last executing test programs:

3.219539831s ago: executing program 2 (id=4506):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r1, &(0x7f0000000e40)=ANY=[], 0x158)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3a}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x68, 0xe, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x34, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x1c0, 0xe, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x190, 0x3, 0x0, 0x1, [{0xe4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xc9, 0x6, 0x1, 0x0, "fde80b91b72fa437c27b47f8e96f06a2e77483f1b7b24658a400e9ca482a88de2374e981725f0baf66ec00ecc9acdfb6e16259b6a31acbcc805fdb6044513c0db09a9e19b45799ce56a77dabe19cb180ee61ce20112f4f095e4cb88775a066a944222a625ae96af1afce02646d553a68adbad1fa8f3dbc5ea9047da508ef5e12cba8ef78f1052551aef5cbfc846112d2736286594eae1c86b3a96c58eae28155600335cef4847c6e353f701fd3f48e9dda292582965936e650412c1cecaa1cffb1437c98b9"}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffff8}]}, {0xa8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xa4, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "8ce1677e3343e241f994522eb45a68aaf79e7c7d4c53c8f6b14e057a1a59f45accda398dc8b9fe8577c19abbf63d7590c64fd0dc726aca8c5f47b2d01c610d80acad066f2cc9606f81fa225e0c7d9c8d1c3241d7016b5681d4b0bd62982d527c7cb8a2df458af54ca5857dc0768165e4f7473ff76ec903c65fb634dfa6b559121913b0d9ad5f7f6d821b4f0c08952bc3c32f2ba1c9d74594c9"}]}]}]}]}, @NFT_MSG_DELTABLE={0x108, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0xd9, 0x6, "7aba14293c0b0793ddabf09d6c3cfab4ff3a3275532366a7a67ba43c9ed0d97037de20d84f07452c5b6df31a5bee021ef9f5439465ae065853deaada20f7dc50e4f3bf5201c48be2e175bb02c1ab6e5df47b8eae92c6810b4a4f9bea285f12d21f49a89bd576a13c46b9027c6f4ddd2dc638d2fb800197fa9e1f31e514c0847aa9ef5a36a13dc536fae56640dd8789983aff58e6de3a4e799d08ec487ec311aef7d73735dd06b68c84052919db03fc19e476a97b0e577374d2ac529dbaae65bd914d0cf287b0b5645d72dcbc0c3fe7aac8a9b28d34"}]}, @NFT_MSG_NEWFLOWTABLE={0x78, 0x16, 0xa, 0xb05, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK={0x58, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1ff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x400}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'gre0\x00'}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3f4}, 0x1, 0x0, 0x0, 0x4004}, 0xc8010)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[], 0x1f0}, 0x1, 0x0, 0x0, 0x20040000}, 0x24020841)

2.327982746s ago: executing program 2 (id=4517):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x12, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, 0x0, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB=' \x00', @ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0)
getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="ab020000", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2, 0x0, 0x8}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sync()
sync()
r7 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r7, &(0x7f0000000ec0)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1, 0x4b8, 0x1ff)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x1, 0x6}, &(0x7f00000000c0)=0x8)
socket$kcm(0x29, 0xe, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

2.080892898s ago: executing program 4 (id=4520):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440), 0x10)
listen(r2, 0x5)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r5 = accept4$unix(r2, 0x0, 0x0, 0x0)
r6 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r6, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_pktinfo(r7, 0x0, 0x8, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000013c0)=0xc)
sendto$packet(r3, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658de3b024a6ea22baafb445bf8427c8055d00", 0xffffff3d, 0x0, 0x0, 0x0)
recvmsg(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/235, 0xeb}], 0x1}, 0x2)
sync()
timerfd_create(0x5, 0x80800)

2.074945298s ago: executing program 2 (id=4522):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r0 = openat(0xffffffffffffff9c, 0x0, 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x169042, 0x0)
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x6000, 0x0, 0x0)

1.791948289s ago: executing program 2 (id=4524):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000"], 0x48)
shmdt(0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000680)={'ip6tnl0\x00', <r1=>0x0, 0x0, 0x9, 0x40, 0x45387b54, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x40, 0x0, 0x0, 0xfffffffe}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000590000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x18)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB="00000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\a\x00'/28], 0x48)

1.78051672s ago: executing program 0 (id=4525):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r1, &(0x7f0000000e40)=ANY=[], 0x158)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3a}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x68, 0xe, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x34, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x29c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x26c, 0x3, 0x0, 0x1, [{0xe4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xc9, 0x6, 0x1, 0x0, "fde80b91b72fa437c27b47f8e96f06a2e77483f1b7b24658a400e9ca482a88de2374e981725f0baf66ec00ecc9acdfb6e16259b6a31acbcc805fdb6044513c0db09a9e19b45799ce56a77dabe19cb180ee61ce20112f4f095e4cb88775a066a944222a625ae96af1afce02646d553a68adbad1fa8f3dbc5ea9047da508ef5e12cba8ef78f1052551aef5cbfc846112d2736286594eae1c86b3a96c58eae28155600335cef4847c6e353f701fd3f48e9dda292582965936e650412c1cecaa1cffb1437c98b9"}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffff8}]}, {0xa8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xa4, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "8ce1677e3343e241f994522eb45a68aaf79e7c7d4c53c8f6b14e057a1a59f45accda398dc8b9fe8577c19abbf63d7590c64fd0dc726aca8c5f47b2d01c610d80acad066f2cc9606f81fa225e0c7d9c8d1c3241d7016b5681d4b0bd62982d527c7cb8a2df458af54ca5857dc0768165e4f7473ff76ec903c65fb634dfa6b559121913b0d9ad5f7f6d821b4f0c08952bc3c32f2ba1c9d74594c9"}]}]}, {0xdc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x2c, 0x7, 0x0, 0x1, @tunnel={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_KEY_END={0x98, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x84, 0x1, "1302a3d3596be284c900fcbe888878bf237bf323a13e97745bb35014715a9763f8be336a95d22bb0c49ec8cfaf18f32e6ae0f6db26e10925452a3cc58e4962c1e7a207157c8afe0d305c7848c9a3bccf109c4bb08cd9e4ab2e80a0e5fdd4634ae083c1114f586804f7cd21c716ecc64348cbb3621e51a8c5d1a17e1aa688accd"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_SET_ELEM_KEY={0x4}]}]}]}, @NFT_MSG_DELTABLE={0x108, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0xd9, 0x6, "7aba14293c0b0793ddabf09d6c3cfab4ff3a3275532366a7a67ba43c9ed0d97037de20d84f07452c5b6df31a5bee021ef9f5439465ae065853deaada20f7dc50e4f3bf5201c48be2e175bb02c1ab6e5df47b8eae92c6810b4a4f9bea285f12d21f49a89bd576a13c46b9027c6f4ddd2dc638d2fb800197fa9e1f31e514c0847aa9ef5a36a13dc536fae56640dd8789983aff58e6de3a4e799d08ec487ec311aef7d73735dd06b68c84052919db03fc19e476a97b0e577374d2ac529dbaae65bd914d0cf287b0b5645d72dcbc0c3fe7aac8a9b28d34"}]}, @NFT_MSG_NEWFLOWTABLE={0x17c, 0x16, 0xa, 0xb05, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK={0x94, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1ff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x400}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'pimreg\x00'}, {0x14, 0x1, 'dvmrp0\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HOOK={0x60, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'macvtap0\x00'}, {0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'vlan1\x00'}, {0x14, 0x1, 'vlan0\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'veth0_virt_wifi\x00'}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5d4}, 0x1, 0x0, 0x0, 0x4004}, 0xc8010)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[], 0x1f0}, 0x1, 0x0, 0x0, 0x20040000}, 0x24020841)

1.772858189s ago: executing program 1 (id=4526):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ftruncate(r0, 0x2007ffc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x0, 0x0, &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0d2e0020fdcc6177d93790ff", @ANYRES32, @ANYBLOB="0800000000000000950000000000000045"], 0x0}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
pivot_root(&(0x7f0000000000)='.\x00', 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f1, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
sendfile(r0, r0, 0x0, 0x800000009)

1.68495282s ago: executing program 2 (id=4527):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r1, &(0x7f0000000e40)=ANY=[], 0x158)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3a}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x68, 0xe, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x34, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x1c0, 0xe, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x190, 0x3, 0x0, 0x1, [{0xe4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xc9, 0x6, 0x1, 0x0, "fde80b91b72fa437c27b47f8e96f06a2e77483f1b7b24658a400e9ca482a88de2374e981725f0baf66ec00ecc9acdfb6e16259b6a31acbcc805fdb6044513c0db09a9e19b45799ce56a77dabe19cb180ee61ce20112f4f095e4cb88775a066a944222a625ae96af1afce02646d553a68adbad1fa8f3dbc5ea9047da508ef5e12cba8ef78f1052551aef5cbfc846112d2736286594eae1c86b3a96c58eae28155600335cef4847c6e353f701fd3f48e9dda292582965936e650412c1cecaa1cffb1437c98b9"}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffff8}]}, {0xa8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xa4, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "8ce1677e3343e241f994522eb45a68aaf79e7c7d4c53c8f6b14e057a1a59f45accda398dc8b9fe8577c19abbf63d7590c64fd0dc726aca8c5f47b2d01c610d80acad066f2cc9606f81fa225e0c7d9c8d1c3241d7016b5681d4b0bd62982d527c7cb8a2df458af54ca5857dc0768165e4f7473ff76ec903c65fb634dfa6b559121913b0d9ad5f7f6d821b4f0c08952bc3c32f2ba1c9d74594c9"}]}]}]}]}, @NFT_MSG_DELTABLE={0x108, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0xd9, 0x6, "7aba14293c0b0793ddabf09d6c3cfab4ff3a3275532366a7a67ba43c9ed0d97037de20d84f07452c5b6df31a5bee021ef9f5439465ae065853deaada20f7dc50e4f3bf5201c48be2e175bb02c1ab6e5df47b8eae92c6810b4a4f9bea285f12d21f49a89bd576a13c46b9027c6f4ddd2dc638d2fb800197fa9e1f31e514c0847aa9ef5a36a13dc536fae56640dd8789983aff58e6de3a4e799d08ec487ec311aef7d73735dd06b68c84052919db03fc19e476a97b0e577374d2ac529dbaae65bd914d0cf287b0b5645d72dcbc0c3fe7aac8a9b28d34"}]}, @NFT_MSG_NEWFLOWTABLE={0x78, 0x16, 0xa, 0xb05, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK={0x58, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1ff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x400}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'gre0\x00'}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3f4}, 0x1, 0x0, 0x0, 0x4004}, 0xc8010)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[], 0x1f0}, 0x1, 0x0, 0x0, 0x20040000}, 0x24020841)

1.485987861s ago: executing program 1 (id=4529):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0xc, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000340)=""/179)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
syz_io_uring_setup(0x298b, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100), &(0x7f0000000440))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x4, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r7=>0x0})
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r7}, 0x10, &(0x7f00000005c0)={&(0x7f0000000440)=@canfd={{0x0, 0x1, 0x1, 0x1}, 0x8, 0x2, 0x0, 0x0, "14bc1713b44180702fba9215e5e2c7555d558474b7d6732b412513d663c164c9ec427dab8f72d79d37ceecc995393f2ea5a2020d85d218e713862ee252508c03"}, 0x48}}, 0x0)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4004844)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x14)
close_range(r6, 0xffffffffffffffff, 0x0)

1.215708183s ago: executing program 1 (id=4531):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f02, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
socket(0x10, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r3)

1.143233063s ago: executing program 4 (id=4532):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80080, 0x0)
read$rfkill(r1, 0x0, 0x0)

1.142460853s ago: executing program 4 (id=4533):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000008c0)='sys_enter\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000240), 0x0)
unshare(0x20000400)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040))
ppoll(&(0x7f00000001c0)=[{r1, 0xc200}], 0x1, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b000000080043"], 0x28}}, 0x50)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x1a, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f00000007c0)="$eJzs3U1oM0UYwPEnaZImeXmbHERRkA6+CHpZ2uhZDNKCELC0jdgKwrbdaMialGyoRsS2J4+Kd0+Ch9KbBQ8F7VnoxZteRPDWi6BgBXVlv5LNV9PGpMH2/4OSycw8uzPZSXk27WYv3vj03UrJ0kp6Q6JJJRERkUuRrEQlEPEfo245IfLJd622A3n+wW8/PL22UUx6FWo5v/5CTik1N//Nex+m/G6ns3Kefevi19wv54+fP3nxz/o7ZUuVLVWtNZSutmo/NfQt01A7ZauiKbViGrplqHLVMupe+1f+dsza7m5T6dWdh+ndumFZSq82VcVoqkZNNepNpb+tl6tK0zT1MC0Ypni0uqrnRwzeHvNgMCH1el6fEZFUT0vxaCoDAgAAU9Wd/0edlH5Y/h/Syv83Za5QWFpVTud2/n/8zFnjwesnc37+f5rol/+/+KO3rY783zmdaOf/Ne/8oDQ8//9cbpD/92ZE98vI+X92AoPBaOYTPVWRjmdO/p/237+uwzePF9wC+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7adsW07EzwGP+1LCPznuJMGHf9ZEUk6R9/m+N9laxubknQv3HOOsfnxXnGv6D36Hc5ExBTjb7ubszaCK4+UIyvfmvt+/P5eccZtyZek7MTLomQk666nULxtL79aWFpUHj++dZlSOhyfk4w8Fo7/2l2dTnyuM97ff0KeexSK1yQj329LTUzZcSPb+/9oUalXXit0xafcfiLy860fFAAAAAAAxkxTLX3P3zVtULv3LSP5kvsxkSELkpG/+p/fL/Q9P49lnopNe/YAAAAAANwPVvODii5Ro+4WTLNfISUDm8ZQiHXUxEWkb+dEV038qi3PhGZ43fEkxLuDyX+d1xfBq3qTqOAfKZyBt5r8O6rIaOMJ5u/WRGLP/u43/XnTeUUOxF0AB+GmqFwjPNY9+HmnQvXt/Gjgdg79ibRqgo+NEgNeZ1np3U70ipUQ76mxI6MtgCc++/KP8b1BXjrxV8D7wzsfmoa9L9c5KF0FZxe9TfGJ/+IBAAAAcOvaSX9Q83K4OXwjkfDNcvjLPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYzSRr/TrKgze++xtThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYun8DAAD//7ct9c4=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x2c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x4000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r7, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0x32600)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001140)=@bpf_lsm={0x1d, 0x15, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, [@exit, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9f03}]}, &(0x7f0000000200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000b80)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000bc0)={0x5, 0xd, 0x9, 0x6}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000001040)=[0xffffffffffffffff, r6], &(0x7f0000001080)=[{0x1, 0x5, 0xb, 0x3}, {0x1, 0x3, 0x8, 0x1}, {0x2, 0x4, 0x8, 0x9}, {0x0, 0x3, 0x3, 0x9}, {0x1, 0x4, 0x2, 0x4}, {0x2, 0x4, 0x9, 0x8}, {0x2, 0x4, 0xe, 0x6}, {0x1, 0x4, 0x10, 0x7}, {0x1, 0x5, 0x8, 0x9}], 0x10, 0xa4}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff120048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x894)

