last executing test programs:

1m29.796797779s ago: executing program 1 (id=1835):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000002280), 0x68c01, 0x0)
write$binfmt_format(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0), r1)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000001c0)={0x1, 0x3, 0x7, 0x6})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080))

1m29.773305059s ago: executing program 1 (id=1837):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000680)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x34, 0x28, 0x575ac7824d421509, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, r7, {}, {0x1}, {0x4, 0x3d}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x40)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0x1}}}, 0x24}}, 0x10)
sendmsg$unix(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32], 0xa0}, 0x4004881)

1m29.73932137s ago: executing program 1 (id=1840):
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r1}, 0x18)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

1m29.71095983s ago: executing program 1 (id=1842):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x1000, @empty}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000100)='kfree\x00', r2}, 0x18) (async)
shmctl$IPC_RMID(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0x1, 0x554, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvTHYTJ3G6LnCASi2FFiUVZDeuaWtxKEVCcKqEKJyDsTeWlbU3yq7b2KrA+QuQEAIkTnDhgsQfgFRF4sKxQqoEZ5CKQIimIMEBOmh3Z9dhM2uvy/pH1p+PNJ733uzM971dz483M5oJ4NR6OiJeiYgPsix7LiIqeXmaD7HTGzqfe//+m8udIYkse+1vSSR52fAyL+azzUTE178a8e3k4bitre2bS41GqZ+vtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFaxFv/fzsvRcTLX/7TD7/386+8/Nbn3vjj9b9c+U6nWrP59KJ2jKm018Re08vnZoZmuP0hg51EnfaU+5nz481z9xDrAwDAaJ1j/I9ExKcj4rmoxJm9D2cBAACAR1D2xdn4dxKRFTs7ohwAAAB4hKTde2CTtJrfCzAbaVqt9u7h/VhcSBvNVvuzN5qbGyu9e2XnopzeWGvUr+X3Cs9FOenk57vp3fzzQ/mFiHg8In5QOd/NV5ebjZXjPvkBAAAAp8TFof7/Pyq9/j8AAAAwZeb2nlw5qnoAAAAAh2ef/j8AAAAwBfT/AQAAYKp97dVXO0PWf//1yutbmzebr19dqbduVtc3l6vLzdu3qqvN5mr3mX3r+y2v0Wze+nxsbN6pteutdq21tX19vbm50b6+FjNH0iAAAADgIY9/8t7vk4jY+cL57tBxdsRnzx1pzYDDVhqkknxcsPb/4bHe+N0jqhRwJM6MnJIOUu+O2PGPOk4AHg2l4QIH+XBqlI+7AsCxS/aZPnTzzoVB6u18/KnJ1wkAAJisy58ovv4/+rpA3056BNUDDpGVGE6vof185l0/cHp0r/+PeyOPgwWYKuUxevrAdDvg9f9db48bIcsOVCEAAGDiZrtDklbz03uzkabVasSl7msBysmNtUb9WkQ8FhG/q5TPdfLz3TmTffsMAAAAAAAAAAAAAAAAAAAAAAAAAEBPliWRAQAAAFMtIv1z8uves/wvV56dHT4/cDb5V/eVwGcj4o2fvPajO0vt9u35Tvl7g/L2j/Py54/jDAYAAAAwrN9P747/edy1AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDavH//zeX+MMbHz08q7l+/FBFzRfFLMdMdz0Q5Ii78PYnSA/MlEXFmAvF37kbEx4viJ51qDUIWxZ/El7BP/JjLv4Wi+BcnEB9Os3ud7c8rRetfGk93x8XrXynif/If1ujtXwy2f2dGrP+XxozxxDu/rI2MfzfiiVLx9qcfPxkR/5kx43/rG9vbo6ZlP4243N//dLd4gwgzD8aqtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFa7cZao57/LYzx/Sd/9cFe7b9QuP9L8tqMbv+zBcsr2if955079z/az+w8HP/KMwXxf/Oz/BN5/GR3njSP85k8nUQyKE92et/ng576xW+f2qv9K7vtLx/k978yaqHDHlpRnhz3XwcAOAStre2bS41G/fbUJjq99BNQjUNPZJXeL3pS6jOU+OZ7J/Cf7bsTXWCWZVnnFyiYdC8ixllOEhNuaVpcn93EyB/lmDdMAADAxO0e9E/mejoAAAAAAAAAAAAAAAAAAABwcEfxlLXhmLuPQE4m8QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICJ+G8AAAD//5qx0B0=")
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000100000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}, 0x1, 0x0, 0x0, 0x50}, 0x20000804) (async)
r7 = syz_clone(0x20000000, 0x0, 0xf, 0x0, 0x0, 0x0)
ptrace(0x10, r7) (async)
sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x804)
ptrace$getregset(0x4205, r7, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) (async)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x610}]}, 0x34}}, 0x0)

1m29.277974139s ago: executing program 1 (id=1848):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000002280), 0x68c01, 0x0)
write$binfmt_format(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0), r1)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000001c0)={0x1, 0x3, 0x7, 0x6})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080))

1m29.063798412s ago: executing program 1 (id=1853):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0100001000130780fffffffcdbdf252001000000000000000000000000000020010000000000000000000000000001000000004e210002000000006c000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000000000000000001000000000000000000000000000000000000002cbd7000003500000a000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00"], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2000)

1m29.045985823s ago: executing program 32 (id=1853):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0100001000130780fffffffcdbdf252001000000000000000000000000000020010000000000000000000000000001000000004e210002000000006c000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000000000000000001000000000000000000000000000000000000002cbd7000003500000a000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00"], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2000)

2.67694859s ago: executing program 5 (id=2976):
r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x0, 0x1})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
io_uring_enter(r1, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

2.451000474s ago: executing program 5 (id=2982):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r0, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})

2.406122685s ago: executing program 5 (id=2983):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r0})

2.389301426s ago: executing program 5 (id=2984):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9ff030768f1258c989e14f05c71", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.303919387s ago: executing program 5 (id=2985):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x8, &(0x7f0000000ec0)=ANY=[@ANYRES16=r0, @ANYRES16=r0, @ANYBLOB="11892387e1ee49c710facfbe3905002db0a2b93145df0e8467e7c4c88b7ba9e4e38c3894f6f57ebbe7d468aeb670c3621814fc9e96aef012b2205dd3efb604056b11f854d49f83bd6a5cadb43a1f7deb2700d5569b091ba3dc09cd06e2f627a4fc17e0a0c1c45eec10eb33a9f6aa5dc9e727fe3d081b900f4fda44b9092717ea66ce79bc63caf3ca4f76ad41297ac79beceaf3326355c1d96bf956f336a560118c87a5f3a01f18a65f165318d41965c2ab35e1be6152349d8bfcb309847ad05b611da186b6f083605a373c426bc82be232ea695caac7fb0ef5c0891077cfa6fb18d3ebc7ef5cf6c88824b4d770906588e447672eb9b97ca175185671db6867f9bb17c6c5358df5c249d1e1e40d9cb38fb797799552d75a982ca407d4377db9dd8461c65f5a23cbd909d0840fcda567b448ffacc558ecd9095f380c3dd00cf37f4bb2b2e56de2c9896a71df1c90b25a899498fb25a69a5465838fed258009caa25b87377f2492bb408946e3d691f86b19009e87f4f9d6aa61ff", @ANYRESOCT=r0, @ANYRES32=r0, @ANYRES8=0x0, @ANYRES8=r0], &(0x7f0000000780)='GPL\x00', 0xffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
pipe2$9p(&(0x7f0000000000), 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x8003}}}}]}, 0x4c}}, 0x0)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2.11621757s ago: executing program 5 (id=2988):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x3, 0x0, 0x70bd2d, 0x25dfdbff, [@sadb_x_nat_t_type={0x1, 0x14, 0xa}]}, 0x18}}, 0x4040014)

1.831988756s ago: executing program 0 (id=2991):
syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==")
pipe(0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40040000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
ioperm(0x9, 0x9, 0x7)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)

1.567838261s ago: executing program 4 (id=2995):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000600)='kfree\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWSETELEM={0x98, 0xc, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x6c, 0x3, 0x0, 0x1, [{0x68, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x5c, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_LIMIT_UNIT={0xc}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x2}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x11c}}, 0x0)

1.544594621s ago: executing program 0 (id=2996):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000500)='signal_generate\x00', r2}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1}, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)

1.528702942s ago: executing program 4 (id=2997):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xb30, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r1}, 0x18)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})

1.469697682s ago: executing program 4 (id=2998):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'ip6gre0\x00', 0x0})
r0 = openat(0xffffffffffffff9c, 0x0, 0x1c9441, 0x0)
pwrite64(r0, &(0x7f0000000880), 0x0, 0x9000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40010)
r2 = socket$phonet(0x23, 0x2, 0x1)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0xf50f, 0x0)
ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f0000000540)=0x3)
sendmsg$xdp(0xffffffffffffffff, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000000c0)="9454b83847a5c639dccc1cc3aa288229ee8a8a45ab78b6638fd2636c7547f7afcc1711878b54b4a8bc9eda3358a5cafd58dbb8a9f638354fbf2e6ab22b8558896f959a8579d9a05c6dde4a9dcc1779d407440e34d6e555f793ec7c2979d1f4b82e4122ce3f815e2e5322b7e74e3439af393c3adad4bab28934e91efd14ebc482d56ce8cedb094afc27d5c1e6cc050411de76f5731640796ba1e233fa6da1bb14cd30662898a0595bf34af8eebc3d12716e62ae66fbb6cf070bef47415d593769c361fc054ea962c9d09ed46aecba2af20e0a40204d4d795d019895bc0d52d8cc032ee13ae832fb1f989b70ab35596dfe28c239d45c99016cadd05b87af7bd13d37c5efae45046d0e5f9860e35c2f08ef9f67c80c47b870e353c089bab87b74c588183c64b20b7ccbdb068390e4c59a848d9695f46fc8bdbde97a4400f2e8b7379a62c57fd4ef8bd4f8e3a4bf141e87156efc1b86e15f34591489db7112fcae399f83f9e4ee56a923ea3123b3fbff37ccdf92284137a1500cad979bc0331524168b5f1a5da3e2d6643b6b0f28eb15869ba7f609c4fc9e4aecca1183de7b6427e7564714ffe154c2e4db0042ada0561c58a4003191033a4fdbf0d09c9c49e802e325da5bc2bcbe5b7a64c411a780ae8d0902118894f5f63fe989623f25a7e201e135e8f25b5365c3a615a4727144109cc4b88660728445ce841940d20e87069cb74f63fbfb5dd7992dc4ccde1484aeec05630a440ed9481d03267585eed156484d23b07280cc045ff023abd628d43f7d3b7bc5a9e8e6445f94271d508e5bb17b12216dba8a5f1a02aef9126389dcf725197440404b29b95e71d45b9dad8f3fdf1c6a2734632ca7991026304d869a94259cc32ac8a45da5ba38f54e9d98faf2af04e3f11ab495eb490daa88cbf465fe127cf144081196d8319692a51d3bae449ff531427c829d9cfab8cb15ae4ff6f4392e2c657beae5364b55d05729bc7f950e4b99c7ce71136168a3fda8b7ead182973c1f5fb52f7c6f488f6383c1259345306375ebe0639e40f367be4a480c2babf3e0572a5c089cccd06588489fdf12ff256af41faef912dea1c1cf122e8e4b99770b19fdc9f6b12cdfa51d0b0d3b6dbc18af665f0f92b83b12eda1fae071a9fb49575763d1bfce45616089b868e37bad0c806a5cff911ae163f82f98c885e7c9afa4d55a4117246086b07e55991205ad345dde63ef855097c7be09343ff9dd982e7e8332337c1b9c8aedd1afeb06010e59aeb5008f7bb0d971963f79df825d94773c9b79e6897c53a83388ef89bddd1d35addfb6c3dc0121ac2a7936643159365a0ef14dc95de2d1f60f41a687c04ba42ed9b225496a418e593587f40a25bbb761eeddc2080512646d163a9968ea00f599239b3abd581253d383fb72abad3b19e0d85a7eafdc02e92cbe784129c37152934a286c2a3d5c5eb1ac65caf63f352e58c96a26b0b13462b992926bae78774d7d9de575bf86b50da743692fb38ee9fbc51ac0eff40589f7259b50e1208753abdd7e404abe252592ec7605fb2aacf41771c506cbcf84d7e8657d3801a64f8b8480ff07", 0x461}], 0x1, 0x0, 0x0, 0x10}, 0x40000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f0000002300)=ANY=[@ANYBLOB="180000060010000000000000000000001800000004000000000000000700000085100000fbffffff1864000003000000000000000200000095000000000000009721f8f99b9c32b94fa3531ed1fe6ba94a51ebae43e4e02c6702b58f46e33936345a20937f2a96fd56d9437cee57a6a28ddc0fa3e93f72c37140d76fdb2f2dba11bf3e68b3d449ed8a6e259d56194a83c83d8add0ffb3af5414ebd89"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0xa8)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, &(0x7f0000000180)={0x0, 0x0, 0xf, 0x0, 0x6}, 0xc)

1.407678614s ago: executing program 4 (id=2999):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.06655112s ago: executing program 0 (id=3004):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r0, 0x0, 0x4}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})

1.04397736s ago: executing program 0 (id=3005):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x201, 0xa401)
epoll_create1(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000021000000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c"})
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000240)={0x3ff, 0xffff})

1.039489671s ago: executing program 4 (id=3007):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xf34)
recvfrom(r0, &(0x7f0000000200)=""/82, 0x52, 0x0, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090000000000000000000200000014000180050002"], 0x28}}, 0x0)

898.085363ms ago: executing program 0 (id=3010):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x201, 0xa401)
epoll_create1(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000021000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c"})
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000240)={0x3ff, 0xffff})

810.137925ms ago: executing program 0 (id=3011):
r0 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f494246a77d86dd6700000100103afffe880000000000000000000000000201ff02000000000000000000000019000186009078ff02030005000000f6ffffff"], 0x0)
write$selinux_user(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
time(0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
r5 = shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_STAT(r5, 0x2, 0x0)
r6 = geteuid()
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="0c1200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a3100000000e0110380dc1100800800034000000002d0110a801c0002800900020073797a32000000000900020073797a3000000000520001"], 0x120c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(0xffffffffffffffff, &(0x7f0000003040)=[{{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a00)=""/132, 0x84}], 0x1}, 0x80000000}, {{&(0x7f0000000b00)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000002d80)=[{&(0x7f0000000980)=""/3, 0x3}, {&(0x7f0000000b80)=""/45, 0x2d}, {&(0x7f0000000bc0)=""/17, 0x11}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/73, 0x49}, {&(0x7f0000001cc0)=""/17, 0x11}, {&(0x7f0000001d00)=""/4096, 0x1000}, {&(0x7f0000002d00)=""/83, 0x53}], 0x8, &(0x7f0000002e00)=""/220, 0xdc}, 0xf}, {{&(0x7f0000002f00)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000003000)=[{&(0x7f0000002fc0)}], 0x1}, 0x10001}], 0x3, 0x40000062, &(0x7f0000003100)={0x77359400})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000800)={0x0, <r9=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000880)={{0x1, r6, r7, 0x0, r8, 0x100, 0x5}, 0x62, 0x6, 0x2b, 0x0, 0xffffffffffffffff, r9, 0x3})
keyctl$KEYCTL_MOVE(0x4, r4, 0x0, 0x0, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r10)
ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r10, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=ANY=[@ANYRES16, @ANYRES16=r11, @ANYBLOB="01002cbd700000dcdf251800000008000300", @ANYRES32=r12, @ANYBLOB="1c003080180001800c0005000000000000008003080001"], 0x38}}, 0x4000)

