] loop1: detected capacity change from 0 to 256
[  716.448686] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:40:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x2, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  716.470802] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  716.471629] loop0: detected capacity change from 0 to 256
[  716.472565] syz_tun: refused to change device tx_queue_len
02:40:54 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 30)

02:40:54 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  716.498570] loop1: detected capacity change from 0 to 256
[  716.542897] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  716.572351] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  716.575166] syz_tun: refused to change device tx_queue_len
02:41:02 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x701, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)

02:41:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 31)

02:41:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 15)

02:41:02 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c00000008000000000000001000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:41:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xa, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  724.401551] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  724.404094] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
[  724.405921] FAULT_INJECTION: forcing a failure.
[  724.405921] name failslab, interval 1, probability 0, space 0, times 0
[  724.410473] loop0: detected capacity change from 0 to 256
[  724.414553] syz_tun: refused to change device tx_queue_len
[  724.416917] CPU: 1 UID: 0 PID: 6588 Comm: syz-executor.1 Tainted: G        W           6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  724.416960] Tainted: [W]=WARN
[  724.416980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  724.416995] Call Trace:
[  724.417003]  <TASK>
[  724.417012]  dump_stack_lvl+0xfa/0x120
[  724.417046]  should_fail_ex+0x4d7/0x5e0
[  724.417087]  ? __kernfs_new_node+0xd3/0x940
[  724.417122]  should_failslab+0xc2/0x120
[  724.417149]  kmem_cache_alloc_noprof+0x80/0x760
[  724.417185]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  724.417227]  ? __kernfs_new_node+0xd3/0x940
[  724.417261]  __kernfs_new_node+0xd3/0x940
[  724.417296]  ? lock_release+0x1c7/0x270
[  724.417326]  ? __pfx___kernfs_new_node+0x10/0x10
[  724.417362]  ? lock_acquire+0x18c/0x2d0
[  724.417393]  ? lock_acquire+0x18c/0x2d0
[  724.417423]  ? lock_release+0x1c7/0x270
[  724.417453]  ? lock_acquire+0x18c/0x2d0
[  724.417484]  ? lock_release+0x1c7/0x270
[  724.417517]  kernfs_new_node+0x13c/0x1e0
[  724.417558]  __kernfs_create_file+0x55/0x360
[  724.417588]  sysfs_add_file_mode_ns+0x21c/0x430
[  724.417622]  ? __pfx_dev_attr_store+0x10/0x10
[  724.417661]  internal_create_group+0x662/0xeb0
[  724.417701]  ? __pfx_internal_create_group+0x10/0x10
[  724.417736]  ? blk_validate_limits+0xe47/0x15d0
[  724.417768]  ? sync_lazytime+0x65/0x80
[  724.417804]  loop_configure+0xc46/0x15a0
[  724.417850]  ? __pfx_loop_configure+0x10/0x10
[  724.417892]  ? lock_acquire+0x18c/0x2d0
[  724.417923]  ? lock_release+0x1c7/0x270
[  724.417955]  lo_ioctl+0x674/0x1cb0
[  724.417996]  ? __pfx_lo_ioctl+0x10/0x10
[  724.418028]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  724.418061]  ? stack_depot_save_flags+0x2c/0xa00
[  724.418098]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  724.418134]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  724.418166]  ? lock_release+0x1c7/0x270
[  724.418196]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  724.418234]  ? blkdev_common_ioctl+0x1c3/0x2860
[  724.418281]  ? __pfx_do_sys_openat2+0x10/0x10
[  724.418315]  ? lock_acquire+0x18c/0x2d0
[  724.418348]  ? __pfx_lo_ioctl+0x10/0x10
[  724.418381]  blkdev_ioctl+0x365/0x6d0
[  724.418411]  ? __pfx_blkdev_ioctl+0x10/0x10
[  724.418442]  ? selinux_file_ioctl+0xb9/0x280
[  724.418481]  ? __pfx_blkdev_ioctl+0x10/0x10
[  724.418513]  __x64_sys_ioctl+0x18f/0x210
[  724.418551]  do_syscall_64+0xbf/0x420
[  724.418580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.418607] RIP: 0033:0x7f8b014a38d7
[  724.418627] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  724.418651] RSP: 002b:00007f8afea18f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  724.418677] RAX: ffffffffffffffda RBX: 00007f8b014ed970 RCX: 00007f8b014a38d7
[  724.418695] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  724.418725] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff
[  724.418741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  724.418756] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002
[  724.418780]  </TASK>
[  724.468852] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  724.473529] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  724.474887] netlink: 'syz-executor.7': attribute type 13 has an invalid length.
02:41:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c02"], 0x38}], 0x1}, 0x0)