1.099001924s ago: executing program 3 (id=4534):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0xc, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000340)=""/179)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
syz_io_uring_setup(0x298b, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x4, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r10=>0x0})
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r10}, 0x10, &(0x7f00000005c0)={&(0x7f0000000440)=@canfd={{0x0, 0x1, 0x1, 0x1}, 0x8, 0x2, 0x0, 0x0, "14bc1713b44180702fba9215e5e2c7555d558474b7d6732b412513d663c164c9ec427dab8f72d79d37ceecc995393f2ea5a2020d85d218e713862ee252508c03"}, 0x48}}, 0x0)
setsockopt$inet_buf(r9, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a)
r11 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4004844)
setsockopt$sock_int(r11, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x14)
close_range(r9, 0xffffffffffffffff, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r12}, 0x18)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_STATX={0x15, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x200, 0x2400, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0)

1.078517364s ago: executing program 3 (id=4535):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0xc, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000340)=""/179)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
syz_io_uring_setup(0x298b, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100), &(0x7f0000000440))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x4, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4004844)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x14)
close_range(r6, 0xffffffffffffffff, 0x0)

1.061662004s ago: executing program 3 (id=4536):
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x16, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
pwritev2(r1, &(0x7f0000000080)=[{&(0x7f0000000240)="000000000000000004ff7b2234b115a7bd08cafe13f81343d3fe5efb", 0x1c}, {0x0}], 0x2, 0x4, 0xff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000"], 0x50)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
socketpair(0x28, 0x5, 0x28, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="070000000800000000000000d9000000000000005e0e9d5211c00e2c947a3f9b", @ANYRESHEX, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES8=r3, @ANYRESDEC=r0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000880)=ANY=[@ANYBLOB="000000010000000000000048f2877e0000b337c8c6dae899f27530f3637d550970a5124f2e143fc733c9664bee212a34752c165f85666826987dc080597ce21d3b351ced37ca084483af7fc3d12200496520e5204f10e8fde1f5140afd3dc5801bab4ba1c0e8603fb1b2bebaa15cd69cfabcab3848e4cf2db935f8050f67398c8f9e5cc144506b06af", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008520000002000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), 0xffffffffffffffff, r6}}, 0x18)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f00000013c0)=@newtaction={0x88c, 0x30, 0x937, 0xfffffffc, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x400001, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x396bad78, 0x5, 0x8, 0x0, 0x0, 0xda1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x9, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x80000000, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x800, 0x10, 0x10, 0x0, 0x0, 0xfffffffc, 0x9, 0x4, 0x4, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x20000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3ffffffc, 0xffffffff, 0x0, 0x1, 0x3, 0x2, 0x0, 0x0, 0x5, 0x0, 0xffff0001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10200, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x7fffffff, 0x0, 0x100000, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x6, 0x2, 0x0, 0x2, 0x80000000, 0x7fffffff, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x40, 0x1, 0x3, 0xff, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x11f, 0x20, 0x3, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x497, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x0, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x7fff, 0x2e, 0x5, 0xfffffff5, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x7, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x1000025, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x7, 0x74e4, 0x7fff, 0x17, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x800007, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x7, 0x1c, 0x767, 0x7, 0x9, 0x9, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x8003, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x400000, 0xfffffff7, 0x4, 0x2, 0x0, 0x7ff, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0xd930, 0x6, 0x4, 0x7, 0x0, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x4, 0x4, 0x7fff, 0x4a5, 0x27, 0x6, 0x9, 0x8, 0x4000000, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0x6, 0x3, 0x7, 0x9, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x1, 0xb848, 0x6, 0x7, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0xd, 0x4, 0x4, 0x8, 0x80000005, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x1, 0x7, 0x4, 0xf4, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x1, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
syz_open_procfs(0x0, &(0x7f0000000400)='net/netlink\x00')
syz_usb_disconnect(0xffffffffffffffff)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

849.757285ms ago: executing program 0 (id=4537):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000000)={0xa, 0x4e23, 0x40000004, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x5, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00')
readv(r3, &(0x7f00000014c0)=[{&(0x7f0000000000)=""/22, 0x16}], 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000017c0), 0x189182, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000001880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6, 0x0, 0x7}, 0x18)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000080)='0', 0x1}], 0x2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r8, &(0x7f0000000180)=[{&(0x7f0000000000)=""/59, 0x3b}, {&(0x7f0000000440)=""/73, 0x49}], 0x2)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r7)
sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)={0x14, r9, 0x801, 0x70bd27, 0x0, {0x2a}}, 0x14}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0)
ioctl$KDSKBENT(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x9})
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r10, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r10, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30)

762.554836ms ago: executing program 2 (id=4538):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x169042, 0x0)
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x6000, 0x0, 0x0)

525.281547ms ago: executing program 0 (id=4539):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x4}, 0x18)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

469.163268ms ago: executing program 1 (id=4540):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x12, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, 0x0, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB=' \x00', @ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0)
getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="ab020000", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2, 0x0, 0x8}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sync()
sync()
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/timer_list\x00', 0x0, 0x0)
preadv(r7, 0x0, 0x0, 0x4b8, 0x1ff)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x1, 0x6}, &(0x7f00000000c0)=0x8)
socket$kcm(0x29, 0xe, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

408.737368ms ago: executing program 0 (id=4541):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0xc, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000340)=""/179)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
syz_io_uring_setup(0x298b, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100), &(0x7f0000000440))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, &(0x7f00000001c0)=0x4, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4004844)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x14)
close_range(r6, 0xffffffffffffffff, 0x0)

362.038048ms ago: executing program 0 (id=4542):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff8}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ftruncate(r0, 0x2007ffc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=<r4=>r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x0, 0x0, &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000030000000900010073797a310000000020000000020a0104000000000000000000000000090001"], 0x9c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYRES16=r5, @ANYRES16=r4, @ANYBLOB="0800000000000000950000000000000045"], 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
pivot_root(&(0x7f0000000000)='.\x00', 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
sendfile(r0, r0, 0x0, 0x800000009)

254.905449ms ago: executing program 3 (id=4543):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80080, 0x0)
read$rfkill(r1, 0x0, 0x0)

251.370059ms ago: executing program 4 (id=4544):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lstat(0x0, &(0x7f0000000040))
bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_virt_wifi\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r1, r3, 0x25, 0x4, @val=@tcx={@void, @value=r2}}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
fdatasync(0xffffffffffffffff)
open(0x0, 0x80140, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f00000000c0)=0x10089, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={0x0, &(0x7f00000005c0)=""/217, 0x35, 0xd9, 0x1}, 0x28)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

223.883649ms ago: executing program 3 (id=4545):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r0 = openat(0xffffffffffffff9c, 0x0, 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000000005000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x169042, 0x0)
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x6000, 0x0, 0x0)

223.129709ms ago: executing program 4 (id=4546):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
socketpair(0x1a, 0x6, 0x2, &(0x7f0000000100)) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) (async)
r3 = socket(0x10, 0x803, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0) (async)
syz_open_dev$sg(0x0, 0x0, 0x22c01)
prctl$PR_SET_NAME(0xf, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace(0x11, r4) (async)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r2, 0x0, 0xf7}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0) (async)
sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r7=>0x0})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

184.132599ms ago: executing program 4 (id=4547):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r1, &(0x7f0000000e40)=ANY=[], 0x158)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x3a}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x68, 0xe, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x34, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x29c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x26c, 0x3, 0x0, 0x1, [{0xe4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xc9, 0x6, 0x1, 0x0, "fde80b91b72fa437c27b47f8e96f06a2e77483f1b7b24658a400e9ca482a88de2374e981725f0baf66ec00ecc9acdfb6e16259b6a31acbcc805fdb6044513c0db09a9e19b45799ce56a77dabe19cb180ee61ce20112f4f095e4cb88775a066a944222a625ae96af1afce02646d553a68adbad1fa8f3dbc5ea9047da508ef5e12cba8ef78f1052551aef5cbfc846112d2736286594eae1c86b3a96c58eae28155600335cef4847c6e353f701fd3f48e9dda292582965936e650412c1cecaa1cffb1437c98b9"}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffffff8}]}, {0xa8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xa4, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9d, 0x1, "8ce1677e3343e241f994522eb45a68aaf79e7c7d4c53c8f6b14e057a1a59f45accda398dc8b9fe8577c19abbf63d7590c64fd0dc726aca8c5f47b2d01c610d80acad066f2cc9606f81fa225e0c7d9c8d1c3241d7016b5681d4b0bd62982d527c7cb8a2df458af54ca5857dc0768165e4f7473ff76ec903c65fb634dfa6b559121913b0d9ad5f7f6d821b4f0c08952bc3c32f2ba1c9d74594c9"}]}]}, {0xdc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x2c, 0x7, 0x0, 0x1, @tunnel={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_KEY_END={0x98, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x84, 0x1, "1302a3d3596be284c900fcbe888878bf237bf323a13e97745bb35014715a9763f8be336a95d22bb0c49ec8cfaf18f32e6ae0f6db26e10925452a3cc58e4962c1e7a207157c8afe0d305c7848c9a3bccf109c4bb08cd9e4ab2e80a0e5fdd4634ae083c1114f586804f7cd21c716ecc64348cbb3621e51a8c5d1a17e1aa688accd"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_SET_ELEM_KEY={0x4}]}]}]}, @NFT_MSG_DELTABLE={0x108, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0xd9, 0x6, "7aba14293c0b0793ddabf09d6c3cfab4ff3a3275532366a7a67ba43c9ed0d97037de20d84f07452c5b6df31a5bee021ef9f5439465ae065853deaada20f7dc50e4f3bf5201c48be2e175bb02c1ab6e5df47b8eae92c6810b4a4f9bea285f12d21f49a89bd576a13c46b9027c6f4ddd2dc638d2fb800197fa9e1f31e514c0847aa9ef5a36a13dc536fae56640dd8789983aff58e6de3a4e799d08ec487ec311aef7d73735dd06b68c84052919db03fc19e476a97b0e577374d2ac529dbaae65bd914d0cf287b0b5645d72dcbc0c3fe7aac8a9b28d34"}]}, @NFT_MSG_NEWFLOWTABLE={0x17c, 0x16, 0xa, 0xb05, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK={0x94, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1ff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x400}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'gre0\x00'}, {0x14, 0x1, 'pimreg\x00'}, {0x14, 0x1, 'dvmrp0\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HOOK={0x60, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'macvtap0\x00'}, {0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'vlan1\x00'}, {0x14, 0x1, 'vlan0\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_team\x00'}, {0x14, 0x1, 'veth0_virt_wifi\x00'}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5d4}, 0x1, 0x0, 0x0, 0x4004}, 0xc8010)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[], 0x1f0}, 0x1, 0x0, 0x0, 0x20040000}, 0x24020841)

183.424729ms ago: executing program 0 (id=4548):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000000)={0xa, 0x4e23, 0x40000004, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x5, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00')
readv(r2, &(0x7f00000014c0)=[{&(0x7f0000000000)=""/22, 0x16}], 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000017c0), 0x189182, 0x0)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000080)='0', 0x1}], 0x2)

182.688449ms ago: executing program 1 (id=4549):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0xeffb, 0x9)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x41, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x17, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r4}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$unix(0x1, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fallocate(r1, 0x8, 0x4000, 0x4000)

34.4157ms ago: executing program 1 (id=4550):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000000)={0xa, 0x4e23, 0x40000004, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x5, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00')
readv(r3, &(0x7f00000014c0)=[{&(0x7f0000000000)=""/22, 0x16}], 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000017c0), 0x189182, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000001880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6, 0x0, 0x7}, 0x18)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000080)='0', 0x1}], 0x2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r8, &(0x7f0000000180)=[{&(0x7f0000000000)=""/59, 0x3b}, {&(0x7f0000000440)=""/73, 0x49}], 0x2)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r7)
sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)={0x14, r9, 0x801, 0x70bd27, 0x0, {0x2a}}, 0x14}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0)
ioctl$KDSKBENT(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x9})
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r10, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)

0s ago: executing program 3 (id=4551):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0xc, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000340)=""/179)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
syz_io_uring_setup(0x298b, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100), &(0x7f0000000440))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r7=>0x0})
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r7}, 0x10, &(0x7f00000005c0)={&(0x7f0000000440)=@canfd={{0x0, 0x1, 0x1, 0x1}, 0x8, 0x2, 0x0, 0x0, "14bc1713b44180702fba9215e5e2c7555d558474b7d6732b412513d663c164c9ec427dab8f72d79d37ceecc995393f2ea5a2020d85d218e713862ee252508c03"}, 0x48}}, 0x0)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea00", 0x82)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x4004844)

kernel console output (not intermixed with test programs):