726.342816ms ago: executing program 2 (id=3013):
msgrcv(0x0, 0x0, 0x0, 0x1, 0x3000)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x52, 0x4, 0x0, 0x0, 0x0, 0x7fee, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b80, 0x6, @perf_config_ext={0x58d8, 0xb2}, 0x14105, 0x1, 0xfffffbff, 0x8, 0x2, 0x4, 0x406, 0x0, 0xfffffffe, 0x0, 0xa9e6}, 0xffffffffffffffff, 0xfffffffffffffffb, 0xffffffffffffffff, 0x3)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000002c0)={{r0}, 0xad, 0x101, 0x100000001})
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000000), 0x4)
r3 = syz_io_uring_setup(0x495, &(0x7f0000000340)={0x0, 0x3f73, 0x0, 0x4, 0x1a}, &(0x7f00000003c0), &(0x7f0000000600))
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_open_dev$vcsu(&(0x7f00000001c0), 0x9, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
lstat(0x0, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000200))
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r6, &(0x7f0000000080)={0x0, 0x18, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x40000000)
close(r6)
sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

644.664088ms ago: executing program 2 (id=3016):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008005, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
r3 = socket(0x11, 0x80805, 0x3)
getsockopt$bt_hci(r3, 0x84, 0x80, 0x0, &(0x7f00000010c0))
mount$bind(&(0x7f0000000180)='./file2\x00', &(0x7f00000003c0)='./file2\x00', &(0x7f0000000400), 0x80e, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b000085"], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = socket(0x10, 0x3, 0x9)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r6}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000013c0)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x64049}, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9)

622.041118ms ago: executing program 3 (id=3018):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000300)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000680)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x34, 0x28, 0x575ac7824d421509, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, r8, {}, {0x1}, {0x4, 0x3d}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}}, 0x40)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0x0, 0x1}}}, 0x24}}, 0x10)
sendmsg$unix(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32], 0xa0}, 0x4004881)

592.874019ms ago: executing program 2 (id=3019):
socketpair(0x1, 0x2, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0xfff}, 0x50)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x400d050}, 0x240c881c)
socket$inet6_udp(0xa, 0x2, 0x0)
socket(0x2b, 0x80801, 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4008001}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

592.387919ms ago: executing program 2 (id=3020):
open(&(0x7f0000000080)='./file0\x00', 0x108242, 0x124)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
open(&(0x7f00000001c0)='./file0\x00', 0x300, 0x40)

557.2794ms ago: executing program 2 (id=3021):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b51811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000380), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000e"], 0x10b8}, 0xff00)
r3 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xd3, 0x1, 0x0, 0x0, 0x0, 0xf, 0x9211, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0xc}, 0x14ce3, 0x100004, 0x0, 0x2, 0x6, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r3, 0x0)

468.048401ms ago: executing program 2 (id=3022):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x3)
r2 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x0, 0x1})
io_uring_enter(r3, 0x847ba, 0x2000, 0xe, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f0000000280)={'syztnl1\x00', <r7=>0x0, 0x4, 0x34, 0x3, 0x7f, 0x47, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x8, 0x10, 0x4, 0xc}})
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)={0x5c, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@GTPA_LINK={0x8, 0x1, r7}, @GTPA_PEER_ADDR6={0x14, 0xb, @mcast2}, @GTPA_FAMILY={0x5, 0xd, 0x2b}, @GTPA_PEER_ADDR6={0x14, 0xb, @private1}, @GTPA_LINK={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x3}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c0c0}, 0x40010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r9=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r10}, 0x10)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r11, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r11, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r11, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r11, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r11, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r11, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, 0x0, 0x400c814)
sendto$packet(r8, 0x0, 0x0, 0x14008b00, &(0x7f0000000200)={0x11, 0x8100, r9, 0x1, 0x97, 0x6, @multicast}, 0x14)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x0)

394.771543ms ago: executing program 3 (id=3023):
syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==")
pipe(0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40040000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
ioperm(0x9, 0x9, 0x7)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)

182.525717ms ago: executing program 3 (id=3024):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0xffffffff, 0xff}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./file0\x00', 0x90, &(0x7f0000000140)=ANY=[@ANYBLOB='showexec,shortname=winnt,shortname=lower,utf8=1,iocharset=cp865,shortname=win95,uni_xlate=1,shortname=win95,check=strict,shortname=winnt,utf8=0,iocharset=iso8859-5,codepage=874,shortname=mixed,shortname=win95,shortname=mixed,nonumtail=0,shortname=mixed,shortname=mixed,uni_xlate=1,rodir,nnonuni_xlate=1,shortname=win95,shortname=win95,utf8=0,nnonumtail=1,shortname=win95,shortname=win95,nnonumtail=1,uni_xlate=1,nfs=nostale_ro,\x00'/444], 0x6, 0x2d7, &(0x7f0000000340)="$eJzs3T9rJGUYAPBnNrN/1GJTWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2Fe4g4h+cu0rsbCz9BILgB7GxsxRsBTsjBEZmdia7m4ybjWQjmt+vSN688zzzPvPOJJkmT957cXpwP4uHTz//JQaDJDqjfsRREtvRicaTWDL6OgCA/7Kjoojfi5mWwz9/tSJ3sMG6AIDNOef3fy2tPt4rI364utoAgM24e+/tN3f39m6/lWWDuDP98nCcRET5eXZ892F8EJN4EDdjGMcR1YtCN6q3hXJ4pyiKPM1K2/HKND8cl5nTd3+sz7/7W0SVvxPD2K6mTt42qvw39m7vZDML+XlZx7P1+qMy/1YM4/mT5KX8Wy35Me7Fqy8v1H8jhvHT+/FRTOJ+VcQ8/4udLHu9+OaPz94pyyvzk/xw3K/i5oqtZvH8iu8RAAAAAAAAAAAAAAAAAAAAAAD/Pzfq3jn9qPr3lFN1/52t4/KLbmSNeX+fDzt50x8oaU407w8UnaIo8iK+bfrr3MyyrKgD5/190nghrRsLAgAAAAAAAAAAAAAAAAAAwDX3+JNPD/YnkwePLmXQdANII+LPuxH/9DyjhZmXYnVwv15zfzLp1MPlmHRxJraamCRiZRnlRVzStpw3eOZMzfXgu+/PBidPZjcujbYTDs5ftNu+1gUHH3dn+9ga0zxdB/tJ+x72T4oflDcuTt+4XrSv3o1TM72/q7B5FNe7nF7roeGFt6X3XDXIV8REsur74rVfZ2UvXMVSTK/a1db0bj1YSD/1bKz1PMdgln72Z0WiWwcAAAAAAAAAAAAAAAAAAGzU/K9/Ww4+XZnaKfobKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vM0iXk9fI6sWjx//WtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9/BUAAP//gxtVEw==")
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$MON_IOCG_STATS(r2, 0xc0109207, &(0x7f00000001c0))

178.180167ms ago: executing program 4 (id=3025):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e00000085000000070000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x3, 0x0, 0x70bd2d, 0x25dfdbff, [@sadb_x_nat_t_type={0x1, 0x14, 0xa}]}, 0x18}}, 0x4040014)

58.583699ms ago: executing program 3 (id=3026):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d33, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000500)='signal_generate\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)

18.67581ms ago: executing program 3 (id=3027):
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)

0s ago: executing program 3 (id=3028):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e00000085000000070000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x5, 0x3, 0x0, 0x70bd2d, 0x25dfdbff, [@sadb_x_nat_t_type={0x1, 0x14, 0xa}]}, 0x18}}, 0x4040014)

kernel console output (not intermixed with test programs):

