last executing test programs:

38.909952147s ago: executing program 1 (id=3536):
socket$inet6(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000072520300"/20, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0xffffffffffffffff, 0xa82)
r2 = dup(r1)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000400)={0x20, 0x3, 0x6, 0x7, 0x0, 0xffffffff, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x14, 0x0, 0x20, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000070000000000000000000000b8cb9ec866f6deea7d17fb08373bab2ec122259bca69b1e517cc3bf34299a5aeb0da992f8b30609e2c53ccfd8983b3a4b0daf1d5302854329c145d0e0e876b5d4189ac82566582a5f357658bdb05b68744faec19b06d4353632829d7c75446ccf1db06eb1d4f18d6e10383eda4c1eab5644b22b200988c3b8109b680ca213a1bed4cd5660beecab2db9672f079748aa979801d0369af159c042440ea8a89661073793dbf7a995bac79f837b618e4905140c309b252b4fbc400d359b3839993072c7959d3f62028b89a356aba3a0f1d1b25c8c0f4b503b64056182fd6297017656b357b3567148ff5a97941eee39b5f049c0ed931ec2ee4a2b38103af63692b3e63812ce19239b26734c059f8383136b605ff94b9d63a8e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x0)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000200)=0x7ffffffc)
ioctl$EVIOCGRAB(r6, 0x40044590, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x730, 0x270, 0x270, 0x270, 0x270, 0x190, 0x660, 0x660, 0x660, 0x660, 0x660, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0x0, 0xffffffff], [], 0x0, 0x10}}, @common=@inet=@dccp={{0x30}, {[0x4e24, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [], 'bridge0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0xfd}, 0x300, 0x4}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x1000000}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'bond_slave_0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@loopback, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast2, @mcast2, @private0, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0]}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x790)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x0, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095", @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r8}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r10}, 0x10)

37.460922082s ago: executing program 1 (id=3546):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='sys_enter\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[], 0x48)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)={0x48, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x2c, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0x5c7e4ee53869e847}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x2400089c}, 0x4000080)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001d40)=ANY=[@ANYBLOB="df7ea9fe01c4052439bdf256f93955c5ef161609ee077f724361b29868d46699b1ad76d12a3ff99d46265e3f79a617fffd1ca4c0de48b84b6bf79f9851c97aec6b2228a8234662f128206cc25f493300b99ce070be94e0e90f8bc0745b84a32d01e4b35905458edf5bf33e8a42b805cc29faa2ec03", @ANYRES16=0x0, @ANYBLOB="00012bbd7000fedbdf2517000000a400308024000300563262610d6cddb1e81a80c52b5034f0daee3012c7677100c4687f81a8dc30a63c0001800c0005000800000000000000080001000200000008000400ffffff7f08000400030000000c0003800600010001000000050002000300000024000300f43bdd77f68cbbb1761770940af14d16c40b475bd29268d3003b04d8e031710205000200060000001400040058050ef6809c943eafff443787a1a36c0c0006000200000002000000c0003080140004005fcc6cf7d22a307db760f7aab777b27114000180080001000100000008000400000000802400030082d891d8b2fae944103af11b43cff8b648ced4502171be8911748ba3aa9c8f4314000400bfe8c0d10f48e6c1b56c5767b3837c37240003000e7a19bf3fce00b9753fe2f17080dda0a4902cfdcef5e01817e4e5d3259096e724000300ea1c886cab6f51ebb8ba16a484124eeb30f7d4a231322ccef4fa9934a46d1628140004000df9ea6f7ed751e288176aa9e92a0d7b9c0030805800018008000400050000000c000500abb900000000000008000100030000001800038006000300a0aa00000c00040000000000000000000c00050008000000000000000c000500030000000000000005000200030000000500020004000000240003001cd373973df13f5ce9491ef5d4e3b22ff35654d06b97cc2746bcc69e8ea48be214000400efa6c2d89d35ea9744d55ff1b7a7cbfc"], 0x220}}, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x18)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r7, 0x0, 0x4, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
pidfd_send_signal(r8, 0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kmem_cache_free\x00', r6}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002a00)=ANY=[@ANYBLOB="b7000000016d0300bfa30000000000000703000000feffff620a00fef8ffffff71a4f0ff000000002704000000ffffffdd0a05000000000014000000016d030063030400000000001d44010000000000620a00fe00ffffffdb030000f1000000b500f3ff000000009500000000000000023bc065b70300c6dfa041b63af4a3912435b1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e5f58b7382a8b7e8177168001815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc20eec363e4a8f6456e5ccae25ea21714ee18cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a277c7a775d55dfc28abbe9b5ea62d84f3a10746443d64364f56e24e6d2105bd901128c7e0ec82770c8206b1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009df5daf87068a608628efc56c752af4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9610f0000d36f38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eeeb883418f562ae00003ea96d10f172c0374d6eed82640700dfffffffffff499c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c64a403ade624d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca5f1380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f254a9bf93f04bf072f0bc2d38092909ef3613861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf82807773e534015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d2a9441eb315209d199e029e9135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d8516800ef3f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe3907000000466f4ca2195234648e0a1ca50db6f3d9436a7d55a9ad382400000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b45eb6dc5f6a9257d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba51dd5ab2b7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f80724a5bfc1e8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f068840a754c02181561542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ec3d59901da21afd6400000000832503969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98c2c73e1661261173f359e93d2c80000000998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebccbaf1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91cda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fc7741c7e3f426b9ed20debd883593ff5d691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579c23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d0f086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc0095f5a3bfdcffffffffffffffff61ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d480e7f13a65dbaa1af102d97681656bf56ff0cf36518f674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ffbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656659db4cb06aaaf9f02cfab5b9e61cc00e8e194299219a3f4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd06961912052f441e96884fcdc91f4a974242aabfc8adbadc9ca27955b5c90f1ed9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b723621f3b706bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37a7e20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a149414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e13e3a7a1511573cb1a8cdce3a8fea40792297d023ef52de2e75b9dbbfb8713178e2409b8d3b981bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd610000000000000000000000000000000000000000000000b41248c570c4223a471b755ce6956908e2b0e5dbc5e71ff2373d3ed89c2e2eafac81c21ac2436d2ffacffe2fc0d601a50221c88a47b264c5129004f350963b52702c5a360000000000000000000000000000000b4077dc8a1801a8bf833350d302c5439ea3dd0f3b8eb1dc93af1fbf863d33a38a53a02ec1e5b90cb673d6b0cfe7f35b20e438653e0f73ddfc78e3e1d1cc9798af0eb9b61bb4fc72454a57237b68ea614ad898374e952784a18ffb9dc4447acd7ad28a63f88007ad8cba31a6fdd9982c97a913dffe69654d3a00b98c45ead9b9619f946c82f5789379d0d942020652ccfac45e1ef5e93e72b7d5381a3c61fbabc1286285110540075bc7aee3e595f9850b9e96887d53404add0021b198be851d9f797d964fe7501997524d28ce7b1d5f8203d9f756efd5676c5d85052030c27e2a99ee39007d9b3c305b1c7d14899b42149d6c437d863651d30426e36ff66bafa93ce3f76c18b8c91ac65b7ab49f03b7c0d0687e1ee0369e88d674f51fe69423000000000000596444d8a7bf983d6f0342b2987e520100000000000000f37cda7868234eeefbd472c7b396c182f2b9a8bf2f85ad1a7b18681784c8fcf0cf5e34baebc594de0d6c9244a834b82a162739619b5f2e3c24378417f71f855b7958fbae631a8aa30b2120a9e23d8711f529b0cd7ce6ee2b0841a4d9e82e6ef54089b64175338ed7effe"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r9, 0x5)
r10 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r10, 0x1)
flock(r10, 0x2)

36.556880292s ago: executing program 1 (id=3551):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800)

36.523843446s ago: executing program 1 (id=3552):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRES32=r2], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x178}, 0x18)
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@mcast1, @mcast2, @dev={0xfe, 0x80, '\x00', 0x24}, 0x3, 0xb, 0x6, 0x500, 0xc61, 0x100220})
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000186a00000800000000000000008000009500000000000000988af346a23d99d6ff3e10a1ea940ff40f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES8=r7, @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x8, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfe, 0x122f, &(0x7f0000001280)="$eJzs3M9rHGUYB/DHTdrUxPxQa7WC9MVe9DIkOXhRkCApSBeUthFaQZiajS4Zd0NmCayI0ZNXL/4BXsWjN0G86SUe/Bu85SJ48aCOdKetjV0Nktppy+dz2Yd95zs8784y8C77zv5Ln763uVFmG/kgWg+9HK2tiMnfU6RoxQ0fxfMvfvf9MxcvXzm/0m6vXkjp3MqlpRdSSnNnvnnzgy+f/XYw88ZXc19Pxd7CW/s/L/+0d2rv9P4fl97tlqlbpl5/kPJ0td8f5FeLTlrvlptZSq8XnbzspG6v7GwfGN8o+ltbw5T31ment7Y7ZZny3jBtdoZp0E+D7WHK38m7vZRlWZqdDo5i7Ytfq6qKqKpjcTyqqqoejuloxSMxG3MxHwvxaDwWj8fJeCJOxZPxVJweHdV03wAAAAAAAAAAAAAAAAAAAPBgGbf/f+a2/f+fRYzb/3+m4eYBAAAAAAAAAAAAAAAAAADgAXHx8pXzK+326oWUTkQUn+ys7azVr/X4ykZ0o4hOLMZ8/Baj3f+1uj4e7dXFNLIQHxe71/O7O2sTB/NLo8cJ3JY/92p7danOp4P5qZi+Nb8c83FyfH75b/mzo/yJeO7sLfks5uPHt6MfRazHtexf+Q+XUnrltfbN/A979dzXG7wuAAAAcCdl6aax6/cs+6fxOn/Y7wPX1teLY9f3k/H0ZLNzJ6Icvr+ZF0Vn+0jFL7P12Y5ynhsd1e/sRsQdaKzRohUR90Ab/1IcO/SYmQYa+3wm4gjxiQNfpHvic74fi8PuHBP/302Ju+b6RZ9qug8AAAAAAAAAAAD+m7vxd8Km5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//+aCxlo=")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x1a, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x81, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)
r9 = gettid()
tkill(r9, 0x12)
pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
write$selinux_load(r4, &(0x7f0000000000)=ANY=[], 0x44f0)
r10 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
setxattr$incfs_metadata(&(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000780)="15ca05765ad86218d433e26ab10546a47a5f373a23f3f24950a62be4ac050b0c319e89190ed2ebb19c45de272ceefd7a0eeb175f0d4df74768578f3e0ebba8544b78eb071febd82fd22006f5e8f1f46dcb6dc56a4e3978fec095c2e9b2ddc8cfea8c52625996167f93e8c31655886bdf8592ccdcac2cc957b991f0bc029c470d9b86c0039b18bbda986f86029435ee0e7fb13c50b86c062e722a1510d7d7c5207e07d2e7d4d1cf5b41268b6199df60a4c25978d29bfff9997246756b34e3a7c7b8ec2b34ebe8ea813d695878c2354ae38a6d62c380af3b8a3a69cc391d2b", 0xde, 0x0)
process_vm_writev(r10, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
socket(0x10, 0x803, 0x0)

35.794804919s ago: executing program 1 (id=3560):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x5c}}, 0x20050800)

35.437507415s ago: executing program 1 (id=3564):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x18)
ppoll(&(0x7f0000000d40)=[{0xffffffffffffffff, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
close_range(r5, 0xffffffffffffffff, 0x0)

35.437144785s ago: executing program 32 (id=3564):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x18)
ppoll(&(0x7f0000000d40)=[{0xffffffffffffffff, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
close_range(r5, 0xffffffffffffffff, 0x0)

4.135471046s ago: executing program 5 (id=3948):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000001540)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRESOCT=0x0], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x77a, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = socket(0x28, 0xa, 0x8)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
getsockname$packet(r0, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)={0x2c, r1, 0x10ada85e65c25359, 0xfffffffc, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x9}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000a40)=ANY=[@ANYBLOB="200000007841645c87037c29bef5cf85803b543ef095d50dc27c94fbd283299681195a6e035f84ce5eb62a8ea83fba675c7b2200c7ef24fe969af8fff95ac3a923b3b4e95d8a65c6deed092f8fcb024d50c3be696c03a7945bc7ac6ef5acb00eeb198d8d7f901b8c55f83e2a98124fbd832d6ae96b9ed3319eaad8e270046a50862afad265b87501f38f05e92e317eea1c64da07928ba47319a990b72e59459e21407efe94a66bb7480000", @ANYRES16=r1, @ANYBLOB="000427bd7000fedbdf25200000000c0099000800000057000000"], 0x20}, 0x1, 0x0, 0x0, 0xc080}, 0x800)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000840)={0x2, 0xfffc, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendmsg$rds(r3, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000003a80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {0x0}, &(0x7f0000003a00)=[{&(0x7f00000016c0)=""/96, 0x60}], 0x1, 0x39, 0x2}}], 0x48, 0x4000000}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x8, 0x0, 0x0, 0x41100}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_TRIGGER(0xffffffffffffffff, 0x54a6)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
lsetxattr$security_selinux(&(0x7f0000000900)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000940), &(0x7f0000000980)='system_u:object_r:netutils_exec_t:s0\x00', 0x25, 0x3)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x48844)
r6 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x41, &(0x7f0000000000)=0x8008, 0x4)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_dev$usbmon(&(0x7f0000000040), 0x80, 0x240240)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r8}, 0x18)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x60, 0x1403, 0x1, 0x70bd2c, 0x25dfdbff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'team0\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000840}, 0x4000)

3.981526351s ago: executing program 5 (id=3949):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8)
creat(&(0x7f0000000100)='./bus\x00', 0x8c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60040, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000280)=r4}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)

3.830807276s ago: executing program 5 (id=3950):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

3.306841349s ago: executing program 3 (id=3957):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[], 0xb8}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00D'], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

2.919003388s ago: executing program 3 (id=3958):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2006c00, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x110}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a00000000003124", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="180700000014000000000000000000008510000003000000180000000092000000000000000000009500000000000000950000001e531c2d"], &(0x7f0000000000)='GPL\x00'}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001c14000000bd8784000000000800010000000000"], 0x24}}, 0x0)
ptrace$cont(0x1f, r3, 0x1, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0xc, 0x0, 0x7ffc0001}]})
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x1, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x9, 0x2, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="000000080000006f2f0000001200e705b6da0ea700000000bfa200efff00000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x800, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x10, 0x200b}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)="ddc33defaa03157dc80e9b931f8b10c5e58d8d45205792a8d7a9febe7c72e269055fb8fe119ccf2498ffd128cb59e49dcf0debf920c808d27e11d075324385d2812ad18d0bcaead1f0e993fe5618a038bcec142e8862877cd6b39f6e256606990d473ff39d36ccc5343c675d8c9db7f2d62e87a938510c0fec0417153b61b20d6257c36f3f0d89eda2f1053165c4ad1f8b98ce787f70b6d4087ebfe7efae382e8aa2ca0b5f01298d", 0xa8, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)

2.624955497s ago: executing program 3 (id=3960):
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x5, 0x200, 0x2000000, 0x3a2}, &(0x7f00000001c0), &(0x7f0000000180))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
socket(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x300c056, &(0x7f0000000d80)={[{@noload}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@errors_remount}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x55a, &(0x7f0000000480)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUvfAmctKTLluTNuuypprPB05533NO8p435zxvn5M3IQEMrYnsTyHixYj4Kok4HBFJvm008o0Ta/utPrw+my1JNBof/5E098vqredqPe5gXnkhIn75IuJkYWO7teWVhVK5nC7m9cl65cpkbXnl1KVKaT6dTy9Pz8yceXNm+p233+pbX187/9e3H919/8yXx1e/+en+kdtJnI1D+bb2fjyDG+2ViZjIX5OxOPvEjlN9aGw3SQZ9AGzLSB7nY5GNAYdjJI964L/v84hoAEMqEf8wpFp5QOvefvP74P/vUFaycx68t3YDtLH/o2vvjcS+5r3RgdXksTuj7H53vA/tZ238/Pud29kS/XsfAmBLN25GxOnR0Y3jX5KPf9t3uvPqfe2VJ9sw/sHOuZvlP693yn8K6/lPdMh/DnaI3e3YOv4L9/vQTFdZ/vdux/x3fdJqfCSv/a+Z840lFy+V09N5NnwixvZm9c3mc86s3mt029ae/2VL1n4rF8yP4/7o3scfM1eql56lz+0e3Ix4qWP+m6yf/6TD+c9ej/M9tnEsvfNKt21b9//5avwQ8WrH8/9oRivZfH5ysnk9TLauio3+vHXs127tD7r/2fk/sHn/x5P2+dra07fx/b6/027bHut/9H7970k+aZb35Ouuler1xamIPcmHG9dPP3psq97aP+v/ieObj3+drv/9EfFpj/2/dfTHl3vq/4DO/9xTnf+nL9z74LPvurXf2/j3RrN0Il/Ty/jX6wE+y2sHAAAAAAAAu00hIg5FUiiulwuFYnHt8x1H40ChXK3VT16sLl2ei+Z3ZcdjrNCa6T7c9nmIqfzzsK369BP1mYg4EhFfj+xv1ouz1fLcoDsPAAAAAAAAAAAAAAAAAAAAu8TBLt//z/w2MuijA547P/kNw2vL+O/HLz0Bu5L//zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPw0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQF+dP3cuWxqrD6/PZvW5q8tLC9Wrp+bS2kKxsjRbnK0uXinOV6vz5bQ4W61s9XzlavXK1HQsXZusp7X6ZG155UKlunS5fuFSpTSfXkjHdqRXAAAAAAAAAAAAAAAAAAAA8O9SW15ZKJXL6aKCwrYKo7vjMBT6XBj0yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj/wTAAD//wQrN8c=")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848350000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r4}, 0x9)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r6, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
close_range(r5, 0xffffffffffffffff, 0x0)

