last executing test programs:

7m26.274679151s ago: executing program 2 (id=339):
syz_mount_image$msdos(&(0x7f00000006c0), &(0x7f0000000280)='./file0\x00', 0xc0, &(0x7f0000000080)=ANY=[@ANYBLOB="646f74732c6e66732c71756965742c6e6f646f74732c636865636b3d7374726963742c6e66733d7374616c655f72772c646f74732c6572726f72733d636f6e74696e7565008000000000000074732c00"], 0x1, 0x246, &(0x7f00000002c0)="$eJzs3TFu01AcBvB/2rQNZaAzYrDEwlQBN7BQkBCWkII8wISlwtIiJHcxTDkGZ+BIHKNTNyNqixS3MFRu3ca/nxT5Uz45eW/Jy/Be8uHR58ODL8ef6p/fYzZLYhqxjNOIvdiIzWhM2uvGWd6O85YBANw1i0WRDj0GejS5+FRZpsVWROxcaPIfNzMoAAAAAAAAAAAA+mb/PwCMj/3/668s02K3/f72N/v/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOGc1vWD+j+PoccHAPTP+g8A42P9B4Dxsf4DwPi8fff+dZpl80WSzCJOllVe5c216V++yuZPkzN7q7tOqirfanM2f9b0Sbffbe9/fmm/HU8eN/3v7sWbrNPvxMF1Tx4AAAAAAAAAAAAAAAAAAABuif3kj875/s2m3/9X36Rzvw/QOb8/jYfTG5sGAAAAAAAAAAAAAAAAAAAA3GnHX78dFkdHH0thpOH+JdW9uMILzuI2TEfoKQz9yQQAAAAAAAAAAAAAAAAAAOOzOvQ79EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDir//+/vtB9z0lMhpksAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNZ+BQAA///TbZE4")
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0])
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r4, 0x0, 0x0, 0x4010045, &(0x7f0000000140)={0x11, 0xf6, r3, 0x1, 0x80, 0x6, @multicast}, 0x14)

7m25.732978108s ago: executing program 2 (id=346):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='htcp', 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', <r2=>0x0})
r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x0, 0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r3, 0x80585414, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x6b7, 0x80, 0x0, 0x1, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x24000000)
sendto$inet(r0, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvfrom$inet(r0, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500)

7m22.46902799s ago: executing program 2 (id=353):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f00000002c0)={0x1f, 0x0, @any, 0x4}, 0xe)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r2, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newaddr={0x34, 0x14, 0x503, 0x800040, 0x25dfdbff, {0x2, 0x1f, 0x42401837745673e4, 0xff, r4}, [@IFA_LOCAL={0x8, 0x2, @empty}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x81, 0x9, 0x10}}]}, 0x34}, 0x1, 0x0, 0x0, 0xc804}, 0x20008840)

7m21.718539942s ago: executing program 2 (id=355):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x20}, 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000006c0), r0)
sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fcdbdf251800000018000180140002"], 0x2c}}, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x13, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611266000000000061134c0000000000bf2000000000000015000f00511b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00'}, 