5][T10121]  should_fail+0xb/0x20
[  201.393230][T10121]  should_fail_usercopy+0x1a/0x20
[  201.393267][T10121]  _copy_to_user+0x20/0xa0
[  201.393302][T10121]  simple_read_from_buffer+0xb5/0x130
[  201.393416][T10121]  proc_fail_nth_read+0x10e/0x150
[  201.393507][T10121]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  201.393534][T10121]  vfs_read+0x1a8/0x770
[  201.393563][T10121]  ? proc_free_streams+0x69/0xe0
[  201.393655][T10121]  ? __rcu_read_unlock+0x4f/0x70
[  201.393678][T10121]  ? __fget_files+0x184/0x1c0
[  201.393698][T10121]  ksys_read+0xda/0x1a0
[  201.393738][T10121]  __x64_sys_read+0x40/0x50
[  201.393799][T10121]  x64_sys_call+0x27c0/0x3000
[  201.393820][T10121]  do_syscall_64+0xd2/0x200
[  201.393841][T10121]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  201.393945][T10121]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  201.393986][T10121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.394017][T10121] RIP: 0033:0x7feb217dd8dc
[  201.394036][T10121] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  201.394059][T10121] RSP: 002b:00007feb2023f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  201.394078][T10121] RAX: ffffffffffffffda RBX: 00007feb21a35fa0 RCX: 00007feb217dd8dc
[  201.394090][T10121] RDX: 000000000000000f RSI: 00007feb2023f0a0 RDI: 0000000000000005
[  201.394102][T10121] RBP: 00007feb2023f090 R08: 0000000000000000 R09: 0000000000000000
[  201.394115][T10121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.394149][T10121] R13: 00007feb21a36038 R14: 00007feb21a35fa0 R15: 00007fff2db2c548
[  201.394174][T10121]  </TASK>
[  201.682777][T10133] __nla_validate_parse: 19 callbacks suppressed
[  201.682802][T10133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2217'.
[  201.798389][T10146] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2221'.
[  201.935976][T10152] FAULT_INJECTION: forcing a failure.
[  201.935976][T10152] name failslab, interval 1, probability 0, space 0, times 0
[  201.948766][T10152] CPU: 1 UID: 0 PID: 10152 Comm: syz.4.2226 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  201.948846][T10152] Tainted: [W]=WARN
[  201.948896][T10152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  201.948909][T10152] Call Trace:
[  201.948914][T10152]  <TASK>
[  201.948924][T10152]  __dump_stack+0x1d/0x30
[  201.948950][T10152]  dump_stack_lvl+0xe8/0x140
[  201.949018][T10152]  dump_stack+0x15/0x1b
[  201.949040][T10152]  should_fail_ex+0x265/0x280
[  201.949064][T10152]  should_failslab+0x8c/0xb0
[  201.949083][T10152]  __kvmalloc_node_noprof+0x123/0x4e0
[  201.949185][T10152]  ? simple_xattr_set+0x6e/0x2b0
[  201.949207][T10152]  ? avc_has_perm_noaudit+0x1b1/0x200
[  201.949307][T10152]  simple_xattr_set+0x6e/0x2b0
[  201.949339][T10152]  ? strlen+0x19/0x40
[  201.949363][T10152]  shmem_xattr_handler_set+0x12b/0x220
[  201.949397][T10152]  ? __pfx_shmem_xattr_handler_set+0x10/0x10
[  201.949436][T10152]  __vfs_setxattr+0x2e6/0x310
[  201.949505][T10152]  __vfs_setxattr_noperm+0xe8/0x410
[  201.949609][T10152]  __vfs_setxattr_locked+0x1af/0x1d0
[  201.949755][T10152]  vfs_setxattr+0x132/0x270
[  201.949892][T10152]  filename_setxattr+0x1ad/0x400
[  201.949952][T10152]  path_setxattrat+0x2c9/0x310
[  201.949999][T10152]  __x64_sys_lsetxattr+0x71/0x90
[  201.950059][T10152]  x64_sys_call+0x287b/0x3000
[  201.950087][T10152]  do_syscall_64+0xd2/0x200
[  201.950106][T10152]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  201.950153][T10152]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  201.950208][T10152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.950315][T10152] RIP: 0033:0x7f91d945eec9
[  201.950334][T10152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.950351][T10152] RSP: 002b:00007f91d7ebf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  201.950381][T10152] RAX: ffffffffffffffda RBX: 00007f91d96b5fa0 RCX: 00007f91d945eec9
[  201.950397][T10152] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000000
[  201.950413][T10152] RBP: 00007f91d7ebf090 R08: 0000000000000002 R09: 0000000000000000
[  201.950429][T10152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.950444][T10152] R13: 00007f91d96b6038 R14: 00007f91d96b5fa0 R15: 00007ffe700e0d38
[  201.950469][T10152]  </TASK>
[  202.218447][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.227549][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.236638][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.305240][T10177] SELinux: syz.4.2231 (10177) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  202.326049][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.335209][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.344335][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.390901][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  202.400077][T10164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2228'.
[  203.147119][   T29] kauditd_printk_skb: 520 callbacks suppressed
[  203.147139][   T29] audit: type=1400 audit(1759444665.440:9096): avc:  denied  { create } for  pid=10280 comm="syz.3.2235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  203.237390][   T29] audit: type=1400 audit(1759444665.470:9097): avc:  denied  { setopt } for  pid=10280 comm="syz.3.2235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  203.257049][   T29] audit: type=1400 audit(1759444665.480:9098): avc:  denied  { execmem } for  pid=10286 comm="syz.0.2236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  203.366393][   T29] audit: type=1400 audit(1759444665.660:9099): avc:  denied  { create } for  pid=10300 comm="syz.3.2237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  203.391376][T10306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.400035][T10306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.476933][   T29] audit: type=1400 audit(1759444665.680:9100): avc:  denied  { create } for  pid=10286 comm="syz.0.2236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  203.496913][   T29] audit: type=1400 audit(1759444665.680:9101): avc:  denied  { read write } for  pid=10286 comm="syz.0.2236" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  203.520677][   T29] audit: type=1400 audit(1759444665.680:9102): avc:  denied  { open } for  pid=10286 comm="syz.0.2236" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  203.544181][   T29] audit: type=1400 audit(1759444665.680:9103): avc:  denied  { ioctl } for  pid=10286 comm="syz.0.2236" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  203.601617][   T29] audit: type=1400 audit(1759444665.890:9104): avc:  denied  { setopt } for  pid=10300 comm="syz.3.2237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  203.671538][   T29] audit: type=1400 audit(1759444665.960:9105): avc:  denied  { create } for  pid=10307 comm="syz.3.2238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  203.938064][T10313] bridge0: entered promiscuous mode
[  204.823253][T10367] SELinux: syz.2.2252 (10367) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  204.887196][T10382] loop3: detected capacity change from 0 to 512
[  204.904306][T10382] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  204.912383][T10382] System zones: 0-2, 18-18, 34-34
[  204.920797][T10382] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  204.935666][T10382] EXT4-fs (loop3): Remounting filesystem read-only
[  204.942572][T10382] EXT4-fs (loop3): 1 truncate cleaned up
[  204.948775][T10382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.961622][T10382] ext4 filesystem being mounted at /450/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.961950][ T3435] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  204.982709][ T3435] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  204.984461][ T3435] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  205.018198][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.297693][T10498] loop5: detected capacity change from 0 to 256
[  206.318615][T10498] FAT-fs (loop5): codepage cp874 not found
[  206.747607][T10515] __nla_validate_parse: 25 callbacks suppressed
[  206.747626][T10515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2267'.
[  206.762858][T10515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2267'.
[  206.869746][T10520] loop3: detected capacity change from 0 to 512
[  206.876901][T10520] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  206.886929][T10520] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  206.896108][T10520] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.2269: corrupted in-inode xattr: e_value size too large
[  206.910500][T10520] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2269: couldn't read orphan inode 15 (err -117)
[  206.922936][T10520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.027173][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.062722][T10528] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2271'.
[  207.077132][T10528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2271'.
[  207.105074][T10530] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2272'.
[  207.120850][T10530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2272'.
[  207.144910][T10532] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2273'.
[  207.319213][T10539] loop5: detected capacity change from 0 to 8192
[  207.602978][T10569] SELinux: syz.4.2287 (10569) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  207.639791][T10570] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2286'.
[  207.932024][T10579] FAULT_INJECTION: forcing a failure.
[  207.932024][T10579] name failslab, interval 1, probability 0, space 0, times 0
[  207.944859][T10579] CPU: 1 UID: 0 PID: 10579 Comm: syz.0.2291 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  207.944982][T10579] Tainted: [W]=WARN
[  207.945005][T10579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  207.945021][T10579] Call Trace:
[  207.945029][T10579]  <TASK>
[  207.945039][T10579]  __dump_stack+0x1d/0x30
[  207.945065][T10579]  dump_stack_lvl+0xe8/0x140
[  207.945091][T10579]  dump_stack+0x15/0x1b
[  207.945114][T10579]  should_fail_ex+0x265/0x280
[  207.945183][T10579]  should_failslab+0x8c/0xb0
[  207.945209][T10579]  kmem_cache_alloc_noprof+0x50/0x310
[  207.945239][T10579]  ? getname_flags+0x80/0x3b0
[  207.945269][T10579]  getname_flags+0x80/0x3b0
[  207.945325][T10579]  do_sys_openat2+0x60/0x110
[  207.945354][T10579]  __x64_sys_creat+0x65/0x90
[  207.945428][T10579]  x64_sys_call+0x2da3/0x3000
[  207.945456][T10579]  do_syscall_64+0xd2/0x200
[  207.945531][T10579]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  207.945630][T10579]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  207.945661][T10579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.945687][T10579] RIP: 0033:0x7f5a28eceec9
[  207.945706][T10579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.945729][T10579] RSP: 002b:00007f5a2792f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  207.945771][T10579] RAX: ffffffffffffffda RBX: 00007f5a29125fa0 RCX: 00007f5a28eceec9
[  207.945783][T10579] RDX: 0000000000000000 RSI: 00000000000001e8 RDI: 0000200000000280
[  207.945795][T10579] RBP: 00007f5a2792f090 R08: 0000000000000000 R09: 0000000000000000
[  207.945807][T10579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.945819][T10579] R13: 00007f5a29126038 R14: 00007f5a29125fa0 R15: 00007ffc8eeebbb8
[  207.945845][T10579]  </TASK>
[  208.159943][T10582] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2292'.
[  208.189458][   T29] kauditd_printk_skb: 340 callbacks suppressed
[  208.189476][   T29] audit: type=1400 audit(1759444670.480:9438): avc:  denied  { append } for  pid=10583 comm="syz.0.2293" name="001" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  208.267539][T10584] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  208.276118][T10586] loop5: detected capacity change from 0 to 512
[  208.292977][T10586] EXT4-fs: test_dummy_encryption option not supported
[  208.370121][   T29] audit: type=1326 audit(1759444670.660:9439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10585 comm="syz.5.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  208.393799][   T29] audit: type=1326 audit(1759444670.660:9440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10585 comm="syz.5.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  208.474123][   T29] audit: type=1326 audit(1759444670.710:9441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10585 comm="syz.5.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  208.520421][   T29] audit: type=1326 audit(1759444670.800:9442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  208.544272][   T29] audit: type=1326 audit(1759444670.800:9443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  208.567915][   T29] audit: type=1326 audit(1759444670.800:9444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  208.591508][   T29] audit: type=1326 audit(1759444670.800:9445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  208.615025][   T29] audit: type=1326 audit(1759444670.800:9446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  208.638529][   T29] audit: type=1326 audit(1759444670.800:9447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.0.2296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5a28ed0de7 code=0x7ffc0000
[  208.791236][T10607] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2302'.
[  208.854194][T10615] FAULT_INJECTION: forcing a failure.
[  208.854194][T10615] name failslab, interval 1, probability 0, space 0, times 0
[  208.866867][T10615] CPU: 0 UID: 0 PID: 10615 Comm: syz.5.2305 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  208.866958][T10615] Tainted: [W]=WARN
[  208.866964][T10615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  208.866975][T10615] Call Trace:
[  208.866980][T10615]  <TASK>
[  208.866987][T10615]  __dump_stack+0x1d/0x30
[  208.867008][T10615]  dump_stack_lvl+0xe8/0x140
[  208.867025][T10615]  dump_stack+0x15/0x1b
[  208.867039][T10615]  should_fail_ex+0x265/0x280
[  208.867084][T10615]  should_failslab+0x8c/0xb0
[  208.867102][T10615]  kmem_cache_alloc_noprof+0x50/0x310
[  208.867122][T10615]  ? getname_flags+0x80/0x3b0
[  208.867143][T10615]  getname_flags+0x80/0x3b0
[  208.867233][T10615]  __x64_sys_renameat2+0x5f/0x90
[  208.867251][T10615]  x64_sys_call+0x3f9/0x3000
[  208.867269][T10615]  do_syscall_64+0xd2/0x200
[  208.867322][T10615]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  208.867346][T10615]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  208.867376][T10615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.867395][T10615] RIP: 0033:0x7f8bd565eec9
[  208.867408][T10615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.867441][T10615] RSP: 002b:00007f8bd40bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  208.867488][T10615] RAX: ffffffffffffffda RBX: 00007f8bd58b5fa0 RCX: 00007f8bd565eec9
[  208.867499][T10615] RDX: ffffffffffffff9c RSI: 00002000000007c0 RDI: ffffffffffffff9c
[  208.867509][T10615] RBP: 00007f8bd40bf090 R08: 0000000000000004 R09: 0000000000000000
[  208.867520][T10615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  208.867531][T10615] R13: 00007f8bd58b6038 R14: 00007f8bd58b5fa0 R15: 00007fffc0122d98
[  208.867614][T10615]  </TASK>
[  209.088670][T10617] loop5: detected capacity change from 0 to 8192
[  209.286622][T10658] FAULT_INJECTION: forcing a failure.
[  209.286622][T10658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.299872][T10658] CPU: 1 UID: 0 PID: 10658 Comm: syz.0.2312 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  209.299905][T10658] Tainted: [W]=WARN
[  209.299944][T10658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  209.299959][T10658] Call Trace:
[  209.299967][T10658]  <TASK>
[  209.299975][T10658]  __dump_stack+0x1d/0x30
[  209.299999][T10658]  dump_stack_lvl+0xe8/0x140
[  209.300024][T10658]  dump_stack+0x15/0x1b
[  209.300112][T10658]  should_fail_ex+0x265/0x280
[  209.300163][T10658]  should_fail+0xb/0x20
[  209.300183][T10658]  should_fail_usercopy+0x1a/0x20
[  209.300211][T10658]  _copy_from_user+0x1c/0xb0
[  209.300260][T10658]  __sys_sendto+0x19e/0x330
[  209.300305][T10658]  __x64_sys_sendto+0x76/0x90
[  209.300390][T10658]  x64_sys_call+0x2d14/0x3000
[  209.300418][T10658]  do_syscall_64+0xd2/0x200
[  209.300441][T10658]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  209.300476][T10658]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  209.300595][T10658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.300623][T10658] RIP: 0033:0x7f5a28eceec9
[  209.300643][T10658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.300668][T10658] RSP: 002b:00007f5a2792f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  209.300693][T10658] RAX: ffffffffffffffda RBX: 00007f5a29125fa0 RCX: 00007f5a28eceec9
[  209.300729][T10658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  209.300744][T10658] RBP: 00007f5a2792f090 R08: 0000200000e68000 R09: 0000000000000010
[  209.300769][T10658] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[  209.300833][T10658] R13: 00007f5a29126038 R14: 00007f5a29125fa0 R15: 00007ffc8eeebbb8
[  209.300853][T10658]  </TASK>
[  209.542163][T10659] loop5: detected capacity change from 0 to 8192
[  210.031830][T10761] loop5: detected capacity change from 0 to 256
[  210.047402][T10761] FAT-fs (loop5): bogus number of FAT sectors
[  210.056781][T10761] FAT-fs (loop5): Can't find a valid FAT filesystem
[  210.338461][T10802] IPv6: NLM_F_CREATE should be specified when creating new route
[  210.843572][T10814] loop3: detected capacity change from 0 to 256
[  210.868284][T10814] FAT-fs (loop3): codepage cp874 not found
[  211.067246][T10825] loop3: detected capacity change from 0 to 8192
[  211.398222][T10858] FAULT_INJECTION: forcing a failure.
[  211.398222][T10858] name failslab, interval 1, probability 0, space 0, times 0
[  211.410915][T10858] CPU: 0 UID: 0 PID: 10858 Comm: syz.3.2351 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  211.410975][T10858] Tainted: [W]=WARN
[  211.410982][T10858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  211.410994][T10858] Call Trace:
[  211.411000][T10858]  <TASK>
[  211.411025][T10858]  __dump_stack+0x1d/0x30
[  211.411082][T10858]  dump_stack_lvl+0xe8/0x140
[  211.411107][T10858]  dump_stack+0x15/0x1b