2.606395489s ago: executing program 4 (id=3962):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='sys_enter\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[], 0x48)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000100)={0x48, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x2c, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0x5c7e4ee53869e847}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x2400089c}, 0x4000080)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001d40)=ANY=[@ANYBLOB="df7ea9fe01c4052439bdf256f93955c5ef161609ee077f724361b29868d46699b1ad76d12a3ff99d46265e3f79a617fffd1ca4c0de48b84b6bf79f9851c97aec6b2228a8234662f128206cc25f493300b99ce070be94e0e90f8bc0745b84a32d01e4b35905458edf5bf33e8a42b805cc29faa2ec03", @ANYRES16=0x0, @ANYBLOB="00012bbd7000fedbdf2517000000a400308024000300563262610d6cddb1e81a80c52b5034f0daee3012c7677100c4687f81a8dc30a63c0001800c0005000800000000000000080001000200000008000400ffffff7f08000400030000000c0003800600010001000000050002000300000024000300f43bdd77f68cbbb1761770940af14d16c40b475bd29268d3003b04d8e031710205000200060000001400040058050ef6809c943eafff443787a1a36c0c0006000200000002000000c0003080140004005fcc6cf7d22a307db760f7aab777b27114000180080001000100000008000400000000802400030082d891d8b2fae944103af11b43cff8b648ced4502171be8911748ba3aa9c8f4314000400bfe8c0d10f48e6c1b56c5767b3837c37240003000e7a19bf3fce00b9753fe2f17080dda0a4902cfdcef5e01817e4e5d3259096e724000300ea1c886cab6f51ebb8ba16a484124eeb30f7d4a231322ccef4fa9934a46d1628140004000df9ea6f7ed751e288176aa9e92a0d7b9c0030805800018008000400050000000c000500abb900000000000008000100030000001800038006000300a0aa00000c00040000000000000000000c00050008000000000000000c000500030000000000000005000200030000000500020004000000240003001cd373973df13f5ce9491ef5d4e3b22ff35654d06b97cc2746bcc69e8ea48be214000400efa6c2d89d35ea9744d55ff1b7a7cbfc"], 0x220}}, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x18)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r7, 0x0, 0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kmem_cache_free\x00', r6}, 0x18)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r8, 0x5)
r9 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r9, 0x1)
flock(r9, 0x2)

2.316007768s ago: executing program 3 (id=3965):
r0 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0xffffffffffffff02, 0x28, 0x1, 0x4, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x26d0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00'}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a8014000700000080004f86262a0f9793eb00000001140003000000000000fa534db81f1a83d6c868048006a7cfb4000000000000000000"], 0x50}}, 0x0)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
socket(0x2, 0x4, 0x0)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x9, &(0x7f00000002c0), 0x4, 0x50e, &(0x7f0000000e40)="$eJzs3c1vVF8ZAOD33nZoKYUBZaFGBRFFQ5h+AA1hI2w0hpCYEOPCBdR2aJrOME2nRFpJbJfuSSRxpX+COxcmrFy4c6c7N7gwQSUSauJizL0zbQf6Kf2YXzvPk9zee84Z5j1nhnPO3APTE0DXuhgRSxFxIiIeRUSxlZ+0jrjTPLLHvX/7fGLl7fOJJBqNB/9M8vIsL9r+TOZU6zn7fx4R34v4SbIxbn1hcWa8UinPtdJD89XZofrC4rXptJUzOjYyNnzr+s3RfWvrhepv33x3+t4Pf/+7r7z+09K3f5ZVa/AXp/Oy9nbsp2bTCzHYltcbEfcOIliH9Lb+/nD0ZL3tcxFxKe//xejJ300A4DhrNIrRKLanAYDjLrv/H4wkLbXWAgYjTUul5hre+RhIK7X6/NVi7emTycjXsM5GIX08XSkPt9YKz0YhydIj+fV6evSD9Ivy9Yg4FxEv+k7m5aWJWmWykx98AKCLnfpo/n/X15z/t/fucCoHAByc/k5XAAA4dOZ/AOg+5n8A6D7/x/zv24EAcEy4/weA7mP+B4Dus+P8v3w49QAADsUP7t/PjsZK8/dfr/6m7muT5fpMqfp0ojRRm5stTdVqU5VyaaLR2On5KrXa7MiNtWR9YfFhtfb0yfzD6er4VPlhuXCQjQEAduXchVd/ySb9pdsn8yPa9nIwV8Pxlna6AkDH9HS6AkDH+D4PdK9d3ONbBoBjbpMtej+w5X8RemnzVziqrnzR+j90q72s/1s7gKPt09b/v7Pv9QAOnzkculejkdjzHwC6jDV+YE///g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABdajA/krSU7wW+lP1MS6WI0xFxNgrJ4+lKeTgizkTEn/sKfVl6pNOVBgD2KP170tr/60rx8mB7STEiTiT/6cuuT0TET3/14JfPxufn50ay/H+t5c+/bOUnjU41AgBYdWdjVj5Pj7bObTfy798+n1g9DrOKb+42NxfN4q60jmZJb/Tm5/4oRMTAv5NWuin7vNKzD/GXliPiC+vtf9YWYTBfA2nufPpx/Cz26QOIv/76fxw//SB+mpdl50L+Wnx+H+oC3ebV3eY42ep7WRdr9b80Lubnzft/fz5C7V02/mVjycqG8S9dG/96NsRP8j5/cS29fU3e3PjD9zdkNorNsuWIL/VuFj9Zi59sPv4WLu8ufPz1y1+9tFVZ49cRVzZt/+qO1NV8mB2ar84O1RcWr01Xx6fKU+Uno6NjI2PDt67fHB3K16ibP/+4WYx/3L56ZsvXZjliYIv4/du3P76xfbPX/Oa/j378tW3if+vrm7//57eJn82J39xl/PGBO1tu353Fn1xtf6G9ZMf3P67uFDhtnl7/bXFyl1UFAA5BfWFxZrxSKc/tcJF91tzpMS6O5kUsRezXE+aLEhHxWWhXl1ykse1jfvSJPbfTIxNw0NY7fadrAgAAAAAAAAAAAAAAbKW+sDjTd8Df1up0GwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi+/hcAAP//G4rEcQ==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000000), 0x0)
set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0xfc}}, 0x0)

2.085996391s ago: executing program 2 (id=3967):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="380000002000010029bd7000000000000a002064000000070000000008000a000800000014000200fc00000000000000000000000000000139565527a18d02f384a52adac35ead2a5db23c187114a26ec9c404404519e1f8047828102a1866500827a89dd5f2b6fee6861a360c5bc1ea195f99902533d87135f0f2530a3c9b8b3b19e1a7525547384105c08ec20e0fcb54790b7df968b71b"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
bind$xdp(0xffffffffffffffff, &(0x7f0000000180)={0x2c, 0x2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18ff070000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b833335185000000820000009500000000000000"], 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x6}, 0x18)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000029c0)="6ec96f321f6c0e90a9fde29b292246234176e8fe843b932fa0d1df3dc2815b5490a59e665aeaba68475408f8f48fb9962bbf6058791109d4374cbfeba5a8e0ffbcd2926fd7815bfbc0b38d0b29f5ed0e3c655992c7b00af682dd10f7690e18af959a26934e1e1835a38fd63420877b00e1a693ad5b517c372c9722b1416cf5c7c33e02cde4cd1dc7859f6164779fb6d53534", 0x92}], 0x1}}], 0x1, 0x4001c00)

2.025857507s ago: executing program 2 (id=3968):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8)
creat(&(0x7f0000000100)='./bus\x00', 0x8c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60040, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r4}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)

1.854521095s ago: executing program 2 (id=3970):
socket$inet6(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000072520300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0xffffffffffffffff, 0xa82)
r2 = dup(r1)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000400)={0x20, 0x3, 0x6, 0x7, 0x0, 0xffffffff, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x4c, 0x0, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000070000000000000000000000b8cb9ec866f6deea7d17fb08373bab2ec122259bca69b1e517cc3bf34299a5aeb0da992f8b30609e2c53ccfd8983b3a4b0daf1d5302854329c145d0e0e876b5d4189ac82566582a5f357658bdb05b68744faec19b06d4353632829d7c75446ccf1db06eb1d4f18d6e10383eda4c1eab5644b22b200988c3b8109b680ca213a1bed4cd5660beecab2db9672f079748aa979801d0369af159c042440ea8a89661073793dbf7a995bac79f837b618e4905140c309b252b4fbc400d359b3839993072c7959d3f62028b89a356aba3a0f1d1b25c8c0f4b503b64056182fd6297017656b357b3567148ff5a97941eee39b5f049c0ed931ec2ee4a2b38103af63692b3e63812ce19239b26734c059f8383136b605ff94b9d63a8e", @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000008400"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x0)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000200)=0x7ffffffc)
ioctl$EVIOCGRAB(r6, 0x40044590, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f00000007c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x730, 0x270, 0x270, 0x270, 0x270, 0x190, 0x660, 0x660, 0x660, 0x660, 0x660, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0x0, 0xffffffff], [], 0x0, 0x10}}, @common=@inet=@dccp={{0x30}, {[0x4e24, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [], 'bridge0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0xfd}, 0x300, 0x4}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x1000000}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'bond_slave_0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@loopback, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @mcast2, @mcast2, @private0, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0]}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x790)

1.746604805s ago: executing program 4 (id=3971):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0xc, 0x0, 0x7ffc0001}]})
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)

1.709444699s ago: executing program 0 (id=3972):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="1553ff41cf11", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4df342", 0x14, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x400}}}}}}}, 0x0) (fail_nth: 2)

1.322592088s ago: executing program 0 (id=3973):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x18)
ppoll(&(0x7f0000000d40)=[{0xffffffffffffffff, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0)

1.128418997s ago: executing program 4 (id=3974):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x9}, 0x18)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000003a80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {0x0}, &(0x7f0000003a00)=[{&(0x7f00000016c0)=""/96, 0x60}], 0x1, 0x16, 0x2}}], 0x48, 0x4000000}, 0x0)

1.087039881s ago: executing program 4 (id=3975):
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x5, 0x200, 0x2000000, 0x3a2}, &(0x7f00000001c0), &(0x7f0000000180))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
socket(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x300c056, &(0x7f0000000d80)={[{@noload}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@errors_remount}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x55a, &(0x7f0000000480)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUvfAmctKTLluTNuuypprPB05533NO8p435zxvn5M3IQEMrYnsTyHixYj4Kok4HBFJvm008o0Ta/utPrw+my1JNBof/5E098vqredqPe5gXnkhIn75IuJkYWO7teWVhVK5nC7m9cl65cpkbXnl1KVKaT6dTy9Pz8yceXNm+p233+pbX187/9e3H919/8yXx1e/+en+kdtJnI1D+bb2fjyDG+2ViZjIX5OxOPvEjlN9aGw3SQZ9AGzLSB7nY5GNAYdjJI964L/v84hoAEMqEf8wpFp5QOvefvP74P/vUFaycx68t3YDtLH/o2vvjcS+5r3RgdXksTuj7H53vA/tZ238/Pud29kS/XsfAmBLN25GxOnR0Y3jX5KPf9t3uvPqfe2VJ9sw/sHOuZvlP693yn8K6/lPdMh/DnaI3e3YOv4L9/vQTFdZ/vdux/x3fdJqfCSv/a+Z840lFy+V09N5NnwixvZm9c3mc86s3mt029ae/2VL1n4rF8yP4/7o3scfM1eql56lz+0e3Ix4qWP+m6yf/6TD+c9ej/M9tnEsvfNKt21b9//5avwQ8WrH8/9oRivZfH5ysnk9TLauio3+vHXs127tD7r/2fk/sHn/x5P2+dra07fx/b6/027bHut/9H7970k+aZb35Ouuler1xamIPcmHG9dPP3psq97aP+v/ieObj3+drv/9EfFpj/2/dfTHl3vq/4DO/9xTnf+nL9z74LPvurXf2/j3RrN0Il/Ty/jX6wE+y2sHAAAAAAAAu00hIg5FUiiulwuFYnHt8x1H40ChXK3VT16sLl2ei+Z3ZcdjrNCa6T7c9nmIqfzzsK369BP1mYg4EhFfj+xv1ouz1fLcoDsPAAAAAAAAAAAAAAAAAAAAu8TBLt//z/w2MuijA547P/kNw2vL+O/HLz0Bu5L//zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPw0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQF+dP3cuWxqrD6/PZvW5q8tLC9Wrp+bS2kKxsjRbnK0uXinOV6vz5bQ4W61s9XzlavXK1HQsXZusp7X6ZG155UKlunS5fuFSpTSfXkjHdqRXAAAAAAAAAAAAAAAAAAAA8O9SW15ZKJXL6aKCwrYKo7vjMBT6XBj0yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj/wTAAD//wQrN8c=")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848350000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r4}, 0x9)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r6, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
close_range(r5, 0xffffffffffffffff, 0x0)

648.603055ms ago: executing program 5 (id=3976):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8)
creat(&(0x7f0000000100)='./bus\x00', 0x8c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60040, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000240), &(0x7f0000000280)=r5}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r6 = open(&(0x7f00000001c0)='./file2\x00', 0x64842, 0x389b0d52417bb205)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kfree\x00', r7}, 0x18)
pwritev2(r6, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x69000}], 0x1, 0x7000, 0x0, 0x3)

493.814911ms ago: executing program 0 (id=3977):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x20780, 0x2c, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

445.503186ms ago: executing program 4 (id=3978):
socket$inet6(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000072520300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0xffffffffffffffff, 0xa82)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000400)={0x20, 0x3, 0x6, 0x7, 0x0, 0xffffffff, 0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x54, 0x0, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000070000000000000000000000b8cb9ec866f6deea7d17fb08373bab2ec122259bca69b1e517cc3bf34299a5aeb0da992f8b30609e2c53ccfd8983b3a4b0daf1d5302854329c145d0e0e876b5d4189ac82566582a5f357658bdb05b68744faec19b06d4353632829d7c75446ccf1db06eb1d4f18d6e10383eda4c1eab5644b22b200988c3b8109b680ca213a1bed4cd5660beecab2db9672f079748aa979801d0369af159c042440ea8a89661073793dbf7a995bac79f837b618e4905140c309b252b4fbc400d359b3839993072c7959d3f62028b89a356aba3a0f1d1b25c8c0f4b503b64056182fd6297017656b357b3567148ff5a97941eee39b5f049c0ed931ec2ee4a2b38103af63692b3e63812ce19239b26734c059f8383136b605ff94b9d63a8e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000200)=0x7ffffffc)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x8084)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_udp(0xa, 0x2, 0x0)

412.402928ms ago: executing program 3 (id=3979):
socket$inet6(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000072520300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0xffffffffffffffff, 0xa82)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000400)={0x20, 0x3, 0x6, 0x7, 0x0, 0xffffffff, 0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000780)={0x54, 0x0, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000070000000000000000000000b8cb9ec866f6deea7d17fb08373bab2ec122259bca69b1e517cc3bf34299a5aeb0da992f8b30609e2c53ccfd8983b3a4b0daf1d5302854329c145d0e0e876b5d4189ac82566582a5f357658bdb05b68744faec19b06d4353632829d7c75446ccf1db06eb1d4f18d6e10383eda4c1eab5644b22b200988c3b8109b680ca213a1bed4cd5660beecab2db9672f079748aa979801d0369af159c042440ea8a89661073793dbf7a995bac79f837b618e4905140c309b252b4fbc400d359b3839993072c7959d3f62028b89a356aba3a0f1d1b25c8c0f4b503b64056182fd6297017656b357b3567148ff5a97941eee39b5f049c0ed931ec2ee4a2b38103af63692b3e63812ce19239b26734c059f8383136b605ff94b9d63a8e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x800002, 0x0)
ioctl$EVIOCGRAB(r3, 0x40044590, 0x0)
ioctl$EVIOCGRAB(r3, 0x40044590, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_udp(0xa, 0x2, 0x0)

411.076489ms ago: executing program 2 (id=3980):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="63727566742c6d61703d6e6f726d616c2c73657373696f6e3d3078303030303030303030303030303031362c636865636b3d72656c617865642c636865636b3d72656c617865642c004ebe02d83839c183098ea4c343c253a3817a1be99fce11d4eb199c8293a8e4edde99717f074b2f8657ce6ba6ad43223cc53c7956558e58c034cc0480ac8c6aa3dc369cd820bf5e83cbc56c0a80d15de24e02d679ed41f8c6c857ae056f277f0cf61fd89cdbf69e958ecb1fb37260f1579c4aa969bbd1f441590c9176efa1e5b98583b0ed66fdc6f1c3311d3033b260303cc6556bd6ce3d5e3c85b1d4cf3d35b7dbce8b8545f832c1346e6a0dd95ed6144444fba9592efe8559", @ANYRES8, @ANYRES32=0x0, @ANYRES64], 0x1, 0x53b, &(0x7f0000000ac0)="$eJzs3d9r2+YawPFHaUJSF8rhnEMpIWnfpudACqmPbLcpppwLTX7tvK0sGUkuyVUJjVNCnW40Gyy5Gb3pNtj+iN7ujxj7h8pud5chyW6dX1ZIUzuE78e072vpsd5HstGDYksSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAglluz7ZIlnvHbq+pkbi0MmkPm95d370AzZFwRK/knMzNyM5t089+fZt9I/luQuezZnMwkzYzsXbvxj8f/mpzov35IQiOxs7v3ar3b7bwZdyJj0tC+iQLTdBpamShQ1asislKPVN14OlqLYt1UbqidOAjVontPlarVitLFtaDtN2qOp/sTH90v2/ayelJsaSeMAv9/T4qRu2I8z/iNNCaZncQ8Sj6IT02sYu00ldrc6nYqeUkmQaXTBJXzgsp2uVwqlcul5YfVh49se/LIBPsQORIx/g8txuuc9+DA2U306r94YsSXtqyKOvbhSk1CCaR5wvyefv3/7/TwcQfrf7/K3/w0e1bS+n8re3brpPp/Qi6je+zIruzJK1mXrnSlI2/GntFoHw3R4ouRSAIx0hQnnaJ6U5RUZVmWxZbnsiJ1iURJXYx4oiWSNYkkFp1+olwJRYsjsQQSipJFceWeKCnJ/nRVKqJES1HWJJC2+NKQmjjpUjZlK93ulSE5fgwqnSaoPCSI+o/Pd+77cOCs9vv1HwAAAAAAXFpW+tf35Ph/SuZFpiypG0/b404LAAAAAACco/Sb/7mkmUp682Jx/A8AAAAAwGVjpefYWSJSkNtZr38mFH8EAAAAAADgkki//7+VNIWkd1ssjv8BAAAAALhsfupffXfi0DV2/0inWpZErWnr9z8lDKest63V/1jbTjLD2b6Sve7K4SXG9Vnrem8habM82Xvm6jmrd/XLjxfB/NBrNvOu9W+dQwLyi9zJYu5sZO1Gf042SqFuPF10A+9xSRzn+kSsV+PvXm99L+nq/+w3r1uyudXtFF983d1Ic3mbLOXtdu8Cikeuozgkl29lPouZP36Np9ITMXrjFrJx7cH1n+i/cacf850sZDELhawtHFz/mWTMUvFxfz0OrX2WxfSMyGet+Tu5m8XcXbybNcdkUS6e9B70tkV5cPufaVucIotKXhaVvCyu/X9oFgAwLps5Vcg6WvjPsK8dTXV/J4tZzOJsumOdnD1mj27n7dHtz6zrvx25B9LxNbaUjvtrMu4PstXtlNJx3ycveH/iuJFXtkQmRfa3v5EbO7t797e21192XnZel8uVZfuBbT8sy9Tm1mTHTppux6b2AACOkX+PndwI60HOUfU/P/6koCgvRP7a39+QpfRsg/QXB8cutTDwM4SlnKPWwsAdXpZyjuoKAzd6OX1sZQTvBAAAo7OQU4dPU/+Xco67D9by4UfHg7UcAAB8GTr8YBXiH60wNK3npWq15MQrWoWB+1SFptbQyvixDt0Vx29o1QqDOHADL+k8MzUdqajdagVhrOpBqFpBZFbTO7+r3q3fI910/Ni4UcvTTqSVG/ix48aqZiJXtdpfeSZa0WH64qilXVM3rhObwFdR0A5dXVQq0nog0NS0H5u6Sbq+aoWm6YRr6lngtZta1XTkhqYVB9kC+2MZvx6EzXSxxXFvbAAALoid3b1X691u580X7Ix7HQEAwEFUaQAAAAAAAAAAAAAAAAAAAAAALr78E/iujuQcwYvVmb4YaYy7M3Ex0sg6M4Mf2wuQz7l1LLkQaRzujG+fBGA0/g4AAP//CXJN1A==")