0x48)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000580)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYBLOB="2c000100000000000030303030003030303030303030303030303030352c00d745dcab34ff634099d402406184d688f81f99d01ce1164bfd68777e4bdfe2e9fae18a6c91c70bc34f974b265a58d1889c9c38e7e32895b1921f8e4b4b41f3ef0debac34b19aa687221a6b942eb396159ef6de9645e4b33865d6b62e564277ed35923544b6379822861ec79f423c1b0372e2b26bdba81fcea8c4d1eb657869c87c4d7cf2b187c387d632e58f44956d2d7b16ba93153514087b38676f72cab9f62f53f331bb7f952ef5ab05e9403afa22e65743c583ba30683ac5e30173cdb5c216d879ead8b3ee56d602a39e33c63ba2754ccfe231c2e1b660f2a68cc14a9186ee2e834be5f10b09"], 0x12, 0xc49, &(0x7f0000001cc0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEWQI9O6QHLxocipJ6KFjaDogW0D+BQwmNm34pKiIloUJUr+fGzquzv73ux7M6s3FME3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiD945dzxE2m7pT9Y293WAAAPwoWxrxw/ue3rPwDwOLj0of79DwAAAAAAAAAAAAAAPAQpingyUsxeWE0T1fOu+vnOwI2b4yOjW1c7kKqa+6ry5Vf9xMlTp7/4wvCZXp7vTK/XH9ztbnw6Xhu7dK7x8sz12bn2/Hx7sjE+3bkyM9ne9h52Wn+zo9UBaFx//cbk1avzjZPPn9rw8s2h9wefODx0dvjZY8/0yo6PjI6OrRep95ev3XNDuu40w2N/FHEsUjz33Z+mVkQUsfNjUd9w7h+4A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGW5+LqA080D7cWTNisWx+2eCjZffGZltzrctT7cbF1txCZ6EzM30xdVtb9qcRRZxJEUsRsbLFX8OBKKIWKb59aDVdjoh9vePwhWpi8J3bUexiH7ehbGdjIGKpeATO2R42GEW8Gil+9s6RuJLHmWqs+XzEq2V+P+KtMl+KSOUH43TEe7s+nPOg1KKIvyzP/9nVNFmNB71x5fxXG1+evjrTV7Y3rnzI68NtI8VDuj4c2JQPxh4fm+pRRKsa8VfTvX+zAwAAAAAAAAAAAAAAAMD9diCK+FSkeOXf/6SaVxzVvPRDZ4f/cOhX++eMP32X/ZRln4+IxWJ7c3L354mBF9PFlB7yXOKPsnoU8ad5/t83H3ZjAAAAAAAAAAAAAAAAAAAAPtKK+EmkePHdI2kp+tcU70xfa1xqXZ7qrgrbW/u3t2b62traWiN1s5lzIudizqWcyzlXckaR6+ds5pzIuZhzKedyzpWcsS/Xz9nMOZFzMedSzuWcKzmjluvnbOacyLmYcykvur+cn6/kjD2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOOkiCJ+Him+9fXVFCkimhET0c3lwYfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJiK+F6kaPxR89a2WkSk6v+uI+Ufp6O5v8yPR3O4zJeieS5nq8pa85sPof3szEAq4seRYrD+9q0Tns//QPfZrY9BvPWN9WefrnVzX+/FofcHnzh86Ozw6G88fafHaasGHD3fmb5xszE+Mjo61re5lt/9433bhvL7Fven60TE/Btvvt6ammrP3fuD8iOwg+qP0INU+6j09NF+8Jv3a4dR2wvdeTgP7j52/P+DGKDYVeX1/71I8bvv/kfvgt+9/tfjV7rPbl3h44M/W7/+v7h5R9u8/tc218vX//KavtX1/8m+bS/m70YGahH1heuzA4cj6vNvvHmsc711rX2tPX36+PEvDQ9/6dTxgf0R9audqXb3UYqp9vH7crgAAAAAAAAAAAAAAAAAHpxUxO9HitaPV1MjIm5W87WGzg4/e+yZfbGvmm+1Yd72a2OXzjVenrk+O9een29PNsanO1dmJtvbfbt6Nd1rfGR0VzpzVwd2uf0H6i/PzL4x17n2xwtbvn6wfu7y/MJc68rWL8eBKCKa/VuOVg0eHxmtGj3VaU1XVS9uOZn+wxtIRfxnpLhyupE+m7fl+f+bZ/hvmP+/uHlHuzT//2N928r3TKmIDyLF7/zV0/HZqp0H47Zjlsv9XaQ4euYzuVzsL8v12tC9r0B3jmBZ9n8jxT/9fGPZ3nzIJ9fLntj2gX1ElOf/UKT43l98J34rb9t4/4etz//BzTvapfP/VN+2gxvuV7DjrpPP/7FI8dKTb8fn8rZfdv+P3r03juTCt+7PsUvn/xN924by+/72/ek6AAAAAAAAAADAI20gFfH3keKHo7X0Qt62nd//m9y8o136/a9P9m2bvD/rFd31wY4PKgAAAADsEQOpiJ9EimsLb9+aQ71x/nff/M/fW5//OZI2vVr9nO/XqvsG3M+f//Ubyu87sfNuAwAAAAAAAAAAAAAAAAAAwJ6SUhEv5PXUJ6r5/JN3XE99OVK88t/P5XLpcFmutw78UPVn/cLM9LFzU1MzV1oLrctT7cbYbOtKu6z7VKRY/dvP5LpFtb56b7357hrv62uxz0WK0X/ole2uxd5bm/yp9bInyrIfixT/9Y8by34ul/vEetmTZdm/iRRf+8HtZUuH18ueKst+J1L86GuNXtmDZdne/VE/uV72+R/cuiMCAAAAAAAAAAAAAAAAAAAA3LuBVMSfR4r/ub50ay5/Xv9/oO9p5a1v9K33v8nNap3/oWr9/zs9vpf1/6v7Cize6V0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODxlKKINyPF7IXVtDxYPu+qn+9M37g5PjK6dbUDqaq5rypfftVPnDx1+osvDJ/p5S+vf799Kl4bu3Su8fLM9dm59vx8e7IxPt25MjPZ3vYedlp/s6PVAWhcf/3G5NWr842Tz5/a8PLNofcHnzg8dHb42WPP9MqOj4yOjvWVqQ3c87vfJt1h+/4o4q8jxXPf/Wn64WBEETs/Fnf57Oy2A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGD+Bc7EgzYrFsftngo2X3xmZbc63LU+3GxdbcQmehMzN9MXVbW/anEUWcSRFLEbEyePvuBqKI1yPFtw+tpn8ZjNjXOw5fuDD2leMn79yOYhf7uA1lOxsDEUvFI3DO9rDBKOKfI8XP3jkS/zoYUYvuV3w+4tUyvx/xVnTPdyo/GKcj3tvic8SjqRZF/F95/s+upncGy/GgN66c/2rjy9NXZ/rK9saVR/768CDt8bGpHkX8qBrxV9O/+XsNAAAAAAAAAAAAAAAAsIcU8euR4sV3j6RqfvCtOcWd6WuNS63LU91pfb25f70502tra2uN1M1mzomcizmXci7nXMkZRa6fs1lmfW1tIj9fzLmUcznnSs7Yl+vnbOacyLmYcynncs6VnFHL9XM2c07kXMy5lHM550rO2CNz9wAAAAAAAAAAAAAAAAAAgMdLUf2X4ltfX01rg931pSeim8vWA33s/SIAAP//YnX2fg==")
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}, {@jqfmt_vfsold}]}, 0x4, 0x4fc, &(0x7f0000000fc0)="$eJzs3b9vW1sdAPDvdeImL8996YM3AAJeeRQKqur8aBtVZaBdQKiqhKiYGNqQuFEUu47ipDShQzqyI1GJCf4ENgakTgxsbLCxlAGpQAVqkBiM7vVt6iZxYl5+uLU/H+nm3nOu4+85ds85vqe5PgEMrLMRsRkRpyLibkSM5/lJvsX11pY+7uWLR3NbLx7NJdFs3v5Hkp1P86Ltd1Lv5885GhE/+G7Ej5PdcRvrG0uz1WplJU9PrNaWJxrrGxcXC3nO9MzUzOTVS1emj6yuH9d+8/w7izd/+LvffunZHze/+dO0WKWfnc7OtdfjKLWqXoxSW95wRNw8jmA9Mpz/++Hdk7a2z0TEJ1n7H4+h7N0EAPpZszkezfH2NADQ79Lr/1IkhXI+F1CKQqFcbs3hfRRjhWq9sXphvL52fz6yOawzUSzcW6xWJvO5wjNRTNL0VHb8Oj0dm2+kL0XEhxHx85H3snR5rl6d7+UHHwAYYO/vGP//PdIa/wGAPjfa6wIAACfO+A8Ag8f4DwCD5/8Y/90dCAB9wvU/AAwe4z8ADJ4Dx//HJ1MOAOBEfP/WrXRrbuXffz3/YH3tW6UHF+crjaVybW2uPFdfWS4v1OsL1Up5rtnMf63j1z1X6/Xlqcvbycb6xp1afe3+6p3F2uxC5U6leAJ1AgD29+HHT/+cRMTmtfeyLdoGd2M19LdCrwsA9MxQrwsA9Iz7eWBwdXGNbxoA+tweS/S+oeOfCD2x+Cu8q85/3vw/DKpu5//dIgT959PN/3/7yMsBnDzz/zC4ms3Emv8AMGDM8QOH+v9/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFClbEsK5Wwt8M30Z6FcjjgdEWeimNxbrFYmI+KDiPjTSHEkTU/1utAAwCEV/pbk63+dHz9X2nn2VPKfkWwfET/55e1fPJxdXV2ZSvP/uZ2/+iTPnz7ViwoAAO2u785qjdP5vu1C/uWLR3OvtpMs4vMbrcVF07hb+dY6MxzD2X40ihEx9q8kT7ekn1eGjiD+5uOI+Nzr+j9si1DK5kBaK5/ujJ/GPn0M8V+//jvjF96IX8jOpfti9lp89gjKAoPm6Y1WP5m3vbSJ5e2vEGez/d7tfzTroQ7vVf+3tav/K2z3f0O74idZmz+7nd6/JM8v//57uzKb461zjyO+MLxX/GQ7ftKh/z3XZR3/8sUvf9LpXPNXEedj7/gttaybnVitLU801jcuLtZmFyoLlfvT0zNTM5NXL12ZnsjmqFs//7BXjL9fu/BBp/hp/cc6xB89oP5f67L+v/7v3R99ZZ/43/jq3u//R/vET8fEr3cZf3bsesflu9P48x3qf9D7f6HL+M/+ujHf5UMBgBPQWN9Ymq1WKysHHKSfNQ96jIOeHEQc8nliM6LntejLg2LX7evtO+h1zwQct/ZhBAAAAAAAAAAAAAAAeDs11jeWRqLDbUClo7pBDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI7H/wIAAP//L93NTg==")
creat(&(0x7f0000000580)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14113e, 0x6ceac77f206eabb9)
semctl$SEM_STAT_ANY(0x0, 0x0, 0x14, &(0x7f00000001c0)=""/51)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
unlink(&(0x7f0000000180)='./file1\x00')

7m16.288990991s ago: executing program 2 (id=367):
r0 = inotify_init()
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
listen(r2, 0x0)
connect$unix(r1, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r1, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
listen(r3, 0x8497)
accept(r3, 0x0, 0x0)