[  211.411152][T10858]  should_fail_ex+0x265/0x280
[  211.411181][T10858]  should_failslab+0x8c/0xb0
[  211.411205][T10858]  kmem_cache_alloc_node_noprof+0x57/0x320
[  211.411247][T10858]  ? __alloc_skb+0x101/0x320
[  211.411330][T10858]  __alloc_skb+0x101/0x320
[  211.411357][T10858]  netlink_alloc_large_skb+0xba/0xf0
[  211.411387][T10858]  netlink_sendmsg+0x3cf/0x6b0
[  211.411430][T10858]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.411462][T10858]  __sock_sendmsg+0x142/0x180
[  211.411530][T10858]  ____sys_sendmsg+0x31e/0x4e0
[  211.411568][T10858]  ___sys_sendmsg+0x17b/0x1d0
[  211.411629][T10858]  __x64_sys_sendmsg+0xd4/0x160
[  211.411664][T10858]  x64_sys_call+0x191e/0x3000
[  211.411739][T10858]  do_syscall_64+0xd2/0x200
[  211.411762][T10858]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  211.411796][T10858]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  211.411848][T10858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.411871][T10858] RIP: 0033:0x7feb217deec9
[  211.411967][T10858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.411990][T10858] RSP: 002b:00007feb2023f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.412014][T10858] RAX: ffffffffffffffda RBX: 00007feb21a35fa0 RCX: 00007feb217deec9
[  211.412104][T10858] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  211.412120][T10858] RBP: 00007feb2023f090 R08: 0000000000000000 R09: 0000000000000000
[  211.412134][T10858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.412145][T10858] R13: 00007feb21a36038 R14: 00007feb21a35fa0 R15: 00007fff2db2c548
[  211.412164][T10858]  </TASK>
[  211.695420][T10866] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.756858][T10866] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.816956][T10866] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.830184][T10870] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  211.878158][T10866] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.892754][T10872] __nla_validate_parse: 23 callbacks suppressed
[  211.892772][T10872] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2358'.
[  211.959085][ T2365] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.974882][ T3435] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.999276][ T3435] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.008438][ T3435] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.118999][T10890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2361'.
[  212.127975][T10890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2361'.
[  212.559393][T10904] loop5: detected capacity change from 0 to 256
[  212.600705][T10904] FAT-fs (loop5): codepage cp874 not found
[  212.810120][T10945] loop3: detected capacity change from 0 to 512
[  212.835590][T10945] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  212.846744][T10945] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  212.862497][T10945] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.2375: corrupted in-inode xattr: e_value size too large
[  212.900849][T10945] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2375: couldn't read orphan inode 15 (err -117)
[  212.928235][T10945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.002881][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.192540][T11015] SELinux: syz.3.2383 (11015) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  213.246428][   T29] kauditd_printk_skb: 378 callbacks suppressed
[  213.246448][   T29] audit: type=1326 audit(1759444675.540:9826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.276526][   T29] audit: type=1326 audit(1759444675.540:9827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.300155][   T29] audit: type=1326 audit(1759444675.540:9828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.323726][   T29] audit: type=1326 audit(1759444675.540:9829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.347354][   T29] audit: type=1326 audit(1759444675.540:9830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.370908][   T29] audit: type=1326 audit(1759444675.540:9831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.394433][   T29] audit: type=1326 audit(1759444675.540:9832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.417874][   T29] audit: type=1326 audit(1759444675.540:9833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.443336][   T29] audit: type=1326 audit(1759444675.540:9834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.467318][   T29] audit: type=1326 audit(1759444675.540:9835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11013 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb217deec9 code=0x7ffc0000
[  213.602746][T11057] loop5: detected capacity change from 0 to 8192
[  213.663736][T11057]  loop5: p1 p2 p4 < >
[  213.667932][T11057] loop5: partition table partially beyond EOD, truncated
[  213.675665][T11057] loop5: p1 start 16777216 is beyond EOD, truncated
[  213.682342][T11057] loop5: p2 size 515840 extends beyond EOD, truncated
[  213.691127][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2385'.
[  213.693732][T11057] loop5: p4 start 16777216 is beyond EOD, truncated
[  213.700185][T11076] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2385'.
[  213.779553][T11082] FAULT_INJECTION: forcing a failure.
[  213.779553][T11082] name failslab, interval 1, probability 0, space 0, times 0
[  213.792236][T11082] CPU: 1 UID: 0 PID: 11082 Comm: +‘©� Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  213.792369][T11082] Tainted: [W]=WARN
[  213.792375][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  213.792386][T11082] Call Trace:
[  213.792392][T11082]  <TASK>
[  213.792399][T11082]  __dump_stack+0x1d/0x30
[  213.792418][T11082]  dump_stack_lvl+0xe8/0x140
[  213.792515][T11082]  dump_stack+0x15/0x1b
[  213.792529][T11082]  should_fail_ex+0x265/0x280
[  213.792550][T11082]  ? __se_sys_memfd_create+0x1cc/0x590
[  213.792580][T11082]  should_failslab+0x8c/0xb0
[  213.792611][T11082]  __kmalloc_cache_noprof+0x4c/0x320
[  213.792661][T11082]  ? fput+0x8f/0xc0
[  213.792684][T11082]  __se_sys_memfd_create+0x1cc/0x590
[  213.792788][T11082]  __x64_sys_memfd_create+0x31/0x40
[  213.792840][T11082]  x64_sys_call+0x2ac2/0x3000
[  213.792859][T11082]  do_syscall_64+0xd2/0x200
[  213.792930][T11082]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  213.792954][T11082]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  213.792982][T11082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.793012][T11082] RIP: 0033:0x7f8bd565eec9
[  213.793101][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.793117][T11082] RSP: 002b:00007f8bd40bed68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  213.793134][T11082] RAX: ffffffffffffffda RBX: 0000000000001050 RCX: 00007f8bd565eec9
[  213.793145][T11082] RDX: 00007f8bd40bedec RSI: 0000000000000000 RDI: 00007f8bd56e2960
[  213.793156][T11082] RBP: 0000200000000000 R08: 00007f8bd40beb07 R09: 0000000000000000
[  213.793166][T11082] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[  213.793177][T11082] R13: 00007f8bd40bedec R14: 00007f8bd40bedf0 R15: 00007fffc0122d98
[  213.793195][T11082]  </TASK>
[  214.070370][T11088] loop5: detected capacity change from 0 to 8192
[  214.113615][T11088]  loop5: p1 p2 p4 < >
[  214.117828][T11088] loop5: partition table partially beyond EOD, truncated
[  214.125111][T11088] loop5: p1 start 16777216 is beyond EOD, truncated
[  214.131719][T11088] loop5: p2 size 515840 extends beyond EOD, truncated
[  214.211285][T11090] loop4: detected capacity change from 0 to 512
[  214.218051][T11090] msdos: Bad value for 'umask'
[  214.273822][T11088] loop5: p4 start 16777216 is beyond EOD, truncated
[  214.716179][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2394'.
[  214.725279][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2394'.
[  214.734282][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2394'.
[  214.747834][T11100] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2396'.
[  214.753998][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2394'.
[  214.878050][T11111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.886526][T11111] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.486614][T11121] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  215.665326][T11142] loop5: detected capacity change from 0 to 512
[  215.684061][T11142] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  215.692484][T11142] EXT4-fs (loop5): orphan cleanup on readonly fs
[  215.703868][T11142] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.2410: corrupted inode contents
[  215.717133][T11142] EXT4-fs (loop5): Remounting filesystem read-only
[  215.723914][T11142] EXT4-fs (loop5): 1 truncate cleaned up
[  215.729695][ T3435] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  215.740361][ T3435] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  215.751052][ T3435] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  215.761902][T11142] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  215.782551][T11142] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[  215.789106][T11142] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  215.796928][T11142] vhci_hcd vhci_hcd.0: Device attached
[  215.822498][T11142] 9pnet: Could not find request transport: rema
[  215.845285][T11150] vhci_hcd: connection closed
[  215.845603][ T3435] vhci_hcd: stop threads
[  215.854647][ T3435] vhci_hcd: release socket
[  215.859079][ T3435] vhci_hcd: disconnect device
[  216.379184][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.423725][T11159] FAULT_INJECTION: forcing a failure.
[  216.423725][T11159] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.436827][T11159] CPU: 0 UID: 0 PID: 11159 Comm: syz.5.2415 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  216.436873][T11159] Tainted: [W]=WARN
[  216.436879][T11159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  216.436908][T11159] Call Trace:
[  216.436915][T11159]  <TASK>
[  216.436923][T11159]  __dump_stack+0x1d/0x30
[  216.436944][T11159]  dump_stack_lvl+0xe8/0x140
[  216.436964][T11159]  dump_stack+0x15/0x1b
[  216.436979][T11159]  should_fail_ex+0x265/0x280
[  216.437004][T11159]  should_fail+0xb/0x20
[  216.437181][T11159]  should_fail_usercopy+0x1a/0x20
[  216.437213][T11159]  strncpy_from_user+0x25/0x230
[  216.437253][T11159]  ? kmem_cache_alloc_noprof+0x186/0x310
[  216.437278][T11159]  ? getname_flags+0x80/0x3b0
[  216.437301][T11159]  getname_flags+0xae/0x3b0
[  216.437381][T11159]  __se_sys_newlstat+0x4b/0x280
[  216.437424][T11159]  ? fput+0x8f/0xc0
[  216.437448][T11159]  ? ksys_write+0x192/0x1a0
[  216.437482][T11159]  __x64_sys_newlstat+0x31/0x40
[  216.437553][T11159]  x64_sys_call+0x1b88/0x3000
[  216.437574][T11159]  do_syscall_64+0xd2/0x200
[  216.437591][T11159]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  216.437702][T11159]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  216.437733][T11159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.437758][T11159] RIP: 0033:0x7f8bd565eec9
[  216.437796][T11159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.437841][T11159] RSP: 002b:00007f8bd40bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  216.437860][T11159] RAX: ffffffffffffffda RBX: 00007f8bd58b5fa0 RCX: 00007f8bd565eec9
[  216.437872][T11159] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000200000000580
[  216.437886][T11159] RBP: 00007f8bd40bf090 R08: 0000000000000000 R09: 0000000000000000
[  216.437898][T11159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.437943][T11159] R13: 00007f8bd58b6038 R14: 00007f8bd58b5fa0 R15: 00007fffc0122d98
[  216.437969][T11159]  </TASK>
[  216.662565][T11161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.674547][T11161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.707630][T11161] FAULT_INJECTION: forcing a failure.
[  216.707630][T11161] name failslab, interval 1, probability 0, space 0, times 0
[  216.720713][T11161] CPU: 0 UID: 0 PID: 11161 Comm: +}[@ Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  216.720831][T11161] Tainted: [W]=WARN
[  216.720838][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  216.720850][T11161] Call Trace:
[  216.720856][T11161]  <TASK>
[  216.720864][T11161]  __dump_stack+0x1d/0x30
[  216.720890][T11161]  dump_stack_lvl+0xe8/0x140
[  216.720914][T11161]  dump_stack+0x15/0x1b
[  216.720935][T11161]  should_fail_ex+0x265/0x280
[  216.721076][T11161]  should_failslab+0x8c/0xb0
[  216.721095][T11161]  __kmalloc_noprof+0xa5/0x3e0
[  216.721119][T11161]  ? iter_file_splice_write+0xf9/0xa60
[  216.721175][T11161]  iter_file_splice_write+0xf9/0xa60
[  216.721212][T11161]  ? copy_splice_read+0x623/0x660
[  216.721257][T11161]  ? copy_splice_read+0x623/0x660
[  216.721291][T11161]  ? __traceiter_kfree+0x2e/0x50
[  216.721322][T11161]  ? copy_splice_read+0x623/0x660
[  216.721406][T11161]  ? copy_splice_read+0x623/0x660
[  216.721444][T11161]  ? __pfx_iter_file_splice_write+0x10/0x10
[  216.721474][T11161]  direct_splice_actor+0x156/0x2a0
[  216.721557][T11161]  ? splice_shrink_spd+0x1/0x70
[  216.721597][T11161]  splice_direct_to_actor+0x312/0x680
[  216.721685][T11161]  ? __pfx_direct_splice_actor+0x10/0x10
[  216.721729][T11161]  do_splice_direct+0xda/0x150
[  216.721836][T11161]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  216.721886][T11161]  do_sendfile+0x380/0x650
[  216.721919][T11161]  __x64_sys_sendfile64+0x105/0x150
[  216.721950][T11161]  x64_sys_call+0x2bb4/0x3000
[  216.722010][T11161]  do_syscall_64+0xd2/0x200
[  216.722033][T11161]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  216.722067][T11161]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  216.722173][T11161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.722198][T11161] RIP: 0033:0x7f5a28eceec9
[  216.722214][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.722234][T11161] RSP: 002b:00007f5a2792f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  216.722318][T11161] RAX: ffffffffffffffda RBX: 00007f5a29125fa0 RCX: 00007f5a28eceec9
[  216.722332][T11161] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  216.722344][T11161] RBP: 00007f5a2792f090 R08: 0000000000000000 R09: 0000000000000000
[  216.722358][T11161] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000002
[  216.722373][T11161] R13: 00007f5a29126038 R14: 00007f5a29125fa0 R15: 00007ffc8eeebbb8
[  216.722398][T11161]  </TASK>
[  216.988161][T11166] __nla_validate_parse: 8 callbacks suppressed
[  216.988182][T11166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2418'.
[  217.005534][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2418'.
[  217.068661][T11171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2420'.
[  217.102114][T11163] loop5: detected capacity change from 0 to 512
[  217.120640][T11163] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2417: bad orphan inode 11862016
[  217.132370][T11163] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  217.145229][T11163] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.549423][T11187] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2424'.
[  217.592194][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  217.624432][T11192] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2425'.
[  217.872784][T11196] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  218.018879][T11198] loop5: detected capacity change from 0 to 256
[  218.043580][T11198] FAT-fs (loop5): bogus number of FAT sectors
[  218.050165][T11198] FAT-fs (loop5): Can't find a valid FAT filesystem
[  218.286418][   T29] kauditd_printk_skb: 340 callbacks suppressed
[  218.286437][   T29] audit: type=1326 audit(1759444680.580:10170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.453076][   T29] audit: type=1326 audit(1759444680.580:10171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.477432][   T29] audit: type=1326 audit(1759444680.610:10172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.501130][   T29] audit: type=1326 audit(1759444680.610:10173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.524806][   T29] audit: type=1326 audit(1759444680.610:10174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.548554][   T29] audit: type=1326 audit(1759444680.610:10175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.572352][   T29] audit: type=1326 audit(1759444680.610:10176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.596055][   T29] audit: type=1326 audit(1759444680.610:10177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.619847][   T29] audit: type=1326 audit(1759444680.610:10178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.643635][   T29] audit: type=1326 audit(1759444680.610:10179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.0.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a28eceec9 code=0x7ffc0000
[  218.871999][T11231] SELinux: syz.3.2438 (11231) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  219.318712][T11254] loop4: detected capacity change from 0 to 8192
[  219.667969][T11284] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2457'.
[  219.748647][T11284] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2457'.
[  219.830934][T11252] loop5: detected capacity change from 0 to 512
[  219.863049][T11252] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  219.907661][T11252] EXT4-fs (loop5): 1 truncate cleaned up
[  219.932703][T11252] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.346378][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.384630][T11330] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2461'.
[  220.438201][T11335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2461'.
[  220.671856][T11352] loop5: detected capacity change from 0 to 256
[  220.723166][T11352] FAT-fs (loop5): bogus number of FAT sectors
[  220.729551][T11352] FAT-fs (loop5): Can't find a valid FAT filesystem
[  221.222431][T11425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2470'.
[  221.380318][T11443] SELinux: syz.2.2472 (11443) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  221.894714][T11448] SELinux: syz.4.2474 (11448) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  222.021082][T11451] loop5: detected capacity change from 0 to 8192
[  222.142903][T11453] loop5: detected capacity change from 0 to 512