47: item fetching failed at offset 12/43
[  293.017879][   T29] audit: type=1400 audit(1761748294.129:50298): avc:  denied  { create } for  pid=15134 comm="syz.1.3994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  293.053309][T15132] netlink: 'syz.3.3993': attribute type 21 has an invalid length.
[  293.061151][T15132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3993'.
[  293.073782][   T29] audit: type=1400 audit(1761748294.159:50299): avc:  denied  { write } for  pid=15134 comm="syz.1.3994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  293.093490][   T29] audit: type=1400 audit(1761748294.159:50300): avc:  denied  { prog_load } for  pid=15131 comm="syz.3.3993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  293.112739][   T29] audit: type=1400 audit(1761748294.159:50301): avc:  denied  { bpf } for  pid=15131 comm="syz.3.3993" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.133552][   T29] audit: type=1400 audit(1761748294.159:50302): avc:  denied  { perfmon } for  pid=15131 comm="syz.3.3993" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  293.180299][T15137] sctp: [Deprecated]: syz.2.3995 (pid 15137) Use of int in maxseg socket option.
[  293.180299][T15137] Use struct sctp_assoc_value instead
[  293.195736][ T1051] hid-generic 0000:0000:0000.0047: probe with driver hid-generic failed with error -22
[  293.243115][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.327124][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.362897][ T3382] hid-generic 0000:0000:0000.0048: item fetching failed at offset 12/43
[  293.371502][ T3382] hid-generic 0000:0000:0000.0048: probe with driver hid-generic failed with error -22
[  293.385982][T15150] loop1: detected capacity change from 0 to 512
[  293.407802][T15150] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.412185][T15158] netlink: 'syz.2.4003': attribute type 21 has an invalid length.
[  293.428337][T15158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4003'.
[  293.459264][T15156] sctp: [Deprecated]: syz.0.4001 (pid 15156) Use of int in maxseg socket option.
[  293.459264][T15156] Use struct sctp_assoc_value instead
[  293.529679][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.550610][ T3382] hid-generic 0000:0000:0000.0049: item fetching failed at offset 12/43
[  293.559333][ T3382] hid-generic 0000:0000:0000.0049: probe with driver hid-generic failed with error -22
[  293.574798][T15177] netlink: 'syz.2.4010': attribute type 21 has an invalid length.
[  293.582689][T15177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4010'.
[  293.621530][T15179] sctp: [Deprecated]: syz.0.4011 (pid 15179) Use of int in maxseg socket option.
[  293.621530][T15179] Use struct sctp_assoc_value instead
[  293.904090][T15202] loop2: detected capacity change from 0 to 512
[  293.923894][T15202] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.996530][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.070265][T15211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4020'.
[  294.102573][T15211] loop2: detected capacity change from 0 to 128
[  294.113897][T15211] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  294.121794][T15211] FAT-fs (loop2): Filesystem has been set read-only
[  294.141435][T15211] bio_check_eod: 250206 callbacks suppressed
[  294.141453][T15211] syz.2.4020: attempt to access beyond end of device
[  294.141453][T15211] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  294.161699][T15211] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  294.169586][T15211] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  294.181815][T15211] syz.2.4020: attempt to access beyond end of device
[  294.181815][T15211] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.196155][T15211] syz.2.4020: attempt to access beyond end of device
[  294.196155][T15211] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.209903][T15211] syz.2.4020: attempt to access beyond end of device
[  294.209903][T15211] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.242575][T15209] syz.2.4020: attempt to access beyond end of device
[  294.242575][T15209] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.278135][T15211] syz.2.4020: attempt to access beyond end of device
[  294.278135][T15211] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.291518][T15209] syz.2.4020: attempt to access beyond end of device
[  294.291518][T15209] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[  294.307328][T15214] syz.2.4020: attempt to access beyond end of device
[  294.307328][T15214] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  294.320622][T15214] buffer_io_error: 191262 callbacks suppressed
[  294.320639][T15214] Buffer I/O error on dev loop2, logical block 2065, async page read
[  294.370889][T15214] syz.2.4020: attempt to access beyond end of device
[  294.370889][T15214] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  294.384182][T15214] Buffer I/O error on dev loop2, logical block 2066, async page read
[  294.392797][T15214] syz.2.4020: attempt to access beyond end of device
[  294.392797][T15214] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[  294.406158][T15214] Buffer I/O error on dev loop2, logical block 2067, async page read
[  294.473571][T15214] Buffer I/O error on dev loop2, logical block 2068, async page read
[  294.482534][T15214] Buffer I/O error on dev loop2, logical block 2069, async page read
[  294.491227][T15214] Buffer I/O error on dev loop2, logical block 2070, async page read
[  294.499434][T15214] Buffer I/O error on dev loop2, logical block 2071, async page read
[  294.507678][T15214] Buffer I/O error on dev loop2, logical block 2072, async page read
[  294.548169][T15214] Buffer I/O error on dev loop2, logical block 2065, async page read
[  294.556458][T15214] Buffer I/O error on dev loop2, logical block 2066, async page read
[  294.567265][T15224] loop3: detected capacity change from 0 to 512
[  294.575816][T15228] netlink: 'syz.1.4026': attribute type 21 has an invalid length.
[  294.583719][T15228] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4026'.
[  294.608418][T15224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.884989][    T9] hid-generic 0000:0000:0000.004A: item fetching failed at offset 12/43
[  294.893585][    T9] hid-generic 0000:0000:0000.004A: probe with driver hid-generic failed with error -22
[  294.905613][T15257] netlink: 'syz.0.4038': attribute type 21 has an invalid length.
[  294.913494][T15257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4038'.
[  295.097560][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.544152][T15281] sctp: [Deprecated]: syz.1.4047 (pid 15281) Use of int in maxseg socket option.
[  295.544152][T15281] Use struct sctp_assoc_value instead
[  295.927469][T15292] loop4: detected capacity change from 0 to 2048
[  296.049480][T15292]  loop4: p1 p2 p3
[  296.158072][T15311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4055'.
[  296.187574][T15311] loop2: detected capacity change from 0 to 128
[  296.199222][T15311] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  296.207175][T15311] FAT-fs (loop2): Filesystem has been set read-only
[  296.213977][T15311] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  296.221835][T15311] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  296.457425][T15323] loop4: detected capacity change from 0 to 2048
[  296.481186][T15323] EXT4-fs: Ignoring removed bh option
[  296.506897][T15323] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  296.539570][T15323] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  296.576758][T15323] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  296.589150][T15323] EXT4-fs (loop4): This should not happen!! Data will be lost
[  296.589150][T15323] 
[  296.598885][T15323] EXT4-fs (loop4): Total free blocks count 0
[  296.604938][T15323] EXT4-fs (loop4): Free/Dirty block details
[  296.610844][T15323] EXT4-fs (loop4): free_blocks=2415919104
[  296.616692][T15323] EXT4-fs (loop4): dirty_blocks=32
[  296.621858][T15323] EXT4-fs (loop4): Block reservation details
[  296.627866][T15323] EXT4-fs (loop4): i_reserved_data_blocks=2
[  296.979777][T15331] loop3: detected capacity change from 0 to 2048
[  297.002674][T15331] EXT4-fs: Ignoring removed bh option
[  297.067136][T15339] loop0: detected capacity change from 0 to 2048
[  297.078847][T15331] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.115572][T15339]  loop0: p1 p2 p3
[  297.178913][T15331] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  297.302486][T15331] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  297.314981][T15331] EXT4-fs (loop3): This should not happen!! Data will be lost
[  297.314981][T15331] 
[  297.324642][T15331] EXT4-fs (loop3): Total free blocks count 0
[  297.330755][T15331] EXT4-fs (loop3): Free/Dirty block details
[  297.336678][T15331] EXT4-fs (loop3): free_blocks=2415919104
[  297.342661][T15331] EXT4-fs (loop3): dirty_blocks=32
[  297.347993][T15331] EXT4-fs (loop3): Block reservation details
[  297.354016][T15331] EXT4-fs (loop3): i_reserved_data_blocks=2
[  297.366751][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.467512][T15358] sctp: [Deprecated]: syz.2.4078 (pid 15358) Use of int in maxseg socket option.
[  297.467512][T15358] Use struct sctp_assoc_value instead
[  297.484859][T15365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4079'.
[  297.513095][T15365] loop0: detected capacity change from 0 to 128
[  297.526511][T15365] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  297.534417][T15365] FAT-fs (loop0): Filesystem has been set read-only
[  297.541405][T15365] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  297.549273][T15365] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  297.567582][T15367] netlink: 'syz.2.4080': attribute type 21 has an invalid length.
[  297.575518][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4080'.
[  297.703393][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.835253][   T29] kauditd_printk_skb: 880 callbacks suppressed
[  297.835266][   T29] audit: type=1400 audit(1761748298.949:51183): avc:  denied  { name_bind } for  pid=15387 comm="syz.1.4089" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  297.863342][   T29] audit: type=1400 audit(1761748298.949:51184): avc:  denied  { node_bind } for  pid=15387 comm="syz.1.4089" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  298.174442][   T29] audit: type=1326 audit(1761748299.289:51185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.198105][   T29] audit: type=1326 audit(1761748299.289:51186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.221762][   T29] audit: type=1326 audit(1761748299.289:51187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.245379][   T29] audit: type=1326 audit(1761748299.289:51188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.268905][   T29] audit: type=1326 audit(1761748299.289:51189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.292476][   T29] audit: type=1326 audit(1761748299.289:51190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.316062][   T29] audit: type=1326 audit(1761748299.289:51191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.339597][   T29] audit: type=1326 audit(1761748299.289:51192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15393 comm="syz.4.4091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff08c29efc9 code=0x7ffc0000
[  298.525141][T15398] sctp: [Deprecated]: syz.2.4092 (pid 15398) Use of int in maxseg socket option.
[  298.525141][T15398] Use struct sctp_assoc_value instead
[  298.545918][ T3382] hid_parser_main: 30 callbacks suppressed
[  298.545935][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.559276][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.566695][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.574099][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.581583][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.589056][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.596497][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x7
[  298.603901][ T3382] hid-generic 0000:0000:0000.004B: unknown main item tag 0x0
[  298.611312][ T3382] hid-generic 0000:0000:0000.004B: item fetching failed at offset 12/43
[  298.621712][ T3382] hid-generic 0000:0000:0000.004B: probe with driver hid-generic failed with error -22
[  298.638774][T15415] netlink: 'syz.3.4100': attribute type 21 has an invalid length.
[  298.646641][T15415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4100'.
[  298.666674][T15418] loop4: detected capacity change from 0 to 2048
[  298.674316][T15418] EXT4-fs: Ignoring removed bh option
[  298.731692][T15418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.747151][T15418] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  298.762306][T15418] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  298.774794][T15418] EXT4-fs (loop4): This should not happen!! Data will be lost
[  298.774794][T15418] 
[  298.784497][T15418] EXT4-fs (loop4): Total free blocks count 0
[  298.790472][T15418] EXT4-fs (loop4): Free/Dirty block details
[  298.796470][T15418] EXT4-fs (loop4): free_blocks=2415919104
[  298.802177][T15418] EXT4-fs (loop4): dirty_blocks=32
[  298.807319][T15418] EXT4-fs (loop4): Block reservation details
[  298.813329][T15418] EXT4-fs (loop4): i_reserved_data_blocks=2
[  299.043835][ T1051] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0
[  299.051455][ T1051] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0
[  299.058940][ T1051] hid-generic 0000:0000:0000.004C: item fetching failed at offset 12/43
[  299.083650][ T1051] hid-generic 0000:0000:0000.004C: probe with driver hid-generic failed with error -22
[  299.096191][T15453] netlink: 'syz.1.4113': attribute type 21 has an invalid length.
[  299.104048][T15453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4113'.
[  299.347495][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.423320][T15464] sctp: [Deprecated]: syz.4.4115 (pid 15464) Use of int in maxseg socket option.
[  299.423320][T15464] Use struct sctp_assoc_value instead
[  300.081685][T15475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4118'.
[  300.170389][T15475] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4118'.
[  300.484446][T15490] loop3: detected capacity change from 0 to 512
[  300.494730][T15490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.514917][T15509] sctp: [Deprecated]: syz.2.4131 (pid 15509) Use of int in maxseg socket option.
[  300.514917][T15509] Use struct sctp_assoc_value instead
[  300.577801][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.727445][T15538] FAULT_INJECTION: forcing a failure.
[  300.727445][T15538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  300.740540][T15538] CPU: 0 UID: 0 PID: 15538 Comm: syz.0.4140 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  300.740566][T15538] Tainted: [W]=WARN
[  300.740578][T15538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  300.740586][T15538] Call Trace:
[  300.740651][T15538]  <TASK>
[  300.740656][T15538]  __dump_stack+0x1d/0x30
[  300.740670][T15538]  dump_stack_lvl+0xe8/0x140
[  300.740681][T15538]  dump_stack+0x15/0x1b
[  300.740691][T15538]  should_fail_ex+0x265/0x280
[  300.740707][T15538]  should_fail+0xb/0x20
[  300.740742][T15538]  should_fail_usercopy+0x1a/0x20
[  300.740753][T15538]  _copy_from_user+0x1c/0xb0
[  300.740767][T15538]  ___sys_sendmsg+0xc1/0x1d0
[  300.740799][T15538]  __x64_sys_sendmsg+0xd4/0x160
[  300.740824][T15538]  x64_sys_call+0x191e/0x3000
[  300.740837][T15538]  do_syscall_64+0xd2/0x200
[  300.740848][T15538]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  300.740899][T15538]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  300.740915][T15538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.740926][T15538] RIP: 0033:0x7f30585befc9
[  300.740986][T15538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.740996][T15538] RSP: 002b:00007f305701f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  300.741008][T15538] RAX: ffffffffffffffda RBX: 00007f3058815fa0 RCX: 00007f30585befc9
[  300.741015][T15538] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 000000000000000c
[  300.741022][T15538] RBP: 00007f305701f090 R08: 0000000000000000 R09: 0000000000000000
[  300.741029][T15538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.741035][T15538] R13: 00007f3058816038 R14: 00007f3058815fa0 R15: 00007ffc20c1e178
[  300.741078][T15538]  </TASK>
[  300.766302][T15536] sctp: [Deprecated]: syz.3.4139 (pid 15536) Use of int in maxseg socket option.
[  300.766302][T15536] Use struct sctp_assoc_value instead
[  300.804110][T15541] loop0: detected capacity change from 0 to 2048
[  300.938806][T15541] EXT4-fs: Ignoring removed bh option
[  300.964312][T15541] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.980412][T15541] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  300.995643][T15541] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  301.008005][T15541] EXT4-fs (loop0): This should not happen!! Data will be lost
[  301.008005][T15541] 
[  301.017652][T15541] EXT4-fs (loop0): Total free blocks count 0
[  301.020273][T15548] sctp: [Deprecated]: syz.3.4144 (pid 15548) Use of int in maxseg socket option.
[  301.020273][T15548] Use struct sctp_assoc_value instead
[  301.023667][T15541] EXT4-fs (loop0): Free/Dirty block details
[  301.023682][T15541] EXT4-fs (loop0): free_blocks=2415919104
[  301.049788][T15541] EXT4-fs (loop0): dirty_blocks=32
[  301.054940][T15541] EXT4-fs (loop0): Block reservation details
[  301.060913][T15541] EXT4-fs (loop0): i_reserved_data_blocks=2
[  301.081007][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.149329][T15559] loop0: detected capacity change from 0 to 512
[  301.184068][T15559] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.224418][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.276996][T15578] loop0: detected capacity change from 0 to 128
[  301.288561][T15578] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  301.292775][T15581] loop3: detected capacity change from 0 to 1024
[  301.296532][T15578] FAT-fs (loop0): Filesystem has been set read-only
[  301.309526][T15578] bio_check_eod: 179225 callbacks suppressed
[  301.309544][T15578] syz.0.4155: attempt to access beyond end of device
[  301.309544][T15578] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  301.309609][T15582] loop1: detected capacity change from 0 to 2048