bind$unix(r1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m15.446587689s ago: executing program 2 (id=372):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6)
ioctl$COMEDI_LOCK(r0, 0x6405)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000110000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$OSF_MSG_REMOVE(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x175c, 0x1, 0x5, 0x801, 0x0, 0x0, {0xa, 0x0, 0xa}, [{{0x254, 0x1, {{0x2, 0x9}, 0x9, 0x7, 0x3, 0x72c, 0x0, 'syz0\x00', "c1f2eb036bb979372e109a5da5116c2c7890d9ff26fcf6c759720cb91860219c", "0ca28119df5bb290dda89f25ef2778dc817bda777c878825847f02250f28e45a", [{0x100, 0xfffc, {0x2, 0x2}}, {0x0, 0x800, {0x0, 0x2}}, {0x100, 0xcbb6, {0x3, 0xfb8}}, {0x10, 0x2, {0x1, 0x36}}, {0x0, 0x0, {0x1, 0x7}}, {0x2, 0xfff9, {0x2, 0x27}}, {0x8, 0x1fe, {0x2, 0x3d}}, {0x3, 0x2abe, {0x2, 0x4}}, {0x401, 0xffff, {0x0, 0x45b}}, {0x7, 0x1cc, {0x0, 0x4}}, {0x5, 0x7fff, {0x1, 0x95}}, {0x5, 0xfff8, {0x0, 0x1}}, {0x9, 0x1, {0x731beac3634abdb, 0x401}}, {0x2, 0x0, {0x3, 0xc7f6}}, {0xff, 0x2, {0x1, 0x10}}, {0x1000, 0x5, {0x5, 0x1ff}}, {0x8, 0x7ff, {0x0, 0x6}}, {0x401, 0x1, {0x2, 0x1}}, {0x2, 0x1, {0x3, 0x66}}, {0x360, 0xfffd, {0x3, 0xc5}}, {0x401, 0x6, {0x0, 0x40}}, {0xa, 0x6, {0x1, 0xfffffff3}}, {0x8001, 0x8, {0x0, 0xfc}}, {0x8001, 0xd, {0x2, 0x6}}, {0x81, 0x401, {0x1, 0xffffffd2}}, {0x0, 0xb, {0x2, 0x25d1}}, {0x6, 0x4, {0x2, 0x1}}, {0x6, 0x1, {0x1, 0xfffffffb}}, {0x401, 0xb, {0x1, 0x3}}, {0xcff5, 0x6, {0x0, 0x2}}, {0x800, 0x1, {0x2, 0x520}}, {0x2000, 0x8, {0x3, 0x8001}}, {0x97ea, 0x9, {0x1, 0x9}}, {0x5d0, 0x2, {0x3, 0xffffffff}}, {0x8, 0x0, {0x3, 0x4}}, {0x5e5, 0x7, {0x2, 0x4}}, {0x2, 0x9, {0x3, 0xfffffff8}}, {0x0, 0x1000, {0x2, 0x7e}}, {0xff, 0x7, {0x3, 0xfffff800}}, {0x7, 0x7ff, {0x3, 0x4}}]}}}, {{0x254, 0x1, {{0x2, 0x8}, 0x4, 0x1, 0x1, 0xc, 0x1b, 'syz1\x00', "2c2ab4d3dd31b49cf02ce9427abfe4621f75102e271e84246d9a56f9942b2dcd", "0160d107ad0330e39d3639a9419c926192c56afe282eee7e7d8094fef80304e5", [{0xfffd, 0x14a0, {0x1, 0x9}}, {0x3}, {0x9, 0x20, {0x0, 0x4}}, {0x3, 0x0, {0x1, 0x4}}, {0x9, 0x2, {0x2, 0x2}}, {0x1, 0x696a, {0x3, 0x8}}, {0x0, 0x6, {0x1, 0xfff}}, {0x89f6, 0x1, {0x7, 0x5}}, {0x6, 0x8, {0x3, 0x4}}, {0x401, 0x5, {0x3, 0x6}}, {0xb, 0xb0a0, {0x0, 0x3}}, {0x3, 0x9, {0x2, 0xd8e}}, {0x4, 0x9, {0x3, 0x3}}, {0x2, 0x7fff, {0x2, 0x3}}, {0xe, 0x2, {0x0, 0xc}}, {0x4, 0x9, {0x3}}, {0x3, 0x1, {0x3, 0x8}}, {0x101, 0x5, {0x2, 0x6}}, {0x7, 0x1000, {0x2, 0x460}}, {0x20e, 0x5, {0x0, 0x7fff}}, {0xbc9, 0xb, {0x1, 0xff}}, {0x0, 0x1, {0x2, 0xb}}, {0x7, 0x401, {0x3, 0x5}}, {0x5, 0x10, {0x0, 0x10001}}, {0x8, 0x0, {0x3, 0xae}}, {0x80, 0x9, {0x2, 0x6}}, {0x7fc0, 0x7, {0x2, 0x3}}, {0x101, 0x101, {0x2, 0x3}}, {0x1, 0xfff9, {0x2, 0x4}}, {0x7, 0x400, {0x2}}, {0x9, 0xb0, {0x1, 0x4}}, {0x7ff, 0xb438, {0x0, 0x1}}, {0x6, 0x3, {0x0, 0x5}}, {0xa0e, 0x6, {0x1, 0x2}}, {0x4, 0x7, {0x2, 0x3}}, {0x9, 0x0, {0x0, 0x5}}, {0x768f, 0xd, {0x0, 0x1}}, {0x200, 0x0, {0x2, 0x4}}, {0x6, 0x2, {0x0, 0x8}}, {0xa8d8, 0x800, {0x2, 0x10001}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0x2, 