[  724.481555] syz_tun: refused to change device tx_queue_len
[  724.484333] FAULT_INJECTION: forcing a failure.
[  724.484333] name failslab, interval 1, probability 0, space 0, times 0
[  724.486610] CPU: 1 UID: 0 PID: 6599 Comm: syz-executor.5 Tainted: G        W           6.19.0-rc5-next-20260116 #1 PREEMPT(lazy) 
[  724.486653] Tainted: [W]=WARN
[  724.486661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  724.486674] Call Trace:
[  724.486682]  <TASK>
[  724.486690]  dump_stack_lvl+0xfa/0x120
[  724.486737]  should_fail_ex+0x4d7/0x5e0
[  724.486775]  should_failslab+0xc2/0x120
[  724.486799]  __kmalloc_noprof+0xd6/0x830
[  724.486830]  ? tun_device_event+0x185/0x1120
[  724.486856]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  724.486892]  ? tun_device_event+0x185/0x1120
[  724.486916]  tun_device_event+0x185/0x1120
[  724.486941]  ? __pfx_inetdev_event+0x10/0x10
[  724.486983]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  724.487015]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  724.487047]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  724.487079]  ? cfg80211_netdev_notifier_call+0x398/0xe90
[  724.487104]  ? igmp_netdev_event+0x35/0x7f0
[  724.487132]  ? ipmr_device_event+0x196/0x200
[  724.487161]  notifier_call_chain+0xc0/0x320
[  724.487188]  ? __pfx___dev_notify_flags+0x10/0x10
[  724.487215]  ? __dev_change_flags+0x4cd/0x6b0
[  724.487243]  call_netdevice_notifiers_info+0xbe/0x110
[  724.487278]  netif_change_tx_queue_len+0x128/0x1e0
[  724.487306]  ? __pfx_netif_change_tx_queue_len+0x10/0x10
[  724.487337]  ? netif_change_flags+0x10e/0x170
[  724.487364]  do_setlink.constprop.0+0xbc1/0x3e00
[  724.487395]  ? __pfx___perf_event_task_sched_out+0x10/0x10
[  724.487429]  ? lock_release+0x1c7/0x270
[  724.487459]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  724.487488]  ? finish_task_switch.isra.0+0x1fb/0x840
[  724.487515]  ? __schedule+0x1937/0x4680
[  724.487550]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  724.487581]  ? do_raw_spin_lock+0x123/0x260
[  724.487613]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  724.487645]  ? lock_acquire+0x18c/0x2d0
02:41:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xb, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

[  724.487671]  ? lock_release+0x1c7/0x270
[  724.487698]  ? __mutex_lock+0x179b/0x2380
[  724.487719]  ? _raw_spin_unlock_irqrestore+0x2c/0x50
[  724.487752]  ? trace_hardirqs_on+0x16/0x110
[  724.487780]  ? __mutex_lock+0x179b/0x2380
[  724.487801]  ? __mutex_lock+0x709/0x2380
[  724.487823]  ? rtnl_newlink+0x87d/0x1f90
[  724.487852]  ? __pfx___mutex_lock+0x10/0x10
[  724.487878]  ? ns_capable+0x20/0x120
[  724.487913]  ? netlink_ns_capable+0x101/0x140
[  724.487942]  rtnl_newlink+0x1501/0x1f90
[  724.487974]  ? __pfx_rtnl_newlink+0x10/0x10
[  724.488001]  ? lock_acquire+0x18c/0x2d0
[  724.488029]  ? lock_release+0x1c7/0x270
[  724.488057]  ? avc_has_perm_noaudit+0x141/0x390
[  724.488086]  ? cred_has_capability.isra.0+0x1bd/0x2c0
[  724.488122]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  724.488160]  ? __is_insn_slot_addr+0x140/0x290
[  724.488186]  ? kernel_text_address+0x5b/0xc0
[  724.488216]  ? cap_capable+0xdb/0x380
[  724.488251]  ? lock_acquire+0x18c/0x2d0
[  724.488278]  ? __pfx_rtnl_newlink+0x10/0x10
[  724.488305]  ? lock_release+0x1c7/0x270
[  724.488331]  ? __pfx_rtnl_newlink+0x10/0x10
[  724.488360]  rtnetlink_rcv_msg+0x9c6/0xfc0
[  724.488389]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  724.488418]  ? stack_trace_save+0x8e/0xc0
[  724.488447]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  724.488477]  ? do_raw_spin_lock+0x123/0x260
[  724.488509]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  724.488541]  ? lock_acquire+0x18c/0x2d0
[  724.488569]  netlink_rcv_skb+0x147/0x430
[  724.488599]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  724.488630]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  724.488660]  ? __netlink_lookup+0x63e/0x8f0
[  724.488692]  ? netlink_deliver_tap+0x1af/0xcb0
[  724.488723]  netlink_unicast+0x5a7/0x870
[  724.488755]  ? __pfx_netlink_unicast+0x10/0x10
[  724.488785]  ? __virt_addr_valid+0x100/0x5d0
[  724.488814]  netlink_sendmsg+0x8a3/0xd80
[  724.488846]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.488882]  ____sys_sendmsg+0xa38/0xbf0
[  724.488904]  ? copy_msghdr_from_user+0xfb/0x150
[  724.488933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  724.488957]  ? kstrtouint_from_user+0x11a/0x180
[  724.488984]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  724.489013]  ___sys_sendmsg+0x10f/0x1b0
[  724.489042]  ? __pfx____sys_sendmsg+0x10/0x10
[  724.489073]  ? proc_fail_nth_write+0x97/0x220
[  724.489103]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  724.489132]  ? lock_release+0x1c7/0x270
[  724.489159]  ? lock_acquire+0x18c/0x2d0
[  724.489187]  ? lock_release+0x1c7/0x270
[  724.489215]  ? __fget_files+0x20d/0x3b0
[  724.489242]  __sys_sendmsg+0x150/0x200
[  724.489271]  ? __pfx___sys_sendmsg+0x10/0x10
[  724.489305]  ? __pfx_ksys_write+0x10/0x10
[  724.489325]  ? irqentry_exit+0xee/0x650
[  724.489345]  ? trace_hardirqs_on_prepare+0xe3/0x110
[  724.489377]  do_syscall_64+0xbf/0x420
[  724.489403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.489426] RIP: 0033:0x7f7e70c05b19
[  724.489443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  724.489465] RSP: 002b:00007f7e6e17b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  724.489488] RAX: ffffffffffffffda RBX: 00007f7e70d18f60 RCX: 00007f7e70c05b19
[  724.489504] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  724.489518] RBP: 00007f7e6e17b1d0 R08: 0000000000000000 R09: 0000000000000000
[  724.489532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  724.489546] R13: 00007ffd1cc6884f R14: 00007f7e6e17b300 R15: 0000000000022000
[  724.489567]  </TASK>
[  724.565828] loop1: detected capacity change from 0 to 256
[  724.567946] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  724.592482] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  724.606125] syz_tun: refused to change device tx_queue_len
[  724.652433] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  724.653243] syz_tun: refused to change device tx_queue_len
[  724.653394] netlink: 'syz-executor.6': attribute type 13 has an invalid length.
[  724.656632] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  724.657374] syz_tun: refused to change device tx_queue_len
[  724.662616] loop0: detected capacity change from 0 to 256
02:41:02 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d800c02000000"], 0x38}], 0x1}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})