[  301.315591][T15578] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  301.343596][T15578] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  301.344715][T15573] sctp: [Deprecated]: syz.4.4153 (pid 15573) Use of int in maxseg socket option.
[  301.344715][T15573] Use struct sctp_assoc_value instead
[  301.352115][T15578] syz.0.4155: attempt to access beyond end of device
[  301.352115][T15578] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.379312][T15577] syz.0.4155: attempt to access beyond end of device
[  301.379312][T15577] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.380320][T15581] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  301.392885][T15578] syz.0.4155: attempt to access beyond end of device
[  301.392885][T15578] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.418325][T15577] syz.0.4155: attempt to access beyond end of device
[  301.418325][T15577] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.419052][T15582]  loop1: p1 p2 p3
[  301.431714][T15577] syz.0.4155: attempt to access beyond end of device
[  301.431714][T15577] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.448809][T15578] syz.0.4155: attempt to access beyond end of device
[  301.448809][T15578] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.462068][T15578] syz.0.4155: attempt to access beyond end of device
[  301.462068][T15578] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.475373][T15577] syz.0.4155: attempt to access beyond end of device
[  301.475373][T15577] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.488790][T15578] syz.0.4155: attempt to access beyond end of device
[  301.488790][T15578] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  301.612004][T15599] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.4157: Allocating blocks 449-513 which overlap fs metadata
[  301.679202][T15605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4164'.
[  301.705779][T15605] loop2: detected capacity change from 0 to 128
[  301.713992][T15605] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  301.722077][T15605] FAT-fs (loop2): Filesystem has been set read-only
[  301.728757][T15605] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  301.736671][T15605] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  301.765579][T15607] buffer_io_error: 178110 callbacks suppressed
[  301.765631][T15607] Buffer I/O error on dev loop2, logical block 2065, async page read
[  301.779956][T15607] Buffer I/O error on dev loop2, logical block 2066, async page read
[  301.788037][T15607] Buffer I/O error on dev loop2, logical block 2067, async page read
[  301.796246][T15607] Buffer I/O error on dev loop2, logical block 2068, async page read
[  301.804472][T15607] Buffer I/O error on dev loop2, logical block 2069, async page read
[  301.812643][T15607] Buffer I/O error on dev loop2, logical block 2070, async page read
[  301.820737][T15607] Buffer I/O error on dev loop2, logical block 2071, async page read
[  301.828892][T15607] Buffer I/O error on dev loop2, logical block 2072, async page read
[  301.837194][T15605] Buffer I/O error on dev loop2, logical block 2065, async page read
[  301.845790][T15605] Buffer I/O error on dev loop2, logical block 2066, async page read
[  302.117223][T15580] EXT4-fs (loop3): pa ffff8881072b1620: logic 48, phys. 177, len 21
[  302.125321][T15580] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  302.145236][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.217244][T15614] loop3: detected capacity change from 0 to 512
[  302.234433][T15614] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.272981][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.320291][T15620] sctp: [Deprecated]: syz.0.4168 (pid 15620) Use of int in maxseg socket option.
[  302.320291][T15620] Use struct sctp_assoc_value instead
[  302.357320][T15627] loop0: detected capacity change from 0 to 2048
[  302.403671][T15627]  loop0: p1 p2 p3
[  302.481631][T15637] netlink: 10 bytes leftover after parsing attributes in process `syz.1.4176'.
[  302.494793][T15639] loop0: detected capacity change from 0 to 1024
[  302.501640][T15639] EXT4-fs: Ignoring removed orlov option
[  302.509729][T15639] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.675114][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.748986][T15659] loop0: detected capacity change from 0 to 128
[  302.757318][T15659] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  302.765274][T15659] FAT-fs (loop0): Filesystem has been set read-only
[  302.772418][T15659] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  302.780267][T15659] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  302.784421][T15660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4182'.
[  302.815359][T15660] loop1: detected capacity change from 0 to 128
[  302.823440][T15660] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  302.831260][T15660] FAT-fs (loop1): Filesystem has been set read-only
[  302.837916][T15660] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  302.845832][T15660] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  303.047104][   T29] kauditd_printk_skb: 910 callbacks suppressed
[  303.047116][   T29] audit: type=1326 audit(1761748304.159:52103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.076989][   T29] audit: type=1326 audit(1761748304.159:52104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.100604][   T29] audit: type=1326 audit(1761748304.159:52105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.198190][   T29] audit: type=1326 audit(1761748304.309:52106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.221711][   T29] audit: type=1326 audit(1761748304.309:52107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.245278][   T29] audit: type=1326 audit(1761748304.309:52108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.268911][   T29] audit: type=1326 audit(1761748304.309:52109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.292956][   T29] audit: type=1326 audit(1761748304.309:52110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.316542][   T29] audit: type=1326 audit(1761748304.309:52111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.340140][   T29] audit: type=1326 audit(1761748304.309:52112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.3.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f651870efc9 code=0x7ffc0000
[  303.609753][T15683] loop0: detected capacity change from 0 to 2048
[  303.655554][T15683]  loop0: p1 p2 p3
[  303.674789][T15681] sctp: [Deprecated]: syz.3.4189 (pid 15681) Use of int in maxseg socket option.
[  303.674789][T15681] Use struct sctp_assoc_value instead
[  303.729597][T15694] loop1: detected capacity change from 0 to 128
[  303.737581][T15694] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  303.745533][T15694] FAT-fs (loop1): Filesystem has been set read-only
[  303.752156][T15694] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  303.759988][T15694] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  303.777022][T15695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4194'.
[  303.808686][T15695] loop0: detected capacity change from 0 to 128
[  303.817621][T15695] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  303.825575][T15695] FAT-fs (loop0): Filesystem has been set read-only
[  303.832269][T15695] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  303.840105][T15695] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  304.387960][T15705] loop2: detected capacity change from 0 to 2048
[  304.412907][T15705] EXT4-fs: Ignoring removed bh option
[  304.464180][T15705] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.516911][T15705] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  304.547978][T15717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4202'.
[  304.603897][T15719] loop4: detected capacity change from 0 to 128
[  304.625451][T15719] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  304.633402][T15719] FAT-fs (loop4): Filesystem has been set read-only
[  304.642270][T15719] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  304.650260][T15719] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  304.667138][T15705] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  304.679638][T15705] EXT4-fs (loop2): This should not happen!! Data will be lost
[  304.679638][T15705] 
[  304.684271][T15725] loop1: detected capacity change from 0 to 2048
[  304.689471][T15705] EXT4-fs (loop2): Total free blocks count 0
[  304.701700][T15705] EXT4-fs (loop2): Free/Dirty block details
[  304.707715][T15705] EXT4-fs (loop2): free_blocks=2415919104
[  304.713508][T15705] EXT4-fs (loop2): dirty_blocks=32
[  304.718616][T15705] EXT4-fs (loop2): Block reservation details
[  304.724620][T15705] EXT4-fs (loop2): i_reserved_data_blocks=2
[  304.743792][T15725]  loop1: p1 p2 p3
[  305.164356][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.168286][T15744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4210'.
[  305.217021][T15744] loop0: detected capacity change from 0 to 128
[  305.224873][T15744] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  305.232707][T15744] FAT-fs (loop0): Filesystem has been set read-only
[  305.239326][T15744] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  305.247228][T15744] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  305.277549][T15748] netlink: 'syz.2.4213': attribute type 21 has an invalid length.
[  305.285412][T15748] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4213'.
[  305.398160][T15751] loop2: detected capacity change from 0 to 128
[  305.424158][T15751] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  305.432102][T15751] FAT-fs (loop2): Filesystem has been set read-only
[  305.444320][T15751] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  305.452166][T15751] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  305.474835][T15755] sctp: [Deprecated]: syz.4.4215 (pid 15755) Use of int in maxseg socket option.
[  305.474835][T15755] Use struct sctp_assoc_value instead
[  305.697525][T15761] loop1: detected capacity change from 0 to 2048
[  305.722174][T15763] loop3: detected capacity change from 0 to 512
[  305.773378][T15761]  loop1: p1 p2 p3
[  305.902134][T15763] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.918256][T15774] loop1: detected capacity change from 0 to 128
[  305.939665][T15774] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  305.947599][T15774] FAT-fs (loop1): Filesystem has been set read-only
[  305.964081][T15774] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  305.971966][T15774] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  306.109780][T15784] vlan2: entered promiscuous mode
[  306.114967][T15784] ip6gretap0: entered promiscuous mode
[  306.158531][T15784] loop4: detected capacity change from 0 to 512
[  306.169663][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.185219][T15784] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  306.211790][T15791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4226'.
[  306.236200][T15791] loop0: detected capacity change from 0 to 128
[  306.244219][T15791] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  306.252047][T15791] FAT-fs (loop0): Filesystem has been set read-only
[  306.262499][T15791] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  306.270357][T15791] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  306.288073][T15784] EXT4-fs (loop4): mount failed
[  306.312429][T15774] bio_check_eod: 415012 callbacks suppressed
[  306.312445][T15774] syz.1.4221: attempt to access beyond end of device
[  306.312445][T15774] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.312507][T15785] syz.0.4226: attempt to access beyond end of device
[  306.312507][T15785] loop0: rw=0, sector=2072, nr_sectors = 1 limit=128
[  306.331761][T15774] syz.1.4221: attempt to access beyond end of device
[  306.331761][T15774] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.344963][T15791] syz.0.4226: attempt to access beyond end of device
[  306.344963][T15791] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  306.371586][T15791] syz.0.4226: attempt to access beyond end of device
[  306.371586][T15791] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  306.386327][T15791] syz.0.4226: attempt to access beyond end of device
[  306.386327][T15791] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[  306.399732][T15791] syz.0.4226: attempt to access beyond end of device
[  306.399732][T15791] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[  306.400373][T15774] syz.1.4221: attempt to access beyond end of device
[  306.400373][T15774] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.415141][T15791] syz.0.4226: attempt to access beyond end of device
[  306.415141][T15791] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[  306.427054][T15774] syz.1.4221: attempt to access beyond end of device
[  306.427054][T15774] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.606408][T15812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4234'.
[  306.642738][T15812] loop2: detected capacity change from 0 to 128
[  306.664358][T15812] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  306.672250][T15812] FAT-fs (loop2): Filesystem has been set read-only
[  306.701714][T15812] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  306.709557][T15812] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  306.772494][T15791] buffer_io_error: 368790 callbacks suppressed
[  306.772508][T15791] Buffer I/O error on dev loop0, logical block 2065, async page read
[  306.786821][T15812] Buffer I/O error on dev loop2, logical block 2065, async page read
[  306.802503][T15812] Buffer I/O error on dev loop2, logical block 2066, async page read
[  306.802558][T15791] Buffer I/O error on dev loop0, logical block 2066, async page read
[  306.810618][T15812] Buffer I/O error on dev loop2, logical block 2067, async page read
[  306.810635][T15812] Buffer I/O error on dev loop2, logical block 2068, async page read
[  306.810651][T15812] Buffer I/O error on dev loop2, logical block 2069, async page read
[  306.818878][T15791] Buffer I/O error on dev loop0, logical block 2067, async page read
[  306.828634][T15812] Buffer I/O error on dev loop2, logical block 2070, async page read
[  306.844190][T15791] Buffer I/O error on dev loop0, logical block 2068, async page read
[  307.038451][T15824] loop0: detected capacity change from 0 to 128
[  307.057949][   T36] hid_parser_main: 6 callbacks suppressed
[  307.057967][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.071097][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.078497][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.085892][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.093295][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.100713][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.108123][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x7
[  307.115531][   T36] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  307.116746][T15824] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  307.122949][   T36] hid-generic 0000:0000:0000.004D: item fetching failed at offset 12/43
[  307.134291][   T36] hid-generic 0000:0000:0000.004D: probe with driver hid-generic failed with error -22
[  307.139191][T15824] FAT-fs (loop0): Filesystem has been set read-only
[  307.159753][T15827] netlink: 'syz.3.4240': attribute type 21 has an invalid length.
[  307.167675][T15827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4240'.
[  307.177156][T15824] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  307.185204][T15824] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  307.918233][T15869] loop3: detected capacity change from 0 to 2048
[  307.943034][T15869] EXT4-fs: Ignoring removed bh option
[  307.977052][T15869] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  307.998565][T15871] sctp: [Deprecated]: syz.0.4254 (pid 15871) Use of int in maxseg socket option.
[  307.998565][T15871] Use struct sctp_assoc_value instead
[  308.025859][T15869] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  308.055448][   T29] kauditd_printk_skb: 569 callbacks suppressed
[  308.055461][   T29] audit: type=1400 audit(1761748309.169:52681): avc:  denied  { prog_load } for  pid=15876 comm="syz.1.4255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  308.080909][   T29] audit: type=1400 audit(1761748309.169:52682): avc:  denied  { bpf } for  pid=15876 comm="syz.1.4255" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  308.101620][   T29] audit: type=1400 audit(1761748309.169:52683): avc:  denied  { perfmon } for  pid=15876 comm="syz.1.4255" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  308.139034][T15877] loop1: detected capacity change from 0 to 2048
[  308.142609][T15869] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  308.157888][T15869] EXT4-fs (loop3): This should not happen!! Data will be lost
[  308.157888][T15869] 
[  308.167541][T15869] EXT4-fs (loop3): Total free blocks count 0
[  308.173627][T15869] EXT4-fs (loop3): Free/Dirty block details
[  308.179519][T15869] EXT4-fs (loop3): free_blocks=2415919104
[  308.185282][T15869] EXT4-fs (loop3): dirty_blocks=32
[  308.190388][T15869] EXT4-fs (loop3): Block reservation details
[  308.196449][T15869] EXT4-fs (loop3): i_reserved_data_blocks=2
[  308.202465][   T29] audit: type=1400 audit(1761748309.239:52684): avc:  denied  { prog_run } for  pid=15876 comm="syz.1.4255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  308.203536][T15877]  loop1: p1 p2 p3
[  308.221733][   T29] audit: type=1326 audit(1761748309.299:52685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.249006][   T29] audit: type=1326 audit(1761748309.299:52686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.253374][T15880] sctp: [Deprecated]: syz.0.4256 (pid 15880) Use of int in maxseg socket option.
[  308.253374][T15880] Use struct sctp_assoc_value instead
[  308.272644][   T29] audit: type=1326 audit(1761748309.299:52687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.310587][   T29] audit: type=1326 audit(1761748309.299:52688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.334164][   T29] audit: type=1326 audit(1761748309.299:52689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.357803][   T29] audit: type=1326 audit(1761748309.299:52690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15878 comm="syz.0.4256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f30585befc9 code=0x7ffc0000