0x5, 0x39, 0x800, 0x6, 'syz1\x00', "9fc52f6daecb2651ede80bfbaf0169f27357dfaf59e3f49647fda1a9d37843fc", "559bbf6debe2ebfdd525ea32a68c5783d8996045641a1172c381199cf4a1a5d1", [{0x1800, 0x2, {0x3, 0x8bf1}}, {0x4, 0x5}, {0x8, 0x2, {0x3}}, {0x3, 0x8, {0x1, 0xd}}, {0x6, 0x2, {0x0, 0x5}}, {0x8, 0x7f, {0x3, 0x1}}, {0xffff, 0x7, {0x3, 0x2}}, {0x0, 0x9, {0x0, 0x1}}, {0x7, 0x8, {0x1, 0x3}}, {0x3, 0x3, {0x2, 0x7fffffff}}, {0x0, 0x6, {0x0, 0x3}}, {0x800, 0x0, {0x1, 0x8}}, {0xffff, 0x1, {0x1, 0x1}}, {0x60c2, 0x3, {0x1, 0x1ff}}, {0x3, 0x6, {0x2, 0xa0d}}, {0x4, 0x6, {0x0, 0x6}}, {0x6, 0x40, {0x3, 0x8}}, {0x3, 0x6, {0x3, 0x5}}, {0xb3, 0x8, {0x2, 0x4332d02f}}, {0x3, 0x29, {0x1, 0xfffffffa}}, {0x2, 0x0, {0x1, 0x100}}, {0x7, 0x2, {0x0, 0x101}}, {0xfff8, 0x6, {0x1, 0xc}}, {0x3ff, 0x6, {0x0, 0x2}}, {0xd, 0x5, {0x0, 0x7}}, {0x2, 0x7, {0x1, 0x800000}}, {0xa2, 0x4, {0x3, 0x1ff}}, {0x56, 0x7, {0x1, 0x87b2}}, {0x5, 0x5, {0x2}}, {0xffff, 0x800, {0x0, 0x100}}, {0x5, 0x1, {0x2, 0x101}}, {0x0, 0x5, {0x2, 0x7e70}}, {0x4, 0x9088, {0x3, 0xb31}}, {0x7fff, 0x2, {0x0, 0x2}}, {0x2, 0x535, {0x1, 0x7}}, {0x81, 0x9f, {0x0, 0x8d2}}, {0x25a0, 0xfc5b, {0x2, 0x1}}, {0x100, 0xfffb, {0x1}}, {0x9, 0x80, {0x0, 0x2}}, {0x9, 0x8, {0x2, 0x1}}]}}}, {{0x254, 0x1, {{0x0, 0xb249}, 0xe, 0x3, 0xffff, 0x3fe1, 0x1e, 'syz1\x00', "9adaa18042571dea59f5204a8800ce87b0b7e7afb9f4dc385a5a8ebf9f8dce8a", "79f5a09f8ca8fec775d971787dc27a5510fa497f9c6fbd78cc2f86f2f3a27f3b", [{0x8, 0x7, {0x1, 0x2c00}}, {0x100, 0x4180, {0x3, 0x1000}}, {0x4, 0x9, {0x0, 0x81}}, {0x100, 0x3, {0x0, 0x4}}, {0x9a, 0x0, {0x1}}, {0x7ff, 0xfff, {0x3, 0x100}}, {0x2c00, 0x0, {0x3, 0x9}}, {0x3, 0x3bbf, {0x0, 0x9}}, {0x7, 0x117, {0x2, 0x7fffffff}}, {0x2, 0x4, {0x0, 0x7}}, {0x76, 0x0, {0x0, 0x400}}, {0x81, 0x121, {0x3, 0x8e}}, {0x1, 0x0, {0x3, 0x6}}, {0x0, 0x4, {0x3, 0x9}}, {0xfffd, 0x4120}, {0x1ff, 0xa18c, {0x1, 0xa}}, {0x9, 0x0, {0x2, 0xd0000000}}, {0x3183, 0x400, {0x1, 0x8}}, {0xffff, 0x17f5, {0x0, 0x8c45}}, {0x46b, 0x3ff, {0x0, 0x41806f89}}, {0x1, 0x2, {0x0, 0x1}}, {0x7, 0x8, {0x3, 0x800000}}, {0x2, 0x200, {0x1, 0x3}}, {0x7, 0xa, {0x1, 0x6}}, {0x1, 0x5, {0x3, 0x926a}}, {0x5, 0x0, {0x3, 0x767}}, {0x6, 0x7f, {0x3, 0x3}}, {0x5, 0x1, {0x2}}, {0x6, 0x9, {0x1, 0x6}}, {0x5, 0x8, {0x1, 0x7}}, {0x3, 0x502, {0x0, 0x5}}, {0x9, 0x80, {0x3, 0x9}}, {0x6, 0xbe, {0x0, 0x4}}, {0x800, 0x4, {0x3, 0x8000}}, {0x7fff, 0xc}, {0xb, 0xfff8, {0x1, 0x2}}, {0x7, 0x7, {0x0, 0x3}}, {0x9, 0xdf, {0x3, 0x3}}, {0x8, 0x1, {0x3, 0xffffffff}}, {0x3, 0x400, {0x0, 0x4}}]}}}, {{0x254, 0x1, {{0x3, 0x1}, 0xfe, 0x3, 0x9c25, 0x8, 0x26, 'syz0\x00', "4886d29e77655b438621e28bc67f52dab4cc155bac1840a853b099076563ea73", "2dac0df0cdd4197241fab61e2c24aa339c6bdcbc99501e276caf677cd82587c8", [{0x800, 0x7ff, {0x2, 0x1}}, {0x8, 0x7, {0x1, 0x5}}, {0xff68, 0x217f, {0x3, 0x7f}}, {0x5c, 0x5, {0x0, 0x6}}, {0x8001, 0x3, {0x1}}, {0x6, 0xa, {0x1, 0xf0000000}}, {0x81, 0xfffd, {0x2, 0x5}}, {0x1, 0x0, {0x2, 0xfae}}, {0x9, 0x8, {0xd14d209d1884419, 0x4}}, {0x50a2, 0x0, {0x0, 0x6}}, {0x9, 0x5, {0x3, 