[  222.151059][T11453] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  222.161565][T11453] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  222.171225][T11453] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.2476: corrupted in-inode xattr: e_value size too large
[  222.186772][T11453] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2476: couldn't read orphan inode 15 (err -117)
[  222.199333][T11453] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.450055][T11457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.458798][T11457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.061352][T11461] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2478'.
[  223.082069][T11461] netlink: 'syz.0.2478': attribute type 2 has an invalid length.
[  223.974868][   T29] kauditd_printk_skb: 306 callbacks suppressed
[  223.974897][   T29] audit: type=1400 audit(1759444686.270:10486): avc:  denied  { read write } for  pid=3303 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.005434][   T29] audit: type=1400 audit(1759444686.270:10487): avc:  denied  { open } for  pid=3303 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.029631][   T29] audit: type=1400 audit(1759444686.270:10488): avc:  denied  { ioctl } for  pid=3303 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.055445][   T29] audit: type=1400 audit(1759444686.280:10489): avc:  denied  { perfmon } for  pid=11469 comm="syz.3.2482" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  224.076683][   T29] audit: type=1400 audit(1759444686.280:10490): avc:  denied  { prog_run } for  pid=11469 comm="syz.3.2482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  224.095889][   T29] audit: type=1400 audit(1759444686.280:10491): avc:  denied  { create } for  pid=11469 comm="syz.3.2482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  224.115766][   T29] audit: type=1400 audit(1759444686.280:10492): avc:  denied  { ioctl } for  pid=11469 comm="syz.3.2482" path="socket:[26583]" dev="sockfs" ino=26583 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  224.143443][   T29] audit: type=1400 audit(1759444686.370:10493): avc:  denied  { allowed } for  pid=11471 comm="syz.3.2483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  224.163106][   T29] audit: type=1400 audit(1759444686.390:10494): avc:  denied  { create } for  pid=11471 comm="syz.3.2483" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  224.184624][   T29] audit: type=1400 audit(1759444686.390:10495): avc:  denied  { map } for  pid=11471 comm="syz.3.2483" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=26590 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  225.181634][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.195760][T11495] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  225.300400][T11509] loop5: detected capacity change from 0 to 256
[  225.313223][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2500'.
[  225.322420][T11509] FAT-fs (loop5): codepage cp874 not found
[  225.364313][T11516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2502'.
[  225.386921][T11516] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2502'.
[  225.407948][T11519] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  225.432403][T11523] SELinux:  policydb string SÆ Linux does not match my string SE Linux
[  225.441315][T11523] SELinux: failed to load policy
[  225.466671][T11523] loop3: detected capacity change from 0 to 512
[  225.497877][T11523] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.511043][T11523] ext4 filesystem being mounted at /507/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  225.524406][T11523] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2565 sclass=netlink_route_socket pid=11523 comm=syz.3.2505
[  225.550980][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.583419][T11540] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2512'.
[  225.652956][T11542] loop5: detected capacity change from 0 to 256
[  225.670025][T11542] FAT-fs (loop5): bogus number of FAT sectors
[  225.676945][T11542] FAT-fs (loop5): Can't find a valid FAT filesystem
[  225.760118][T11547] loop5: detected capacity change from 0 to 1024
[  225.766912][T11547] EXT4-fs: Ignoring removed i_version option
[  225.773270][T11547] EXT4-fs: Ignoring removed nobh option
[  225.785514][T11547] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.821957][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.854323][T11551] loop5: detected capacity change from 0 to 512
[  225.861808][T11551] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  225.870932][T11551] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  225.879309][T11551] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.2515: corrupted in-inode xattr: e_value size too large
[  225.895367][T11551] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2515: couldn't read orphan inode 15 (err -117)
[  225.908591][T11551] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.976192][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.139990][T11562] FAULT_INJECTION: forcing a failure.
[  226.139990][T11562] name failslab, interval 1, probability 0, space 0, times 0
[  226.153229][T11562] CPU: 0 UID: 0 PID: 11562 Comm: syz.5.2519 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  226.153314][T11562] Tainted: [W]=WARN
[  226.153322][T11562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  226.153338][T11562] Call Trace:
[  226.153346][T11562]  <TASK>
[  226.153357][T11562]  __dump_stack+0x1d/0x30
[  226.153380][T11562]  dump_stack_lvl+0xe8/0x140
[  226.153399][T11562]  dump_stack+0x15/0x1b
[  226.153487][T11562]  should_fail_ex+0x265/0x280
[  226.153517][T11562]  should_failslab+0x8c/0xb0
[  226.153539][T11562]  kmem_cache_alloc_noprof+0x50/0x310
[  226.153562][T11562]  ? getname_flags+0x80/0x3b0
[  226.153631][T11562]  getname_flags+0x80/0x3b0
[  226.153661][T11562]  do_sys_openat2+0x60/0x110
[  226.153690][T11562]  __x64_sys_open+0xe6/0x110
[  226.153751][T11562]  x64_sys_call+0x1457/0x3000
[  226.153780][T11562]  do_syscall_64+0xd2/0x200
[  226.153803][T11562]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  226.153837][T11562]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  226.153929][T11562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.153953][T11562] RIP: 0033:0x7f8bd565eec9
[  226.153972][T11562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.154068][T11562] RSP: 002b:00007f8bd40bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  226.154092][T11562] RAX: ffffffffffffffda RBX: 00007f8bd58b5fa0 RCX: 00007f8bd565eec9
[  226.154107][T11562] RDX: 0000000000000040 RSI: 0000000000000300 RDI: 00002000000001c0
[  226.154123][T11562] RBP: 00007f8bd40bf090 R08: 0000000000000000 R09: 0000000000000000
[  226.154138][T11562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.154154][T11562] R13: 00007f8bd58b6038 R14: 00007f8bd58b5fa0 R15: 00007fffc0122d98
[  226.154180][T11562]  </TASK>
[  226.448870][T11568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2523'.
[  227.554769][T11602] random: crng reseeded on system resumption
[  227.598912][T11605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2537'.
[  227.878946][T11630] SELinux: syz.5.2547 (11630) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  227.980140][T11652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2550'.
[  228.931864][T11784] FAULT_INJECTION: forcing a failure.
[  228.931864][T11784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  228.945042][T11784] CPU: 0 UID: 0 PID: 11784 Comm: +}[@ Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  228.945074][T11784] Tainted: [W]=WARN
[  228.945083][T11784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  228.945099][T11784] Call Trace:
[  228.945107][T11784]  <TASK>
[  228.945117][T11784]  __dump_stack+0x1d/0x30
[  228.945143][T11784]  dump_stack_lvl+0xe8/0x140
[  228.945201][T11784]  dump_stack+0x15/0x1b
[  228.945223][T11784]  should_fail_ex+0x265/0x280
[  228.945399][T11784]  should_fail+0xb/0x20
[  228.945425][T11784]  should_fail_usercopy+0x1a/0x20
[  228.945457][T11784]  _copy_from_user+0x1c/0xb0
[  228.945588][T11784]  memdup_user+0x5e/0xd0
[  228.945615][T11784]  strndup_user+0x68/0xb0
[  228.945725][T11784]  __se_sys_mount+0x4d/0x2e0
[  228.945765][T11784]  ? fput+0x8f/0xc0
[  228.945845][T11784]  ? ksys_write+0x192/0x1a0
[  228.945894][T11784]  __x64_sys_mount+0x67/0x80
[  228.945945][T11784]  x64_sys_call+0x2b51/0x3000
[  228.945969][T11784]  do_syscall_64+0xd2/0x200
[  228.945992][T11784]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  228.946039][T11784]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  228.946081][T11784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.946109][T11784] RIP: 0033:0x7f91d945eec9
[  228.946162][T11784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.946188][T11784] RSP: 002b:00007f91d7ebf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  228.946209][T11784] RAX: ffffffffffffffda RBX: 00007f91d96b5fa0 RCX: 00007f91d945eec9
[  228.946225][T11784] RDX: 0000200000000040 RSI: 0000200000000080 RDI: 0000000000000000
[  228.946240][T11784] RBP: 00007f91d7ebf090 R08: 0000200000000400 R09: 0000000000000000
[  228.946312][T11784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.946327][T11784] R13: 00007f91d96b6038 R14: 00007f91d96b5fa0 R15: 00007ffe700e0d38
[  228.946430][T11784]  </TASK>
[  229.238345][   T29] kauditd_printk_skb: 428 callbacks suppressed
[  229.238362][   T29] audit: type=1400 audit(1759444691.530:10922): avc:  denied  { read } for  pid=11790 comm="syz.0.2561" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  229.268311][   T29] audit: type=1400 audit(1759444691.530:10923): avc:  denied  { open } for  pid=11790 comm="syz.0.2561" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  229.301950][T11791] can0: slcan on ttyS3.
[  229.311153][   T29] audit: type=1400 audit(1759444691.590:10924): avc:  denied  { ioctl } for  pid=11790 comm="syz.0.2561" path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  229.340404][   T29] audit: type=1400 audit(1759444691.630:10925): avc:  denied  { create } for  pid=11793 comm="syz.4.2562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  229.363328][T11791] can0 (unregistered): slcan off ttyS3.
[  229.363496][T11794] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2562'.
[  229.408847][   T29] audit: type=1400 audit(1759444691.630:10926): avc:  denied  { ioctl } for  pid=11793 comm="syz.4.2562" path="socket:[28002]" dev="sockfs" ino=28002 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  229.434355][   T29] audit: type=1326 audit(1759444691.690:10927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11798 comm="syz.4.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d945eec9 code=0x7ffc0000
[  229.458133][   T29] audit: type=1326 audit(1759444691.690:10928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11798 comm="syz.4.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f91d945eec9 code=0x7ffc0000
[  229.481650][   T29] audit: type=1326 audit(1759444691.690:10929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11798 comm="syz.4.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d945eec9 code=0x7ffc0000
[  229.505371][   T29] audit: type=1326 audit(1759444691.690:10930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11798 comm="syz.4.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f91d945eec9 code=0x7ffc0000
[  229.529513][   T29] audit: type=1326 audit(1759444691.690:10931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11798 comm="syz.4.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d945eec9 code=0x7ffc0000
[  230.032808][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2581'.
[  230.049526][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2581'.
[  230.096752][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2579'.
[  230.105725][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2579'.
[  230.142458][T11856] SELinux: syz.2.2583 (11856) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  230.814567][T11868] loop3: detected capacity change from 0 to 256
[  230.836892][T11868] FAT-fs (loop3): codepage cp874 not found
[  230.929667][T11877] loop3: detected capacity change from 0 to 256
[  230.940529][T11877] FAT-fs (loop3): bogus number of FAT sectors
[  230.947118][T11877] FAT-fs (loop3): Can't find a valid FAT filesystem
[  231.035681][T11882] SELinux: syz.3.2594 (11882) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  231.117072][T11887] loop4: detected capacity change from 0 to 256
[  231.135050][T11887] FAT-fs (loop4): codepage cp874 not found
[  232.176778][T11898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2598'.
[  232.185774][T11898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2598'.
[  232.870578][T11905] loop4: detected capacity change from 0 to 256
[  232.884838][T11905] FAT-fs (loop4): codepage cp874 not found
[  232.894002][T11905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2600'.
[  232.903113][T11905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2600'.
[  232.912064][T11905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2600'.
[  233.023649][T11919] loop5: detected capacity change from 0 to 2364
[  233.034355][T11921] loop4: detected capacity change from 0 to 512
[  233.041777][T11921] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  233.051827][T11921] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  233.066050][T11921] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.2605: corrupted in-inode xattr: e_value size too large
[  233.081743][T11921] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2605: couldn't read orphan inode 15 (err -117)
[  233.095693][T11921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.157709][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.180201][T11939] loop4: detected capacity change from 0 to 256
[  233.197750][T11939] FAT-fs (loop4): codepage cp874 not found
[  234.065442][T12071] loop4: detected capacity change from 0 to 256
[  234.079493][T12071] FAT-fs (loop4): codepage cp874 not found
[  234.310617][   T29] kauditd_printk_skb: 463 callbacks suppressed
[  234.310635][   T29] audit: type=1400 audit(1759444696.600:11395): avc:  denied  { map_create } for  pid=12081 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  234.336317][   T29] audit: type=1400 audit(1759444696.600:11396): avc:  denied  { map_read map_write } for  pid=12081 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  234.356424][   T29] audit: type=1400 audit(1759444696.610:11397): avc:  denied  { create } for  pid=12081 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  234.376231][   T29] audit: type=1400 audit(1759444696.610:11398): avc:  denied  { create } for  pid=12081 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  234.395843][   T29] audit: type=1400 audit(1759444696.610:11399): avc:  denied  { perfmon } for  pid=12081 comm="syz.4.2617" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  234.417101][   T29] audit: type=1400 audit(1759444696.610:11400): avc:  denied  { setopt } for  pid=12081 comm="syz.4.2617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  234.468456][   T29] audit: type=1400 audit(1759444696.760:11401): avc:  denied  { prog_run } for  pid=12085 comm="syz.4.2619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  234.506959][   T29] audit: type=1400 audit(1759444696.800:11402): avc:  denied  { read append } for  pid=12087 comm="syz.5.2620" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  234.532744][   T29] audit: type=1400 audit(1759444696.800:11403): avc:  denied  { open } for  pid=12087 comm="syz.5.2620" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  234.575704][   T29] audit: type=1400 audit(1759444696.870:11404): avc:  denied  { read } for  pid=12094 comm="+}[@" dev="nsfs" ino=4026532485 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  234.593115][T12096] __nla_validate_parse: 19 callbacks suppressed
[  234.593138][T12096] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2621'.
[  234.622005][T12101] loop4: detected capacity change from 0 to 256
[  234.639997][T12101] FAT-fs (loop4): codepage cp874 not found
[  234.642437][T12096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2621'.
[  234.741754][T12111] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  235.372018][T12227] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2636'.
[  235.392615][T12227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2636'.
[  235.596024][T12265] SELinux: syz.2.2641 (12265) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  235.642105][T12270] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2643'.
[  235.652442][T12270] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2643'.
[  236.352948][T12297] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2654'.
[  236.913435][T12314] loop4: detected capacity change from 0 to 256
[  236.936488][T12314] FAT-fs (loop4): codepage cp874 not found
[  236.975640][T12322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2663'.
[  237.082800][T12334] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12334 comm=syz.0.2666
[  237.219998][T12338] loop5: detected capacity change from 0 to 2364
[  237.474119][T12349] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2672'.
[  237.488198][T12349] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2672'.
[  238.284162][T12391] netlink: 'syz.3.2688': attribute type 3 has an invalid length.
[  238.325741][T12402] loop3: detected capacity change from 0 to 256
[  238.342273][T12402] FAT-fs (loop3): codepage cp874 not found
[  238.506779][T12425] loop5: detected capacity change from 0 to 2364
[  238.581739][T12435] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  238.589224][T12435] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.596984][T12435] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  238.604482][T12435] batman_adv: batadv0: Removing interface: batadv_slave_1
[  238.663327][T12444] FAULT_INJECTION: forcing a failure.
[  238.663327][T12444] name failslab, interval 1, probability 0, space 0, times 0
[  238.676156][T12444] CPU: 1 UID: 0 PID: 12444 Comm: syz.3.2706 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  238.676248][T12444] Tainted: [W]=WARN
[  238.676255][T12444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  238.676266][T12444] Call Trace:
[  238.676278][T12444]  <TASK>
[  238.676286][T12444]  __dump_stack+0x1d/0x30
[  238.676305][T12444]  dump_stack_lvl+0xe8/0x140
[  238.676323][T12444]  dump_stack+0x15/0x1b
[  238.676392][T12444]  should_fail_ex+0x265/0x280
[  238.676413][T12444]  should_failslab+0x8c/0xb0
[  238.676430][T12444]  __kmalloc_noprof+0xa5/0x3e0
[  238.676450][T12444]  ? iovec_from_user+0x84/0x210
[  238.676478][T12444]  iovec_from_user+0x84/0x210
[  238.676509][T12444]  __import_iovec+0xf3/0x540
[  238.676551][T12444]  import_iovec+0x61/0x80
[  238.676651][T12444]  vfs_writev+0xfb/0x8b0
[  238.676684][T12444]  do_writev+0xe7/0x210
[  238.676723][T12444]  __x64_sys_writev+0x45/0x50
[  238.676803][T12444]  x64_sys_call+0x1e9a/0x3000
[  238.676822][T12444]  do_syscall_64+0xd2/0x200
[  238.676839][T12444]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  238.676923][T12444]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  238.676952][T12444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.676971][T12444] RIP: 0033:0x7feb217deec9
[  238.676985][T12444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.677075][T12444] RSP: 002b:00007feb2023f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  238.677092][T12444] RAX: ffffffffffffffda RBX: 00007feb21a35fa0 RCX: 00007feb217deec9
[  238.677159][T12444] RDX: 0000000000000012 RSI: 00002000000006c0 RDI: 0000000000000003
[  238.677170][T12444] RBP: 00007feb2023f090 R08: 0000000000000000 R09: 0000000000000000
[  238.677180][T12444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.677191][T12444] R13: 00007feb21a36038 R14: 00007feb21a35fa0 R15: 00007fff2db2c548
[  238.677264][T12444]  </TASK>
[  238.902756][T12446] loop5: detected capacity change from 0 to 256
[  238.924337][T12446] FAT-fs (loop5): codepage cp874 not found
[  238.964448][T12451] ªªªªªª: renamed from vlan0 (while UP)
[  239.108790][T12467] loop5: detected capacity change from 0 to 2364
[  239.248536][T12476] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  239.336476][   T29] kauditd_printk_skb: 398 callbacks suppressed
[  239.336494][   T29] audit: type=1400 audit(1759444701.630:11803): avc:  denied  { read } for  pid=12482 comm="syz.0.2720" dev="nsfs" ino=4026532708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  239.364376][   T29] audit: type=1400 audit(1759444701.630:11804): avc:  denied  { open } for  pid=12482 comm="syz.0.2720" path="net:[4026532708]" dev="nsfs" ino=4026532708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  239.387873][   T29] audit: type=1400 audit(1759444701.630:11805): avc:  denied  { create } for  pid=12482 comm="syz.0.2720" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  239.399807][T12486] loop4: detected capacity change from 0 to 256
[  239.409078][   T29] audit: type=1400 audit(1759444701.670:11806): avc:  denied  { write } for  pid=12482 comm="syz.0.2720" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.454990][   T29] audit: type=1400 audit(1759444701.750:11807): avc:  denied  { read write } for  pid=12482 comm="syz.0.2720" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  239.494916][   T29] audit: type=1400 audit(1759444701.750:11808): avc:  denied  { open } for  pid=12482 comm="syz.0.2720" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  239.518341][   T29] audit: type=1400 audit(1759444701.750:11809): avc:  denied  { ioctl } for  pid=12482 comm="syz.0.2720" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  239.574788][   T29] audit: type=1400 audit(1759444701.860:11810): avc:  denied  { module_request } for  pid=12485 comm="syz.4.2722" kmod="nls_cp874" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  239.613348][   T29] audit: type=1326 audit(1759444701.910:11811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12499 comm="syz.5.2724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  239.652543][   T29] audit: type=1326 audit(1759444701.930:11812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12499 comm="syz.5.2724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  239.795465][T12486] FAT-fs (loop4): codepage cp874 not found
[  240.039438][T12512] program syz.5.2727 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  240.061397][T12512] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  240.928571][T12640] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  241.064875][T12664] FAULT_INJECTION: forcing a failure.
[  241.064875][T12664] name failslab, interval 1, probability 0, space 0, times 0
[  241.077642][T12664] CPU: 1 UID: 0 PID: 12664 Comm: syz.4.2746 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  241.077714][T12664] Tainted: [W]=WARN
[  241.077720][T12664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  241.077733][T12664] Call Trace:
[  241.077739][T12664]  <TASK>
[  241.077749][T12664]  __dump_stack+0x1d/0x30
[  241.077780][T12664]  dump_stack_lvl+0xe8/0x140
[  241.077806][T12664]  dump_stack+0x15/0x1b
[  241.077828][T12664]  should_fail_ex+0x265/0x280
[  241.077918][T12664]  ? audit_log_d_path+0x8d/0x150
[  241.077952][T12664]  should_failslab+0x8c/0xb0
[  241.078024][T12664]  __kmalloc_cache_noprof+0x4c/0x320
[  241.078051][T12664]  audit_log_d_path+0x8d/0x150
[  241.078076][T12664]  audit_log_d_path_exe+0x42/0x70
[  241.078099][T12664]  audit_log_task+0x1e9/0x250
[  241.078148][T12664]  audit_seccomp+0x61/0x100
[  241.078186][T12664]  ? __seccomp_filter+0x82d/0x1250
[  241.078248][T12664]  __seccomp_filter+0x83e/0x1250
[  241.078301][T12664]  ? update_load_avg+0x1da/0x820
[  241.078335][T12664]  ? __list_add_valid_or_report+0x38/0xe0
[  241.078373][T12664]  ? _raw_spin_unlock+0x26/0x50
[  241.078434][T12664]  __secure_computing+0x82/0x150
[  241.078467][T12664]  syscall_trace_enter+0xcf/0x1e0
[  241.078503][T12664]  do_syscall_64+0xac/0x200
[  241.078607][T12664]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  241.078643][T12664]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  241.078705][T12664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.078734][T12664] RIP: 0033:0x7f91d945d8dc
[  241.078829][T12664] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  241.078854][T12664] RSP: 002b:00007f91d7ebf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  241.078896][T12664] RAX: ffffffffffffffda RBX: 00007f91d96b5fa0 RCX: 00007f91d945d8dc
[  241.078911][T12664] RDX: 000000000000000f RSI: 00007f91d7ebf0a0 RDI: 0000000000000006
[  241.078922][T12664] RBP: 00007f91d7ebf090 R08: 0000000000000000 R09: 0000000000000000
[  241.078991][T12664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  241.079039][T12664] R13: 00007f91d96b6038 R14: 00007f91d96b5fa0 R15: 00007ffe700e0d38
[  241.079065][T12664]  </TASK>
[  241.215982][T12683] __nla_validate_parse: 13 callbacks suppressed
[  241.216034][T12683] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2745'.
[  241.315454][T12683] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2745'.
[  241.781545][T12689] loop3: detected capacity change from 0 to 1024
[  241.788667][T12689] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  241.799640][T12689] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  241.807742][T12689] EXT4-fs (loop3): orphan cleanup on readonly fs
[  241.814825][T12689] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.2748: Freeing blocks not in datazone - block = 0, count = 4096
[  241.829589][T12689] EXT4-fs (loop3): 1 orphan inode deleted
[  241.835870][T12689] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  241.862827][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.900237][T12694] SELinux: syz.3.2749 (12694) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  241.929179][T12698] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2752'.
[  241.982689][T12710] FAULT_INJECTION: forcing a failure.
[  241.982689][T12710] name failslab, interval 1, probability 0, space 0, times 0
[  241.995640][T12710] CPU: 1 UID: 0 PID: 12710 Comm: syz.5.2757 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  241.995678][T12710] Tainted: [W]=WARN
[  241.995685][T12710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  241.995698][T12710] Call Trace:
[  241.995706][T12710]  <TASK>
[  241.995716][T12710]  __dump_stack+0x1d/0x30
[  241.995742][T12710]  dump_stack_lvl+0xe8/0x140
[  241.995767][T12710]  dump_stack+0x15/0x1b
[  241.995857][T12710]  should_fail_ex+0x265/0x280
[  241.995882][T12710]  ? __se_sys_memfd_create+0x1cc/0x590
[  241.995922][T12710]  should_failslab+0x8c/0xb0
[  241.995945][T12710]  __kmalloc_cache_noprof+0x4c/0x320
[  241.995973][T12710]  __se_sys_memfd_create+0x1cc/0x590
[  241.996124][T12710]  __x64_sys_memfd_create+0x31/0x40
[  241.996157][T12710]  x64_sys_call+0x2ac2/0x3000
[  241.996179][T12710]  do_syscall_64+0xd2/0x200
[  241.996197][T12710]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  241.996225][T12710]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  241.996305][T12710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.996327][T12710] RIP: 0033:0x7f8bd565eec9
[  241.996342][T12710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.996361][T12710] RSP: 002b:00007f8bd40bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  241.996380][T12710] RAX: ffffffffffffffda RBX: 0000000000000512 RCX: 00007f8bd565eec9
[  241.996396][T12710] RDX: 00007f8bd40beef0 RSI: 0000000000000000 RDI: 00007f8bd56e2960
[  241.996408][T12710] RBP: 0000200000000380 R08: 00007f8bd40bebb7 R09: 00007f8bd40bee40
[  241.996461][T12710] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[  241.996473][T12710] R13: 00007f8bd40beef0 R14: 00007f8bd40beeb0 R15: 0000200000000340
[  241.996493][T12710]  </TASK>
[  242.225125][T12716] loop4: detected capacity change from 0 to 256
[  242.247125][T12720] loop5: detected capacity change from 0 to 256
[  242.262780][T12716] FAT-fs (loop4): codepage cp874 not found
[  242.281995][T12720] FAT-fs (loop5): codepage cp874 not found
[  242.315757][T12732] FAULT_INJECTION: forcing a failure.
[  242.315757][T12732] name failslab, interval 1, probability 0, space 0, times 0
[  242.328732][T12732] CPU: 1 UID: 0 PID: 12732 Comm: syz.0.2762 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  242.328816][T12732] Tainted: [W]=WARN
[  242.328824][T12732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  242.328839][T12732] Call Trace:
[  242.328848][T12732]  <TASK>
[  242.328858][T12732]  __dump_stack+0x1d/0x30
[  242.328884][T12732]  dump_stack_lvl+0xe8/0x140
[  242.328961][T12732]  dump_stack+0x15/0x1b
[  242.328981][T12732]  should_fail_ex+0x265/0x280
[  242.329020][T12732]  should_failslab+0x8c/0xb0
[  242.329109][T12732]  kmem_cache_alloc_noprof+0x50/0x310
[  242.329139][T12732]  ? getname_flags+0x80/0x3b0
[  242.329232][T12732]  getname_flags+0x80/0x3b0
[  242.329259][T12732]  __x64_sys_symlink+0x33/0x60
[  242.329291][T12732]  x64_sys_call+0x23d0/0x3000
[  242.329324][T12732]  do_syscall_64+0xd2/0x200
[  242.329347][T12732]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  242.329381][T12732]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  242.329420][T12732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.329554][T12732] RIP: 0033:0x7f5a28eceec9
[  242.329573][T12732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.329599][T12732] RSP: 002b:00007f5a2792f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  242.329665][T12732] RAX: ffffffffffffffda RBX: 00007f5a29125fa0 RCX: 00007f5a28eceec9
[  242.329680][T12732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  242.329696][T12732] RBP: 00007f5a2792f090 R08: 0000000000000000 R09: 0000000000000000
[  242.329711][T12732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.329726][T12732] R13: 00007f5a29126038 R14: 00007f5a29125fa0 R15: 00007ffc8eeebbb8
[  242.329799][T12732]  </TASK>
[  242.661389][T12762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2764'.
[  242.670562][T12762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2764'.
[  242.716798][T12765] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  242.753928][T12771] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2770'.
[  242.790539][T12771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2770'.
[  243.665754][T12891] loop5: detected capacity change from 0 to 256
[  243.685205][T12891] FAT-fs (loop5): codepage cp874 not found
[  243.695460][T12894] netlink: 'syz.4.2778': attribute type 10 has an invalid length.
[  243.702281][T12895] netlink: 'syz.4.2778': attribute type 10 has an invalid length.
[  243.714259][T12894] netlink: 'syz.4.2778': attribute type 10 has an invalid length.
[  243.731922][T12895] 8021q: adding VLAN 0 to HW filter on device bond10
[  243.740034][T12894] bond10: option mode: unable to set because the bond device is up
[  243.752963][T12895] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  243.761678][T12895] bond10: (slave macvlan2): Enslaving as a backup interface with a down link
[  243.792623][T12899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2779'.
[  243.809279][T12902] loop4: detected capacity change from 0 to 256
[  243.826266][T12902] FAT-fs (loop4): codepage cp874 not found
[  243.963831][T12921] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2788'.
[  243.973317][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2788'.
[  244.011180][T12927] FAULT_INJECTION: forcing a failure.
[  244.011180][T12927] name failslab, interval 1, probability 0, space 0, times 0
[  244.023988][T12927] CPU: 0 UID: 0 PID: 12927 Comm: syz.2.2790 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  244.024031][T12927] Tainted: [W]=WARN
[  244.024040][T12927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  244.024055][T12927] Call Trace:
[  244.024063][T12927]  <TASK>
[  244.024071][T12927]  __dump_stack+0x1d/0x30
[  244.024162][T12927]  dump_stack_lvl+0xe8/0x140
[  244.024186][T12927]  dump_stack+0x15/0x1b
[  244.024239][T12927]  should_fail_ex+0x265/0x280
[  244.024269][T12927]  should_failslab+0x8c/0xb0
[  244.024292][T12927]  kmem_cache_alloc_node_noprof+0x57/0x320
[  244.024334][T12927]  ? __alloc_skb+0x101/0x320
[  244.024364][T12927]  __alloc_skb+0x101/0x320
[  244.024394][T12927]  netlink_alloc_large_skb+0xba/0xf0
[  244.024470][T12927]  netlink_sendmsg+0x3cf/0x6b0
[  244.024515][T12927]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.024541][T12927]  __sock_sendmsg+0x142/0x180
[  244.024576][T12927]  ____sys_sendmsg+0x31e/0x4e0
[  244.024689][T12927]  ___sys_sendmsg+0x17b/0x1d0
[  244.024744][T12927]  __x64_sys_sendmsg+0xd4/0x160
[  244.024835][T12927]  x64_sys_call+0x191e/0x3000
[  244.024879][T12927]  do_syscall_64+0xd2/0x200
[  244.024897][T12927]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  244.024929][T12927]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  244.025004][T12927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.025036][T12927] RIP: 0033:0x7fd37235eec9
[  244.025055][T12927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.025079][T12927] RSP: 002b:00007fd370dbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.025103][T12927] RAX: ffffffffffffffda RBX: 00007fd3725b5fa0 RCX: 00007fd37235eec9
[  244.025118][T12927] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003
[  244.025200][T12927] RBP: 00007fd370dbf090 R08: 0000000000000000 R09: 0000000000000000
[  244.025213][T12927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.025225][T12927] R13: 00007fd3725b6038 R14: 00007fd3725b5fa0 R15: 00007fffcdbb32d8
[  244.025245][T12927]  </TASK>
[  244.418684][   T29] kauditd_printk_skb: 355 callbacks suppressed
[  244.418702][   T29] audit: type=1400 audit(1759444706.710:12168): avc:  denied  { read } for  pid=12940 comm="syz.5.2794" dev="nsfs" ino=4026533292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  244.446764][   T29] audit: type=1400 audit(1759444706.710:12169): avc:  denied  { open } for  pid=12940 comm="syz.5.2794" path="net:[4026533292]" dev="nsfs" ino=4026533292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  244.543401][   T29] audit: type=1400 audit(1759444706.830:12170): avc:  denied  { mounton } for  pid=12945 comm="syz.5.2797" path="/202/file0" dev="tmpfs" ino=1100 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  244.581385][   T29] audit: type=1400 audit(1759444706.860:12171): avc:  denied  { mount } for  pid=12945 comm="syz.5.2797" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  244.604265][   T29] audit: type=1400 audit(1759444706.860:12172): avc:  denied  { read write } for  pid=12945 comm="syz.5.2797" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  244.618534][T12952] veth0: entered promiscuous mode
[  244.626492][   T29] audit: type=1400 audit(1759444706.860:12173): avc:  denied  { open } for  pid=12945 comm="syz.5.2797" path="/202/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  244.654489][   T29] audit: type=1400 audit(1759444706.870:12174): avc:  denied  { unmount } for  pid=8684 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  244.675016][   T29] audit: type=1400 audit(1759444706.910:12175): avc:  denied  { create } for  pid=12951 comm="syz.2.2800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  244.695010][   T29] audit: type=1400 audit(1759444706.910:12176): avc:  denied  { ioctl } for  pid=12951 comm="syz.2.2800" path="socket:[29955]" dev="sockfs" ino=29955 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  244.721110][   T29] audit: type=1400 audit(1759444706.910:12177): avc:  denied  { setopt } for  pid=12951 comm="syz.2.2800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  244.753927][T12953] tipc: Invalid UDP bearer configuration
[  244.753947][T12953] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  244.768800][T12953] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  244.842893][T12965] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  244.854328][T12967] loop5: detected capacity change from 0 to 512
[  244.861812][T12967] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  244.887500][T12967] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  244.895923][T12967] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.2806: corrupted in-inode xattr: e_value size too large
[  244.910316][T12967] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2806: couldn't read orphan inode 15 (err -117)