[  308.428758][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.588591][T15900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4262'.
[  308.770895][T15907] loop3: detected capacity change from 0 to 128
[  308.792147][T15907] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  308.800076][T15907] FAT-fs (loop3): Filesystem has been set read-only
[  308.971533][T15907] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  308.979467][T15907] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  309.004760][T15912] sctp: [Deprecated]: syz.2.4266 (pid 15912) Use of int in maxseg socket option.
[  309.004760][T15912] Use struct sctp_assoc_value instead
[  309.665000][T15932] loop2: detected capacity change from 0 to 512
[  309.717326][T15932] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.747399][T15943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4274'.
[  309.816707][T15946] loop1: detected capacity change from 0 to 128
[  309.853231][T15943] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  309.861100][T15943] FAT-fs (loop1): Filesystem has been set read-only
[  309.876292][T15943] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  309.884291][T15943] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  309.961643][T15948] loop4: detected capacity change from 0 to 2048
[  309.968450][T15948] EXT4-fs: Ignoring removed bh option
[  309.977155][T15945] loop3: detected capacity change from 0 to 2048
[  310.005014][T15948] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.032636][T15945] EXT4-fs: Ignoring removed bh option
[  310.042642][T15948] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  310.065537][T15948] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  310.077965][T15948] EXT4-fs (loop4): This should not happen!! Data will be lost
[  310.077965][T15948] 
[  310.087629][T15948] EXT4-fs (loop4): Total free blocks count 0
[  310.093629][T15948] EXT4-fs (loop4): Free/Dirty block details
[  310.099544][T15948] EXT4-fs (loop4): free_blocks=2415919104
[  310.105284][T15948] EXT4-fs (loop4): dirty_blocks=32
[  310.110393][T15948] EXT4-fs (loop4): Block reservation details
[  310.116389][T15948] EXT4-fs (loop4): i_reserved_data_blocks=2
[  310.162788][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.256099][T15957] loop4: detected capacity change from 0 to 512
[  310.303272][T15957] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  310.342698][T15957] EXT4-fs (loop4): mount failed
[  310.343216][T15945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.405091][T15945] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  310.430954][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.476375][T15945] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  310.488778][T15945] EXT4-fs (loop3): This should not happen!! Data will be lost
[  310.488778][T15945] 
[  310.498543][T15945] EXT4-fs (loop3): Total free blocks count 0
[  310.504566][T15945] EXT4-fs (loop3): Free/Dirty block details
[  310.510542][T15945] EXT4-fs (loop3): free_blocks=2415919104
[  310.516290][T15945] EXT4-fs (loop3): dirty_blocks=32
[  310.521395][T15945] EXT4-fs (loop3): Block reservation details
[  310.527408][T15945] EXT4-fs (loop3): i_reserved_data_blocks=2
[  310.545645][T15972] loop0: detected capacity change from 0 to 128
[  310.559423][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4281'.
[  310.583568][T15972] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  310.591411][T15972] FAT-fs (loop0): Filesystem has been set read-only
[  310.599950][T15971] loop4: detected capacity change from 0 to 128
[  310.619691][T15971] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  310.627684][T15971] FAT-fs (loop4): Filesystem has been set read-only
[  310.652972][T15971] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  310.660844][T15971] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  310.668962][T15972] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  310.676865][T15972] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  310.883075][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.912476][T15964] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  310.961726][T15964] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  310.969659][T15964] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  311.123114][T15986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4284'.
[  311.203746][T15988] loop3: detected capacity change from 0 to 128
[  311.215599][T15986] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  311.223481][T15986] FAT-fs (loop3): Filesystem has been set read-only
[  311.230184][T15986] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  311.238105][T15986] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  311.323538][T15986] bio_check_eod: 147637 callbacks suppressed
[  311.323552][T15986] syz.3.4284: attempt to access beyond end of device
[  311.323552][T15986] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128
[  311.349326][T15971] syz.4.4281: attempt to access beyond end of device
[  311.349326][T15971] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  311.378001][T15986] syz.3.4284: attempt to access beyond end of device
[  311.378001][T15986] loop3: rw=0, sector=2066, nr_sectors = 1 limit=128
[  311.395170][T15971] syz.4.4281: attempt to access beyond end of device
[  311.395170][T15971] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  311.428930][T15971] syz.4.4281: attempt to access beyond end of device
[  311.428930][T15971] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  311.442300][T15972] syz.0.4280: attempt to access beyond end of device
[  311.442300][T15972] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  311.455905][T15986] syz.3.4284: attempt to access beyond end of device
[  311.455905][T15986] loop3: rw=0, sector=2067, nr_sectors = 1 limit=128
[  311.479319][T15971] syz.4.4281: attempt to access beyond end of device
[  311.479319][T15971] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  311.493697][T15986] syz.3.4284: attempt to access beyond end of device
[  311.493697][T15986] loop3: rw=0, sector=2068, nr_sectors = 1 limit=128
[  311.507252][T15972] syz.0.4280: attempt to access beyond end of device
[  311.507252][T15972] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  311.610402][ T1051] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0
[  311.617884][ T1051] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0
[  311.625351][ T1051] hid-generic 0000:0000:0000.004E: item fetching failed at offset 12/43
[  311.638126][ T1051] hid-generic 0000:0000:0000.004E: probe with driver hid-generic failed with error -22
[  311.666708][T15997] netlink: 'syz.1.4290': attribute type 21 has an invalid length.
[  311.674591][T15997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4290'.
[  311.792567][T15986] buffer_io_error: 99103 callbacks suppressed
[  311.792582][T15986] Buffer I/O error on dev loop3, logical block 2066, async page read
[  311.959280][T15986] Buffer I/O error on dev loop3, logical block 2067, async page read
[  311.967470][T15986] Buffer I/O error on dev loop3, logical block 2068, async page read
[  311.974621][T16007] loop1: detected capacity change from 0 to 1024
[  311.975620][T15986] Buffer I/O error on dev loop3, logical block 2069, async page read
[  311.989965][T15986] Buffer I/O error on dev loop3, logical block 2070, async page read
[  311.998426][T15986] Buffer I/O error on dev loop3, logical block 2071, async page read
[  312.003838][T16007] EXT4-fs: Ignoring removed orlov option
[  312.006585][T15986] Buffer I/O error on dev loop3, logical block 2072, async page read
[  312.034446][T16007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.076622][ T3382] hid_parser_main: 6 callbacks suppressed
[  312.076641][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.089806][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.097269][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.104673][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.112063][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.119580][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.127013][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x7
[  312.134689][ T3382] hid-generic 0000:0000:0000.004F: unknown main item tag 0x0
[  312.142099][ T3382] hid-generic 0000:0000:0000.004F: item fetching failed at offset 12/43
[  312.151232][T16014] FAULT_INJECTION: forcing a failure.
[  312.151232][T16014] name failslab, interval 1, probability 0, space 0, times 0
[  312.163915][T16014] CPU: 1 UID: 0 PID: 16014 Comm: syz.1.4292 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  312.164025][T16014] Tainted: [W]=WARN
[  312.164031][T16014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  312.164042][T16014] Call Trace:
[  312.164127][T16014]  <TASK>
[  312.164135][T16014]  __dump_stack+0x1d/0x30
[  312.164159][T16014]  dump_stack_lvl+0xe8/0x140
[  312.164180][T16014]  dump_stack+0x15/0x1b
[  312.164197][T16014]  should_fail_ex+0x265/0x280
[  312.164216][T16014]  should_failslab+0x8c/0xb0
[  312.164301][T16014]  __kmalloc_noprof+0xa5/0x570
[  312.164337][T16014]  ? copy_splice_read+0xc2/0x660
[  312.164361][T16014]  copy_splice_read+0xc2/0x660
[  312.164387][T16014]  ? __pfx_ext4_file_splice_read+0x10/0x10
[  312.164417][T16014]  splice_direct_to_actor+0x290/0x680
[  312.164440][T16014]  ? __pfx_direct_splice_actor+0x10/0x10
[  312.164464][T16014]  do_splice_direct+0xda/0x150
[  312.164485][T16014]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  312.164566][T16014]  do_sendfile+0x380/0x650
[  312.164619][T16014]  __x64_sys_sendfile64+0x105/0x150
[  312.164645][T16014]  x64_sys_call+0x2bb4/0x3000
[  312.164664][T16014]  do_syscall_64+0xd2/0x200
[  312.164683][T16014]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  312.164775][T16014]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  312.164808][T16014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.164828][T16014] RIP: 0033:0x7fdadea0efc9
[  312.164843][T16014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.164858][T16014] RSP: 002b:00007fdadd44e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  312.164888][T16014] RAX: ffffffffffffffda RBX: 00007fdadec66090 RCX: 00007fdadea0efc9
[  312.164911][T16014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[  312.164924][T16014] RBP: 00007fdadd44e090 R08: 0000000000000000 R09: 0000000000000000
[  312.164936][T16014] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[  312.164949][T16014] R13: 00007fdadec66128 R14: 00007fdadec66090 R15: 00007ffe07b695e8
[  312.164968][T16014]  </TASK>
[  312.166751][T16016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4293'.
[  312.364184][T16013] netlink: 'syz.3.4294': attribute type 21 has an invalid length.
[  312.372355][ T3382] hid-generic 0000:0000:0000.004F: probe with driver hid-generic failed with error -22
[  312.375169][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4294'.
[  312.392012][T16018] loop0: detected capacity change from 0 to 128
[  312.475022][T16022] loop3: detected capacity change from 0 to 128
[  312.490211][T16022] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  312.513211][T16024] netlink: 'syz.2.4296': attribute type 21 has an invalid length.
[  312.521048][T16024] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4296'.
[  312.532676][T16022] ext4 filesystem being mounted at /291/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  312.613700][T16029] loop2: detected capacity change from 0 to 2048
[  312.644219][T16029]  loop2: p1 p2 p3
[  312.672803][T16016] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  312.680664][T16016] FAT-fs (loop0): Filesystem has been set read-only
[  312.687644][T16016] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  312.695526][T16016] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  312.704352][T16017] Buffer I/O error on dev loop0, logical block 2065, async page read
[  312.712673][T16017] Buffer I/O error on dev loop0, logical block 2066, async page read
[  312.714690][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.730438][T16017] Buffer I/O error on dev loop0, logical block 2067, async page read
[  312.910289][T12034] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  313.021487][T16043] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4300'.
[  313.037578][T16042] loop2: detected capacity change from 0 to 1024
[  313.072096][T16043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4300'.
[  313.085083][T16042] EXT4-fs: Ignoring removed orlov option
[  313.140411][T16043] loop1: detected capacity change from 0 to 128
[  313.146929][T16042] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.161732][T16043] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  313.169680][T16043] FAT-fs (loop1): Filesystem has been set read-only
[  313.176381][T16043] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  313.184249][T16043] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  313.326586][T16049] loop0: detected capacity change from 0 to 128
[  313.336330][T16049] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  313.344220][T16049] FAT-fs (loop0): Filesystem has been set read-only
[  313.351040][T16049] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  313.358952][T16049] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  313.662514][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.826865][ T1051] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0
[  313.834388][ T1051] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0
[  313.841844][ T1051] hid-generic 0000:0000:0000.0050: item fetching failed at offset 12/43
[  313.872465][ T1051] hid-generic 0000:0000:0000.0050: probe with driver hid-generic failed with error -22
[  313.896084][T16056] netlink: 'syz.2.4307': attribute type 21 has an invalid length.
[  313.904041][T16056] __nla_validate_parse: 1 callbacks suppressed
[  313.904054][T16056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4307'.
[  314.084200][   T29] kauditd_printk_skb: 417 callbacks suppressed
[  314.084213][   T29] audit: type=1326 audit(1761748315.199:53107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.222861][T16069] sctp: [Deprecated]: syz.2.4311 (pid 16069) Use of int in maxseg socket option.
[  314.222861][T16069] Use struct sctp_assoc_value instead
[  314.468031][T16074] loop4: detected capacity change from 0 to 1024
[  314.491132][T16074] EXT4-fs: Ignoring removed bh option
[  314.502373][   T29] audit: type=1326 audit(1761748315.229:53108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.526020][   T29] audit: type=1326 audit(1761748315.229:53109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.529233][T16074] EXT4-fs: inline encryption not supported
[  314.549591][   T29] audit: type=1326 audit(1761748315.229:53110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.549616][   T29] audit: type=1400 audit(1761748315.329:53111): avc:  denied  { create } for  pid=16062 comm="syz.2.4311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  314.549636][   T29] audit: type=1400 audit(1761748315.339:53112): avc:  denied  { shutdown } for  pid=16062 comm="syz.2.4311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  314.549654][   T29] audit: type=1400 audit(1761748315.339:53113): avc:  denied  { setopt } for  pid=16062 comm="syz.2.4311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  314.549740][   T29] audit: type=1326 audit(1761748315.409:53114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.560531][T16077] loop0: detected capacity change from 0 to 128
[  314.579128][   T29] audit: type=1326 audit(1761748315.419:53115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.601811][T16078] loop1: detected capacity change from 0 to 512
[  314.618646][   T29] audit: type=1326 audit(1761748315.419:53116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16062 comm="syz.2.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53ce4efc9 code=0x7ffc0000
[  314.703760][T16074] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  314.735415][T16077] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  314.743370][T16077] FAT-fs (loop0): Filesystem has been set read-only
[  314.749179][T16074] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  314.750241][T16077] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  314.766058][T16077] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  314.766999][T16074] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.4313: lblock 2 mapped to illegal pblock 2 (length 1)
[  314.810104][T16078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.841905][T16074] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.4313: lblock 0 mapped to illegal pblock 48 (length 1)
[  314.857717][T16074] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.4313: Failed to acquire dquot type 0
[  314.870645][T16074] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  314.880151][T16074] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4313: mark_inode_dirty error
[  314.893281][T16074] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  314.903504][T16074] EXT4-fs (loop4): 1 orphan inode deleted
[  314.909692][T16074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.923201][   T31] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1)
[  314.947232][T16074] can: request_module (can-proto-0) failed.
[  314.951475][T16090] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4318'.
[  314.971756][   T31] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:1: Failed to release dquot type 0
[  315.003813][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.021067][T16096] loop3: detected capacity change from 0 to 512
[  315.027995][T11252] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  315.065098][T11252] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  315.076032][T11252] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  315.090497][T16096] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  315.112686][T16096] EXT4-fs (loop3): orphan cleanup on readonly fs
[  315.126501][T16099] netlink: 'syz.2.4321': attribute type 21 has an invalid length.
[  315.134466][T16099] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4321'.
[  315.155456][T16096] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #16: comm syz.3.4319: corrupted inode contents
[  315.169021][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.182530][T16096] EXT4-fs (loop3): Remounting filesystem read-only