0x6}}, {0x1ce5, 0x1, {0x1, 0x8}}, {0x1, 0x4ce, {0x1, 0x1}}, {0xe317, 0x6, {0x1, 0x1a}}, {0x769d, 0x0, {0x0, 0x7fff}}, {0x5, 0x0, {0x0, 0xb4c9}}, {0x87f, 0x40, {0x3}}, {0x2, 0x100, {0x3, 0x5}}, {0x8, 0x9, {0x2, 0x5}}, {0x101, 0x6, {0x1, 0x6}}, {0x2, 0x101, {0x3, 0x40}}, {0x485e, 0x7, {0x0, 0x4}}, {0x5, 0x8000, {0x3, 0x3712}}, {0x3, 0xd8, {0x1, 0xc}}, {0x0, 0x3, {0x0, 0x875}}, {0xc, 0x200, {0x3, 0x8}}, {0x5, 0xfffa, {0x0, 0x7ff}}, {0x0, 0xcc1, {0x2, 0x2}}, {0x90fc, 0x9, {0x2, 0xffffffff}}, {0x7, 0x1, {0x2, 0x1}}, {0xa, 0x0, {0x3, 0xd}}, {0x9, 0xfffd, {0x2, 0x1}}, {0x9, 0x0, {0xd20c460d8476fc89, 0xfffffffd}}, {0xce, 0x0, {0x3, 0x9}}, {0x5, 0x4, {0x3, 0x7}}, {0x2e, 0x205a, {0x0, 0x1}}, {0x2, 0x3, {0x3, 0xc}}, {0x8, 0x8, {0x3, 0x7}}, {0x4, 0xb, {0x1, 0x4}}, {0xfff9, 0x0, {0x3, 0x2}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0x5, 0x7, 0x4, 0xd, 0xe, 'syz1\x00', "378c9251613448636ec37d8d9dd05e6ec1013de1c3ad37742b3ae1f74d7a483d", "16b067138357e0909d50f56156f63a1595678155f0da62a386d9e43d80cc7ea1", [{0x101, 0x4, {0x0, 0x1}}, {0x7f, 0xad, {0x2, 0x7}}, {0xfffa, 0x3, {0x0, 0x1}}, {0x3ff, 0xa, {0x2, 0x9}}, {0x2, 0x6, {0x3, 0x7f}}, {0x9, 0x9, {0x0, 0x9}}, {0x0, 0x9, {0x2, 0x5}}, {0x5, 0x3, {0x0, 0x5}}, {0x101, 0xfff, {0x3, 0x7fffffff}}, {0x3, 0x9, {0x3, 0x7}}, {0x4, 0xbf2, {0x3, 0x8}}, {0xa0, 0x9, {0x1, 0x3ff}}, {0x4, 0x3, {0x3, 0x3}}, {0x7, 0x401, {0x1, 0x31}}, {0x2, 0x5, {0x3, 0x6a9f}}, {0x9, 0x2, {0x1, 0x9}}, {0x8, 0x2, {0x0, 0xe}}, {0xfff9, 0xf982, {0x2, 0x1}}, {0x6, 0x9, {0x1, 0x8e9}}, {0xeb, 0x9001, {0x0, 0x6}}, {0xffff, 0xe1, {0xfb554788f9dac68d}}, {0x7f, 0x3, {0x0, 0x603}}, {0x6, 0x4, {0x3, 0x800}}, {0x5, 0x81, {0x3, 0x8}}, {0x8, 0x523e, {0x3, 0x2}}, {0x8, 0x9b6, {0x0, 0x4ec0}}, {0x5, 0x3, {0x2, 0x200}}, {0xecf, 0x4, {0x2, 0x2}}, {0x8, 0xffff, {0x0, 0x800}}, {0x6, 0xc000, {0x0, 0x2412}}, {0x9, 0x5, {0x0, 0x80}}, {0x9, 0x1, {0x2, 0x2}}, {0x1, 0xfffc, {0x1, 0xd}}, {0x7, 0x3, {0x1, 0x81}}, {0xa, 0x4, {0x2, 0x800}}, {0xde0f, 0x3, {0x0, 0x1}}, {0x3, 0x8, {0x1, 0xea26}}, {0xb999, 0x800, {0x7c48ba8a6319ef8e, 0x8}}, {0x2, 0x7, {0x2, 0x8}}, {0x0, 0x1ff, {0x4, 0xfff}}]}}}, {{0x254, 0x1, {{0x1, 0x3}, 0xff, 0x3, 0x1, 0x75c0, 0x12, 'syz1\x00', "27c357d600d6e0ce33e318b4a9445dc21dd01a1a893f7cafddf3ab22c7654ac5", "502e137d0dcce16db6a5db2b658b3e81cdce03f39f972ebf9d7668c80d5124b3", [{0x7ff, 0x8000, {0x1, 0x3}}, {0x6, 0x7, {0x0, 0x8000}}, {0x80, 0x3, {0x3, 0x2}}, {0x9, 0x10, {0x3, 0x8}}, {0x4, 0x5, {0x2, 0xfd2}}, {0x2, 0x7fff, {0x2, 0x3}}, {0xffff, 0xf, {0x3, 0x4}}, {0x7db, 0x8001, {0x0, 0x40}}, {0x8, 0x100, {0x0, 0x3}}, {0x7, 0x80f, {0x2, 0x1ff}}, {0x9, 0x2, {0x3, 0xffffffbe}}, {0xcc66, 0x6, {0x9fc5eccf7c7a9e07, 0x4}}, {0x5, 0x6, {0x3, 0x3}}, {0xfffb, 0x6, {0x0, 0x1000}}, {0xb, 0x1, {0x0, 0x4}}, {0xf, 0xff, {0x2, 0x80000000}}, {0x2, 0x8, {0x3, 0xfffffffa}}, {0xc, 0x1000, {0x2, 0x9}}, {0x8, 0x9598, {0x3, 0x5}}, {0x5, 0x10, {0x1, 0x101}}, {0x9, 0x2, {0x1, 0x73d}}, {0xbf6e, 0x7ff, {0x0, 0x8e}}, {0x3, 0xa, {0x1, 0xfffffff7}}, {0x3, 0x1, {0x2, 0x9}}, {0x400, 0xf800, {0x2, 