382.581452ms ago: executing program 0 (id=3981):
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x170)
fgetxattr(r0, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

321.940778ms ago: executing program 0 (id=3982):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[], 0xb8}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00D'], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x18)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

288.385371ms ago: executing program 2 (id=3983):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="380000002000010029bd7000000000000a002064000000070000000008000a000800000014000200fc00000000000000000000000000000139565527a18d02f384a52adac35ead2a5db23c187114a26ec9c404404519e1f8047828102a1866500827a89dd5f2b6fee6861a360c5bc1ea195f99902533d87135f0f2530a3c9b8b3b19e1a7525547384105c08ec20e0fcb54790b7df968b71b"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
bind$xdp(0xffffffffffffffff, &(0x7f0000000180)={0x2c, 0x2}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x6}, 0x18)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000029c0)="6ec96f321f6c0e90a9fde29b292246234176e8fe843b932fa0d1df3dc2815b5490a59e665aeaba68475408f8f48fb9962bbf6058791109d4374cbfeba5a8e0ffbcd2926fd7815bfbc0b38d0b29f5ed0e3c655992c7b00af682dd10f7690e18af959a26934e1e1835a38fd63420877b00e1a693ad5b517c372c9722b1416cf5c7c33e02cde4cd1dc7859f6164779fb6d53534", 0x92}], 0x1}}], 0x1, 0x4001c00)

276.107642ms ago: executing program 0 (id=3984):
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x5, 0x200, 0x2000000, 0x3a2}, &(0x7f00000001c0), &(0x7f0000000180))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
socket(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x300c056, &(0x7f0000000d80)={[{@noload}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@errors_remount}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x55a, &(0x7f0000000480)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUvfAmctKTLluTNuuypprPB05533NO8p435zxvn5M3IQEMrYnsTyHixYj4Kok4HBFJvm008o0Ta/utPrw+my1JNBof/5E098vqredqPe5gXnkhIn75IuJkYWO7teWVhVK5nC7m9cl65cpkbXnl1KVKaT6dTy9Pz8yceXNm+p233+pbX187/9e3H919/8yXx1e/+en+kdtJnI1D+bb2fjyDG+2ViZjIX5OxOPvEjlN9aGw3SQZ9AGzLSB7nY5GNAYdjJI964L/v84hoAEMqEf8wpFp5QOvefvP74P/vUFaycx68t3YDtLH/o2vvjcS+5r3RgdXksTuj7H53vA/tZ238/Pud29kS/XsfAmBLN25GxOnR0Y3jX5KPf9t3uvPqfe2VJ9sw/sHOuZvlP693yn8K6/lPdMh/DnaI3e3YOv4L9/vQTFdZ/vdux/x3fdJqfCSv/a+Z840lFy+V09N5NnwixvZm9c3mc86s3mt029ae/2VL1n4rF8yP4/7o3scfM1eql56lz+0e3Ix4qWP+m6yf/6TD+c9ej/M9tnEsvfNKt21b9//5avwQ8WrH8/9oRivZfH5ysnk9TLauio3+vHXs127tD7r/2fk/sHn/x5P2+dra07fx/b6/027bHut/9H7970k+aZb35Ouuler1xamIPcmHG9dPP3psq97aP+v/ieObj3+drv/9EfFpj/2/dfTHl3vq/4DO/9xTnf+nL9z74LPvurXf2/j3RrN0Il/Ty/jX6wE+y2sHAAAAAAAAu00hIg5FUiiulwuFYnHt8x1H40ChXK3VT16sLl2ei+Z3ZcdjrNCa6T7c9nmIqfzzsK369BP1mYg4EhFfj+xv1ouz1fLcoDsPAAAAAAAAAAAAAAAAAAAAu8TBLt//z/w2MuijA547P/kNw2vL+O/HLz0Bu5L//zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPw0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQF+dP3cuWxqrD6/PZvW5q8tLC9Wrp+bS2kKxsjRbnK0uXinOV6vz5bQ4W61s9XzlavXK1HQsXZusp7X6ZG155UKlunS5fuFSpTSfXkjHdqRXAAAAAAAAAAAAAAAAAAAA8O9SW15ZKJXL6aKCwrYKo7vjMBT6XBj0yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj/wTAAD//wQrN8c=")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848350000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r4}, 0x9)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r8, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
close_range(r7, 0xffffffffffffffff, 0x0)

252.768195ms ago: executing program 5 (id=3985):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x5c}}, 0x20050800)

185.964781ms ago: executing program 4 (id=3986):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

130.408807ms ago: executing program 5 (id=3987):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0xe, 0x0, &(0x7f0000000940)="e0b9547e9f17dbe9abc89b6e0704", 0x0, 0x40000003, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r2, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
write$selinux_validatetrans(r3, &(0x7f0000001cc0)=ANY=[@ANYBLOB='system_h:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r6=>0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000ffff27bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="fda65f0500000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n'], 0x44}, 0x1, 0x0, 0x0, 0x308}, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
r9 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r9, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x183, 0x6}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r11 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, 0x0)
fcntl$setlease(r11, 0x400, 0x0)
mq_open(&(0x7f0000000140)='$@\x00', 0x1, 0x0, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r9, 0x80045505, &(0x7f0000000000)=0x1)

125.368377ms ago: executing program 2 (id=3988):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x18)
ppoll(&(0x7f0000000d40)=[{0xffffffffffffffff, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 3 (id=3989):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8)
creat(&(0x7f0000000100)='./bus\x00', 0x8c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x60040, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000240), &(0x7f0000000280)=r5}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
r6 = open(&(0x7f00000001c0)='./file2\x00', 0x64842, 0x389b0d52417bb205)
pwritev2(r6, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x69000}], 0x1, 0x7000, 0x0, 0x3)

kernel console output (not intermixed with test programs):