[  315.189179][T16096] EXT4-fs (loop3): 1 truncate cleaned up
[  315.195099][   T31] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  315.205634][   T31] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  315.217416][T16103] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4320'.
[  315.233574][T16103] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4320'.
[  315.247488][T16105] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4323'.
[  315.259985][   T31] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  315.270288][T16105] loop2: detected capacity change from 0 to 128
[  315.283198][T16105] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  315.291060][T16105] FAT-fs (loop2): Filesystem has been set read-only
[  315.291372][T16096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  315.306046][T16105] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  315.318030][T16105] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  315.318278][T16108] loop4: detected capacity change from 0 to 128
[  315.347734][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.350112][T16103] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  315.364660][T16103] FAT-fs (loop4): Filesystem has been set read-only
[  315.371415][T16103] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  315.379424][T16103] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  315.442152][T16114] loop1: detected capacity change from 0 to 2048
[  315.454917][T16114] EXT4-fs: Ignoring removed bh option
[  315.475100][T16114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  315.509171][T16114] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  315.524444][T16114] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  315.536880][T16114] EXT4-fs (loop1): This should not happen!! Data will be lost
[  315.536880][T16114] 
[  315.546543][T16114] EXT4-fs (loop1): Total free blocks count 0
[  315.552580][T16114] EXT4-fs (loop1): Free/Dirty block details
[  315.558551][T16114] EXT4-fs (loop1): free_blocks=2415919104
[  315.564332][T16114] EXT4-fs (loop1): dirty_blocks=32
[  315.569435][T16114] EXT4-fs (loop1): Block reservation details
[  315.575555][T16114] EXT4-fs (loop1): i_reserved_data_blocks=2
[  315.592285][ T3382] hid-generic 0000:0000:0000.0051: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  315.615344][T16126] netlink: 'syz.0.4329': attribute type 21 has an invalid length.
[  315.623276][T16126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4329'.
[  315.743560][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.821723][T16134] FAULT_INJECTION: forcing a failure.
[  315.821723][T16134] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.834933][T16134] CPU: 0 UID: 0 PID: 16134 Comm: syz.1.4333 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  315.834968][T16134] Tainted: [W]=WARN
[  315.834975][T16134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  315.834988][T16134] Call Trace:
[  315.834996][T16134]  <TASK>
[  315.835048][T16134]  __dump_stack+0x1d/0x30
[  315.835070][T16134]  dump_stack_lvl+0xe8/0x140
[  315.835091][T16134]  dump_stack+0x15/0x1b
[  315.835109][T16134]  should_fail_ex+0x265/0x280
[  315.835130][T16134]  should_fail+0xb/0x20
[  315.835147][T16134]  should_fail_usercopy+0x1a/0x20
[  315.835202][T16134]  _copy_from_user+0x1c/0xb0
[  315.835282][T16134]  ___sys_sendmsg+0xc1/0x1d0
[  315.835325][T16134]  __x64_sys_sendmsg+0xd4/0x160
[  315.835388][T16134]  x64_sys_call+0x191e/0x3000
[  315.835411][T16134]  do_syscall_64+0xd2/0x200
[  315.835481][T16134]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  315.835514][T16134]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  315.835543][T16134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.835590][T16134] RIP: 0033:0x7fdadea0efc9
[  315.835669][T16134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.835687][T16134] RSP: 002b:00007fdadd46f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.835708][T16134] RAX: ffffffffffffffda RBX: 00007fdadec65fa0 RCX: 00007fdadea0efc9
[  315.835721][T16134] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000006
[  315.835735][T16134] RBP: 00007fdadd46f090 R08: 0000000000000000 R09: 0000000000000000
[  315.835817][T16134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.835830][T16134] R13: 00007fdadec66038 R14: 00007fdadec65fa0 R15: 00007ffe07b695e8
[  315.835849][T16134]  </TASK>
[  316.263984][    T9] hid-generic 0000:0000:0000.0052: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  316.276737][T16154] netlink: 'syz.3.4341': attribute type 21 has an invalid length.
[  316.284687][T16154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4341'.
[  316.559560][T16165] loop2: detected capacity change from 0 to 512
[  316.596538][T16165] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.721047][T16180] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4346'.
[  316.740886][T16186] loop4: detected capacity change from 0 to 2048
[  316.747564][T16186] EXT4-fs: Ignoring removed bh option
[  316.768094][T16186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.792714][T16180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4346'.
[  316.838222][    T9] hid-generic 0000:0000:0000.0053: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  316.853683][T16195] loop0: detected capacity change from 0 to 128
[  316.863583][T16186] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  316.882724][T16194] netlink: 'syz.1.4353': attribute type 21 has an invalid length.
[  316.929055][T16180] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  316.936947][T16180] FAT-fs (loop0): Filesystem has been set read-only
[  316.944009][T16180] bio_check_eod: 223913 callbacks suppressed
[  316.944024][T16180] syz.0.4346: attempt to access beyond end of device
[  316.944024][T16180] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  316.965031][T16186] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  316.977439][T16186] EXT4-fs (loop4): This should not happen!! Data will be lost
[  316.977439][T16186] 
[  316.987116][T16186] EXT4-fs (loop4): Total free blocks count 0
[  316.993122][T16186] EXT4-fs (loop4): Free/Dirty block details
[  316.999029][T16186] EXT4-fs (loop4): free_blocks=2415919104
[  317.004774][T16186] EXT4-fs (loop4): dirty_blocks=32
[  317.009890][T16186] EXT4-fs (loop4): Block reservation details
[  317.015928][T16186] EXT4-fs (loop4): i_reserved_data_blocks=2
[  317.026374][T16180] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  317.034361][T16180] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  317.043570][T16195] syz.0.4346: attempt to access beyond end of device
[  317.043570][T16195] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  317.048018][T16201] loop1: detected capacity change from 0 to 512
[  317.056831][T16195] buffer_io_error: 201909 callbacks suppressed
[  317.056844][T16195] Buffer I/O error on dev loop0, logical block 2065, async page read
[  317.077857][T16195] syz.0.4346: attempt to access beyond end of device
[  317.077857][T16195] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  317.091161][T16195] Buffer I/O error on dev loop0, logical block 2066, async page read
[  317.099450][T16195] syz.0.4346: attempt to access beyond end of device
[  317.099450][T16195] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[  317.112828][T16195] Buffer I/O error on dev loop0, logical block 2067, async page read
[  317.121287][T16201] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  317.121865][T16195] syz.0.4346: attempt to access beyond end of device
[  317.121865][T16195] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[  317.144494][T16195] Buffer I/O error on dev loop0, logical block 2068, async page read
[  317.153679][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.163732][T16201] EXT4-fs (loop1): 1 truncate cleaned up
[  317.169801][T16201] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  317.182553][T16195] syz.0.4346: attempt to access beyond end of device
[  317.182553][T16195] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[  317.195967][T16195] Buffer I/O error on dev loop0, logical block 2069, async page read
[  317.205522][T16195] syz.0.4346: attempt to access beyond end of device
[  317.205522][T16195] loop0: rw=0, sector=2070, nr_sectors = 1 limit=128
[  317.218771][T16195] Buffer I/O error on dev loop0, logical block 2070, async page read
[  317.227832][T16195] syz.0.4346: attempt to access beyond end of device
[  317.227832][T16195] loop0: rw=0, sector=2071, nr_sectors = 1 limit=128
[  317.241098][T16195] Buffer I/O error on dev loop0, logical block 2071, async page read
[  317.249307][T16195] syz.0.4346: attempt to access beyond end of device
[  317.249307][T16195] loop0: rw=0, sector=2072, nr_sectors = 1 limit=128
[  317.262548][T16195] Buffer I/O error on dev loop0, logical block 2072, async page read
[  317.271909][T16180] syz.0.4346: attempt to access beyond end of device
[  317.271909][T16180] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  317.285241][T16180] Buffer I/O error on dev loop0, logical block 2065, async page read
[  317.285355][T16201] loop1: detected capacity change from 512 to 0
[  317.293433][T16180] Buffer I/O error on dev loop0, logical block 2066, async page read
[  317.359627][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.408589][T16212] netlink: 'syz.2.4359': attribute type 1 has an invalid length.
[  317.435347][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.449145][T16214] netlink: 'syz.4.4361': attribute type 21 has an invalid length.
[  317.473149][T11782] EXT4-fs (loop1): I/O error while writing superblock
[  317.647386][T16219] netlink: 'syz.2.4364': attribute type 21 has an invalid length.
[  317.663397][T16234] loop0: detected capacity change from 0 to 128
[  317.672384][T16234] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  317.680288][T16234] FAT-fs (loop0): Filesystem has been set read-only
[  317.687310][T16234] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  317.695157][T16234] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  317.741032][T16240] netlink: 'syz.2.4371': attribute type 15 has an invalid length.
[  317.755798][   T52] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  317.764755][T16240] netlink: 'syz.2.4371': attribute type 15 has an invalid length.
[  317.772738][   T52] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  317.781733][   T52] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  317.790859][   T52] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  318.033462][T16249] loop2: detected capacity change from 0 to 1024
[  318.040351][T16249] EXT4-fs: Ignoring removed orlov option
[  318.049182][T16249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  318.063891][T16249] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.4374: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  318.095937][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.116886][T16253] loop2: detected capacity change from 0 to 1024
[  318.123676][T16253] EXT4-fs: Ignoring removed orlov option
[  318.131259][T16253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  318.158473][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.264740][T16268] loop2: detected capacity change from 0 to 128
[  318.272844][T16268] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  318.285464][T16268] ext4 filesystem being mounted at /298/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  318.336955][T16270] loop1: detected capacity change from 0 to 128
[  318.346121][T16270] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  318.354068][T16270] FAT-fs (loop1): Filesystem has been set read-only
[  318.360807][T16270] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  318.368723][T16270] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  318.441842][T12407] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  318.470662][T16275] netlink: 'syz.3.4385': attribute type 15 has an invalid length.
[  318.481352][   T31] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  318.481355][T16275] netlink: 'syz.3.4385': attribute type 15 has an invalid length.
[  318.502353][   T31] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  318.511729][   T31] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  318.529151][   T31] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  318.639328][T16289] loop2: detected capacity change from 0 to 2048
[  318.668094][T16289] EXT4-fs: Ignoring removed bh option
[  318.696966][T16289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  318.819777][T16296] loop3: detected capacity change from 0 to 128
[  318.855594][T16296] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  318.863642][T16296] FAT-fs (loop3): Filesystem has been set read-only
[  318.888436][T16296] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  318.890574][T16300] loop0: detected capacity change from 0 to 2048
[  318.896313][T16296] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  318.915712][T16289] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  318.932816][T16300] EXT4-fs: Ignoring removed bh option
[  318.935290][T16289] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  318.950558][T16289] EXT4-fs (loop2): This should not happen!! Data will be lost
[  318.950558][T16289] 
[  318.960311][T16289] EXT4-fs (loop2): Total free blocks count 0
[  318.966303][T16289] EXT4-fs (loop2): Free/Dirty block details
[  318.972185][T16289] EXT4-fs (loop2): free_blocks=2415919104
[  318.977926][T16289] EXT4-fs (loop2): dirty_blocks=32
[  318.983049][T16289] EXT4-fs (loop2): Block reservation details
[  318.989022][T16289] EXT4-fs (loop2): i_reserved_data_blocks=2
[  319.023711][T16300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.088865][T16300] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  319.115239][T16300] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  319.127652][T16300] EXT4-fs (loop0): This should not happen!! Data will be lost
[  319.127652][T16300] 
[  319.137392][T16300] EXT4-fs (loop0): Total free blocks count 0
[  319.143412][T16300] EXT4-fs (loop0): Free/Dirty block details
[  319.149308][T16300] EXT4-fs (loop0): free_blocks=2415919104
[  319.155038][T16300] EXT4-fs (loop0): dirty_blocks=32
[  319.160153][T16300] EXT4-fs (loop0): Block reservation details
[  319.166142][T16300] EXT4-fs (loop0): i_reserved_data_blocks=2
[  319.183037][   T29] kauditd_printk_skb: 429 callbacks suppressed
[  319.183157][   T29] audit: type=1400 audit(1761748320.299:53537): avc:  denied  { unmount } for  pid=11782 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  319.232440][   T29] audit: type=1400 audit(1761748320.329:53538): avc:  denied  { unmount } for  pid=13656 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  319.262982][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.333761][   T29] audit: type=1400 audit(1761748320.429:53539): avc:  denied  { prog_run } for  pid=16309 comm="syz.4.4394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  319.341338][T16306] loop1: detected capacity change from 0 to 2048
[  319.352962][   T29] audit: type=1400 audit(1761748320.449:53540): avc:  denied  { name_bind } for  pid=16311 comm="syz.4.4395" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  319.381207][   T29] audit: type=1400 audit(1761748320.449:53541): avc:  denied  { node_bind } for  pid=16311 comm="syz.4.4395" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  319.449275][T16306] EXT4-fs: Ignoring removed bh option
[  319.473602][   T29] audit: type=1400 audit(1761748320.449:53542): avc:  denied  { read write } for  pid=16307 comm="syz.0.4393" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  319.497922][   T29] audit: type=1400 audit(1761748320.449:53543): avc:  denied  { open } for  pid=16307 comm="syz.0.4393" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  319.522059][   T29] audit: type=1400 audit(1761748320.499:53544): avc:  denied  { write } for  pid=16307 comm="syz.0.4393" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  319.545100][   T29] audit: type=1400 audit(1761748320.499:53545): avc:  denied  { create } for  pid=16307 comm="syz.0.4393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  319.564839][   T29] audit: type=1400 audit(1761748320.499:53546): avc:  denied  { read write } for  pid=16307 comm="syz.0.4393" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  319.628976][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.629301][T16306] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.691598][T16318] loop2: detected capacity change from 0 to 128
[  319.729105][T16318] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  319.746877][  T162] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0
[  319.776187][  T162] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0
[  319.795398][T16318] ext4 filesystem being mounted at /301/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  319.836537][T16306] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  319.857145][  T162] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0
[  319.872523][  T162] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0
[  319.902370][T16306] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  319.914808][T16306] EXT4-fs (loop1): This should not happen!! Data will be lost
[  319.914808][T16306] 
[  319.924455][T16306] EXT4-fs (loop1): Total free blocks count 0
[  319.930472][T16306] EXT4-fs (loop1): Free/Dirty block details
[  319.936365][T16306] EXT4-fs (loop1): free_blocks=2415919104
[  319.942079][T16306] EXT4-fs (loop1): dirty_blocks=32
[  319.947305][T16306] EXT4-fs (loop1): Block reservation details
[  319.953325][T16306] EXT4-fs (loop1): i_reserved_data_blocks=2
[  319.983054][T12407] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  320.024881][T16326] __nla_validate_parse: 10 callbacks suppressed
[  320.024895][T16326] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4399'.
[  320.223350][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.258682][T16333] vlan2: entered allmulticast mode
[  320.367824][T16348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4402'.
[  320.389169][T16348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4402'.
[  320.428470][T16350] loop2: detected capacity change from 0 to 2048
[  320.441960][T16351] loop1: detected capacity change from 0 to 128
[  320.452272][T16351] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  320.460146][T16351] FAT-fs (loop1): Filesystem has been set read-only
[  320.466859][T16351] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  320.474694][T16351] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  320.546640][T16350] EXT4-fs: Ignoring removed bh option
[  320.643773][T16350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  320.722523][T16350] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  320.792509][T16350] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  320.804986][T16350] EXT4-fs (loop2): This should not happen!! Data will be lost
[  320.804986][T16350] 
[  320.814624][T16350] EXT4-fs (loop2): Total free blocks count 0
[  320.820623][T16350] EXT4-fs (loop2): Free/Dirty block details
[  320.826535][T16350] EXT4-fs (loop2): free_blocks=2415919104
[  320.832317][T16350] EXT4-fs (loop2): dirty_blocks=32
[  320.837461][T16350] EXT4-fs (loop2): Block reservation details
[  320.843469][T16350] EXT4-fs (loop2): i_reserved_data_blocks=2
[  320.998409][T16360] loop3: detected capacity change from 0 to 512
[  321.015820][T16360] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.195412][T16368] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4412'.
[  321.220268][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.413673][T16386] netlink: 'syz.2.4418': attribute type 15 has an invalid length.
[  321.421532][T16386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4418'.
[  321.430775][T16386] netlink: 'syz.2.4418': attribute type 15 has an invalid length.
[  321.438674][T16386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4418'.
[  321.595941][T12034] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.726440][T16396] loop4: detected capacity change from 0 to 512
[  321.854770][T16396] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.889605][T16410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4424'.
[  321.907252][T16403] sctp: [Deprecated]: syz.2.4423 (pid 16403) Use of int in maxseg socket option.
[  321.907252][T16403] Use struct sctp_assoc_value instead
[  321.958857][T16414] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4426'.
[  321.969206][T16410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4424'.
[  322.030696][T16416] loop0: detected capacity change from 0 to 128
[  322.061339][T16410] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  322.069324][T16410] FAT-fs (loop0): Filesystem has been set read-only
[  322.082500][T16410] bio_check_eod: 195787 callbacks suppressed
[  322.082514][T16410] syz.0.4424: attempt to access beyond end of device
[  322.082514][T16410] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  322.103673][T16410] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  322.111538][T16410] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  322.120987][T16416] syz.0.4424: attempt to access beyond end of device
[  322.120987][T16416] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  322.134297][T16416] buffer_io_error: 182359 callbacks suppressed
[  322.134311][T16416] Buffer I/O error on dev loop0, logical block 2065, async page read
[  322.172509][T16416] syz.0.4424: attempt to access beyond end of device
[  322.172509][T16416] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128
[  322.185786][T16416] Buffer I/O error on dev loop0, logical block 2066, async page read
[  322.198269][T16416] syz.0.4424: attempt to access beyond end of device
[  322.198269][T16416] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128
[  322.211552][T16416] Buffer I/O error on dev loop0, logical block 2067, async page read
[  322.227358][T16416] syz.0.4424: attempt to access beyond end of device
[  322.227358][T16416] loop0: rw=0, sector=2068, nr_sectors = 1 limit=128
[  322.240677][T16416] Buffer I/O error on dev loop0, logical block 2068, async page read
[  322.253535][T16416] syz.0.4424: attempt to access beyond end of device
[  322.253535][T16416] loop0: rw=0, sector=2069, nr_sectors = 1 limit=128
[  322.266878][T16416] Buffer I/O error on dev loop0, logical block 2069, async page read
[  322.275072][T16416] syz.0.4424: attempt to access beyond end of device
[  322.275072][T16416] loop0: rw=0, sector=2070, nr_sectors = 1 limit=128
[  322.288394][T16416] Buffer I/O error on dev loop0, logical block 2070, async page read
[  322.296527][T16416] syz.0.4424: attempt to access beyond end of device
[  322.296527][T16416] loop0: rw=0, sector=2071, nr_sectors = 1 limit=128
[  322.309841][T16416] Buffer I/O error on dev loop0, logical block 2071, async page read
[  322.318524][T16416] syz.0.4424: attempt to access beyond end of device
[  322.318524][T16416] loop0: rw=0, sector=2072, nr_sectors = 1 limit=128
[  322.331773][T16416] Buffer I/O error on dev loop0, logical block 2072, async page read
[  322.339931][T16410] syz.0.4424: attempt to access beyond end of device
[  322.339931][T16410] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128
[  322.353246][T16410] Buffer I/O error on dev loop0, logical block 2065, async page read
[  322.376100][T16422] FAULT_INJECTION: forcing a failure.
[  322.376100][T16422] name failslab, interval 1, probability 0, space 0, times 0
[  322.388808][T16422] CPU: 1 UID: 0 PID: 16422 Comm: syz.2.4429 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  322.388839][T16422] Tainted: [W]=WARN
[  322.388888][T16422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  322.388899][T16422] Call Trace:
[  322.388906][T16422]  <TASK>
[  322.388913][T16422]  __dump_stack+0x1d/0x30
[  322.388935][T16422]  dump_stack_lvl+0xe8/0x140
[  322.388953][T16422]  dump_stack+0x15/0x1b
[  322.388971][T16422]  should_fail_ex+0x265/0x280
[  322.389028][T16422]  should_failslab+0x8c/0xb0
[  322.389132][T16422]  __kvmalloc_node_noprof+0x12e/0x670
[  322.389162][T16422]  ? file_tty_write+0x1a3/0x690
[  322.389184][T16422]  file_tty_write+0x1a3/0x690
[  322.389205][T16422]  ? __pfx_tty_write+0x10/0x10
[  322.389242][T16422]  tty_write+0x25/0x30
[  322.389258][T16422]  vfs_write+0x52a/0x960
[  322.389284][T16422]  ksys_write+0xda/0x1a0
[  322.389380][T16422]  __x64_sys_write+0x40/0x50
[  322.389402][T16422]  x64_sys_call+0x2802/0x3000
[  322.389420][T16422]  do_syscall_64+0xd2/0x200
[  322.389436][T16422]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  322.389521][T16422]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  322.389580][T16422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.389597][T16422] RIP: 0033:0x7fd53ce4efc9
[  322.389693][T16422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.389711][T16422] RSP: 002b:00007fd53b8b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  322.389727][T16422] RAX: ffffffffffffffda RBX: 00007fd53d0a5fa0 RCX: 00007fd53ce4efc9
[  322.389738][T16422] RDX: 00000000ffffffe5 RSI: 0000200000000280 RDI: 0000000000000008
[  322.389749][T16422] RBP: 00007fd53b8b7090 R08: 0000000000000000 R09: 0000000000000000
[  322.389759][T16422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.389769][T16422] R13: 00007fd53d0a6038 R14: 00007fd53d0a5fa0 R15: 00007fff496abbd8
[  322.389792][T16422]  </TASK>
[  322.395529][T16424] $Hÿ: renamed from bond0
[  322.414451][T16410] Buffer I/O error on dev loop0, logical block 2066, async page read
[  322.600054][T16424] $Hÿ: entered promiscuous mode
[  322.605134][T16424] bond_slave_0: entered promiscuous mode
[  322.610830][T16424] bond_slave_1: entered promiscuous mode
[  322.631549][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.712009][T16442] loop4: detected capacity change from 0 to 128
[  322.721164][T16442] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  322.729041][T16442] FAT-fs (loop4): Filesystem has been set read-only
[  322.741444][T16442] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  322.749335][T16442] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  322.778707][T16444] loop1: detected capacity change from 0 to 128
[  322.786797][T16444] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  322.808281][T16444] ext4 filesystem being mounted at /302/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  322.861924][T16448] sctp: [Deprecated]: syz.0.4436 (pid 16448) Use of int in maxseg socket option.
[  322.861924][T16448] Use struct sctp_assoc_value instead
[  322.952115][T11782] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  322.989606][T16454] netlink: 'syz.0.4437': attribute type 21 has an invalid length.
[  322.997639][T16454] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4437'.
[  323.071111][T16455] loop1: detected capacity change from 0 to 128
[  323.094144][T16455] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  323.101995][T16455] FAT-fs (loop1): Filesystem has been set read-only
[  323.108812][T16455] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  323.116637][T16455] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  323.272735][T16460] sctp: [Deprecated]: syz.0.4440 (pid 16460) Use of int in maxseg socket option.
[  323.272735][T16460] Use struct sctp_assoc_value instead
[  323.453732][T16467] netlink: 'syz.3.4443': attribute type 15 has an invalid length.
[  323.502329][T16467] netlink: 'syz.3.4443': attribute type 15 has an invalid length.
[  323.655572][T16472] loop2: detected capacity change from 0 to 512
[  323.703749][T16472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  323.746094][T16480] loop4: detected capacity change from 0 to 512
[  323.763794][T16480] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  323.778903][T16480] EXT4-fs (loop4): mount failed
[  323.965789][T16489] sctp: [Deprecated]: syz.1.4447 (pid 16489) Use of int in maxseg socket option.
[  323.965789][T16489] Use struct sctp_assoc_value instead
[  324.150765][ T3382] hid_parser_main: 84 callbacks suppressed
[  324.150824][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.164097][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.171579][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.178989][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.186426][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.193882][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.201350][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x7
[  324.208786][ T3382] hid-generic 0000:0000:0000.0054: unknown main item tag 0x0
[  324.216268][ T3382] hid-generic 0000:0000:0000.0054: item fetching failed at offset 12/43
[  324.224845][ T3382] hid-generic 0000:0000:0000.0054: probe with driver hid-generic failed with error -22
[  324.294205][   T29] kauditd_printk_skb: 586 callbacks suppressed
[  324.294219][   T29] audit: type=1400 audit(1761748325.409:54132): avc:  denied  { map_create } for  pid=16498 comm="syz.0.4450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  324.319979][   T29] audit: type=1400 audit(1761748325.439:54133): avc:  denied  { map_read map_write } for  pid=16498 comm="syz.0.4450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  324.373852][   T29] audit: type=1400 audit(1761748325.489:54134): avc:  denied  { unmount } for  pid=12407 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  324.398662][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.417799][   T29] audit: type=1400 audit(1761748325.529:54135): avc:  denied  { create } for  pid=16495 comm="syz.1.4449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  324.438253][T16496] netlink: 'syz.1.4449': attribute type 21 has an invalid length.
[  324.447402][   T29] audit: type=1400 audit(1761748325.559:54136): avc:  denied  { listen } for  pid=16495 comm="syz.1.4449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  324.448108][T16499] loop0: detected capacity change from 0 to 2048
[  324.467328][   T29] audit: type=1400 audit(1761748325.559:54137): avc:  denied  { write } for  pid=16495 comm="syz.1.4449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  324.516944][T16499] EXT4-fs: Ignoring removed bh option
[  324.516944][   T29] audit: type=1400 audit(1761748325.629:54138): avc:  denied  { mounton } for  pid=16498 comm="syz.0.4450" path="/152/file1" dev="tmpfs" ino=845 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  324.553570][   T29] audit: type=1400 audit(1761748325.669:54139): avc:  denied  { read } for  pid=16503 comm="syz.1.4452" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  324.577049][   T29] audit: type=1400 audit(1761748325.669:54140): avc:  denied  { open } for  pid=16503 comm="syz.1.4452" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  324.602750][T16499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  324.605756][   T29] audit: type=1400 audit(1761748325.719:54141): avc:  denied  { create } for  pid=16508 comm="syz.3.4453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  324.640078][T16499] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  324.655448][T16499] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  324.667849][T16499] EXT4-fs (loop0): This should not happen!! Data will be lost
[  324.667849][T16499] 
[  324.677563][T16499] EXT4-fs (loop0): Total free blocks count 0
[  324.683548][T16499] EXT4-fs (loop0): Free/Dirty block details
[  324.689424][T16499] EXT4-fs (loop0): free_blocks=2415919104
[  324.695221][T16499] EXT4-fs (loop0): dirty_blocks=32
[  324.700517][T16499] EXT4-fs (loop0): Block reservation details
[  324.706554][T16499] EXT4-fs (loop0): i_reserved_data_blocks=2
[  324.731439][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.752012][T16514] syz.4.4455 (16514) used obsolete PPPIOCDETACH ioctl
[  324.794432][T16522] loop0: detected capacity change from 0 to 2048
[  324.801052][T16522] EXT4-fs: Ignoring removed bh option
[  324.815092][T16522] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  324.832235][T16522] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  324.847489][T16522] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  324.849182][T16531] netlink: 'syz.3.4462': attribute type 15 has an invalid length.
[  324.859925][T16522] EXT4-fs (loop0): This should not happen!! Data will be lost
[  324.859925][T16522] 
[  324.859993][T16522] EXT4-fs (loop0): Total free blocks count 0
[  324.881321][T16531] netlink: 'syz.3.4462': attribute type 15 has an invalid length.
[  324.883451][T16522] EXT4-fs (loop0): Free/Dirty block details
[  324.883465][T16522] EXT4-fs (loop0): free_blocks=2415919104
[  324.883477][T16522] EXT4-fs (loop0): dirty_blocks=32
[  324.883490][T16522] EXT4-fs (loop0): Block reservation details
[  324.914013][T16522] EXT4-fs (loop0): i_reserved_data_blocks=2
[  324.914192][T16532] loop2: detected capacity change from 0 to 128
[  324.939347][T16532] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  324.947286][T16532] FAT-fs (loop2): Filesystem has been set read-only
[  324.956007][T16532] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  324.963858][T16532] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  324.976245][T13656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.151866][T16541] __nla_validate_parse: 6 callbacks suppressed
[  325.151881][T16541] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4464'.
[  325.170026][T16541] bridge1: entered promiscuous mode
[  325.390165][T16551] loop1: detected capacity change from 0 to 2048
[  325.403507][T16551] EXT4-fs: Ignoring removed bh option
[  325.435949][T16551] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  325.455545][T16551] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  325.510543][T16551] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  325.522964][T16551] EXT4-fs (loop1): This should not happen!! Data will be lost
[  325.522964][T16551] 
[  325.532698][T16551] EXT4-fs (loop1): Total free blocks count 0
[  325.538676][T16551] EXT4-fs (loop1): Free/Dirty block details
[  325.544601][T16551] EXT4-fs (loop1): free_blocks=2415919104
[  325.550377][T16551] EXT4-fs (loop1): dirty_blocks=32
[  325.555484][T16551] EXT4-fs (loop1): Block reservation details
[  325.561513][T16551] EXT4-fs (loop1): i_reserved_data_blocks=2
[  325.853225][T16562] loop4: detected capacity change from 0 to 164
[  325.936739][T16565] loop0: detected capacity change from 0 to 512
[  326.092913][T16576] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4476'.
[  326.112761][T16565] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  326.130227][T16576] bridge1: entered promiscuous mode
[  326.153004][T16565] EXT4-fs (loop0): mount failed
[  326.162457][T11782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  326.226807][ T3382] hid-generic 0000:0000:0000.0055: unknown main item tag 0x0
[  326.234283][ T3382] hid-generic 0000:0000:0000.0055: unknown main item tag 0x0
[  326.241746][ T3382] hid-generic 0000:0000:0000.0055: item fetching failed at offset 12/43
[  326.251180][ T3382] hid-generic 0000:0000:0000.0055: probe with driver hid-generic failed with error -22
[  326.264113][T16581] netlink: 'syz.0.4479': attribute type 21 has an invalid length.
[  326.271974][T16581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4479'.
[  326.289399][    T9] hid-generic 0000:0000:0000.0056: item fetching failed at offset 12/43
[  326.298009][    T9] hid-generic 0000:0000:0000.0056: probe with driver hid-generic failed with error -22
[  326.310723][T16585] netlink: 'syz.2.4480': attribute type 21 has an invalid length.
[  326.318670][T16585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4480'.
[  326.338365][ T3382] hid-generic 0000:0000:0000.0057: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  326.361550][T16589] netlink: 'syz.3.4482': attribute type 21 has an invalid length.
[  326.369571][T16589] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4482'.
[  326.452505][T16593] sctp: [Deprecated]: syz.0.4484 (pid 16593) Use of int in maxseg socket option.
[  326.452505][T16593] Use struct sctp_assoc_value instead
[  326.470127][T16591] sctp: [Deprecated]: syz.2.4483 (pid 16591) Use of int in maxseg socket option.
[  326.470127][T16591] Use struct sctp_assoc_value instead
[  326.485844][T16595] sctp: [Deprecated]: syz.3.4485 (pid 16595) Use of int in maxseg socket option.
[  326.485844][T16595] Use struct sctp_assoc_value instead
[  326.560854][T16608] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4490'.
[  326.572771][T16608] bridge2: entered promiscuous mode
[  326.628042][T16610] ipvlan2: entered promiscuous mode
[  326.639202][T16615] loop2: detected capacity change from 0 to 512
[  326.653719][T16615] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  326.668802][T16615] EXT4-fs (loop2): mount failed
[  326.841556][T16622] loop2: detected capacity change from 0 to 512