0x7}}, {0x4, 0x8000, {0x0, 0x6}}, {0x1, 0x1, {0x2, 0x6}}, {0x4, 0x5f83, {0x3, 0x3}}, {0x0, 0x3, {0x3, 0xc8}}, {0x9dc, 0xbdc, {0x2, 0x7}}, {0x41fa, 0xf, {0x1, 0x9a}}, {0x3, 0x5, {0x2, 0x144}}, {0xfffd, 0xe, {0x3, 0x10001}}, {0x9, 0xc, {0x2, 0xb}}, {0x0, 0xfff8, {0x1, 0x1}}, {0xa, 0x101, {0x3, 0xfff}}, {0x8, 0x7, {0x2, 0x1}}, {0xe, 0x0, {0x2, 0x7ff}}, {0x7f17, 0x6, {0x1, 0x81}}, {0x295, 0x11, {0x2, 0x6}}]}}}, {{0x254, 0x1, {{0x2, 0x40b4}, 0x40, 0xb, 0x2, 0x8, 0x15, 'syz0\x00', "d87f3eba32db69e75efbee28a08cc128db73a387206beb408720a810453e9647", "23e26a05842faf629ba616fe3e6072d5c3f9d05ecf26692ec898ccda1575db65", [{0x6, 0x8000, {0x0, 0x5}}, {0x5, 0x9, {0x0, 0xe0}}, {0x6, 0x200, {0x2, 0x5}}, {0x6cd6, 0x401, {0x1, 0x9}}, {0x0, 0x3, {0x2, 0xfffffffc}}, {0x6fe1, 0x6, {0x0, 0x6}}, {0x0, 0x94, {0x2, 0x1}}, {0x1, 0x6, {0x3, 0x400}}, {0xf800, 0x100, {0x0, 0x6}}, {0x8, 0x200, {0x1}}, {0x3, 0x83, {0x3, 0x2}}, {0x831b, 0x5, {0x1, 0xc5d8}}, {0x2, 0xf, {0x3, 0x7}}, {0xe, 0x1ff, {0x1, 0x9}}, {0x5, 0x9}, {0x401, 0x3, {0x3, 0xf}}, {0x10, 0x5, {0x0, 0xff}}, {0xd454, 0x1000, {0x1, 0x5}}, {0x772, 0x6, {0x3, 0x4}}, {0x7ff, 0x8000, {0x3, 0x9}}, {0xde6e, 0x1, {0x2, 0x80}}, {0x0, 0x1, {0x0, 0x4}}, {0x4, 0x5, {0x0, 0x7fffffff}}, {0x4, 0x2, {0x2, 0x9}}, {0xbd82, 0x0, {0x2, 0x9}}, {0xfc01, 0x6, {0x3, 0x8}}, {0x1, 0x5b1c, {0x3, 0xffffcfd0}}, {0x5, 0x8, {0x1, 0x6}}, {0x9, 0x5, {0x1, 0xfffffffd}}, {0x3ff, 0x7, {0x2, 0x101}}, {0x7fff, 0x2, {0x0, 0x7}}, {0x7f, 0x4, {0x0, 0x5}}, {0x3a, 0x7, {0x1, 0x200000}}, {0x7fff, 0x5, {0x1, 0x6}}, {0x8, 0x8, {0x2, 0x8}}, {0xf, 0x5acf, {0x3}}, {0x5, 0x5, {0x0, 0xbec}}, {0x2, 0x1, {0x2, 0x3ff}}, {0x3e, 0xff96, {0x3, 0xa6e}}, {0xa, 0x4, {0x1, 0x100}}]}}}, {{0x254, 0x1, {{0x0, 0x9}, 0x5, 0xf7, 0x691, 0x1, 0x24, 'syz0\x00', "0ce49199bc82ed5d11140ca6c16756c2ac9e589211c032479334e80446a05786", "ca162a19c3255c23dca9a13f911ce4bb9a195787ca0713d9e9a9c7e8efc7ec5a", [{0x1, 0x7, {0x3, 0x2}}, {0x6, 0x401, {0x2, 0x6}}, {0x2eb, 0x9d27, {0x3, 0x8}}, {0x3, 0x56, {0x1, 0x4}}, {0x4, 0xa59d, {0x1, 0xe46}}, {0xfffd, 0xf77c, {0x0, 0xa}}, {0xfffc, 0x3eef, {0x2, 0x4}}, {0x7, 0x9, {0x1, 0x9}}, {0x2, 0xfff, {0x1, 0xfffffff7}}, {0x5, 0xffff, {0x1, 0xb03a}}, {0x7ff, 0xff, {0x0, 0x8}}, {0x5, 0x8, {0x0, 0x8001}}, {0x3, 0x2, {0x1, 0x4}}, {0x7, 0x401, {0x0, 0x7fffffff}}, {0x1, 0x5, {0x1, 0x7}}, {0x149, 0x6}, {0x8001, 0x8, {0x1, 0x7fff}}, {0x0, 0x4, {0x3}}, {0x4, 0x6, {0x1}}, {0x3, 0x9, {0x2, 0x2}}, {0x8e3, 0x7fff, {0x2, 0x38}}, {0xfffa, 0x1, {0x0, 0x8}}, {0x2, 0x3, {0x1, 0x77}}, {0x100, 0xec4, {0x387ab4415f93248f, 0x9}}, {0x3, 0x2, {0x1, 0x9}}, {0x4, 0x4, {0x3, 0xfff}}, {0x4, 0x1, {0x2}}, {0x101, 0xa, {0x2, 0x100}}, {0x6, 0x9, {0x2, 0x8}}, {0x365e, 0xffff, {0x2, 0x7}}, {0x4, 0x3, {0x3, 0x9}}, {0x7, 0xbd1, {0x2, 0x7}}, {0x2, 0x8000, {0x3, 0x5}}, {0x6, 0xff, {0x2, 0x7}}, {0x240, 0x7, {0x1, 0xc3}}, {0x4087, 0x10, {0x3, 0x2}}, {0xc, 0x800, {0x0, 0x367}}, {0xfff7, 0xf, {0x2, 0x1}}, {0x6, 0x1, {0x3, 0xc525}}, {0x0, 0x0, {0x0, 0xf}}]}}}, {{0x254, 0x1, {{0x3, 0x3}, 0x8, 0x1, 0x9, 0x7, 