1][T15152] RSP: 002b:00007f67a41af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  324.613282][T15152] RAX: ffffffffffffffda RBX: 00007f67a59a5fa0 RCX: 00007f67a574f6c9
[  324.613411][T15152] RDX: 0000200000000200 RSI: 00000000c0105512 RDI: 0000000000000003
[  324.613426][T15152] RBP: 00007f67a41af090 R08: 0000000000000000 R09: 0000000000000000
[  324.613440][T15152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.613454][T15152] R13: 00007f67a59a6038 R14: 00007f67a59a5fa0 R15: 00007fff327e9828
[  324.613473][T15152]  </TASK>
[  324.803104][T15038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  324.829109][T15038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  324.851085][T15151] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.896030][T15161] loop2: detected capacity change from 0 to 164
[  324.938523][T15038] hsr_slave_0: entered promiscuous mode
[  324.951495][T15038] hsr_slave_1: entered promiscuous mode
[  324.968321][T15038] debugfs: 'hsr0' already exists in 'hsr'
[  324.974109][T15038] Cannot create hsr debugfs directory
[  324.989575][T15151] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.080612][T15151] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.156334][T15178] loop3: detected capacity change from 0 to 512
[  325.226417][T15183] netlink: 'syz.0.3592': attribute type 10 has an invalid length.
[  325.280416][T15180] netlink: 'syz.0.3592': attribute type 10 has an invalid length.
[  325.328311][T15178] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.3590: inode #0: comm syz.3.3590: iget: illegal inode #
[  325.343166][T15178] EXT4-fs (loop3): get orphan inode failed
[  325.349473][T15178] EXT4-fs (loop3): mount failed
[  325.360045][T15038] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  325.394205][T15038] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  325.433912][T15038] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  325.490521][T15038] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  325.525312][T15151] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.542122][T15183] bond0: (slave dummy0): Releasing backup interface
[  325.557119][T15183] team0: Port device dummy0 added
[  325.587373][T15180] team0: Port device dummy0 removed
[  325.595418][T15178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3590'.
[  325.607515][T15180] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  325.651425][T15178] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3590'.
[  325.682231][ T2631] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  325.690970][ T2631] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  325.730114][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  325.756193][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  325.787893][T15208] loop0: detected capacity change from 0 to 164
[  325.800330][T15038] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.806225][T15211] loop4: detected capacity change from 0 to 128
[  325.823807][T15211] RDS: rds_bind could not find a transport for ::ffff:172.30.1.5, load rds_tcp or rds_rdma?
[  325.832840][T15038] 8021q: adding VLAN 0 to HW filter on device team0
[  325.886025][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.893164][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.928241][T15211] siw: device registration error -23
[  325.945210][T15214] loop0: detected capacity change from 0 to 164
[  325.983500][ T2631] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.990607][ T2631] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.122820][T15228] FAULT_INJECTION: forcing a failure.
[  326.122820][T15228] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.122930][T15038] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.135902][T15228] CPU: 1 UID: 0 PID: 15228 Comm: syz.0.3600 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  326.135930][T15228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  326.135999][T15228] Call Trace:
[  326.136005][T15228]  <TASK>
[  326.136013][T15228]  __dump_stack+0x1d/0x30
[  326.136037][T15228]  dump_stack_lvl+0xe8/0x140
[  326.136058][T15228]  dump_stack+0x15/0x1b
[  326.136133][T15228]  should_fail_ex+0x265/0x280
[  326.136154][T15228]  should_fail+0xb/0x20
[  326.136172][T15228]  should_fail_usercopy+0x1a/0x20
[  326.136217][T15228]  _copy_from_iter+0xd2/0xe80
[  326.136245][T15228]  ? __pfx_woken_wake_function+0x10/0x10
[  326.136309][T15228]  file_tty_write+0x322/0x690
[  326.136335][T15228]  ? __pfx_tty_write+0x10/0x10
[  326.136357][T15228]  tty_write+0x25/0x30
[  326.136385][T15228]  vfs_write+0x52a/0x960
[  326.136450][T15228]  ksys_write+0xda/0x1a0
[  326.136479][T15228]  __x64_sys_write+0x40/0x50
[  326.136508][T15228]  x64_sys_call+0x2802/0x3000
[  326.136534][T15228]  do_syscall_64+0xd2/0x200
[  326.136558][T15228]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  326.136605][T15228]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  326.136719][T15228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.136818][T15228] RIP: 0033:0x7fba815ef6c9
[  326.136836][T15228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.136856][T15228] RSP: 002b:00007fba80057038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  326.136877][T15228] RAX: ffffffffffffffda RBX: 00007fba81845fa0 RCX: 00007fba815ef6c9
[  326.136892][T15228] RDX: 0000000000001006 RSI: 0000200000000000 RDI: 0000000000000004
[  326.136906][T15228] RBP: 00007fba80057090 R08: 0000000000000000 R09: 0000000000000000
[  326.136920][T15228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.136991][T15228] R13: 00007fba81846038 R14: 00007fba81845fa0 R15: 00007fff5b9693d8
[  326.137010][T15228]  </TASK>
[  326.415533][T15241] netlink: 'syz.0.3603': attribute type 10 has an invalid length.
[  326.428180][T15241] bond0: (slave dummy0): Releasing backup interface
[  326.446183][T15241] team0: Port device dummy0 added
[  326.458119][T15244] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.523262][T15244] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.533477][T15246] loop0: detected capacity change from 0 to 8192
[  326.550426][T15253] netlink: 'syz.3.3606': attribute type 10 has an invalid length.
[  326.572246][T15246] serio: Serial port ptm0
[  326.576917][T15253] bond0: (slave dummy0): Releasing backup interface
[  326.587789][T15253] team0: Port device dummy0 added
[  326.595880][T15253] netlink: 'syz.3.3606': attribute type 10 has an invalid length.
[  326.596695][T15244] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.616876][T15253] team0: Port device dummy0 removed
[  326.623868][T15253] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  326.629545][   T29] kauditd_printk_skb: 210 callbacks suppressed
[  326.629560][   T29] audit: type=1400 audit(1763065100.126:19327): avc:  denied  { mounton } for  pid=15245 comm="syz.0.3605" path="/161/file2/bus" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[  326.647427][T15038] veth0_vlan: entered promiscuous mode
[  326.685998][T15246] syz.0.3605: attempt to access beyond end of device
[  326.685998][T15246] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  326.700314][T15244] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.705533][T15246] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  326.714600][T15258] loop3: detected capacity change from 0 to 128
[  326.718064][T15246] FAT-fs (loop0): Filesystem has been set read-only
[  326.734223][T15258] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma?
[  326.736510][T15038] veth1_vlan: entered promiscuous mode
[  326.746268][T15258] siw: device registration error -23
[  326.763770][T15038] veth0_macvtap: entered promiscuous mode
[  326.765769][T15246] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  326.773313][T15038] veth1_macvtap: entered promiscuous mode
[  326.792197][T15038] batman_adv: batadv0: Interface activated: batadv_slave_0
[  326.800665][T15246] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  326.809644][T15038] batman_adv: batadv0: Interface activated: batadv_slave_1
[  326.822484][ T2631] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  326.842183][ T2631] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  326.879320][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  326.889552][   T29] audit: type=1400 audit(1763065100.386:19328): avc:  denied  { mount } for  pid=15038 comm="syz-executor" name="/" dev="gadgetfs" ino=4703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  326.912541][T11267] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  326.938087][T11267] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  326.952321][T11267] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  326.960830][T11267] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  326.972155][   T29] audit: type=1400 audit(1763065100.466:19329): avc:  denied  { unmount } for  pid=12586 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  327.010781][T11267] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.030726][T15269] netlink: 'syz.2.3612': attribute type 10 has an invalid length.
[  327.081946][T15276] netlink: 'syz.2.3612': attribute type 10 has an invalid length.
[  327.094341][T15275] loop0: detected capacity change from 0 to 164
[  327.110696][T15276] team0: Port device dummy0 removed
[  327.159196][T15276] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  327.458264][T15291] netlink: 'syz.5.3616': attribute type 10 has an invalid length.
[  327.532549][T15285] netlink: 'syz.5.3616': attribute type 10 has an invalid length.
[  327.564906][T15291] team0: Port device dummy0 added
[  327.574901][T15300] loop0: detected capacity change from 0 to 512
[  327.587654][T15300] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.3619: error while reading EA inode 32 err=-116
[  327.600496][T15285] team0: Port device dummy0 removed
[  327.607196][T15300] EXT4-fs (loop0): Remounting filesystem read-only
[  327.608268][T15285] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  327.614103][T15300] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  327.633009][T15300] EXT4-fs (loop0): 1 orphan inode deleted
[  327.639395][T15300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  327.652825][T15300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.694224][T15304] loop5: detected capacity change from 0 to 1024
[  327.713480][T15307] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.730170][T15304] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  327.745481][T15304] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3620: bg 0: block 88: padding at end of block bitmap is not set
[  327.759897][T15304] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  327.780547][T15307] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.806211][T15312] loop3: detected capacity change from 0 to 512
[  327.814734][T15312] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.3622: error while reading EA inode 32 err=-116
[  327.827447][T15312] EXT4-fs (loop3): Remounting filesystem read-only
[  327.834140][T15312] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  327.844442][T15312] EXT4-fs (loop3): 1 orphan inode deleted
[  327.850547][T15312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  327.863459][T15312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.890511][T15307] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.965790][T15307] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.976910][T15321] loop4: detected capacity change from 0 to 1024
[  327.983922][T15321] EXT4-fs: Ignoring removed nobh option
[  327.989646][T15321] EXT4-fs: Ignoring removed bh option
[  328.015610][T15321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.034266][T15321] netlink: 'syz.4.3625': attribute type 10 has an invalid length.
[  328.054514][T15321] veth0_vlan: left promiscuous mode
[  328.060471][T15321] veth0_vlan: entered promiscuous mode
[  328.066867][T15321] team0: Device veth0_vlan failed to register rx_handler
[  328.077951][  T558] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.106769][T15328] macvtap4: entered allmulticast mode
[  328.113911][T15328] batman_adv: batadv0: Adding interface: macvtap4
[  328.120412][T15328] batman_adv: batadv0: The MTU of interface macvtap4 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  328.147021][T15328] batman_adv: batadv0: Interface activated: macvtap4
[  328.154057][  T558] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.174040][  T558] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.215145][  T558] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.224137][T13377] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.255325][T15333] syzkaller1: entered promiscuous mode
[  328.260852][T15333] syzkaller1: entered allmulticast mode
[  328.269194][T15329] hub 1-0:1.0: USB hub found
[  328.273962][   T29] audit: type=1326 audit(1763065101.766:19330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.297682][   T29] audit: type=1326 audit(1763065101.766:19331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.321278][   T29] audit: type=1326 audit(1763065101.766:19332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.344841][   T29] audit: type=1326 audit(1763065101.766:19333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.368530][   T29] audit: type=1326 audit(1763065101.766:19334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.392143][   T29] audit: type=1326 audit(1763065101.766:19335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.415536][   T29] audit: type=1326 audit(1763065101.766:19336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15332 comm="syz.4.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  328.448323][T15329] hub 1-0:1.0: 8 ports detected
[  328.555341][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.594602][T15337] loop2: detected capacity change from 0 to 512
[  328.608105][T15337] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.3629: error while reading EA inode 32 err=-116
[  328.621064][T15337] EXT4-fs (loop2): Remounting filesystem read-only
[  328.627922][T15337] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  328.638304][T15337] EXT4-fs (loop2): 1 orphan inode deleted
[  328.644898][T15337] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  328.657679][T15337] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.740319][T15348] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  329.366690][T15364] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.404388][T15361] loop0: detected capacity change from 0 to 8192
[  329.404457][T15366] bond0: (slave dummy0): Releasing backup interface
[  329.424818][T15366] team0: Port device dummy0 added
[  329.451951][T15364] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.472688][T15366] team0: Port device dummy0 removed
[  329.481345][T15366] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  329.496294][T15366] Cannot find add_set index 0 as target
[  329.503484][T15364] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.557699][T15371] loop2: detected capacity change from 0 to 2048
[  329.590986][T15364] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.602562][T15371] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  329.646555][T15375] loop0: detected capacity change from 0 to 128
[  329.676272][T11267] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.692242][T15380] bond0: (slave dummy0): Releasing backup interface
[  329.713310][T15380] team0: Port device dummy0 added
[  329.717945][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.727798][ T2631] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.745747][ T2631] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.758889][T15380] team0: Port device dummy0 removed
[  329.766448][T15380] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  329.775602][ T2631] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.777494][T15383] loop3: detected capacity change from 0 to 512
[  329.825453][T15386] bond0: (slave dummy0): Releasing backup interface
[  329.833850][T15383] EXT4-fs (loop3): orphan cleanup on readonly fs
[  329.835434][T15386] team0: Port device dummy0 added
[  329.843046][T15383] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3646: bg 0: block 248: padding at end of block bitmap is not set
[  329.860037][T15386] team0: Port device dummy0 removed
[  329.865762][T15383] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.3646: Failed to acquire dquot type 1
[  329.868258][T15386] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  329.878049][T15383] EXT4-fs (loop3): 1 truncate cleaned up
[  329.890851][T15386] Cannot find add_set index 0 as target
[  329.897569][T15383] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  329.898467][T15387] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.965179][T15390] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.976174][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.987200][T15387] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.010531][T15395] loop3: detected capacity change from 0 to 1024
[  330.017495][T15395] EXT4-fs: Ignoring removed nobh option
[  330.023162][T15395] EXT4-fs: Ignoring removed bh option
[  330.031400][T15387] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.042447][T15395] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  330.066296][T15395] veth0_vlan: left promiscuous mode
[  330.067304][T15401] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  330.072577][T15395] veth0_vlan: entered promiscuous mode
[  330.078027][T15401] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  330.078137][T15401] vhci_hcd vhci_hcd.0: Device attached
[  330.085687][T15395] team0: Device veth0_vlan failed to register rx_handler
[  330.107245][T15402] vhci_hcd: connection closed
[  330.107571][  T558] vhci_hcd: stop threads
[  330.116734][  T558] vhci_hcd: release socket
[  330.121195][  T558] vhci_hcd: disconnect device
[  330.130418][T15387] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.257188][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.281177][T15405] validate_nla: 7 callbacks suppressed
[  330.281188][T15405] netlink: 'syz.3.3652': attribute type 10 has an invalid length.
[  330.295909][T15405] bond0: (slave dummy0): Releasing backup interface
[  330.304537][T15405] team0: Port device dummy0 added
[  330.313286][T15390] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.315165][T15405] netlink: 'syz.3.3652': attribute type 10 has an invalid length.
[  330.333518][T15405] team0: Port device dummy0 removed
[  330.340707][T15405] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  330.360018][T15405] Cannot find add_set index 0 as target
[  330.382315][T15390] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.491530][T15390] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.908923][T15419] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.943373][   T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.955322][   T12] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.972489][   T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.988273][   T12] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.041804][T15428] tipc: Started in network mode
[  331.046718][T15428] tipc: Node identity ac14140f, cluster identity 4711
[  331.053763][T15428] tipc: New replicast peer: 255.255.255.32
[  331.059790][T15428] tipc: Enabled bearer <udp:s>, priority 10
[  331.067282][T15419] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.110348][T15419] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.371332][T15419] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.445192][T15441] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.499140][T15435] loop5: detected capacity change from 0 to 8192
[  331.530768][T15441] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.570855][T15441] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.629775][T15441] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.661343][T15445] bridge0: entered promiscuous mode
[  331.666582][T15445] macvtap1: entered allmulticast mode
[  331.672001][T15445] bridge0: entered allmulticast mode
[  331.690598][T15445] batman_adv: batadv0: Adding interface: macvtap1
[  331.697035][T15445] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  331.730289][T15445] batman_adv: batadv0: Interface activated: macvtap1
[  331.750654][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.769269][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.777520][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.793769][T15445] hub 1-0:1.0: USB hub found
[  331.795881][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.824229][T15445] hub 1-0:1.0: 8 ports detected
[  331.979546][   T29] kauditd_printk_skb: 485 callbacks suppressed
[  331.979561][   T29] audit: type=1400 audit(1763065105.476:19820): avc:  denied  { ioctl } for  pid=15459 comm="syz.4.3673" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=250 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  332.014712][T15461] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3672'.
[  332.069361][T15463] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3674'.
[  332.080507][T15463] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3674'.
[  332.089502][T15463] netem: unknown loss type 13
[  332.094194][T15463] netem: change failed
[  332.178764][ T3364] tipc: Node number set to 2886997007
[  332.215720][T15471] macvtap6: entered allmulticast mode
[  332.236746][T15471] hub 1-0:1.0: USB hub found
[  332.247210][T15471] hub 1-0:1.0: 8 ports detected
[  332.864740][T15489] loop2: detected capacity change from 0 to 2048
[  332.887698][T15489] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.905173][   T29] audit: type=1326 audit(1763065106.396:19821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  332.968780][   T29] audit: type=1326 audit(1763065106.426:19822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  332.992488][   T29] audit: type=1326 audit(1763065106.426:19823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.016090][   T29] audit: type=1326 audit(1763065106.426:19824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.039655][   T29] audit: type=1326 audit(1763065106.426:19825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.063221][   T29] audit: type=1326 audit(1763065106.426:19826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.086965][   T29] audit: type=1326 audit(1763065106.426:19827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.110638][   T29] audit: type=1326 audit(1763065106.426:19828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.134205][   T29] audit: type=1326 audit(1763065106.426:19829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15488 comm="syz.2.3684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  333.188639][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.226585][T15499] netlink: 'syz.4.3687': attribute type 10 has an invalid length.