[  244.935115][T12967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.949639][T12976] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  245.018840][ T8684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.213440][T13011] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13011 comm=syz.4.2821
[  245.231179][T13011] loop4: detected capacity change from 0 to 1024
[  245.255011][T13011] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.280101][T12986] chnl_net:caif_netlink_parms(): no params data found
[  245.302598][T13019] loop5: detected capacity change from 0 to 256
[  245.317015][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.328856][T13019] FAT-fs (loop5): codepage cp874 not found
[  245.358067][T12986] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.365281][T12986] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.372737][T12986] bridge_slave_0: entered allmulticast mode
[  245.379318][T12986] bridge_slave_0: entered promiscuous mode
[  245.386466][T12986] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.393747][T12986] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.401200][T12986] bridge_slave_1: entered allmulticast mode
[  245.408408][T12986] bridge_slave_1: entered promiscuous mode
[  245.429115][T12986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.440985][T12986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.486977][T12986] team0: Port device team_slave_0 added
[  245.498313][T12986] team0: Port device team_slave_1 added
[  245.525510][T12986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.532698][T12986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.558856][T12986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.571714][T12986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.578863][T12986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.604907][T12986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.649877][ T2604] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.680408][T12986] hsr_slave_0: entered promiscuous mode
[  245.686742][T12986] hsr_slave_1: entered promiscuous mode
[  245.692665][T12986] debugfs: 'hsr0' already exists in 'hsr'
[  245.698497][T12986] Cannot create hsr debugfs directory
[  245.706420][ T2604] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.766555][ T2604] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.849561][T13057] loop5: detected capacity change from 0 to 256
[  245.857825][ T2604] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.876891][T13057] FAT-fs (loop5): codepage cp874 not found
[  245.928059][ T2604] bridge_slave_1: left allmulticast mode
[  245.933898][ T2604] bridge_slave_1: left promiscuous mode
[  245.939892][ T2604] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.948272][ T2604] bridge_slave_0: left allmulticast mode
[  245.954081][ T2604] bridge_slave_0: left promiscuous mode
[  245.959972][ T2604] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.041846][T13070] loop5: detected capacity change from 0 to 256
[  246.061493][T13070] FAT-fs (loop5): codepage cp874 not found
[  246.245725][ T2604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.254597][ T2604] bond_slave_0: left promiscuous mode
[  246.261436][ T2604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.270645][ T2604] bond_slave_1: left promiscuous mode
[  246.277047][ T2604] bond0 (unregistering): Released all slaves
[  246.285921][ T2604] bond1 (unregistering): Released all slaves
[  246.294714][ T2604] bond2 (unregistering): Released all slaves
[  246.303047][ T2604] bond3 (unregistering): Released all slaves
[  246.311601][ T2604] bond4 (unregistering): Released all slaves
[  246.320774][ T2604] bond5 (unregistering): Released all slaves
[  246.330207][ T2604] bond6 (unregistering): Released all slaves
[  246.339323][ T2604] bond7 (unregistering): Released all slaves
[  246.397869][ T2604] hsr_slave_0: left promiscuous mode
[  246.403563][ T2604] hsr_slave_1: left promiscuous mode
[  246.409186][ T2604] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.416609][ T2604] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.427224][ T2604] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.434699][ T2604] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.442410][ T2604] batman_adv: batadv0: Interface deactivated: macsec1
[  246.449254][ T2604] batman_adv: batadv0: Removing interface: macsec1
[  246.459194][ T2604] batadv_slave_1: left promiscuous mode
[  246.464984][ T2604] veth1_macvtap: left promiscuous mode
[  246.470558][ T2604] veth0_macvtap: left promiscuous mode
[  246.476143][ T2604] veth1_vlan: left promiscuous mode
[  246.542017][ T2604] team0 (unregistering): Port device team_slave_1 removed
[  246.552262][ T2604] team0 (unregistering): Port device team_slave_0 removed
[  246.745031][T13087] loop4: detected capacity change from 0 to 512
[  246.758569][T13087] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  246.771213][T13087] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  246.781158][T13087] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.2849: corrupted in-inode xattr: e_value size too large
[  246.795537][T13087] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2849: couldn't read orphan inode 15 (err -117)
[  246.810688][T13087] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.829472][T12986] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  246.840273][T12986] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  246.850690][T12986] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  246.860360][T12986] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  246.878469][ T2604] IPVS: stop unused estimator thread 0...
[  246.905520][ T2604] ------------[ cut here ]------------
[  246.911158][ T2604] WARNING: CPU: 0 PID: 2604 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0
[  246.920916][ T2604] Modules linked in:
[  246.924968][ T2604] CPU: 0 UID: 0 PID: 2604 Comm: kworker/u8:6 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  246.936776][ T2604] Tainted: [W]=WARN
[  246.940637][ T2604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  246.950903][ T2604] Workqueue: netns cleanup_net
[  246.955766][ T2604] RIP: 0010:xfrm_state_fini+0x179/0x1f0
[  246.961516][ T2604] Code: 48 8d bb 70 0e 00 00 e8 45 62 bb fc 48 8b bb 70 0e 00 00 e8 69 f0 c7 fc 5b 41 5e 41 5f 5d e9 fe 8f b3 00 cc e8 28 13 a0 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 1a 13 a0 fc 90 0f 0b 90 4c 89 f7 e8 0e
[  246.981277][ T2604] RSP: 0018:ffffc90003077c60 EFLAGS: 00010293
[  246.987660][ T2604] RAX: ffffffff84b72ce8 RBX: ffff88810a958000 RCX: ffff888103ea5280
[  246.988444][T12986] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.995674][ T2604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810a958e40
[  247.010835][ T2604] RBP: ffffffff86c8c880 R08: 0001ffff8684802f R09: 0000000000000000
[  247.019102][ T2604] R10: ffffc90003077be8 R11: 0001c90003077be8 R12: ffffffff86c8c8a0
[  247.020203][T12986] 8021q: adding VLAN 0 to HW filter on device team0
[  247.027290][ T2604] R13: ffff88810a958028 R14: ffff88810a958e40 R15: ffff88810a958000
[  247.041997][ T2604] FS:  0000000000000000(0000) GS:ffff8882aee36000(0000) knlGS:0000000000000000
[  247.047996][T12986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  247.051028][ T2604] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  247.061331][T12986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  247.068019][ T2604] CR2: 0000001b33218ff8 CR3: 000000010ae36000 CR4: 00000000003506f0
[  247.086468][ T2604] Call Trace:
[  247.089860][ T2604]  <TASK>
[  247.090925][T13100] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13100 comm=syz.3.2852
[  247.092950][ T2604]  xfrm_net_exit+0x2d/0x60
[  247.110021][ T2604]  ops_undo_list+0x27b/0x410
[  247.114689][ T2604]  cleanup_net+0x2f4/0x4f0
[  247.116056][T13099] loop3: detected capacity change from 0 to 1024
[  247.119150][ T2604]  process_scheduled_works+0x4cb/0x9d0
[  247.131094][ T2604]  worker_thread+0x582/0x770
[  247.132823][ T3435] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.135751][ T2604]  kthread+0x489/0x510
[  247.143279][ T3435] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.147506][ T2604]  ? finish_task_switch+0xad/0x2b0
[  247.159216][ T3435] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.160175][ T2604]  ? __pfx_worker_thread+0x10/0x10
[  247.167612][ T3435] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.172721][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.184548][ T2604]  ret_from_fork+0x11f/0x1b0
[  247.189271][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.193923][ T2604]  ret_from_fork_asm+0x1a/0x30
[  247.199021][ T2604]  </TASK>
[  247.202067][ T2604] ---[ end trace 0000000000000000 ]---
[  247.208743][ T2604] ------------[ cut here ]------------
[  247.214238][ T2604] WARNING: CPU: 0 PID: 2604 at net/xfrm/xfrm_state.c:3313 xfrm_state_fini+0x1b9/0x1f0
[  247.223877][ T2604] Modules linked in:
[  247.227796][ T2604] CPU: 0 UID: 0 PID: 2604 Comm: kworker/u8:6 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  247.239427][ T2604] Tainted: [W]=WARN
[  247.243270][ T2604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  247.253518][ T2604] Workqueue: netns cleanup_net
[  247.256827][T12986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.258315][ T2604] RIP: 0010:xfrm_state_fini+0x1b9/0x1f0
[  247.270857][ T2604] Code: 62 bb fc 4d 8b 3e e9 06 ff ff ff e8 01 13 a0 fc 90 0f 0b 90 4c 89 f7 e8 f5 61 bb fc 4d 8b 3e e9 24 ff ff ff e8 e8 12 a0 fc 90 <0f> 0b 90 4c 89 f7 e8 dc 61 bb fc 4d 8b 3e e9 42 ff ff ff e8 cf 12
[  247.290879][ T2604] RSP: 0018:ffffc90003077c60 EFLAGS: 00010293
[  247.297010][ T2604] RAX: ffffffff84b72d28 RBX: ffff88810a958000 RCX: ffff888103ea5280
[  247.305086][ T2604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881185bdfc0
[  247.313245][ T2604] RBP: 0000000000000040 R08: 000188810a958e5f R09: 0000000000000000
[  247.321354][ T2604] R10: ffff88810ec095c0 R11: 000188810ec096bf R12: ffffffff86c8c8a0
[  247.329755][ T2604] R13: ffff88810a958028 R14: ffff88810a958e58 R15: ffff8881185bdfc0
[  247.337786][ T2604] FS:  0000000000000000(0000) GS:ffff8882aee36000(0000) knlGS:0000000000000000
[  247.346985][ T2604] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  247.353949][ T2604] CR2: 0000001b33218ff8 CR3: 000000010ae36000 CR4: 00000000003506f0
[  247.359104][T12986] veth0_vlan: entered promiscuous mode
[  247.361969][ T2604] Call Trace:
[  247.361979][ T2604]  <TASK>
[  247.361990][ T2604]  xfrm_net_exit+0x2d/0x60
[  247.373123][T12986] veth1_vlan: entered promiscuous mode
[  247.374470][ T2604]  ops_undo_list+0x27b/0x410
[  247.389417][ T2604]  cleanup_net+0x2f4/0x4f0
[  247.393884][ T2604]  process_scheduled_works+0x4cb/0x9d0
[  247.394557][T13099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.399436][ T2604]  worker_thread+0x582/0x770
[  247.415459][T12986] veth0_macvtap: entered promiscuous mode
[  247.416497][ T2604]  kthread+0x489/0x510
[  247.426325][ T2604]  ? finish_task_switch+0xad/0x2b0
[  247.428694][T12986] veth1_macvtap: entered promiscuous mode
[  247.431617][ T2604]  ? __pfx_worker_thread+0x10/0x10
[  247.443205][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.447546][T12986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.447924][ T2604]  ret_from_fork+0x11f/0x1b0
[  247.447951][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.461921][T12986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.464589][ T2604]  ret_from_fork_asm+0x1a/0x30
[  247.476674][ T2604]  </TASK>
[  247.477052][   T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.479731][ T2604] ---[ end trace 0000000000000000 ]---
[  247.495609][ T2604] ------------[ cut here ]------------
[  247.501098][ T2604] WARNING: CPU: 0 PID: 2604 at net/xfrm/xfrm_state.c:3315 xfrm_state_fini+0x1d2/0x1f0
[  247.510849][ T2604] Modules linked in:
[  247.514808][ T2604] CPU: 0 UID: 0 PID: 2604 Comm: kworker/u8:6 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  247.526462][ T2604] Tainted: [W]=WARN
[  247.530404][ T2604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  247.540512][ T2604] Workqueue: netns cleanup_net
[  247.545368][ T2604] RIP: 0010:xfrm_state_fini+0x1d2/0x1f0
[  247.550932][ T2604] Code: 61 bb fc 4d 8b 3e e9 24 ff ff ff e8 e8 12 a0 fc 90 0f 0b 90 4c 89 f7 e8 dc 61 bb fc 4d 8b 3e e9 42 ff ff ff e8 cf 12 a0 fc 90 <0f> 0b 90 4c 89 f7 e8 c3 61 bb fc 4d 8b 3e e9 60 ff ff ff 66 66 2e
[  247.570672][ T2604] RSP: 0018:ffffc90003077c60 EFLAGS: 00010293
[  247.577360][ T2604] RAX: ffffffff84b72d41 RBX: ffff88810a958000 RCX: ffff888103ea5280
[  247.585644][ T2604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881185bdf80
[  247.593692][ T2604] RBP: 0000000000000040 R08: 000188810a958e57 R09: 0000000000000000
[  247.601684][ T2604] R10: 0000000000000003 R11: 00018881185bdfff R12: ffffffff86c8c8a0
[  247.609678][ T2604] R13: ffff88810a958028 R14: ffff88810a958e50 R15: ffff8881185bdf80
[  247.617693][ T2604] FS:  0000000000000000(0000) GS:ffff8882aee36000(0000) knlGS:0000000000000000
[  247.626651][ T2604] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  247.633347][ T2604] CR2: 0000001b33218ff8 CR3: 000000010ae36000 CR4: 00000000003506f0
[  247.641431][ T2604] Call Trace:
[  247.644747][ T2604]  <TASK>
[  247.647736][ T2604]  xfrm_net_exit+0x2d/0x60
[  247.652246][ T2604]  ops_undo_list+0x27b/0x410
[  247.656898][ T2604]  cleanup_net+0x2f4/0x4f0
[  247.661350][ T2604]  process_scheduled_works+0x4cb/0x9d0
[  247.666990][ T2604]  worker_thread+0x582/0x770
[  247.671867][ T2604]  kthread+0x489/0x510
[  247.675984][ T2604]  ? finish_task_switch+0xad/0x2b0
[  247.681113][ T2604]  ? __pfx_worker_thread+0x10/0x10
[  247.686262][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.690947][ T2604]  ret_from_fork+0x11f/0x1b0
[  247.695569][ T2604]  ? __pfx_kthread+0x10/0x10
[  247.700320][ T2604]  ret_from_fork_asm+0x1a/0x30
[  247.705125][ T2604]  </TASK>
[  247.708162][ T2604] ---[ end trace 0000000000000000 ]---
[  247.717307][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.732860][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.752528][ T2365] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.772825][ T2365] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.788845][ T2365] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.844470][T13123] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  247.867586][T13129] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  247.906675][T13136] FAULT_INJECTION: forcing a failure.
[  247.906675][T13136] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.919841][T13136] CPU: 0 UID: 0 PID: 13136 Comm: syz.0.2861 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  247.919875][T13136] Tainted: [W]=WARN
[  247.919883][T13136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  247.919898][T13136] Call Trace:
[  247.919905][T13136]  <TASK>
[  247.919914][T13136]  __dump_stack+0x1d/0x30
[  247.919943][T13136]  dump_stack_lvl+0xe8/0x140
[  247.919966][T13136]  dump_stack+0x15/0x1b
[  247.919985][T13136]  should_fail_ex+0x265/0x280
[  247.920087][T13136]  should_fail+0xb/0x20
[  247.920160][T13136]  should_fail_usercopy+0x1a/0x20
[  247.920192][T13136]  _copy_from_user+0x1c/0xb0
[  247.920266][T13136]  ___sys_sendmsg+0xc1/0x1d0
[  247.920319][T13136]  __x64_sys_sendmsg+0xd4/0x160
[  247.920359][T13136]  x64_sys_call+0x191e/0x3000
[  247.920462][T13136]  do_syscall_64+0xd2/0x200
[  247.920481][T13136]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  247.920567][T13136]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  247.920609][T13136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.920632][T13136] RIP: 0033:0x7fd12576eec9
[  247.920646][T13136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.920665][T13136] RSP: 002b:00007fd1241d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.920689][T13136] RAX: ffffffffffffffda RBX: 00007fd1259c5fa0 RCX: 00007fd12576eec9
[  247.920745][T13136] RDX: 000000002000400c RSI: 0000200000000340 RDI: 0000000000000005
[  247.920761][T13136] RBP: 00007fd1241d7090 R08: 0000000000000000 R09: 0000000000000000
[  247.920775][T13136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.920789][T13136] R13: 00007fd1259c6038 R14: 00007fd1259c5fa0 R15: 00007ffd4565df08
[  247.920812][T13136]  </TASK>
[  248.147926][T13141] loop4: detected capacity change from 0 to 256
[  248.158049][T13147] loop3: detected capacity change from 0 to 512
[  248.173458][T13141] FAT-fs (loop4): codepage cp874 not found
[  248.255201][T13153] netlink: zone id is out of range
[  248.270468][T13153] netlink: zone id is out of range
[  248.277006][T13153] netlink: zone id is out of range
[  248.282150][T13153] netlink: zone id is out of range
[  248.300884][T13153] netlink: zone id is out of range
[  248.329125][T13156] binfmt_misc: register: failed to install interpreter file ./file0
[  248.338278][T13153] netlink: zone id is out of range
[  248.349128][T13153] netlink: zone id is out of range
[  248.355631][T13153] netlink: zone id is out of range
[  248.360848][T13153] netlink: zone id is out of range
[  248.385017][T13152] loop5: detected capacity change from 0 to 1764
[  248.391477][T13153] netlink: zone id is out of range
[  248.468988][T13166] __nla_validate_parse: 8 callbacks suppressed
[  248.469044][T13166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2872'.
[  248.487146][T13168] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2873'.
[  248.496729][T13168] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2873'.
[  248.497288][T13166] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2872'.
[  248.524683][T13152] iso9660: Corrupted directory entry in block 2 of inode 1920
[  248.580823][T13173] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  248.761311][T13184] loop5: detected capacity change from 0 to 256
[  248.810257][T13184] FAT-fs (loop5): codepage cp874 not found
[  248.821861][T13174] loop4: detected capacity change from 0 to 512
[  248.832879][T13195] SELinux: syz.0.2883 (13195) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  248.861051][T13184] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2880'.
[  248.878581][T13174] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.2874: bad orphan inode 11862016