[  326.854101][T16622] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  326.900039][T16629] loop4: detected capacity change from 0 to 2048
[  326.906712][T16629] EXT4-fs: Ignoring removed bh option
[  326.923816][T16629] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  326.941778][T16629] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  326.956915][T16629] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  326.969317][T16629] EXT4-fs (loop4): This should not happen!! Data will be lost
[  326.969317][T16629] 
[  326.978994][T16629] EXT4-fs (loop4): Total free blocks count 0
[  326.985001][T16629] EXT4-fs (loop4): Free/Dirty block details
[  326.990983][T16629] EXT4-fs (loop4): free_blocks=2415919104
[  326.996725][T16629] EXT4-fs (loop4): dirty_blocks=32
[  326.999212][ T1051] hid-generic 0000:0000:0000.0058: item fetching failed at offset 12/43
[  327.001850][T16629] EXT4-fs (loop4): Block reservation details
[  327.010485][ T1051] hid-generic 0000:0000:0000.0058: probe with driver hid-generic failed with error -22
[  327.016157][T16629] EXT4-fs (loop4): i_reserved_data_blocks=2
[  327.035945][T11252] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.036304][T16633] netlink: 'syz.1.4494': attribute type 21 has an invalid length.
[  327.052891][T16633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4494'.
[  327.140499][T16637] sctp: [Deprecated]: syz.1.4496 (pid 16637) Use of int in maxseg socket option.
[  327.140499][T16637] Use struct sctp_assoc_value instead
[  327.630265][T12407] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.655221][T16650] sctp: [Deprecated]: syz.0.4498 (pid 16650) Use of int in maxseg socket option.
[  327.655221][T16650] Use struct sctp_assoc_value instead
[  327.693851][ T3382] hid-generic 0000:0000:0000.0059: item fetching failed at offset 12/43
[  327.702360][ T3382] hid-generic 0000:0000:0000.0059: probe with driver hid-generic failed with error -22
[  327.722678][T16660] loop2: detected capacity change from 0 to 512
[  327.735202][T16656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4501'.
[  327.744786][T16660] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  327.771496][T16660] EXT4-fs (loop2): mount failed
[  327.958002][T16679] bridge2: entered promiscuous mode
[  328.116149][T16688] FAULT_INJECTION: forcing a failure.
[  328.116149][T16688] name failslab, interval 1, probability 0, space 0, times 0
[  328.128895][T16688] CPU: 1 UID: 0 PID: 16688 Comm: syz.3.4511 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  328.128926][T16688] Tainted: [W]=WARN
[  328.128933][T16688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  328.128945][T16688] Call Trace:
[  328.128952][T16688]  <TASK>
[  328.129022][T16688]  __dump_stack+0x1d/0x30
[  328.129045][T16688]  dump_stack_lvl+0xe8/0x140
[  328.129071][T16688]  dump_stack+0x15/0x1b
[  328.129089][T16688]  should_fail_ex+0x265/0x280
[  328.129185][T16688]  should_failslab+0x8c/0xb0
[  328.129230][T16688]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  328.129273][T16688]  ? __alloc_skb+0x101/0x320
[  328.129356][T16688]  __alloc_skb+0x101/0x320
[  328.129434][T16688]  netlink_alloc_large_skb+0xbf/0xf0
[  328.129482][T16688]  netlink_sendmsg+0x3cf/0x6b0
[  328.129502][T16688]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.129609][T16688]  __sock_sendmsg+0x145/0x180
[  328.129632][T16688]  ____sys_sendmsg+0x31e/0x4e0
[  328.129663][T16688]  ___sys_sendmsg+0x17b/0x1d0
[  328.129771][T16688]  __x64_sys_sendmsg+0xd4/0x160
[  328.129865][T16688]  x64_sys_call+0x191e/0x3000
[  328.129886][T16688]  do_syscall_64+0xd2/0x200
[  328.129905][T16688]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  328.129931][T16688]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  328.129996][T16688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.130017][T16688] RIP: 0033:0x7f651870efc9
[  328.130033][T16688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.130050][T16688] RSP: 002b:00007f6517177038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.130099][T16688] RAX: ffffffffffffffda RBX: 00007f6518965fa0 RCX: 00007f651870efc9
[  328.130112][T16688] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 000000000000000b
[  328.130124][T16688] RBP: 00007f6517177090 R08: 0000000000000000 R09: 0000000000000000
[  328.130137][T16688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.130147][T16688] R13: 00007f6518966038 R14: 00007f6518965fa0 R15: 00007ffebbd5bab8
[  328.130257][T16688]  </TASK>
[  328.529528][T16696] bridge0: port 3(batadv1) entered blocking state
[  328.536099][T16696] bridge0: port 3(batadv1) entered disabled state
[  328.580491][T16696] batadv1: entered allmulticast mode
[  328.593130][T16696] batadv1: entered promiscuous mode
[  328.618879][T16700] loop3: detected capacity change from 0 to 512
[  328.645022][T16700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.704249][ T3382] hid-generic 0000:0000:0000.005A: item fetching failed at offset 12/43
[  328.725132][ T3382] hid-generic 0000:0000:0000.005A: probe with driver hid-generic failed with error -22
[  328.768296][T16711] validate_nla: 1 callbacks suppressed
[  328.768309][T16711] netlink: 'syz.1.4516': attribute type 21 has an invalid length.
[  328.781639][T16711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4516'.
[  328.885201][T16718] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4518'.
[  328.947642][T16725] loop2: detected capacity change from 0 to 2048
[  328.962754][T16725] EXT4-fs: Ignoring removed bh option
[  328.974068][T16725] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  329.020098][T16725] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  329.034875][   T52] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  329.042536][T16725] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  329.044213][   T52] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  329.056424][T16725] EXT4-fs (loop2): This should not happen!! Data will be lost
[  329.056424][T16725] 
[  329.075295][T16725] EXT4-fs (loop2): Total free blocks count 0
[  329.081366][T16725] EXT4-fs (loop2): Free/Dirty block details
[  329.087300][T16725] EXT4-fs (loop2): free_blocks=2415919104
[  329.093175][T16725] EXT4-fs (loop2): dirty_blocks=32
[  329.098442][T16725] EXT4-fs (loop2): Block reservation details
[  329.104477][T16725] EXT4-fs (loop2): i_reserved_data_blocks=2
[  329.261763][T16738] loop1: detected capacity change from 0 to 1024
[  329.420453][T16738] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.4526: Allocating blocks 449-513 which overlap fs metadata
[  329.459470][T16736] EXT4-fs (loop1): pa ffff8881007a5a10: logic 48, phys. 177, len 21
[  329.467536][T16736] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  329.539817][   T29] kauditd_printk_skb: 925 callbacks suppressed
[  329.539830][   T29] audit: type=1400 audit(1761748330.649:55064): avc:  denied  { read } for  pid=16749 comm="syz.1.4529" name="event2" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  329.569447][   T29] audit: type=1400 audit(1761748330.649:55065): avc:  denied  { open } for  pid=16749 comm="syz.1.4529" path="/dev/input/event2" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  329.594014][   T29] audit: type=1400 audit(1761748330.649:55066): avc:  denied  { ioctl } for  pid=16749 comm="syz.1.4529" path="/dev/input/event2" dev="devtmpfs" ino=249 ioctlcmd=0x4501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  329.596088][T16752] loop3: detected capacity change from 0 to 2048
[  329.620443][   T29] audit: type=1400 audit(1761748330.649:55067): avc:  denied  { allowed } for  pid=16749 comm="syz.1.4529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  329.645591][   T29] audit: type=1400 audit(1761748330.649:55068): avc:  denied  { create } for  pid=16749 comm="syz.1.4529" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  329.666979][   T29] audit: type=1400 audit(1761748330.649:55069): avc:  denied  { map } for  pid=16749 comm="syz.1.4529" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=51059 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  329.691422][   T29] audit: type=1400 audit(1761748330.649:55070): avc:  denied  { read write } for  pid=16749 comm="syz.1.4529" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=51059 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  329.716364][   T29] audit: type=1400 audit(1761748330.659:55071): avc:  denied  { create } for  pid=16749 comm="syz.1.4529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  329.736013][   T29] audit: type=1400 audit(1761748330.659:55072): avc:  denied  { write } for  pid=16749 comm="syz.1.4529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  329.755499][   T29] audit: type=1400 audit(1761748330.659:55073): avc:  denied  { setopt } for  pid=16749 comm="syz.1.4529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  329.775580][T16752] EXT4-fs: Ignoring removed bh option
[  329.816348][T16752] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  329.843761][T16752] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  329.856221][T16752] EXT4-fs (loop3): This should not happen!! Data will be lost
[  329.856221][T16752] 
[  329.866024][T16752] EXT4-fs (loop3): Total free blocks count 0
[  329.872161][T16752] EXT4-fs (loop3): Free/Dirty block details
[  329.878139][T16752] EXT4-fs (loop3): free_blocks=2415919104
[  329.883878][T16752] EXT4-fs (loop3): dirty_blocks=32
[  329.888981][T16752] EXT4-fs (loop3): Block reservation details
[  329.895071][T16752] EXT4-fs (loop3): i_reserved_data_blocks=2
[  329.961834][T16765] loop4: detected capacity change from 0 to 128
[  329.971167][T16765] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  329.979147][T16765] FAT-fs (loop4): Filesystem has been set read-only
[  329.985785][T16765] bio_check_eod: 211712 callbacks suppressed
[  329.985795][T16765] syz.4.4533: attempt to access beyond end of device
[  329.985795][T16765] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  330.005842][T16765] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  330.013677][T16765] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  330.021585][T16765] syz.4.4533: attempt to access beyond end of device
[  330.021585][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.034983][T16765] syz.4.4533: attempt to access beyond end of device
[  330.034983][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.048271][T16765] syz.4.4533: attempt to access beyond end of device
[  330.048271][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.061529][T16765] syz.4.4533: attempt to access beyond end of device
[  330.061529][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.075084][T16765] syz.4.4533: attempt to access beyond end of device
[  330.075084][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.088442][T16765] syz.4.4533: attempt to access beyond end of device
[  330.088442][T16765] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  330.101752][T16768] syz.4.4533: attempt to access beyond end of device
[  330.101752][T16768] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  330.115111][T16768] buffer_io_error: 209238 callbacks suppressed
[  330.115125][T16768] Buffer I/O error on dev loop4, logical block 2065, async page read
[  330.122756][T16770] netlink: 'syz.0.4537': attribute type 15 has an invalid length.
[  330.129583][T16768] syz.4.4533: attempt to access beyond end of device
[  330.129583][T16768] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  330.140328][  T162] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  330.150454][T16768] Buffer I/O error on dev loop4, logical block 2066, async page read
[  330.161282][T16770] netlink: 'syz.0.4537': attribute type 15 has an invalid length.
[  330.168165][T16768] syz.4.4533: attempt to access beyond end of device
[  330.168165][T16768] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  330.175341][T16770] __nla_validate_parse: 2 callbacks suppressed
[  330.175353][T16770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4537'.
[  330.188646][T16768] Buffer I/O error on dev loop4, logical block 2067, async page read
[  330.188692][T16768] Buffer I/O error on dev loop4, logical block 2068, async page read
[  330.195452][  T162] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  330.229131][  T162] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  330.229667][T16768] Buffer I/O error on dev loop4, logical block 2069, async page read
[  330.245201][  T162] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  330.259082][T16768] Buffer I/O error on dev loop4, logical block 2070, async page read
[  330.267357][T16768] Buffer I/O error on dev loop4, logical block 2071, async page read
[  330.275837][T16768] Buffer I/O error on dev loop4, logical block 2072, async page read
[  330.284032][T16765] Buffer I/O error on dev loop4, logical block 2065, async page read
[  330.292262][T16765] Buffer I/O error on dev loop4, logical block 2066, async page read
[  330.348793][T16775] loop2: detected capacity change from 0 to 2048
[  330.443558][T16775] EXT4-fs: Ignoring removed bh option
[  330.514892][T16775] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  330.577360][T16775] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  330.590505][T16775] EXT4-fs (loop2): This should not happen!! Data will be lost
[  330.590505][T16775] 
[  330.600409][T16775] EXT4-fs (loop2): Total free blocks count 0
[  330.606653][T16775] EXT4-fs (loop2): Free/Dirty block details
[  330.612646][T16775] EXT4-fs (loop2): free_blocks=2415919104
[  330.618527][T16775] EXT4-fs (loop2): dirty_blocks=32
[  330.623659][T16775] EXT4-fs (loop2): Block reservation details
[  330.629738][T16775] EXT4-fs (loop2): i_reserved_data_blocks=2
[  330.656249][T16786] loop0: detected capacity change from 0 to 1024
[  330.702106][T16786] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.4542: Allocating blocks 449-513 which overlap fs metadata
[  330.726648][T16785] EXT4-fs (loop0): pa ffff8881007a59a0: logic 48, phys. 177, len 21
[  330.734695][T16785] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4
[  330.809454][T16799] loop3: detected capacity change from 0 to 2048
[  330.828369][T16799] EXT4-fs: Ignoring removed bh option
[  330.834794][T16804] loop1: detected capacity change from 0 to 128
[  330.843423][T16804] ext4 filesystem being mounted at /323/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  330.892326][T16799] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  330.907464][T16799] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  330.919871][T16799] EXT4-fs (loop3): This should not happen!! Data will be lost
[  330.919871][T16799] 
[  330.929580][T16799] EXT4-fs (loop3): Total free blocks count 0
[  330.935587][T16799] EXT4-fs (loop3): Free/Dirty block details
[  330.941486][T16799] EXT4-fs (loop3): free_blocks=2415919104
[  330.947230][T16799] EXT4-fs (loop3): dirty_blocks=32
[  330.952439][T16799] EXT4-fs (loop3): Block reservation details
[  330.958400][T16799] EXT4-fs (loop3): i_reserved_data_blocks=2
[  330.990938][T16811] netlink: 'syz.1.4550': attribute type 15 has an invalid length.
[  330.998808][T16811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4550'.
[  331.020368][T16811] netlink: 'syz.1.4550': attribute type 15 has an invalid length.
[  331.020473][   T31] ==================================================================
[  331.028221][T16811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4550'.
[  331.036248][   T31] BUG: KCSAN: data-race in data_alloc / prb_reserve
[  331.036269][   T31] 
[  331.036275][   T31] write to 0xffffffff868764c0 of 8 bytes by task 16811 on cpu 1:
[  331.036288][   T31]  data_alloc+0x280/0x2e0
[  331.036306][   T31]  prb_reserve+0x807/0xaf0
[  331.036320][   T31]  vprintk_store+0x56d/0x860
[  331.074949][   T31]  vprintk_emit+0x10d/0x580
[  331.079454][   T31]  vprintk_default+0x26/0x30
[  331.084033][   T31]  vprintk+0x1d/0x30
[  331.087927][   T31]  _printk+0x79/0xa0
[  331.091825][   T31]  __nla_validate_parse+0x1227/0x1d00
[  331.097194][   T31]  __nla_parse+0x40/0x60
[  331.101443][   T31]  rtnl_newlink+0x793/0x12d0
[  331.106033][   T31]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  331.110959][   T31]  netlink_rcv_skb+0x123/0x220
[  331.115720][   T31]  rtnetlink_rcv+0x1c/0x30
[  331.120123][   T31]  netlink_unicast+0x5c0/0x690
[  331.124872][   T31]  netlink_sendmsg+0x58b/0x6b0
[  331.129620][   T31]  __sock_sendmsg+0x145/0x180
[  331.134281][   T31]  ____sys_sendmsg+0x345/0x4e0
[  331.139040][   T31]  ___sys_sendmsg+0x17b/0x1d0
[  331.143704][   T31]  __sys_sendmmsg+0x178/0x300
[  331.148361][   T31]  __x64_sys_sendmmsg+0x57/0x70
[  331.153194][   T31]  x64_sys_call+0x1c4a/0x3000
[  331.157857][   T31]  do_syscall_64+0xd2/0x200
[  331.162343][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.168232][   T31] 
[  331.170538][   T31] read to 0xffffffff868764c0 of 8 bytes by task 31 on cpu 0:
[  331.177886][   T31]  prb_reserve+0x220/0xaf0
[  331.182293][   T31]  vprintk_store+0x56d/0x860
[  331.186866][   T31]  vprintk_emit+0x10d/0x580
[  331.191356][   T31]  dev_vprintk_emit+0x242/0x2a0
[  331.196192][   T31]  dev_printk_emit+0x84/0xb0
[  331.201148][   T31]  __netdev_printk+0x35c/0x3e0
[  331.205895][   T31]  netdev_info+0x9b/0xd0
[  331.210125][   T31]  nsim_udp_tunnel_set_port+0x13b/0x160
[  331.215660][   T31]  __udp_tunnel_nic_device_sync+0x567/0x9c0
[  331.221543][   T31]  udp_tunnel_nic_device_sync_work+0x5d/0x5f0
[  331.227599][   T31]  process_scheduled_works+0x4ce/0x9d0
[  331.233049][   T31]  worker_thread+0x582/0x770
[  331.237623][   T31]  kthread+0x489/0x510
[  331.241673][   T31]  ret_from_fork+0x122/0x1b0
[  331.246244][   T31]  ret_from_fork_asm+0x1a/0x30
[  331.250998][   T31] 
[  331.253310][   T31] value changed: 0xfffffffffffecd78 -> 0x00000000000a17e0
[  331.260399][   T31] 
[  331.262705][   T31] Reported by Kernel Concurrency Sanitizer on:
[  331.268846][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  331.280214][   T31] Tainted: [W]=WARN
[  331.284005][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.294045][   T31] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  331.301334][   T31] ==================================================================
[  331.020342][   T31] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  331.322916][   T31] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  331.343202][   T31] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  331.352087][   T31] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0