[  333.236596][T15499] team0: Port device dummy0 added
[  333.259323][T15503] netlink: 'syz.2.3688': attribute type 10 has an invalid length.
[  333.340234][  T558] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  333.370285][  T558] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.378502][  T558] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  333.382067][T15513] loop4: detected capacity change from 0 to 512
[  333.401272][  T558] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.412712][T15513] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.3689: error while reading EA inode 32 err=-116
[  333.425686][T15513] EXT4-fs (loop4): Remounting filesystem read-only
[  333.432461][T15513] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  333.442700][T15513] EXT4-fs (loop4): 1 orphan inode deleted
[  333.457874][T15513] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.474612][T15512] loop2: detected capacity change from 0 to 8192
[  333.476448][T15513] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.547867][T15524] loop0: detected capacity change from 0 to 2048
[  333.561826][T15524] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.645598][T15530] macvtap7: entered allmulticast mode
[  333.680465][T15530] hub 1-0:1.0: USB hub found
[  333.690858][T15530] hub 1-0:1.0: 8 ports detected
[  333.739681][T12586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.053468][  T558] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  334.145538][  T558] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  334.219913][  T558] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  334.289851][  T558] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  334.336999][T15544] loop3: detected capacity change from 0 to 1024
[  334.358556][T15544] EXT4-fs: Ignoring removed nobh option
[  334.364388][T15544] EXT4-fs: Ignoring removed bh option
[  334.417419][T15544] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  334.437151][T15544] netlink: 'syz.3.3702': attribute type 10 has an invalid length.
[  334.445662][T15544] veth0_vlan: left promiscuous mode
[  334.451522][T15544] veth0_vlan: entered promiscuous mode
[  334.458540][T15544] team0: Device veth0_vlan failed to register rx_handler
[  334.575832][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.656173][T15576] FAULT_INJECTION: forcing a failure.
[  334.656173][T15576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.669371][T15576] CPU: 0 UID: 0 PID: 15576 Comm: syz.3.3715 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  334.669403][T15576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  334.669419][T15576] Call Trace:
[  334.669427][T15576]  <TASK>
[  334.669458][T15576]  __dump_stack+0x1d/0x30
[  334.669481][T15576]  dump_stack_lvl+0xe8/0x140
[  334.669563][T15576]  dump_stack+0x15/0x1b
[  334.669586][T15576]  should_fail_ex+0x265/0x280
[  334.669610][T15576]  should_fail+0xb/0x20
[  334.669626][T15576]  should_fail_usercopy+0x1a/0x20
[  334.669649][T15576]  strncpy_from_user+0x25/0x230
[  334.669683][T15576]  ? kmem_cache_alloc_noprof+0x242/0x480
[  334.669717][T15576]  ? getname_flags+0x80/0x3b0
[  334.669853][T15576]  getname_flags+0xae/0x3b0
[  334.669887][T15576]  __se_sys_newlstat+0x4b/0x280
[  334.669936][T15576]  ? fput+0x8f/0xc0
[  334.669996][T15576]  ? ksys_write+0x192/0x1a0
[  334.670052][T15576]  __x64_sys_newlstat+0x31/0x40
[  334.670086][T15576]  x64_sys_call+0x1b88/0x3000
[  334.670114][T15576]  do_syscall_64+0xd2/0x200
[  334.670174][T15576]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  334.670212][T15576]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  334.670316][T15576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.670338][T15576] RIP: 0033:0x7f50116ff6c9
[  334.670356][T15576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.670379][T15576] RSP: 002b:00007f5010167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  334.670401][T15576] RAX: ffffffffffffffda RBX: 00007f5011955fa0 RCX: 00007f50116ff6c9
[  334.670414][T15576] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000200000000140
[  334.670488][T15576] RBP: 00007f5010167090 R08: 0000000000000000 R09: 0000000000000000
[  334.670504][T15576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.670583][T15576] R13: 00007f5011956038 R14: 00007f5011955fa0 R15: 00007ffd804a7948
[  334.670661][T15576]  </TASK>
[  334.926737][T15570] loop4: detected capacity change from 0 to 8192
[  335.055215][T15585] netlink: 'syz.3.3717': attribute type 10 has an invalid length.
[  335.072638][T15585] bond0: (slave dummy0): Releasing backup interface
[  335.084285][T15585] team0: Port device dummy0 added
[  335.092132][T15582] netlink: 'syz.3.3717': attribute type 10 has an invalid length.
[  335.103277][T15582] team0: Port device dummy0 removed
[  335.111238][T15582] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  335.221768][T15594] loop3: detected capacity change from 0 to 164
[  335.309082][T15597] loop4: detected capacity change from 0 to 1024
[  335.368194][T15603] loop3: detected capacity change from 0 to 1024
[  335.376426][T15603] EXT4-fs: Ignoring removed nobh option
[  335.382040][T15603] EXT4-fs: Ignoring removed bh option
[  335.392288][T15597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.416109][T15597] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3722: bg 0: block 88: padding at end of block bitmap is not set
[  335.435217][T15597] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  335.450558][T15603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.485164][T15612] netlink: 'syz.2.3726': attribute type 10 has an invalid length.
[  335.494652][T15603] netlink: 'syz.3.3724': attribute type 10 has an invalid length.
[  335.506743][T15612] bond0: (slave dummy0): Releasing backup interface
[  335.516005][T15612] team0: Port device dummy0 added
[  335.522282][T15603] veth0_vlan: left promiscuous mode
[  335.528117][T15603] veth0_vlan: entered promiscuous mode
[  335.535131][T15603] team0: Device veth0_vlan failed to register rx_handler
[  335.539626][T15617] netlink: 'syz.2.3726': attribute type 10 has an invalid length.
[  335.551061][T15616] netlink: 'syz.5.3729': attribute type 10 has an invalid length.
[  335.560941][T15616] bond0: (slave dummy0): Releasing backup interface
[  335.569912][T15616] team0: Port device dummy0 added
[  335.576736][T15616] netlink: 'syz.5.3729': attribute type 10 has an invalid length.
[  335.585021][T15617] team0: Port device dummy0 removed
[  335.592753][T15617] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  335.606936][T15616] team0: Port device dummy0 removed
[  335.614616][T15616] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  335.631485][T15616] Cannot find add_set index 0 as target
[  335.658062][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.692961][   T52] Bluetooth: hci0: Frame reassembly failed (-84)
[  335.702552][T15626] netlink: 'syz.3.3732': attribute type 10 has an invalid length.
[  335.712712][T15626] bond0: (slave dummy0): Releasing backup interface
[  335.721834][T15626] team0: Port device dummy0 added
[  335.727203][T15624] loop5: detected capacity change from 0 to 8192
[  335.729646][T15626] netlink: 'syz.3.3732': attribute type 10 has an invalid length.
[  335.742871][T15624] syz.5.3733: attempt to access beyond end of device
[  335.742871][T15624] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  335.756745][T15626] team0: Port device dummy0 removed
[  335.756863][T15624] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  335.769802][T15624] FAT-fs (loop5): Filesystem has been set read-only
[  335.770032][T15626] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  335.777157][T15624] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  335.793517][T15624] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  336.273192][T13377] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.321235][T15643] loop5: detected capacity change from 0 to 512
[  336.331179][T15645] macvtap8: entered allmulticast mode
[  336.364838][T15645] batman_adv: batadv0: Adding interface: macvtap8
[  336.371328][T15645] batman_adv: batadv0: The MTU of interface macvtap8 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  336.412246][T15643] EXT4-fs error (device loop5): ext4_init_orphan_info:581: comm syz.5.3735: inode #0: comm syz.5.3735: iget: illegal inode #
[  336.427200][T15645] batman_adv: batadv0: Interface activated: macvtap8
[  336.438614][T15643] EXT4-fs (loop5): get orphan inode failed
[  336.449359][T15643] EXT4-fs (loop5): mount failed
[  336.580926][T15649] hub 1-0:1.0: USB hub found
[  336.595539][T15649] hub 1-0:1.0: 8 ports detected
[  337.150168][T15666] loop3: detected capacity change from 0 to 164
[  337.268195][T15671] loop3: detected capacity change from 0 to 512
[  337.296711][T15671] EXT4-fs (loop3): orphan cleanup on readonly fs
[  337.305995][T15671] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3742: bg 0: block 248: padding at end of block bitmap is not set
[  337.329216][T15671] __quota_error: 636 callbacks suppressed
[  337.329249][T15671] Quota error (device loop3): write_blk: dquota write failed
[  337.342508][T15671] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  337.352538][T15671] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.3742: Failed to acquire dquot type 1
[  337.398698][T15671] EXT4-fs (loop3): 1 truncate cleaned up
[  337.425776][T15671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  337.487032][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.594291][T15711] syzkaller1: entered promiscuous mode
[  337.599906][T15711] syzkaller1: entered allmulticast mode
[  337.622556][T15717] program syz.3.3751 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  337.632346][   T29] audit: type=1400 audit(1763065111.136:20466): avc:  denied  { block_suspend } for  pid=15716 comm="syz.3.3751" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  337.719968][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  337.743323][   T29] audit: type=1326 audit(1763065111.226:20467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.766937][   T29] audit: type=1326 audit(1763065111.226:20468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.790612][   T29] audit: type=1326 audit(1763065111.226:20469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.814207][   T29] audit: type=1326 audit(1763065111.226:20470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.837797][   T29] audit: type=1326 audit(1763065111.226:20471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.861375][   T29] audit: type=1326 audit(1763065111.226:20472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.885281][   T29] audit: type=1326 audit(1763065111.226:20473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15736 comm="syz.5.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98bbbf6c9 code=0x7ffc0000
[  337.885769][T15746] loop5: detected capacity change from 0 to 512
[  337.915970][T15747] tipc: Started in network mode
[  337.920892][T15747] tipc: Node identity ac14140f, cluster identity 4711
[  337.927853][T15747] tipc: New replicast peer: 255.255.255.32
[  337.933716][T15747] tipc: Enabled bearer <udp:s>, priority 10
[  337.979427][T15746] EXT4-fs (loop5): orphan cleanup on readonly fs
[  337.991365][T15746] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3757: bg 0: block 248: padding at end of block bitmap is not set
[  338.013201][T15746] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.3757: Failed to acquire dquot type 1
[  338.028464][T15746] EXT4-fs (loop5): 1 truncate cleaned up
[  338.034894][T15746] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  338.066593][T15755] netlink: 'syz.3.3761': attribute type 10 has an invalid length.
[  338.075825][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.085310][T15755] bond0: (slave dummy0): Releasing backup interface
[  338.094357][T15755] team0: Port device dummy0 added
[  338.482984][T15772] netlink: 'syz.3.3767': attribute type 10 has an invalid length.
[  338.527009][T15772] team0: Port device dummy0 removed
[  338.534391][T15772] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  338.562467][T15774] loop2: detected capacity change from 0 to 1024
[  338.566523][T15764] loop0: detected capacity change from 0 to 8192
[  338.583813][T15775] loop5: detected capacity change from 0 to 512
[  338.652253][T15775] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.3762: error while reading EA inode 32 err=-116
[  338.679566][T15774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.693551][T12586] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  338.701445][T12586] FAT-fs (loop0): Filesystem has been set read-only
[  338.739128][T15774] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3768: bg 0: block 88: padding at end of block bitmap is not set
[  338.754498][T15775] EXT4-fs (loop5): Remounting filesystem read-only
[  338.766432][T15775] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  338.776850][T15774] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  338.794290][T15796] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  338.801746][T15775] EXT4-fs (loop5): 1 orphan inode deleted
[  338.806270][T15799] loop4: detected capacity change from 0 to 512
[  338.808556][T15775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.834444][T15799] EXT4-fs (loop4): orphan cleanup on readonly fs
[  338.841952][T15775] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.849676][T15799] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3772: bg 0: block 248: padding at end of block bitmap is not set
[  338.876949][T15799] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.3772: Failed to acquire dquot type 1
[  338.889739][T15808] loop0: detected capacity change from 0 to 164
[  338.910989][T15799] EXT4-fs (loop4): 1 truncate cleaned up
[  338.917855][T15799] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  338.938861][ T1049] tipc: Node number set to 2886997007
[  338.947059][T15812] loop3: detected capacity change from 0 to 128
[  338.954503][T13377] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.072512][T15816] loop4: detected capacity change from 0 to 8192
[  339.094660][T15818] loop0: detected capacity change from 0 to 8192
[  339.127661][T15816] serio: Serial port ptm0
[  339.149896][T15821] loop5: detected capacity change from 0 to 164
[  339.232955][T15816] syz.4.3778: attempt to access beyond end of device
[  339.232955][T15816] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  339.260732][T15826] netlink: 'syz.0.3781': attribute type 10 has an invalid length.
[  339.283667][T15816] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  339.291638][T15816] FAT-fs (loop4): Filesystem has been set read-only
[  339.298695][T15816] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  339.380310][T15816] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  339.538332][T15835] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  339.598594][T15838] loop4: detected capacity change from 0 to 164
[  339.650750][ T2631] kworker/u8:6: attempt to access beyond end of device
[  339.650750][ T2631] loop3: rw=1, sector=145, nr_sectors = 896 limit=128
[  339.863440][T15844] loop5: detected capacity change from 0 to 512
[  339.928739][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.987693][T15844] EXT4-fs (loop5): orphan cleanup on readonly fs
[  340.057367][T15849] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  340.063905][T15849] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  340.071498][T15849] vhci_hcd vhci_hcd.0: Device attached
[  340.085802][T15844] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3788: bg 0: block 248: padding at end of block bitmap is not set
[  340.106914][T15850] vhci_hcd: connection closed
[  340.107196][   T52] vhci_hcd: stop threads
[  340.109297][T15844] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.3788: Failed to acquire dquot type 1
[  340.112046][   T52] vhci_hcd: release socket
[  340.120107][T15844] EXT4-fs (loop5): 1 truncate cleaned up
[  340.128029][   T52] vhci_hcd: disconnect device
[  340.152351][T15854] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3791'.
[  340.159651][T15844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  340.199089][T15854] macvtap5: left allmulticast mode
[  340.205490][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.263993][T15857] bond0: (slave dummy0): Releasing backup interface
[  340.276095][T15857] team0: Port device dummy0 added
[  340.334497][T15860] team0: Port device dummy0 removed
[  340.350338][T15860] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  340.365403][T15867] loop4: detected capacity change from 0 to 512
[  340.393837][T15867] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.3791: inode #0: comm syz.4.3791: iget: illegal inode #
[  340.397600][T15869] loop0: detected capacity change from 0 to 1024
[  340.455552][T15869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  340.468899][T15867] EXT4-fs (loop4): get orphan inode failed
[  340.475662][T15867] EXT4-fs (loop4): mount failed
[  340.491752][T15864] loop5: detected capacity change from 0 to 8192
[  340.501117][T15869] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3795: bg 0: block 88: padding at end of block bitmap is not set
[  340.534668][T15869] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  340.670959][T15876] loop5: detected capacity change from 0 to 1024
[  340.686281][T15878] validate_nla: 2 callbacks suppressed
[  340.686297][T15878] netlink: 'syz.3.3797': attribute type 10 has an invalid length.
[  340.701680][T15878] bond0: (slave dummy0): Releasing backup interface
[  340.710679][T15878] team0: Port device dummy0 added
[  340.722630][T15876] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  340.761040][T15876] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3796: bg 0: block 88: padding at end of block bitmap is not set
[  340.779256][T15876] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  340.903996][T15886] loop3: detected capacity change from 0 to 512
[  340.939757][T15886] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.3798: error while reading EA inode 32 err=-116
[  340.969963][T15886] EXT4-fs (loop3): Remounting filesystem read-only
[  340.986571][T15886] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  341.002552][T15886] EXT4-fs (loop3): 1 orphan inode deleted
[  341.004868][T15853] syz.4.3791 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  341.015473][T15886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.022389][T15853] CPU: 1 UID: 0 PID: 15853 Comm: syz.4.3791 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  341.022418][T15853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  341.022433][T15853] Call Trace:
[  341.022442][T15853]  <TASK>
[  341.022451][T15853]  __dump_stack+0x1d/0x30
[  341.022508][T15853]  dump_stack_lvl+0xe8/0x140
[  341.022532][T15853]  dump_stack+0x15/0x1b
[  341.022558][T15853]  dump_header+0x81/0x220
[  341.022586][T15853]  oom_kill_process+0x342/0x400
[  341.022624][T15853]  out_of_memory+0x979/0xb80
[  341.022661][T15853]  try_charge_memcg+0x610/0xa10
[  341.022770][T15853]  obj_cgroup_charge_pages+0xa6/0x150
[  341.022792][T15853]  __memcg_kmem_charge_page+0x9f/0x170
[  341.022816][T15853]  __alloc_frozen_pages_noprof+0x188/0x360
[  341.022866][T15853]  alloc_pages_mpol+0xb3/0x260
[  341.022969][T15853]  alloc_pages_noprof+0x90/0x130
[  341.022994][T15853]  __vmalloc_node_range_noprof+0x7a5/0xed0
[  341.023073][T15853]  __kvmalloc_node_noprof+0x483/0x670
[  341.023148][T15853]  ? ip_set_alloc+0x24/0x30
[  341.023259][T15853]  ? ip_set_alloc+0x24/0x30
[  341.023293][T15853]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  341.023330][T15853]  ip_set_alloc+0x24/0x30
[  341.023367][T15853]  hash_netiface_create+0x282/0x740
[  341.023406][T15853]  ? __pfx_hash_netiface_create+0x10/0x10
[  341.023501][T15853]  ip_set_create+0x3cc/0x970
[  341.023531][T15853]  ? __nla_parse+0x40/0x60
[  341.023587][T15853]  nfnetlink_rcv_msg+0x4c6/0x590
[  341.023638][T15853]  netlink_rcv_skb+0x123/0x220
[  341.023695][T15853]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  341.023734][T15853]  nfnetlink_rcv+0x167/0x16c0
[  341.023822][T15853]  ? kmem_cache_free+0xe4/0x3d0
[  341.023860][T15853]  ? __kfree_skb+0x109/0x150
[  341.023910][T15853]  ? nlmon_xmit+0x4f/0x60
[  341.024007][T15853]  ? consume_skb+0x49/0x150
[  341.024053][T15853]  ? nlmon_xmit+0x4f/0x60
[  341.024130][T15853]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  341.024171][T15853]  ? __dev_queue_xmit+0x1200/0x2000
[  341.024231][T15853]  ? __dev_queue_xmit+0x182/0x2000
[  341.024251][T15853]  ? kmem_cache_free+0x286/0x3d0
[  341.024318][T15853]  ? ref_tracker_free+0x37d/0x3e0
[  341.024363][T15853]  ? __netlink_deliver_tap+0x4dc/0x500
[  341.024406][T15853]  netlink_unicast+0x5c0/0x690
[  341.024510][T15853]  netlink_sendmsg+0x58b/0x6b0
[  341.024535][T15853]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.024557][T15853]  __sock_sendmsg+0x145/0x180
[  341.024612][T15853]  ____sys_sendmsg+0x31e/0x4e0
[  341.024654][T15853]  ___sys_sendmsg+0x17b/0x1d0
[  341.024688][T15853]  __x64_sys_sendmsg+0xd4/0x160
[  341.024760][T15853]  x64_sys_call+0x191e/0x3000
[  341.024787][T15853]  do_syscall_64+0xd2/0x200
[  341.024811][T15853]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  341.024898][T15853]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  341.024936][T15853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.025020][T15853] RIP: 0033:0x7f3f3643f6c9
[  341.025070][T15853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.025092][T15853] RSP: 002b:00007f3f34ea7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  341.025113][T15853] RAX: ffffffffffffffda RBX: 00007f3f36695fa0 RCX: 00007f3f3643f6c9