[  248.898323][T13174] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  248.912176][T13174] ext4 filesystem being mounted at /583/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.971096][T13207] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2887'.
[  248.982261][T13207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2887'.
[  249.056445][T13217] loop5: detected capacity change from 0 to 256
[  249.085598][T13217] FAT-fs (loop5): codepage cp874 not found
[  249.112229][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  249.297678][T13251] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13251 comm=syz.4.2900
[  249.312469][T13253] loop3: detected capacity change from 0 to 256
[  249.322055][T13251] loop4: detected capacity change from 0 to 1024
[  249.337613][T13253] FAT-fs (loop3): codepage cp874 not found
[  249.346823][T13251] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  249.347361][T13253] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2901'.
[  249.385755][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.426394][T13266] loop4: detected capacity change from 0 to 256
[  249.435016][   T29] kauditd_printk_skb: 705 callbacks suppressed
[  249.435032][   T29] audit: type=1400 audit(1759444711.730:12883): avc:  denied  { mounton } for  pid=13265 comm="syz.4.2902" path="/587/file0" dev="tmpfs" ino=3118 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  249.456073][T13266] FAT-fs (loop4): codepage cp874 not found
[  249.495806][   T29] audit: type=1400 audit(1759444711.730:12884): avc:  denied  { module_request } for  pid=13265 comm="syz.4.2902" kmod="nls_cp874" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  249.517683][   T29] audit: type=1400 audit(1759444711.770:12885): avc:  denied  { prog_run } for  pid=13268 comm="syz.5.2903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  249.535751][T13276] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2905'.
[  249.536938][   T29] audit: type=1400 audit(1759444711.770:12886): avc:  denied  { create } for  pid=13268 comm="syz.5.2903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  249.566704][   T29] audit: type=1400 audit(1759444711.770:12887): avc:  denied  { ioctl } for  pid=13268 comm="syz.5.2903" path="socket:[31257]" dev="sockfs" ino=31257 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  249.596362][   T29] audit: type=1400 audit(1759444711.810:12888): avc:  denied  { map_create } for  pid=13271 comm="syz.3.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  249.615765][   T29] audit: type=1400 audit(1759444711.810:12889): avc:  denied  { map_read map_write } for  pid=13271 comm="syz.3.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  249.635975][   T29] audit: type=1400 audit(1759444711.810:12890): avc:  denied  { create } for  pid=13275 comm="syz.5.2905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  249.656472][   T29] audit: type=1404 audit(1759444711.860:12891): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  249.671562][   T29] audit: type=1400 audit(1759444711.860:12892): avc:  denied  { map_create } for  pid=13271 comm="syz.3.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  249.895151][T13320] loop3: detected capacity change from 0 to 256
[  249.915416][T13320] FAT-fs (loop3): codepage cp874 not found
[  249.931835][T13320] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2916'.
[  250.095608][T13347] loop4: detected capacity change from 0 to 256
[  250.117773][T13347] FAT-fs (loop4): codepage cp874 not found
[  250.607339][T13427] SELinux: syz.3.2927 (13427) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  251.142700][T13448] loop4: detected capacity change from 0 to 512
[  251.161360][T13448] FAT-fs (loop4): IO charset tf8 not found
[  251.463304][   T37] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.498017][   T37] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.547666][   T37] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.592864][T13498] chnl_net:caif_netlink_parms(): no params data found
[  251.608660][   T37] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.650602][T13498] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.657873][T13498] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.666402][T13498] bridge_slave_0: entered allmulticast mode
[  251.673217][T13498] bridge_slave_0: entered promiscuous mode
[  251.694669][T13498] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.701874][T13498] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.709368][T13498] bridge_slave_1: entered allmulticast mode
[  251.716014][T13498] bridge_slave_1: entered promiscuous mode
[  251.785054][   T37] bond1 (unregistering): Released all slaves
[  251.796036][   T37] bond10 (unregistering): (slave macvlan2): Releasing backup interface
[  251.807992][   T37] bond0 (unregistering): Released all slaves
[  251.818133][   T37] bond2 (unregistering): Released all slaves
[  251.828073][   T37] bond3 (unregistering): Released all slaves
[  251.837234][   T37] bond4 (unregistering): Released all slaves
[  251.847634][   T37] bond5 (unregistering): Released all slaves
[  251.857220][   T37] bond6 (unregistering): Released all slaves
[  251.866890][   T37] bond7 (unregistering): Released all slaves
[  251.876538][   T37] bond8 (unregistering): Released all slaves
[  251.886665][   T37] bond9 (unregistering): Released all slaves
[  251.896384][   T37] bond10 (unregistering): Released all slaves
[  251.919751][T13498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  251.931074][T13498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  251.959565][   T37] tipc: Disabling bearer <udp:s>
[  251.964844][   T37] tipc: Left network mode
[  251.971640][T13498] team0: Port device team_slave_0 added
[  251.980414][   T37] hsr_slave_0: left promiscuous mode
[  251.986609][   T37] hsr_slave_1: left promiscuous mode
[  251.992378][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.999833][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  252.010318][   T37] veth1_macvtap: left promiscuous mode
[  252.016260][   T37] veth0_macvtap: left promiscuous mode
[  252.021973][   T37] veth1_vlan: left promiscuous mode
[  252.090009][   T37] team0 (unregistering): Port device team_slave_1 removed
[  252.101174][   T37] team0 (unregistering): Port device team_slave_0 removed
[  252.139331][T13498] team0: Port device team_slave_1 added
[  252.155278][T13498] batman_adv: batadv0: Adding interface: batadv_slave_0
[  252.162358][T13498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.188958][T13498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  252.200143][T13498] batman_adv: batadv0: Adding interface: batadv_slave_1
[  252.207229][T13498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.233240][T13498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.261586][T13498] hsr_slave_0: entered promiscuous mode
[  252.267622][T13498] hsr_slave_1: entered promiscuous mode
[  252.273652][T13498] debugfs: 'hsr0' already exists in 'hsr'
[  252.279396][T13498] Cannot create hsr debugfs directory
[  252.569025][T13498] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  252.577758][T13498] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  252.586658][T13498] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  252.595593][T13498] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  252.631817][T13498] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.649282][T13498] 8021q: adding VLAN 0 to HW filter on device team0
[  252.660889][T13602] loop5: detected capacity change from 0 to 256
[  252.662292][ T2365] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.674375][ T2365] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.685299][T13602] FAT-fs (loop5): codepage cp874 not found
[  252.699123][ T2365] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.706310][ T2365] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.798932][T13498] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.920810][T13498] veth0_vlan: entered promiscuous mode
[  252.929078][T13498] veth1_vlan: entered promiscuous mode
[  252.948651][T13498] veth0_macvtap: entered promiscuous mode
[  252.957391][T13498] veth1_macvtap: entered promiscuous mode
[  252.969761][T13498] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.980978][T13498] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.992403][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.002215][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.011932][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.022036][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.413717][T13662] FAULT_INJECTION: forcing a failure.
[  253.413717][T13662] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  253.427332][T13662] CPU: 1 UID: 0 PID: 13662 Comm: syz.2.2958 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  253.427372][T13662] Tainted: [W]=WARN
[  253.427379][T13662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  253.427437][T13662] Call Trace:
[  253.427443][T13662]  <TASK>
[  253.427452][T13662]  __dump_stack+0x1d/0x30
[  253.427479][T13662]  dump_stack_lvl+0xe8/0x140
[  253.427497][T13662]  dump_stack+0x15/0x1b
[  253.427513][T13662]  should_fail_ex+0x265/0x280
[  253.427536][T13662]  should_fail_alloc_page+0xf2/0x100
[  253.427619][T13662]  __alloc_frozen_pages_noprof+0xff/0x360
[  253.427657][T13662]  alloc_pages_mpol+0xb3/0x250
[  253.427733][T13662]  vma_alloc_folio_noprof+0x1aa/0x300
[  253.427760][T13662]  do_wp_page+0x5db/0x24e0
[  253.427858][T13662]  ? __list_del_entry_valid_or_report+0x65/0x130
[  253.427887][T13662]  ? __rcu_read_lock+0x37/0x50
[  253.427911][T13662]  handle_mm_fault+0x77d/0x2c20
[  253.427940][T13662]  ? __rcu_read_unlock+0x4f/0x70
[  253.428028][T13662]  do_user_addr_fault+0x3fe/0x1080
[  253.428050][T13662]  exc_page_fault+0x62/0xa0
[  253.428077][T13662]  asm_exc_page_fault+0x26/0x30
[  253.428095][T13662] RIP: 0010:rep_movs_alternative+0x33/0x90
[  253.428182][T13662] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd f8 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  253.428198][T13662] RSP: 0018:ffffc9000c157a00 EFLAGS: 00050202
[  253.428219][T13662] RAX: 1056160000003333 RBX: ffffc9000c157da8 RCX: 000000000000000c
[  253.428267][T13662] RDX: 0000000000000000 RSI: ffff888118ff8802 RDI: 0000200000001400
[  253.428283][T13662] RBP: 0000000000000000 R08: 00000000000000cb R09: 0000000000000000
[  253.428298][T13662] R10: 0001888118ff8802 R11: 0001888118ff880d R12: ffffc9000c157d90
[  253.428314][T13662] R13: 000000000000000c R14: 000000000000000c R15: 000000000000000c
[  253.428337][T13662]  _copy_to_iter+0x2df/0xe70
[  253.428361][T13662]  ? update_load_avg+0x1da/0x820
[  253.428432][T13662]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  253.428492][T13662]  __skb_datagram_iter+0xc6/0x690
[  253.428517][T13662]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  253.428616][T13662]  skb_copy_datagram_iter+0x3d/0x110
[  253.428648][T13662]  tun_do_read+0x7e1/0x15d0
[  253.428674][T13662]  ? ref_tracker_alloc+0x1f2/0x2f0
[  253.428701][T13662]  ? __pfx_default_wake_function+0x10/0x10
[  253.428755][T13662]  tun_chr_read_iter+0x176/0x250
[  253.428786][T13662]  do_iter_readv_writev+0x4a1/0x540
[  253.428808][T13662]  vfs_readv+0x1ea/0x690
[  253.428874][T13662]  do_readv+0xe7/0x210
[  253.428895][T13662]  __x64_sys_readv+0x45/0x50
[  253.428938][T13662]  x64_sys_call+0x29fc/0x3000
[  253.428973][T13662]  do_syscall_64+0xd2/0x200
[  253.428988][T13662]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  253.429012][T13662]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  253.429039][T13662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.429096][T13662] RIP: 0033:0x7fd37235eec9
[  253.429109][T13662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.429125][T13662] RSP: 002b:00007fd370dbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  253.429200][T13662] RAX: ffffffffffffffda RBX: 00007fd3725b5fa0 RCX: 00007fd37235eec9
[  253.429216][T13662] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 0000000000000004
[  253.429276][T13662] RBP: 00007fd370dbf090 R08: 0000000000000000 R09: 0000000000000000
[  253.429287][T13662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.429298][T13662] R13: 00007fd3725b6038 R14: 00007fd3725b5fa0 R15: 00007fffcdbb32d8
[  253.429315][T13662]  </TASK>
[  254.122228][T13688] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13688 comm=syz.0.2969
[  254.458988][   T29] kauditd_printk_skb: 425 callbacks suppressed
[  254.459006][   T29] audit: type=1400 audit(1759444716.750:13318): avc:  denied  { sqpoll } for  pid=13713 comm="syz.4.2981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  254.535398][   T29] audit: type=1326 audit(1759444716.760:13319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13695 comm="syz.0.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12576eec9 code=0x7ffc0000
[  254.559074][   T29] audit: type=1326 audit(1759444716.760:13320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13695 comm="syz.0.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12576eec9 code=0x7ffc0000
[  254.596487][   T29] audit: type=1326 audit(1759444716.880:13321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8bd5655d67 code=0x7ffc0000
[  254.620238][   T29] audit: type=1326 audit(1759444716.890:13322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8bd55faf79 code=0x7ffc0000
[  254.644053][   T29] audit: type=1326 audit(1759444716.890:13323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8bd5655d67 code=0x7ffc0000
[  254.667684][   T29] audit: type=1326 audit(1759444716.890:13324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8bd55faf79 code=0x7ffc0000
[  254.692122][   T29] audit: type=1326 audit(1759444716.890:13325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  254.715787][   T29] audit: type=1326 audit(1759444716.890:13326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  254.739500][   T29] audit: type=1326 audit(1759444716.890:13327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13725 comm="syz.5.2985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8bd565eec9 code=0x7ffc0000
[  255.724191][T13852] netlink: 'syz.3.3002': attribute type 10 has an invalid length.
[  255.735652][T13852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.757642][T13852] batadv0: entered promiscuous mode
[  255.788450][T13852] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  255.803983][T13864] __nla_validate_parse: 7 callbacks suppressed
[  255.804003][T13864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3003'.
[  255.858477][T13872] loop3: detected capacity change from 0 to 512
[  255.867365][T13864] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3003'.
[  255.883885][T13872] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  255.901530][T13872] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  255.912212][T13872] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.3006: corrupted in-inode xattr: e_value size too large
[  255.929440][T13872] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.3006: couldn't read orphan inode 15 (err -117)
[  255.942083][T13887] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  255.952159][T13872] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.001303][T13897] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3007'.
[  256.010313][T13897] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3007'.
[  256.037941][T13899] vhci_hcd: default hub control req: 010b v0000 i0000 l0
[  256.101789][T13910] SELinux: syz.0.3011 (13910) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  256.141279][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.258808][T13939] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13939 comm=syz.2.3016
[  256.306967][T13947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3018'.
[  256.328665][T13947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3018'.
[  256.516632][T13983] loop3: detected capacity change from 0 to 512
[  256.528726][T13983] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  256.539329][T13983] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  256.547857][T13983] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.3023: corrupted in-inode xattr: e_value size too large
[  256.563590][T13983] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.3023: couldn't read orphan inode 15 (err -117)
[  256.576902][T13983] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.721469][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.742504][T14003] loop3: detected capacity change from 0 to 256
[  256.759257][T14003] FAT-fs (loop3): codepage cp874 not found
[  256.898525][   T12] ==================================================================
[  256.906746][   T12] BUG: KCSAN: data-race in alloc_pid / copy_process
[  256.913383][   T12] 
[  256.915711][   T12] read-write to 0xffffffff8685fc48 of 4 bytes by task 3303 on cpu 1:
[  256.923782][   T12]  alloc_pid+0x539/0x720
[  256.928479][   T12]  copy_process+0xe25/0x2000
[  256.933091][   T12]  kernel_clone+0x16c/0x5c0
[  256.937609][   T12]  __x64_sys_clone+0xe6/0x120
[  256.942300][   T12]  x64_sys_call+0x119c/0x3000
[  256.946988][   T12]  do_syscall_64+0xd2/0x200
[  256.951503][   T12]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.957497][   T12] 
[  256.959842][   T12] read to 0xffffffff8685fc48 of 4 bytes by task 12 on cpu 0:
[  256.967212][   T12]  copy_process+0x17fc/0x2000
[  256.971940][   T12]  kernel_clone+0x16c/0x5c0
[  256.976576][   T12]  user_mode_thread+0x7d/0xb0
[  256.981483][   T12]  call_usermodehelper_exec_work+0x7a/0x160
[  256.987884][   T12]  process_scheduled_works+0x4cb/0x9d0
[  256.993428][   T12]  worker_thread+0x582/0x770
[  256.998158][   T12]  kthread+0x489/0x510
[  257.002262][   T12]  ret_from_fork+0x11f/0x1b0
[  257.007214][   T12]  ret_from_fork_asm+0x1a/0x30
[  257.012152][   T12] 
[  257.014482][   T12] value changed: 0x80000135 -> 0x80000136
[  257.020226][   T12] 
[  257.022565][   T12] Reported by Kernel Concurrency Sanitizer on:
[  257.029277][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  257.040585][   T12] Tainted: [W]=WARN
[  257.044397][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  257.054550][   T12] Workqueue: events_unbound call_usermodehelper_exec_work
[  257.061692][   T12] ==================================================================