02:41:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x4, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xc, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f84e", 0x17}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0))

02:41:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366ee578400080820000200008000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x8000, &(0x7f00000000c0)) (fail_nth: 32)

02:41:02 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x900, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0) (fail_nth: 16)

02:41:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000001000070000000000000000000c00000003000000000000000c000000080000000000000010000d"], 0x38}], 0x1}, 0x0)

[  724.672221] syz_tun: refused to change device tx_queue_len
[  724.673995] loop0: detected capacity change from 0 to 256
[  724.681451] syz_tun: refused to change device tx_queue_len
02:41:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x5, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x3f, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

02:41:02 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioperm(0x0, 0x7, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1408}, {r0, 0x20c2}, {0xffffffffffffffff, 0x100}, {r1, 0x4000}, {r2}], 0x5, &(0x7f0000000080), &(0x7f00000000c0)={[0x100000000]}, 0x8)
ftruncate(0xffffffffffffffff, 0x7f)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000180)={0x1, 0x18, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)={0x38, 0x10, 0x7, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x3}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x8}, @nested={0x10, 0xd, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x38}], 0x1}, 0x0)

[  724.699013] loop1: detected capacity change from 0 to 256
[  724.714012] syz_tun: refused to change device tx_queue_len
[  724.747544] syz_tun: refused to change device tx_queue_len

VM DIAGNOSIS:
02:40:53  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff84d1a2ce RDX=fffffbfff0b82d11
RSI=0000000000000004 RDI=ffffffff85c16880 RBP=ffffffff85c16880 RSP=ffff888013de7b40
R8 =0000000000000000 R9 =fffffbfff0b82d10 R10=ffffffff85c16883 R11=0000000000000000
R12=1ffff110027bcf69 R13=0000000000000003 R14=fffffbfff0b82d10 R15=ffff888013de7b78
RIP=ffffffff84d1a2d2 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555581827400 00000000 00000000
GS =0000 ffff8880e5342000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555581830c58 CR3=000000000e996000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11
XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82975135 RDI=ffffffff889c19e0 RBP=ffffffff889c19a0 RSP=ffff88806cf08938
R8 =0000000000000000 R9 =ffffed100171a046 R10=0000000000000074 R11=6b6d5f3474786520
R12=0000000000000074 R13=0000000000000010 R14=ffffffff889c19a0 R15=ffffffff82975120
RIP=ffffffff8297518d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f8c47893700 00000000 00000000
GS =0000 ffff8880e5442000 00000000 00000000
LDT=0000 fffffe2c00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2d521000 CR3=000000000d060000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000a60ce07b00000000cec3662e XMM01=000000000000000003515b82db34ca11
XMM02=0000000000000000333bebdfd0a6a21d XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000