[  341.025128][T15853] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004
[  341.025214][T15853] RBP: 00007f3f364c1f91 R08: 0000000000000000 R09: 0000000000000000
[  341.025228][T15853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  341.025272][T15853] R13: 00007f3f36696038 R14: 00007f3f36695fa0 R15: 00007ffde2ee04c8
[  341.025297][T15853]  </TASK>
[  341.025305][T15853] memory: usage 307200kB, limit 307200kB, failcnt 1972
[  341.083360][T15886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.087261][T15853] memory+swap: usage 307768kB, limit 9007199254740988kB, failcnt 0
[  341.087279][T15853] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[  341.409263][T15853] Memory cgroup stats for /syz4:
[  341.409616][T15853] cache 0
[  341.417549][T15853] rss 0
[  341.420335][T15853] shmem 0
[  341.423269][T15853] mapped_file 0
[  341.426722][T15853] dirty 0
[  341.429699][T15853] writeback 0
[  341.432978][T15853] workingset_refault_anon 996
[  341.437684][T15853] workingset_refault_file 5367
[  341.442506][T15853] swap 581632
[  341.443518][T12586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.445783][T15853] swapcached 16384
[  341.445792][T15853] pgpgin 267557
[  341.445800][T15853] pgpgout 267553
[  341.445807][T15853] pgfault 313161
[  341.445815][T15853] pgmajfault 575
[  341.445822][T15853] inactive_anon 0
[  341.445830][T15853] active_anon 16384
[  341.445837][T15853] inactive_file 0
[  341.445879][T15853] active_file 0
[  341.445886][T15853] unevictable 0
[  341.445894][T15853] hierarchical_memory_limit 314572800
[  341.445904][T15853] hierarchical_memsw_limit 9223372036854771712
[  341.502236][T15853] total_cache 0
[  341.505689][T15853] total_rss 0
[  341.509007][T15853] total_shmem 0
[  341.512482][T15853] total_mapped_file 0
[  341.516493][T15853] total_dirty 0
[  341.519977][T15853] total_writeback 0
[  341.523360][T15889] tipc: Started in network mode
[  341.523775][T15853] total_workingset_refault_anon 996
[  341.523787][T15853] total_workingset_refault_file 5367
[  341.528651][T15889] tipc: Node identity ac14140f, cluster identity 4711
[  341.533850][T15853] total_swap 581632
[  341.533861][T15853] total_swapcached 16384
[  341.533870][T15853] total_pgpgin 267557
[  341.539846][T15889] tipc: New replicast peer: 255.255.255.32
[  341.545891][T15853] total_pgpgout 267553
[  341.545901][T15853] total_pgfault 313161
[  341.545909][T15853] total_pgmajfault 575
[  341.549772][T15889] tipc: Enabled bearer <udp:s>, priority 10
[  341.553944][T15853] total_inactive_anon 0
[  341.553956][T15853] total_active_anon 16384
[  341.553963][T15853] total_inactive_file 0
[  341.553971][T15853] total_active_file 0
[  341.554001][T15853] total_unevictable 0
[  341.554009][T15853] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3791,pid=15852,uid=0
[  341.617253][T15853] Memory cgroup out of memory: Killed process 15852 (syz.4.3791) total-vm:100376kB, anon-rss:1244kB, file-rss:26676kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000
[  341.635572][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.724853][T15891] loop0: detected capacity change from 0 to 8192
[  341.789032][T15891] syz.0.3801: attempt to access beyond end of device
[  341.789032][T15891] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  341.805315][T15903] loop3: detected capacity change from 0 to 128
[  341.829128][T15857] Cannot find add_set index 0 as target
[  341.829461][T15903] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma?
[  341.844910][T15891] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  341.852822][T15891] FAT-fs (loop0): Filesystem has been set read-only
[  341.856390][T15903] siw: device registration error -23
[  341.889406][T15907] netlink: 'syz.5.3806': attribute type 10 has an invalid length.
[  341.897656][T15891] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  341.906375][T15907] bond0: (slave dummy0): Releasing backup interface
[  341.913577][T15891] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  341.940591][T15912] netlink: 'syz.5.3806': attribute type 10 has an invalid length.
[  341.975657][T15907] team0: Port device dummy0 added
[  342.027164][T15912] team0: Port device dummy0 removed
[  342.041457][T15912] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  342.145588][T15911] loop3: detected capacity change from 0 to 8192
[  342.227596][T15911] serio: Serial port ptm0
[  342.333371][T15925] macvtap9: entered allmulticast mode
[  342.352700][T15911] syz.3.3808: attempt to access beyond end of device
[  342.352700][T15911] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  342.434678][T15911] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  342.442608][T15911] FAT-fs (loop3): Filesystem has been set read-only
[  342.477291][T15911] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  342.493106][T15911] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  342.536552][T15923] loop4: detected capacity change from 0 to 512
[  342.557334][T15927] hub 1-0:1.0: USB hub found
[  342.565188][T15930] loop3: detected capacity change from 0 to 1024
[  342.568542][T15927] hub 1-0:1.0: 8 ports detected
[  342.599348][T15930] EXT4-fs: Ignoring removed nobh option
[  342.605023][T15930] EXT4-fs: Ignoring removed bh option
[  342.665861][T15923] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.3810: inode #0: comm syz.4.3810: iget: illegal inode #
[  342.679241][ T1049] tipc: Node number set to 2886997007
[  342.705776][T15923] EXT4-fs (loop4): get orphan inode failed
[  342.716959][T15923] EXT4-fs (loop4): mount failed
[  342.740286][T15930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.912143][T15930] netlink: 'syz.3.3812': attribute type 10 has an invalid length.
[  342.929270][T15930] veth0_vlan: left promiscuous mode
[  342.935173][T15930] veth0_vlan: entered promiscuous mode
[  342.948201][T15930] team0: Device veth0_vlan failed to register rx_handler
[  343.238476][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.465572][T15913] syz.4.3810 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  343.476595][T15913] CPU: 1 UID: 0 PID: 15913 Comm: syz.4.3810 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  343.476623][T15913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  343.476636][T15913] Call Trace:
[  343.476644][T15913]  <TASK>
[  343.476652][T15913]  __dump_stack+0x1d/0x30
[  343.476734][T15913]  dump_stack_lvl+0xe8/0x140
[  343.476754][T15913]  dump_stack+0x15/0x1b
[  343.476772][T15913]  dump_header+0x81/0x220
[  343.476858][T15913]  oom_kill_process+0x342/0x400
[  343.476890][T15913]  out_of_memory+0x979/0xb80
[  343.476925][T15913]  try_charge_memcg+0x610/0xa10
[  343.477029][T15913]  charge_memcg+0x51/0xc0
[  343.477053][T15913]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  343.477080][T15913]  __read_swap_cache_async+0x17b/0x2d0
[  343.477107][T15913]  swap_cluster_readahead+0x362/0x3c0
[  343.477215][T15913]  swapin_readahead+0xde/0x6f0
[  343.477238][T15913]  ? mod_memcg_lruvec_state+0x1fc/0x2c0
[  343.477272][T15913]  ? __rcu_read_unlock+0x34/0x70
[  343.477299][T15913]  ? __rcu_read_unlock+0x4f/0x70
[  343.477368][T15913]  ? swap_cache_get_folio+0x277/0x280
[  343.477390][T15913]  do_swap_page+0x2ae/0x2370
[  343.477416][T15913]  ? css_rstat_updated+0xb7/0x240
[  343.477437][T15913]  ? __pfx_default_wake_function+0x10/0x10
[  343.477491][T15913]  handle_mm_fault+0x9a5/0x2be0
[  343.477518][T15913]  ? vma_start_read+0x141/0x1f0
[  343.477586][T15913]  do_user_addr_fault+0x630/0x1080
[  343.477612][T15913]  exc_page_fault+0x62/0xa0
[  343.477666][T15913]  asm_exc_page_fault+0x26/0x30
[  343.477687][T15913] RIP: 0033:0x7f3f36315918
[  343.477704][T15913] Code: 48 f7 f1 48 01 d8 49 39 c4 4c 0f 42 e0 83 3d aa 24 38 00 00 0f 8e 09 fe ff ff e8 d3 98 fe ff 49 39 c4 72 66 66 0f 1f 44 00 00 <69> 3d 76 fd ea 00 e8 03 00 00 48 8d 1d 77 06 38 00 e8 f2 9c 12 00
[  343.477722][T15913] RSP: 002b:00007ffde2ee0630 EFLAGS: 00010202
[  343.477750][T15913] RAX: 0000000000053d92 RBX: 00007f3f36697da0 RCX: 0000000000053bd8
[  343.477763][T15913] RDX: 00000000000001ba RSI: 00007ffde2ee0610 RDI: 0000000000000001
[  343.477776][T15913] RBP: 00007f3f36697da0 R08: 000000001a58feb6 R09: 7fffffffffffffff
[  343.477789][T15913] R10: 3fffffffffffffff R11: 0000000000000293 R12: 0000000000053dae
[  343.477802][T15913] R13: 00007f3f36696090 R14: ffffffffffffffff R15: 00007ffde2ee0740
[  343.477821][T15913]  </TASK>
[  343.477864][T15913] memory: usage 307200kB, limit 307200kB, failcnt 2411
[  343.501100][T15948] macvtap5: entered allmulticast mode
[  343.511391][T15948] batman_adv: batadv0: Adding interface: macvtap5
[  343.513010][T15913] memory+swap: usage 307776kB, limit 9007199254740988kB, failcnt 0
[  343.517145][T15948] batman_adv: batadv0: The MTU of interface macvtap5 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  343.521468][T15913] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[  343.676547][T15951] loop0: detected capacity change from 0 to 512
[  343.749899][T15951] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.754915][T15913] Memory cgroup stats for 
[  343.767007][T15951] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3817'.
[  343.774628][T15913] /syz4:
[  343.775744][T15913] cache 4096
[  343.779786][T15948] batman_adv: batadv0: Interface activated: macvtap5
[  343.788185][T15913] rss 4096
[  343.804040][T15913] shmem 0
[  343.806966][T15913] mapped_file 4096
[  343.810825][T15913] dirty 0
[  343.813753][T15913] writeback 0
[  343.817027][T15913] workingset_refault_anon 1123
[  343.821801][T15913] workingset_refault_file 6008
[  343.826563][T15913] swap 589824
[  343.829850][T15913] swapcached 8192
[  343.833535][T15913] pgpgin 268475
[  343.836979][T15913] pgpgout 268472
[  343.840521][T15913] pgfault 313532
[  343.844055][T15913] pgmajfault 658
[  343.847590][T15913] inactive_anon 8192
[  343.851569][T15913] active_anon 0
[  343.855016][T15913] inactive_file 4096
[  343.858944][T15913] active_file 0
[  343.862453][T15913] unevictable 0
[  343.865909][T15913] hierarchical_memory_limit 314572800
[  343.871177][   T29] kauditd_printk_skb: 624 callbacks suppressed
[  343.871191][   T29] audit: type=1400 audit(1763065117.366:21092): avc:  denied  { create } for  pid=15950 comm="syz.0.3817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  343.871346][T15913] hierarchical_memsw_limit 9223372036854771712
[  343.903402][T15913] total_cache 4096
[  343.905069][T15948] hub 1-0:1.0: USB hub found
[  343.907114][T15913] total_rss 4096
[  343.915280][T15913] total_shmem 0
[  343.918763][T15913] total_mapped_file 4096
[  343.918988][T15948] hub 1-0:1.0: 8 ports detected
[  343.923006][T15913] total_dirty 0
[  343.923016][T15913] total_writeback 0
[  343.923024][T15913] total_workingset_refault_anon 1123
[  343.940398][T15913] total_workingset_refault_file 6008
[  343.945677][T15913] total_swap 589824
[  343.949530][T15913] total_swapcached 8192
[  343.953688][T15913] total_pgpgin 268475
[  343.957709][T15913] total_pgpgout 268472
[  343.961878][T15913] total_pgfault 313532
[  343.966113][T15913] total_pgmajfault 658
[  343.970202][T15913] total_inactive_anon 8192
[  343.974603][T15913] total_active_anon 0
[  343.978646][T15913] total_inactive_file 4096
[  343.983074][T15913] total_active_file 0
[  343.987044][T15913] total_unevictable 0
[  343.991058][T15913] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3810,pid=15913,uid=0
[  344.005834][T15913] Memory cgroup out of memory: Killed process 15913 (syz.4.3810) total-vm:100376kB, anon-rss:1136kB, file-rss:26684kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000
[  344.037387][T15956] EXT4-fs error (device loop0): ext4_readdir:224: inode #12: comm syz.0.3817: path /204/file0/file0: directory fails checksum at offset 0
[  344.086890][T15959] loop2: detected capacity change from 0 to 128
[  344.120158][T12586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.130381][T15959] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma?
[  344.206907][T15964] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.262905][T15964] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.314170][T15964] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.328017][T15971] syzkaller1: entered promiscuous mode
[  344.333572][T15971] syzkaller1: entered allmulticast mode
[  344.344090][   T29] audit: type=1326 audit(1763065117.836:21093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.367773][   T29] audit: type=1326 audit(1763065117.836:21094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.391434][   T29] audit: type=1326 audit(1763065117.836:21095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.415031][   T29] audit: type=1326 audit(1763065117.836:21096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.427861][T15915] Cannot find add_set index 0 as target
[  344.482972][   T29] audit: type=1326 audit(1763065117.836:21097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.506607][   T29] audit: type=1326 audit(1763065117.836:21098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.521945][T15979] loop5: detected capacity change from 0 to 512
[  344.530189][   T29] audit: type=1326 audit(1763065117.836:21099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.537921][T15980] netlink: 'syz.3.3825': attribute type 10 has an invalid length.
[  344.560110][   T29] audit: type=1326 audit(1763065117.836:21100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.591431][   T29] audit: type=1326 audit(1763065117.836:21101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15970 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  344.592852][T15979] EXT4-fs (loop5): orphan cleanup on readonly fs
[  344.622614][T15982] netlink: 'syz.3.3825': attribute type 10 has an invalid length.
[  344.632215][T15979] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3827: bg 0: block 248: padding at end of block bitmap is not set
[  344.646946][T15979] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.3827: Failed to acquire dquot type 1
[  344.659794][T15979] EXT4-fs (loop5): 1 truncate cleaned up
[  344.667510][T15977] macvtap7: entered allmulticast mode
[  344.669130][T15979] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  344.686411][T15964] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.699185][T15982] team0: Port device dummy0 removed
[  344.706970][T15982] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  344.716464][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.764489][T15981] hub 1-0:1.0: USB hub found
[  344.772795][T15981] hub 1-0:1.0: 8 ports detected
[  344.786437][   T42] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.797927][   T42] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.816395][   T42] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.849377][   T52] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.862970][T15995] hub 1-0:1.0: USB hub found
[  344.874635][T15995] hub 1-0:1.0: 8 ports detected
[  344.913965][T16001] syzkaller1: entered promiscuous mode
[  344.919586][T16001] syzkaller1: entered allmulticast mode
[  344.944184][T16003] syzkaller1: entered promiscuous mode
[  344.949807][T16003] syzkaller1: entered allmulticast mode
[  345.097820][T16010] loop3: detected capacity change from 0 to 512
[  345.114910][T16010] EXT4-fs (loop3): orphan cleanup on readonly fs
[  345.122355][T16010] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3839: bg 0: block 248: padding at end of block bitmap is not set
[  345.137669][T16010] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.3839: Failed to acquire dquot type 1
[  345.149875][T16010] EXT4-fs (loop3): 1 truncate cleaned up
[  345.156041][T16010] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  345.187529][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.210240][T16013] loop3: detected capacity change from 0 to 1024
[  345.230812][T16013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  345.249439][T16013] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3840: bg 0: block 88: padding at end of block bitmap is not set
[  345.264166][T16013] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  345.285069][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.377093][T16019] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3841'.
[  345.451251][T16026] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.493350][T16027] loop3: detected capacity change from 0 to 512
[  345.501656][T16026] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.544489][T16027] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.3841: inode #0: comm syz.3.3841: iget: illegal inode #
[  345.581243][T16027] EXT4-fs (loop3): get orphan inode failed
[  345.612132][T16026] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.645568][T16027] EXT4-fs (loop3): mount failed
[  345.668530][T16034] loop5: detected capacity change from 0 to 164
[  345.712003][T16026] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.869936][   T52] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.890247][   T52] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.907798][T16040] syzkaller1: entered promiscuous mode
[  345.913402][T16040] syzkaller1: entered allmulticast mode
[  346.087959][T16046] loop2: detected capacity change from 0 to 512
[  346.110068][T16046] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.301708][   T52] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  346.309945][   T52] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  346.347419][T16052] loop5: detected capacity change from 0 to 512
[  346.354081][T16053] loop4: detected capacity change from 0 to 1024
[  346.361578][T16052] EXT4-fs (loop5): orphan cleanup on readonly fs
[  346.368924][T16052] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3850: bg 0: block 248: padding at end of block bitmap is not set
[  346.388798][T16052] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.3850: Failed to acquire dquot type 1
[  346.400663][T16052] EXT4-fs (loop5): 1 truncate cleaned up
[  346.407158][T16052] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  346.420526][T16053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  346.457736][T16053] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3851: bg 0: block 88: padding at end of block bitmap is not set
[  346.481008][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.490988][T16053] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  346.514336][T16058] netlink: 'syz.5.3852': attribute type 10 has an invalid length.
[  346.524897][T16058] bond0: (slave dummy0): Releasing backup interface
[  346.541300][T16058] team0: Port device dummy0 added
[  346.559203][T16058] netlink: 'syz.5.3852': attribute type 10 has an invalid length.
[  346.568524][T13377] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.578152][T16058] team0: Port device dummy0 removed
[  346.586045][T16058] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  346.644529][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.693230][T16058] Cannot find add_set index 0 as target
[  346.801036][T16066] loop2: detected capacity change from 0 to 8192
[  346.841944][T16068] loop5: detected capacity change from 0 to 8192
[  346.995831][T16068] serio: Serial port ptm1
[  347.035146][T13732] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  347.043064][T13732] FAT-fs (loop2): Filesystem has been set read-only
[  347.107857][T16068] syz.5.3856: attempt to access beyond end of device
[  347.107857][T16068] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  347.190557][T16068] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  347.198424][T16068] FAT-fs (loop5): Filesystem has been set read-only
[  347.226095][T16077] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.236739][T16068] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  347.246496][T16068] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  347.300233][T16077] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.330376][T16077] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.371226][T16083] loop5: detected capacity change from 0 to 512
[  347.381646][T16083] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.3860: error while reading EA inode 32 err=-116
[  347.382332][T16077] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.404129][T16083] EXT4-fs (loop5): Remounting filesystem read-only
[  347.415536][T16083] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  347.425770][T16083] EXT4-fs (loop5): 1 orphan inode deleted
[  347.432170][T16083] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.444780][T16083] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.467195][T11267] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  347.487282][T11267] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  347.495868][T11267] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  347.504733][T11267] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.563314][T16087] syzkaller1: entered promiscuous mode
[  347.568964][T16087] syzkaller1: entered allmulticast mode
[  347.604581][T16089] loop2: detected capacity change from 0 to 1024
[  347.613362][T16089] EXT4-fs: Ignoring removed nobh option
[  347.613658][T16091] loop3: detected capacity change from 0 to 1024
[  347.618955][T16089] EXT4-fs: Ignoring removed bh option
[  347.640202][T16091] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.640594][T16089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.675122][T16089] netlink: 'syz.2.3862': attribute type 10 has an invalid length.
[  347.685305][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.689257][T16089] veth0_vlan: left promiscuous mode
[  347.700614][T16089] veth0_vlan: entered promiscuous mode
[  347.712300][T16089] team0: Device veth0_vlan failed to register rx_handler
[  347.742014][T16100] netlink: 'syz.3.3865': attribute type 10 has an invalid length.
[  347.751378][T16100] bond0: (slave dummy0): Releasing backup interface
[  347.760306][T16100] team0: Port device dummy0 added
[  347.769335][T16100] netlink: 'syz.3.3865': attribute type 10 has an invalid length.
[  347.779108][T16100] team0: Port device dummy0 removed
[  347.786072][T16100] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  347.815457][T16102] netlink: 'syz.3.3866': attribute type 10 has an invalid length.
[  347.824664][T16102] bond0: (slave dummy0): Releasing backup interface
[  347.833994][T16102] team0: Port device dummy0 added
[  347.840920][T16102] netlink: 'syz.3.3866': attribute type 10 has an invalid length.
[  347.849724][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.859343][T16102] team0: Port device dummy0 removed
[  347.879308][T16102] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  347.889875][T16102] Cannot find add_set index 0 as target
[  347.930583][T16113] loop3: detected capacity change from 0 to 1024
[  347.961968][T16113] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.993050][T16119] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  347.999589][T16119] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  348.007109][T16119] vhci_hcd vhci_hcd.0: Device attached
[  348.013151][T16120] vhci_hcd: connection closed
[  348.013298][   T52] vhci_hcd: stop threads
[  348.013772][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.017997][   T52] vhci_hcd: release socket
[  348.035632][   T52] vhci_hcd: disconnect device
[  348.103586][T16124] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3872'.
[  348.195381][T16129] loop3: detected capacity change from 0 to 512
[  348.204354][T16130] netlink: 'syz.5.3873': attribute type 10 has an invalid length.
[  348.215425][T16130] bond0: (slave dummy0): Releasing backup interface
[  348.224718][T16130] team0: Port device dummy0 added
[  348.235230][T16129] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.3872: inode #0: comm syz.3.3872: iget: illegal inode #
[  348.238923][T16130] netlink: 'syz.5.3873': attribute type 10 has an invalid length.
[  348.261133][T16130] team0: Port device dummy0 removed
[  348.269087][T16129] EXT4-fs (loop3): get orphan inode failed
[  348.269084][T16130] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  348.274970][T16129] EXT4-fs (loop3): mount failed
[  348.611177][T16139] loop2: detected capacity change from 0 to 8192
[  348.650607][T13732] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  348.658590][T13732] FAT-fs (loop2): Filesystem has been set read-only
[  348.702816][T16122] syz.3.3872 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  348.713869][T16122] CPU: 1 UID: 0 PID: 16122 Comm: syz.3.3872 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  348.713944][T16122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  348.713957][T16122] Call Trace:
[  348.713964][T16122]  <TASK>
[  348.714081][T16122]  __dump_stack+0x1d/0x30
[  348.714109][T16122]  dump_stack_lvl+0xe8/0x140
[  348.714133][T16122]  dump_stack+0x15/0x1b
[  348.714155][T16122]  dump_header+0x81/0x220
[  348.714190][T16122]  oom_kill_process+0x342/0x400
[  348.714223][T16122]  out_of_memory+0x979/0xb80
[  348.714259][T16122]  try_charge_memcg+0x610/0xa10
[  348.714293][T16122]  charge_memcg+0x51/0xc0
[  348.714327][T16122]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  348.714436][T16122]  __read_swap_cache_async+0x17b/0x2d0
[  348.714586][T16122]  swap_cluster_readahead+0x262/0x3c0
[  348.714613][T16122]  swapin_readahead+0xde/0x6f0
[  348.714638][T16122]  ? mod_memcg_lruvec_state+0x1fc/0x2c0
[  348.714724][T16122]  ? __rcu_read_unlock+0x34/0x70
[  348.714787][T16122]  ? __rcu_read_unlock+0x4f/0x70
[  348.714819][T16122]  ? swap_cache_get_folio+0x277/0x280
[  348.714844][T16122]  do_swap_page+0x2ae/0x2370
[  348.714931][T16122]  ? css_rstat_updated+0xb7/0x240
[  348.714956][T16122]  ? __pfx_default_wake_function+0x10/0x10
[  348.714992][T16122]  handle_mm_fault+0x9a5/0x2be0
[  348.715019][T16122]  ? vma_start_read+0x141/0x1f0
[  348.715071][T16122]  do_user_addr_fault+0x630/0x1080
[  348.715103][T16122]  exc_page_fault+0x62/0xa0
[  348.715267][T16122]  asm_exc_page_fault+0x26/0x30
[  348.715288][T16122] RIP: 0033:0x7f5011731f54
[  348.715303][T16122] Code: ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 66 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 <48> 89 54 24 10 89 74 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff
[  348.715322][T16122] RSP: 002b:00007ffd804a7a40 EFLAGS: 00010202
[  348.715340][T16122] RAX: 00000000fffffffa RBX: 00007f5011955fa0 RCX: 0000000000000000
[  348.715356][T16122] RDX: 00007ffd804a7a80 RSI: 0000000000000000 RDI: 0000000000000000
[  348.715420][T16122] RBP: 00007f5011957da0 R08: 00000000269ec17a R09: 7fffffffffffffff
[  348.715433][T16122] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000552bc
[  348.715453][T16122] R13: 00007f5011956180 R14: ffffffffffffffff R15: 00007ffd804a7bc0
[  348.715475][T16122]  </TASK>
[  348.715483][T16122] memory: usage 307200kB, limit 307200kB, failcnt 2134
[  348.748100][T16141] loop2: detected capacity change from 0 to 1024
[  348.750555][T16122] memory+swap: usage 307752kB, limit 9007199254740988kB, failcnt 0
[  348.750572][T16122] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0
[  348.755292][T16141] EXT4-fs: Ignoring removed nobh option
[  348.759039][T16122] Memory cgroup stats for /syz3:
[  348.759600][T16122] cache 0
[  348.763919][T16141] EXT4-fs: Ignoring removed bh option
[  348.768481][T16122] rss 4096
[  348.768492][T16122] shmem 0
[  348.768498][T16122] mapped_file 0
[  348.768507][T16122] dirty 0
[  348.800322][T16141] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.804915][T16122] writeback 4096
[  348.804969][T16122] workingset_refault_anon 1204
[  348.815414][T16141] netlink: 'syz.2.3877': attribute type 10 has an invalid length.
[  348.820310][T16122] workingset_refault_file 9623
[  348.825063][T16141] veth0_vlan: left promiscuous mode
[  348.829920][T16122] swap 565248
[  348.836248][T16141] veth0_vlan: entered promiscuous mode
[  348.840600][T16122] swapcached 16384
[  348.846583][T16141] team0: Device veth0_vlan failed to register rx_handler
[  348.850490][T16122] pgpgin 316095
[  349.053355][T16122] pgpgout 316091
[  349.056876][T16122] pgfault 310261
[  349.060458][T16122] pgmajfault 717
[  349.063989][T16122] inactive_anon 4096
[  349.067870][T16122] active_anon 12288
[  349.071674][T16122] inactive_file 0
[  349.075293][T16122] active_file 0
[  349.078987][T16122] unevictable 0
[  349.082435][T16122] hierarchical_memory_limit 314572800
[  349.087775][T16122] hierarchical_memsw_limit 9223372036854771712
[  349.094244][T16122] total_cache 0
[  349.097695][T16122] total_rss 4096
[  349.101236][T16122] total_shmem 0
[  349.104680][T16122] total_mapped_file 0
[  349.108631][T16122] total_dirty 0
[  349.112164][T16122] total_writeback 4096
[  349.116217][T16122] total_workingset_refault_anon 1204
[  349.121498][T16122] total_workingset_refault_file 9623
[  349.126769][T16122] total_swap 565248
[  349.130579][T16122] total_swapcached 16384
[  349.134813][T16122] total_pgpgin 316095
[  349.138798][T16122] total_pgpgout 316091
[  349.142849][T16122] total_pgfault 310261
[  349.146889][T16122] total_pgmajfault 717
[  349.150955][T16122] total_inactive_anon 4096
[  349.155362][T16122] total_active_anon 12288
[  349.159695][T16122] total_inactive_file 0
[  349.163835][T16122] total_active_file 0
[  349.167799][T16122] total_unevictable 0
[  349.171770][T16122] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.3872,pid=16122,uid=0
[  349.186499][T16122] Memory cgroup out of memory: Killed process 16122 (syz.3.3872) total-vm:96140kB, anon-rss:1264kB, file-rss:22644kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  349.300574][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.313116][T16145] Cannot find add_set index 0 as target
[  349.403899][T16152] loop3: detected capacity change from 0 to 164
[  349.421752][T16154] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3881'.
[  349.432017][T16153] hub 1-0:1.0: USB hub found
[  349.438953][T16153] hub 1-0:1.0: 8 ports detected
[  349.573922][T16154] loop5: detected capacity change from 0 to 512
[  349.600332][T16154] EXT4-fs error (device loop5): ext4_init_orphan_info:581: comm syz.5.3881: inode #0: comm syz.5.3881: iget: illegal inode #
[  349.660207][T16154] EXT4-fs (loop5): get orphan inode failed
[  349.688300][T16154] EXT4-fs (loop5): mount failed
[  350.068407][T16149] syz.5.3881 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  350.079418][T16149] CPU: 0 UID: 0 PID: 16149 Comm: syz.5.3881 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  350.079451][T16149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  350.079465][T16149] Call Trace:
[  350.079472][T16149]  <TASK>
[  350.079480][T16149]  __dump_stack+0x1d/0x30
[  350.079557][T16149]  dump_stack_lvl+0xe8/0x140
[  350.079582][T16149]  dump_stack+0x15/0x1b
[  350.079603][T16149]  dump_header+0x81/0x220
[  350.079621][T16149]  oom_kill_process+0x342/0x400
[  350.079704][T16149]  out_of_memory+0x979/0xb80
[  350.079742][T16149]  try_charge_memcg+0x610/0xa10
[  350.079779][T16149]  charge_memcg+0x51/0xc0
[  350.079853][T16149]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  350.079888][T16149]  __read_swap_cache_async+0x17b/0x2d0
[  350.079915][T16149]  swap_cluster_readahead+0x262/0x3c0
[  350.079952][T16149]  swapin_readahead+0xde/0x6f0
[  350.079974][T16149]  ? bpf_send_signal_common+0x280/0x300
[  350.080090][T16149]  ? __rcu_read_unlock+0x4f/0x70
[  350.080184][T16149]  ? __rcu_read_unlock+0x4f/0x70
[  350.080269][T16149]  ? swap_cache_get_folio+0x277/0x280
[  350.080294][T16149]  do_swap_page+0x2ae/0x2370
[  350.080318][T16149]  ? _raw_spin_unlock+0x26/0x50
[  350.080348][T16149]  ? finish_task_switch+0xad/0x2b0
[  350.080413][T16149]  ? __pfx_default_wake_function+0x10/0x10
[  350.080445][T16149]  handle_mm_fault+0x9a5/0x2be0
[  350.080471][T16149]  ? vma_start_read+0x141/0x1f0
[  350.080553][T16149]  do_user_addr_fault+0x630/0x1080
[  350.080579][T16149]  ? fpregs_restore_userregs+0xe2/0x1d0
[  350.080616][T16149]  ? switch_fpu_return+0xe/0x20
[  350.080717][T16149]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  350.080749][T16149]  exc_page_fault+0x62/0xa0
[  350.080788][T16149]  asm_exc_page_fault+0x26/0x30
[  350.080809][T16149] RIP: 0033:0x7fc98bbf1f33
[  350.080867][T16149] Code: ed 08 00 48 8d 3d b6 ed 08 00 e8 b8 47 f6 ff 0f 1f 84 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 <80> 3d 1e 66 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f
[  350.080903][T16149] RSP: 002b:00007fff5c0df4b8 EFLAGS: 00010293
[  350.080922][T16149] RAX: 00000000fffffffa RBX: 00007fc98be15fa0 RCX: 0000000000000000
[  350.080974][T16149] RDX: 00007fff5c0df4d0 RSI: 0000000000000000 RDI: 0000000000000000
[  350.080990][T16149] RBP: 00007fc98be17da0 R08: 0000000000e65eae R09: 7fffffffffffffff
[  350.081006][T16149] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000557db
[  350.081022][T16149] R13: 00007fc98be16090 R14: ffffffffffffffff R15: 00007fff5c0df610
[  350.081053][T16149]  </TASK>
[  350.081060][T16149] memory: usage 307200kB, limit 307200kB, failcnt 199
[  350.326048][T16149] memory+swap: usage 307760kB, limit 9007199254740988kB, failcnt 0
[  350.334028][T16149] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  350.341376][T16149] Memory cgroup stats for /syz5:
[  350.341534][T16149] cache 0
[  350.349482][T16149] rss 0
[  350.352238][T16149] shmem 0
[  350.355158][T16149] mapped_file 0
[  350.358665][T16149] dirty 0
[  350.361641][T16149] writeback 0
[  350.364907][T16149] workingset_refault_anon 51
[  350.369511][T16149] workingset_refault_file 0
[  350.374000][T16149] swap 573440
[  350.377275][T16149] swapcached 4096
[  350.380962][T16149] pgpgin 19363
[  350.384327][T16149] pgpgout 19362
[  350.387772][T16149] pgfault 23270
[  350.391267][T16149] pgmajfault 30
[  350.394708][T16149] inactive_anon 0
[  350.398319][T16149] active_anon 4096
[  350.402111][T16149] inactive_file 0
[  350.405771][T16149] active_file 0
[  350.409233][T16149] unevictable 0
[  350.412824][T16149] hierarchical_memory_limit 314572800
[  350.418179][T16149] hierarchical_memsw_limit 9223372036854771712
[  350.424339][T16149] total_cache 0
[  350.427796][T16149] total_rss 0
[  350.431110][T16149] total_shmem 0
[  350.434556][T16149] total_mapped_file 0
[  350.438521][T16149] total_dirty 0
[  350.441998][T16149] total_writeback 0
[  350.445787][T16149] total_workingset_refault_anon 51
[  350.450916][T16149] total_workingset_refault_file 0
[  350.451219][T16164] macvtap6: entered allmulticast mode
[  350.455928][T16149] total_swap 573440
[  350.455940][T16149] total_swapcached 4096
[  350.456008][T16149] total_pgpgin 19363
[  350.456016][T16149] total_pgpgout 19362
[  350.456024][T16149] total_pgfault 23270
[  350.456031][T16149] total_pgmajfault 30
[  350.456039][T16149] total_inactive_anon 0
[  350.456047][T16149] total_active_anon 4096
[  350.456054][T16149] total_inactive_file 0
[  350.456062][T16149] total_active_file 0
[  350.501772][T16149] total_unevictable 0
[  350.505737][T16149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.3881,pid=16149,uid=0
[  350.520476][T16149] Memory cgroup out of memory: Killed process 16149 (syz.5.3881) total-vm:96140kB, anon-rss:1268kB, file-rss:22660kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  350.625182][T16165] hub 1-0:1.0: USB hub found
[  350.630097][T16165] hub 1-0:1.0: 8 ports detected
[  350.682591][T16171] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  350.689172][T16171] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  350.696758][T16171] vhci_hcd vhci_hcd.0: Device attached
[  350.716842][T16172] vhci_hcd: connection closed
[  350.717049][   T42] vhci_hcd: stop threads
[  350.726010][   T42] vhci_hcd: release socket
[  350.730451][   T42] vhci_hcd: disconnect device
[  350.900886][T16181] macvtap10: entered allmulticast mode
[  350.989208][T16182] hub 1-0:1.0: USB hub found
[  350.999633][T16182] hub 1-0:1.0: 8 ports detected
[  351.281639][T16188] bond0: (slave dummy0): Releasing backup interface
[  351.292184][T16188] team0: Port device dummy0 added
[  351.314220][T16188] team0: Port device dummy0 removed
[  351.322408][T16188] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  351.353799][   T29] kauditd_printk_skb: 289 callbacks suppressed
[  351.353816][   T29] audit: type=1326 audit(1763065124.846:21385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.410751][   T29] audit: type=1326 audit(1763065124.846:21386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.434398][   T29] audit: type=1326 audit(1763065124.846:21387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.458051][   T29] audit: type=1326 audit(1763065124.846:21388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.481620][   T29] audit: type=1326 audit(1763065124.846:21389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.505253][   T29] audit: type=1326 audit(1763065124.846:21390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.528840][   T29] audit: type=1326 audit(1763065124.846:21391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.553301][   T29] audit: type=1326 audit(1763065124.846:21392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.576906][   T29] audit: type=1326 audit(1763065124.846:21393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.598225][T16192] loop2: detected capacity change from 0 to 8192
[  351.600729][   T29] audit: type=1326 audit(1763065124.846:21394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16191 comm="syz.2.3894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a574f6c9 code=0x7ffc0000
[  351.685691][T16194] loop4: detected capacity change from 0 to 8192
[  351.786069][T16198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3898'.
[  351.795001][T16198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3898'.
[  351.938467][T16218] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.951472][T16216] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.951871][T16207] loop4: detected capacity change from 0 to 8192
[  351.969721][T16219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3905'.
[  351.990356][T16218] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.041343][T16216] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.060350][T16218] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.072394][T16222] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3908'.
[  352.102743][T16216] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.121688][T16218] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.157097][T16226] loop4: detected capacity change from 0 to 8192
[  352.165190][T16216] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.210263][  T558] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  352.223963][  T558] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  352.240843][  T558] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.279838][  T558] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.312287][  T558] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  352.336023][  T558] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  352.344464][  T558] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.366940][  T558] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.415115][T16250] validate_nla: 3 callbacks suppressed
[  352.415131][T16250] netlink: 'syz.5.3918': attribute type 10 has an invalid length.
[  352.453404][T16250] bond0: (slave dummy0): Releasing backup interface
[  352.480455][T16257] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3922'.
[  352.496024][T16262] netlink: 'syz.5.3918': attribute type 10 has an invalid length.
[  352.526093][T16260] loop3: detected capacity change from 0 to 8192
[  352.532621][T16250] team0: Port device dummy0 added
[  352.544080][T16265] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  352.550622][T16265] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  352.558161][T16265] vhci_hcd vhci_hcd.0: Device attached
[  352.569623][T16262] team0: Port device dummy0 removed
[  352.575274][T16267] vhci_hcd: connection closed
[  352.579359][T16262] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  352.592603][   T42] vhci_hcd: stop threads
[  352.596844][   T42] vhci_hcd: release socket
[  352.601327][   T42] vhci_hcd: disconnect device
[  352.648762][T16274] loop3: detected capacity change from 0 to 164
[  352.655266][T16276] loop5: detected capacity change from 0 to 1024
[  352.682677][T16276] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.696647][T16276] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3929: bg 0: block 88: padding at end of block bitmap is not set
[  352.723452][T16276] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  352.750377][T15038] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.853836][T16302] loop3: detected capacity change from 0 to 128
[  352.867384][T16302] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma?
[  352.890654][T16305] FAULT_INJECTION: forcing a failure.
[  352.890654][T16305] name failslab, interval 1, probability 0, space 0, times 0
[  352.903397][T16305] CPU: 1 UID: 0 PID: 16305 Comm: syz.2.3936 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  352.903450][T16305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  352.903485][T16305] Call Trace:
[  352.903493][T16305]  <TASK>
[  352.903503][T16305]  __dump_stack+0x1d/0x30
[  352.903529][T16305]  dump_stack_lvl+0xe8/0x140
[  352.903554][T16305]  dump_stack+0x15/0x1b
[  352.903617][T16305]  should_fail_ex+0x265/0x280
[  352.903640][T16305]  should_failslab+0x8c/0xb0
[  352.903755][T16305]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  352.903794][T16305]  ? __alloc_skb+0x101/0x320
[  352.903831][T16305]  __alloc_skb+0x101/0x320
[  352.903961][T16305]  ? audit_log_start+0x342/0x720
[  352.903987][T16305]  audit_log_start+0x3a0/0x720
[  352.904012][T16305]  ? kstrtouint+0x76/0xc0
[  352.904052][T16305]  audit_seccomp+0x48/0x100
[  352.904141][T16305]  ? __seccomp_filter+0x82d/0x1250
[  352.904175][T16305]  __seccomp_filter+0x83e/0x1250
[  352.904209][T16305]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  352.904383][T16305]  ? vfs_write+0x7e8/0x960
[  352.904416][T16305]  ? __rcu_read_unlock+0x4f/0x70
[  352.904574][T16305]  ? __fget_files+0x184/0x1c0
[  352.904610][T16305]  __secure_computing+0x82/0x150
[  352.904644][T16305]  syscall_trace_enter+0xcf/0x1e0
[  352.904707][T16305]  do_syscall_64+0xac/0x200
[  352.904733][T16305]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  352.904768][T16305]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  352.904826][T16305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.904853][T16305] RIP: 0033:0x7f67a574f6c9
[  352.904871][T16305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.904901][T16305] RSP: 002b:00007f67a41af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  352.904925][T16305] RAX: ffffffffffffffda RBX: 00007f67a59a5fa0 RCX: 00007f67a574f6c9
[  352.904941][T16305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[  352.904957][T16305] RBP: 00007f67a41af090 R08: 0000000000000000 R09: 0000000000000000
[  352.904972][T16305] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[  352.904987][T16305] R13: 00007f67a59a6038 R14: 00007f67a59a5fa0 R15: 00007fff327e9828
[  352.905008][T16305]  </TASK>
[  352.916151][T16302] siw: device registration error -23
[  352.975996][T16308] loop2: detected capacity change from 0 to 512
[  353.160311][T16313] netlink: 'syz.3.3938': attribute type 10 has an invalid length.
[  353.165996][T16308] EXT4-fs (loop2): orphan cleanup on readonly fs
[  353.180810][T16313] bond0: (slave dummy0): Releasing backup interface
[  353.186783][T16308] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3937: bg 0: block 248: padding at end of block bitmap is not set
[  353.202293][T16308] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.3937: Failed to acquire dquot type 1
[  353.213844][T16319] netlink: 'syz.3.3938': attribute type 10 has an invalid length.
[  353.214209][T16308] EXT4-fs (loop2): 1 truncate cleaned up
[  353.224186][T16313] team0: Port device dummy0 added
[  353.234311][T16308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  353.253107][T16319] team0: Port device dummy0 removed
[  353.260710][T16319] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  353.286449][T13732] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.305012][T16322] loop3: detected capacity change from 0 to 1024
[  353.320966][T16322] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.334576][T16322] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3942: bg 0: block 88: padding at end of block bitmap is not set
[  353.352675][T16322] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  353.372944][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.384029][T16329] FAULT_INJECTION: forcing a failure.
[  353.384029][T16329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.397209][T16329] CPU: 1 UID: 0 PID: 16329 Comm: syz.2.3945 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  353.397237][T16329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  353.397251][T16329] Call Trace:
[  353.397292][T16329]  <TASK>
[  353.397300][T16329]  __dump_stack+0x1d/0x30
[  353.397325][T16329]  dump_stack_lvl+0xe8/0x140
[  353.397346][T16329]  dump_stack+0x15/0x1b
[  353.397366][T16329]  should_fail_ex+0x265/0x280
[  353.397395][T16329]  should_fail+0xb/0x20
[  353.397411][T16329]  should_fail_usercopy+0x1a/0x20
[  353.397537][T16329]  _copy_from_user+0x1c/0xb0
[  353.397553][T16329]  proc_ioctl_default+0x43/0xa0
[  353.397572][T16329]  usbdev_ioctl+0xe8b/0x1700
[  353.397588][T16329]  ? __pfx_usbdev_ioctl+0x10/0x10
[  353.397614][T16329]  __se_sys_ioctl+0xce/0x140
[  353.397653][T16329]  __x64_sys_ioctl+0x43/0x50
[  353.397666][T16329]  x64_sys_call+0x1816/0x3000
[  353.397702][T16329]  do_syscall_64+0xd2/0x200
[  353.397720][T16329]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  353.397866][T16329]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  353.397947][T16329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.397961][T16329] RIP: 0033:0x7f67a574f6c9
[  353.397972][T16329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.397983][T16329] RSP: 002b:00007f67a41af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  353.398054][T16329] RAX: ffffffffffffffda RBX: 00007f67a59a5fa0 RCX: 00007f67a574f6c9
[  353.398063][T16329] RDX: 0000000000000000 RSI: 00000000c0105512 RDI: 0000000000000003
[  353.398111][T16329] RBP: 00007f67a41af090 R08: 0000000000000000 R09: 0000000000000000
[  353.398119][T16329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.398128][T16329] R13: 00007f67a59a6038 R14: 00007f67a59a5fa0 R15: 00007fff327e9828
[  353.398171][T16329]  </TASK>
[  353.650448][T16337] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3944'.
[  353.686987][T16340] loop0: detected capacity change from 0 to 512
[  353.716077][T16340] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.3946: error while reading EA inode 32 err=-116
[  353.733934][T16344] loop5: detected capacity change from 0 to 128
[  353.757134][T16344] RDS: rds_bind could not find a transport for ::ffff:172.30.1.6, load rds_tcp or rds_rdma?
[  353.769707][T16340] EXT4-fs (loop0): Remounting filesystem read-only
[  353.778593][T16340] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  353.789318][T16340] EXT4-fs (loop0): 1 orphan inode deleted
[  353.804950][T16340] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.817101][T16344] siw: device registration error -23
[  353.834966][T16345] loop2: detected capacity change from 0 to 512
[  353.862012][T16345] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.3947: inode #0: comm syz.2.3947: iget: illegal inode #
[  353.864342][T16340] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.892504][T16345] EXT4-fs (loop2): get orphan inode failed
[  353.908791][T16345] EXT4-fs (loop2): mount failed
[  353.946925][T16348] loop5: detected capacity change from 0 to 8192
[  353.989079][T15038] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  353.996974][T15038] FAT-fs (loop5): Filesystem has been set read-only
[  354.044838][T16351] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.063167][T16353] netlink: 'syz.4.3951': attribute type 10 has an invalid length.
[  354.118539][T16357] netlink: 'syz.4.3953': attribute type 10 has an invalid length.
[  354.126870][T16357] netlink: 'syz.4.3953': attribute type 10 has an invalid length.
[  354.135606][T16357] team0: Port device dummy0 removed
[  354.144730][T16357] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  354.155636][T16351] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.220514][T16351] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.271245][T16361] loop4: detected capacity change from 0 to 8192
[  354.310476][T16351] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.405748][T16334] syz.2.3947 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  354.419885][T16334] CPU: 0 UID: 0 PID: 16334 Comm: syz.2.3947 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  354.419917][T16334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  354.419953][T16334] Call Trace:
[  354.419962][T16334]  <TASK>
[  354.419971][T16334]  __dump_stack+0x1d/0x30
[  354.419997][T16334]  dump_stack_lvl+0xe8/0x140
[  354.420021][T16334]  dump_stack+0x15/0x1b
[  354.420040][T16334]  dump_header+0x81/0x220
[  354.420059][T16334]  oom_kill_process+0x342/0x400
[  354.420153][T16334]  out_of_memory+0x979/0xb80
[  354.420188][T16334]  try_charge_memcg+0x610/0xa10
[  354.420274][T16334]  obj_cgroup_charge_pages+0xa6/0x150
[  354.420322][T16334]  __memcg_kmem_charge_page+0x9f/0x170
[  354.420357][T16334]  __alloc_frozen_pages_noprof+0x188/0x360
[  354.420381][T16334]  alloc_pages_mpol+0xb3/0x260
[  354.420406][T16334]  alloc_pages_noprof+0x90/0x130
[  354.420429][T16334]  __vmalloc_node_range_noprof+0x7a5/0xed0
[  354.420517][T16334]  __kvmalloc_node_noprof+0x483/0x670
[  354.420552][T16334]  ? ip_set_alloc+0x24/0x30
[  354.420585][T16334]  ? ip_set_alloc+0x24/0x30
[  354.420657][T16334]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  354.420691][T16334]  ip_set_alloc+0x24/0x30
[  354.420724][T16334]  hash_netiface_create+0x282/0x740
[  354.420780][T16334]  ? __pfx_hash_netiface_create+0x10/0x10
[  354.420816][T16334]  ip_set_create+0x3cc/0x970
[  354.420887][T16334]  ? __nla_parse+0x40/0x60
[  354.420911][T16334]  nfnetlink_rcv_msg+0x4c6/0x590
[  354.420957][T16334]  netlink_rcv_skb+0x123/0x220
[  354.421040][T16334]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  354.421146][T16334]  nfnetlink_rcv+0x167/0x16c0
[  354.421174][T16334]  ? kmem_cache_free+0xe4/0x3d0
[  354.421276][T16334]  ? __kfree_skb+0x109/0x150
[  354.421330][T16334]  ? nlmon_xmit+0x4f/0x60
[  354.421355][T16334]  ? consume_skb+0x49/0x150
[  354.421385][T16334]  ? nlmon_xmit+0x4f/0x60
[  354.421419][T16334]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  354.421456][T16334]  ? __dev_queue_xmit+0x1200/0x2000
[  354.421475][T16334]  ? __dev_queue_xmit+0x182/0x2000
[  354.421493][T16334]  ? kmem_cache_free+0x286/0x3d0
[  354.421590][T16334]  ? ref_tracker_free+0x37d/0x3e0
[  354.421629][T16334]  ? __netlink_deliver_tap+0x4dc/0x500
[  354.421705][T16334]  netlink_unicast+0x5c0/0x690
[  354.421738][T16334]  netlink_sendmsg+0x58b/0x6b0
[  354.421760][T16334]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.421823][T16334]  __sock_sendmsg+0x145/0x180
[  354.421849][T16334]  ____sys_sendmsg+0x31e/0x4e0
[  354.421953][T16334]  ___sys_sendmsg+0x17b/0x1d0
[  354.421983][T16334]  __x64_sys_sendmsg+0xd4/0x160
[  354.422078][T16334]  x64_sys_call+0x191e/0x3000
[  354.422102][T16334]  do_syscall_64+0xd2/0x200
[  354.422125][T16334]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  354.422168][T16334]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  354.422204][T16334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.422226][T16334] RIP: 0033:0x7f67a574f6c9
[  354.422246][T16334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.422265][T16334] RSP: 002b:00007f67a41af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.422345][T16334] RAX: ffffffffffffffda RBX: 00007f67a59a5fa0 RCX: 00007f67a574f6c9
[  354.422358][T16334] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  354.422371][T16334] RBP: 00007f67a57d1f91 R08: 0000000000000000 R09: 0000000000000000
[  354.422384][T16334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  354.422397][T16334] R13: 00007f67a59a6038 R14: 00007f67a59a5fa0 R15: 00007fff327e9828
[  354.422415][T16334]  </TASK>
[  354.422424][T16334] memory: usage 307196kB, limit 307200kB, failcnt 2191
[  354.456175][T16365] loop4: detected capacity change from 0 to 512
[  354.457510][T16334] memory+swap: usage 307576kB, limit 9007199254740988kB, failcnt 0
[  354.485417][T16365] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.3956: error while reading EA inode 32 err=-116
[  354.485676][T16334] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[  354.497136][T16365] EXT4-fs (loop4): Remounting filesystem read-only
[  354.501721][T16334] Memory cgroup stats for 
[  354.511056][T16365] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  354.512564][T16334] /syz2:
[  354.826680][T16334] cache 0
[  354.832515][T16334] rss 4096
[  354.835523][T16334] shmem 0
[  354.835748][T16365] EXT4-fs (loop4): 1 orphan inode deleted
[  354.838444][T16334] mapped_file 0
[  354.838453][T16334] dirty 0
[  354.844729][T16365] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.847850][T16334] writeback 0
[  354.847859][T16334] workingset_refault_anon 1041
[  354.847868][T16334] workingset_refault_file 4711
[  354.847876][T16334] swap 393216
[  354.847883][T16334] swapcached 4096
[  354.847891][T16334] pgpgin 277352
[  354.847920][T16334] pgpgout 277349
[  354.847928][T16334] pgfault 290181
[  354.847936][T16334] pgmajfault 650
[  354.847944][T16334] inactive_anon 8192
[  354.847953][T16334] active_anon 0
[  354.847961][T16334] inactive_file 0
[  354.847969][T16334] active_file 4096
[  354.911577][T16334] unevictable 0
[  354.915024][T16334] hierarchical_memory_limit 314572800
[  354.919146][T16365] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.920406][T16334] hierarchical_memsw_limit 9223372036854771712
[  354.920416][T16334] total_cache 0
[  354.920423][T16334] total_rss 4096
[  354.920431][T16334] total_shmem 0
[  354.920438][T16334] total_mapped_file 0
[  354.920445][T16334] total_dirty 0
[  354.920452][T16334] total_writeback 0
[  354.920460][T16334] total_workingset_refault_anon 1041
[  354.920470][T16334] total_workingset_refault_file 4711
[  354.920478][T16334] total_swap 393216
[  354.920486][T16334] total_swapcached 4096
[  354.975732][T16334] total_pgpgin 277352
[  354.979734][T16334] total_pgpgout 277349
[  354.983790][T16334] total_pgfault 290181
[  354.987849][T16334] total_pgmajfault 650
[  354.991939][T16334] total_inactive_anon 8192
[  354.996356][T16334] total_active_anon 0
[  355.000374][T16334] total_inactive_file 0
[  355.004516][T16334] total_active_file 4096
[  355.008773][T16334] total_unevictable 0
[  355.012744][T16334] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3947,pid=16333,uid=0
[  355.027482][T16334] Memory cgroup out of memory: Killed process 16333 (syz.2.3947) total-vm:96140kB, anon-rss:1140kB, file-rss:22680kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  355.069190][T16375] hub 1-0:1.0: USB hub found
[  355.079782][T16375] hub 1-0:1.0: 8 ports detected
[  355.176303][T16377] loop3: detected capacity change from 0 to 1024
[  355.183206][T16377] EXT4-fs: Ignoring removed nobh option
[  355.188804][T16377] EXT4-fs: Ignoring removed bh option
[  355.241789][T16377] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.301776][T16377] netlink: 'syz.3.3960': attribute type 10 has an invalid length.
[  355.323328][T16377] veth0_vlan: left promiscuous mode
[  355.329243][T16377] veth0_vlan: entered promiscuous mode
[  355.358819][T16377] team0: Device veth0_vlan failed to register rx_handler
[  355.422198][T16389] loop2: detected capacity change from 0 to 8192
[  355.500627][T13137] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.639749][T16392] loop2: detected capacity change from 0 to 8192
[  355.801665][T16400] loop3: detected capacity change from 0 to 512
[  355.868865][T16400] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.3965: inode #0: comm syz.3.3965: iget: illegal inode #
[  355.902199][T16405] loop0: detected capacity change from 0 to 1024
[  355.908633][T16402] loop2: detected capacity change from 0 to 8192
[  355.919111][T16400] EXT4-fs (loop3): get orphan inode failed
[  355.938675][T16400] EXT4-fs (loop3): mount failed
[  355.939098][T16405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.973639][T13732] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  355.981502][T13732] FAT-fs (loop2): Filesystem has been set read-only
[  355.982637][T16405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3969: bg 0: block 88: padding at end of block bitmap is not set
[  356.023443][T16405] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  356.043276][T16410] netlink: 'syz.2.3970': attribute type 10 has an invalid length.
[  356.079041][T16410] bond0: (slave dummy0): Releasing backup interface
[  356.088411][T16410] team0: Port device dummy0 added
[  356.094777][T16414] netlink: 'syz.2.3970': attribute type 10 has an invalid length.
[  356.106671][T12586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.116176][T16414] team0: Port device dummy0 removed
[  356.124291][T16414] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  356.152529][T16416] FAULT_INJECTION: forcing a failure.
[  356.152529][T16416] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  356.165647][T16416] CPU: 1 UID: 0 PID: 16416 Comm: syz.0.3972 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  356.165708][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  356.165722][T16416] Call Trace:
[  356.165729][T16416]  <TASK>
[  356.165760][T16416]  __dump_stack+0x1d/0x30
[  356.165782][T16416]  dump_stack_lvl+0xe8/0x140
[  356.165802][T16416]  dump_stack+0x15/0x1b
[  356.165900][T16416]  should_fail_ex+0x265/0x280
[  356.165921][T16416]  should_fail+0xb/0x20
[  356.165940][T16416]  should_fail_usercopy+0x1a/0x20
[  356.165962][T16416]  _copy_from_iter+0xd2/0xe80
[  356.166039][T16416]  ? alloc_pages_mpol+0x217/0x260
[  356.166063][T16416]  copy_page_from_iter+0x178/0x2a0
[  356.166089][T16416]  tun_get_user+0x679/0x26e0
[  356.166134][T16416]  ? ref_tracker_alloc+0x1f2/0x2f0
[  356.166176][T16416]  tun_chr_write_iter+0x15e/0x210
[  356.166288][T16416]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  356.166319][T16416]  vfs_write+0x52a/0x960
[  356.166421][T16416]  ksys_write+0xda/0x1a0
[  356.166451][T16416]  __x64_sys_write+0x40/0x50
[  356.166482][T16416]  x64_sys_call+0x2802/0x3000
[  356.166510][T16416]  do_syscall_64+0xd2/0x200
[  356.166594][T16416]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  356.166629][T16416]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  356.166671][T16416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.166714][T16416] RIP: 0033:0x7fba815ee17f
[  356.166732][T16416] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  356.166753][T16416] RSP: 002b:00007fba80057000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  356.166776][T16416] RAX: ffffffffffffffda RBX: 00007fba81845fa0 RCX: 00007fba815ee17f
[  356.166789][T16416] RDX: 000000000000004a RSI: 0000200000000000 RDI: 00000000000000c8
[  356.166841][T16416] RBP: 00007fba80057090 R08: 0000000000000000 R09: 0000000000000000
[  356.166855][T16416] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  356.166871][T16416] R13: 00007fba81846038 R14: 00007fba81845fa0 R15: 00007fff5b9693d8
[  356.166892][T16416]  </TASK>
[  356.381691][   T29] kauditd_printk_skb: 402 callbacks suppressed
[  356.381707][   T29] audit: type=1326 audit(1763065129.876:21793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.444791][   T29] audit: type=1326 audit(1763065129.876:21794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.468547][   T29] audit: type=1326 audit(1763065129.876:21795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.492362][   T29] audit: type=1326 audit(1763065129.876:21796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.516057][   T29] audit: type=1326 audit(1763065129.876:21797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.539721][   T29] audit: type=1326 audit(1763065129.876:21798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.563552][   T29] audit: type=1326 audit(1763065129.876:21799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.587167][   T29] audit: type=1326 audit(1763065129.876:21800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.610821][   T29] audit: type=1326 audit(1763065129.876:21801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.634422][   T29] audit: type=1326 audit(1763065129.886:21802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16412 comm="syz.4.3971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f3643f6c9 code=0x7ffc0000
[  356.969282][T16426] loop4: detected capacity change from 0 to 1024
[  357.030122][T16426] EXT4-fs: Ignoring removed nobh option
[  357.035777][T16426] EXT4-fs: Ignoring removed bh option
[  357.083353][   T42] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.120738][T16426] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.138976][   T42] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.157746][   T42] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.166811][T16424] veth0_vlan: left promiscuous mode
[  357.172742][T16424] veth0_vlan: entered promiscuous mode
[  357.182833][T16424] team0: Device veth0_vlan failed to register rx_handler
[  357.211389][  T558] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.247917][T16433] loop5: detected capacity change from 0 to 8192
[  357.328639][T16433] serio: Serial port ptm0
[  357.355095][T16410] Cannot find add_set index 0 as target
[  357.380463][T13377] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.404523][T16433] syz.5.3976: attempt to access beyond end of device
[  357.404523][T16433] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  357.425277][T16442] loop2: detected capacity change from 0 to 164
[  357.432611][T16433] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  357.440529][T16433] FAT-fs (loop5): Filesystem has been set read-only
[  357.440745][T16437] bond0: (slave dummy0): Releasing backup interface
[  357.456398][T16440] validate_nla: 2 callbacks suppressed
[  357.456413][T16440] netlink: 'syz.4.3978': attribute type 10 has an invalid length.
[  357.476488][T16433] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  357.476985][T16445] netlink: 'syz.3.3979': attribute type 10 has an invalid length.
[  357.500379][T16437] team0: Port device dummy0 added
[  357.509366][T16440] bond0: (slave dummy0): Releasing backup interface
[  357.517136][T16433] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  357.530969][T16440] team0: Port device dummy0 added
[  357.553092][T16452] loop0: detected capacity change from 0 to 1024
[  357.579212][T16452] EXT4-fs: Ignoring removed nobh option
[  357.584805][T16452] EXT4-fs: Ignoring removed bh option
[  357.599368][T16445] team0: Port device dummy0 removed
[  357.606512][T16445] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  357.648893][T16457] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.671375][T16452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.794032][T16452] netlink: 'syz.0.3984': attribute type 10 has an invalid length.
[  357.807592][T16452] veth0_vlan: left promiscuous mode
[  357.819304][T16452] veth0_vlan: entered promiscuous mode
[  357.832963][T16452] team0: Device veth0_vlan failed to register rx_handler
[  358.084852][T16457] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.137454][T16467] loop3: detected capacity change from 0 to 8192
[  358.166075][T16465] macvtap2: entered allmulticast mode
[  358.204627][ T3424] ==================================================================
[  358.212750][ T3424] BUG: KCSAN: data-race in __filemap_add_folio / nr_blockdev_pages
[  358.220665][ T3424] 
[  358.222981][ T3424] read-write to 0xffff8881004811f8 of 8 bytes by task 3607 on cpu 0:
[  358.231044][ T3424]  __filemap_add_folio+0x5b9/0x7d0
[  358.236168][ T3424]  filemap_add_folio+0x1d9/0x360
[  358.241115][ T3424]  page_cache_ra_unbounded+0x203/0x450
[  358.246585][ T3424]  page_cache_sync_ra+0x26e/0x6a0
[  358.251611][ T3424]  filemap_get_pages+0x2d0/0x11b0
[  358.256635][ T3424]  filemap_read+0x231/0xa00
[  358.261136][ T3424]  blkdev_read_iter+0x22d/0x2e0
[  358.265980][ T3424]  vfs_read+0x64c/0x770
[  358.270142][ T3424]  ksys_read+0xda/0x1a0
[  358.274293][ T3424]  __x64_sys_read+0x40/0x50
[  358.278788][ T3424]  x64_sys_call+0x27c0/0x3000
[  358.283469][ T3424]  do_syscall_64+0xd2/0x200
[  358.287961][ T3424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.293842][ T3424] 
[  358.296152][ T3424] read to 0xffff8881004811f8 of 8 bytes by task 3424 on cpu 1:
[  358.303679][ T3424]  nr_blockdev_pages+0x7e/0xd0
[  358.308436][ T3424]  si_meminfo+0x87/0xd0
[  358.312591][ T3424]  update_defense_level+0x47/0x5c0
[  358.317698][ T3424]  defense_work_handler+0x1f/0x80
[  358.322719][ T3424]  process_scheduled_works+0x4ce/0x9d0
[  358.328185][ T3424]  worker_thread+0x582/0x770
[  358.332762][ T3424]  kthread+0x489/0x510
[  358.336823][ T3424]  ret_from_fork+0x122/0x1b0
[  358.341405][ T3424]  ret_from_fork_asm+0x1a/0x30
[  358.346161][ T3424] 
[  358.348484][ T3424] value changed: 0x000000000000000d -> 0x000000000000000e
[  358.355573][ T3424] 
[  358.357890][ T3424] Reported by Kernel Concurrency Sanitizer on:
[  358.364026][ T3424] CPU: 1 UID: 0 PID: 3424 Comm: kworker/1:6 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  358.373907][ T3424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  358.383982][ T3424] Workqueue: events_long defense_work_handler
[  358.390049][ T3424] ==================================================================
[  358.431837][T16457] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.444684][T12586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.460538][T16471] hub 1-0:1.0: USB hub found
[  358.468449][T16471] hub 1-0:1.0: 8 ports detected
[  358.488554][T16467] serio: Serial port ptm0
[  358.500704][T16457] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.589388][T16467] syz.3.3989: attempt to access beyond end of device
[  358.589388][T16467] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  358.634060][   T42] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  358.648774][   T42] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  358.670943][   T42] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  358.678972][T16467] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  358.686982][T16467] FAT-fs (loop3): Filesystem has been set read-only
[  358.688245][   T42] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  358.703024][T16467] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  358.711340][T16467] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)