0x26, 'syz1\x00', "01b022b776924a7d9f233f423e0033e91c9774478cabe0f0514b59a9e1580c12", "9e2f42fbe6c1937e283d9f0581250ffe2b1e2c9e7055e984c83887ff46ba5fbf", [{0x4, 0x2143, {0x2, 0x7}}, {0x65a, 0x40, {0x3, 0x10000}}, {0x9711, 0x7, {0x0, 0xff}}, {0x9, 0x40, {0x1, 0x6}}, {0x0, 0x9, {0x3, 0x3}}, {0x800, 0x0, {0x2, 0x7}}, {0x3, 0x8000, {0x2, 0xffff0000}}, {0x6, 0xe9be, {0x2, 0xfffffffb}}, {0x4250, 0x5, {0x0, 0x1f}}, {0x5, 0x8001, {0x0, 0x7}}, {0x5, 0x2, {0x0, 0xffffffff}}, {0x7, 0xd, {0x3, 0xfffffff9}}, {0x150, 0x89a, {0x1, 0x9}}, {0x6, 0x5, {0x1, 0x6}}, {0x5, 0xc, {0x2, 0xfffffff7}}, {0x401, 0x81, {0x1, 0x101}}, {0x7ff, 0x3, {0x2, 0x7c}}, {0x6aae, 0x1, {0x2, 0x2}}, {0x5, 0x81, {0x4, 0x2}}, {0x2, 0x98f, {0x3, 0x2c1}}, {0x0, 0x9, {0x1, 0x1ff}}, {0x7f, 0x7, {0x0, 0x8}}, {0xff, 0x80, {0x3, 0x5}}, {0x8, 0x6, {0x1, 0x5}}, {0x40, 0x7, {0x1, 0x400}}, {0x1000, 0x7, {0x1, 0xb}}, {0x6, 0x101, {0x1, 0xf}}, {0x8, 0xfbb, {0x3, 0x1}}, {0x8, 0x6, {0x2, 0x8000}}, {0x9, 0x6, {0x3, 0x3ff}}, {0xf, 0xfffc, {0x2, 0x2c2}}, {0x9, 0x2, {0x2, 0x4}}, {0xff9d, 0x9, {0x3, 0x3}}, {0x5, 0xdcc, {0x2, 0xe}}, {0x9, 0x0, {0x2, 0xe}}, {0xb, 0x0, {0x1, 0x101}}, {0x40, 0x4, {0x1, 0x6}}, {0x9, 0x8, {0x2, 0xff}}, {0x9, 0x9, {0x2, 0x81}}, {0x3, 0x3, {0x2, 0x20002000}}]}}}]}, 0x175c}, 0x1, 0x0, 0x0, 0x4000}, 0x4050)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x34, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
ioctl$COMEDI_LOCK(r0, 0x6405)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000380), 0x800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000480)={0x119, 0x0, 'client0\x00', 0x0, "238ce6e7702b9338", "a62585ae77772caa7965bb840c7f2db4f3b148f5dc746d2d46fc3b04b44115e0", 0x1, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r3, 0xc0505350, &(0x7f0000002140)={{0x7, 0x8}, {0x8, 0x8}, 0x8, 0x3, 0x8})
syz_emit_ethernet(0x56, &(0x7f0000000340)={@link_local, @random="0000fc00f5d6", @void, {@ipv4={0x800, @igmp={{0x10, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@timestamp_addr={0x44, 0xc, 0x4e, 0x1, 0x4, [{@multicast2, 0x4}]}, @timestamp_prespec={0x44, 0x4, 0xe5, 0x3, 0x2}, @generic={0x86, 0x2}, @lsrr={0x83, 0x17, 0xb7, [@empty, @dev={0xac, 0x14, 0x14, 0x27}, @rand_addr=0x64010100, @private=0xa010101, @broadcast]}]}}, {0x11, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0)

7m15.036035307s ago: executing program 32 (id=372):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6)
ioctl$COMEDI_LOCK(r0, 0x6405)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000110000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$OSF_MSG_REMOVE(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x175c, 0x1, 0x5, 0x801, 0x0, 0x0, {0xa, 0x0, 0xa}, [{{0x254, 0x1, {{0x2, 0x9}, 0x9, 0x7, 0x3, 0x72c, 0x0, 'syz0\x00', "c1f2eb036bb979372e109a5da5116c2c7890d9ff26fcf6c759720cb91860219c", "0ca28119df5bb290dda89f25ef2778dc817bda777c878825847f02250f28e45a", [{0x100, 0xfffc, {0x2, 0x2}}, {0x0, 0x800, {0x0, 0x2}}, {0x100, 0xcbb6, {0x3, 0xfb8}}, {0x10, 0x2, {0x1, 0x36}}, {0x0, 0x0, {0x1, 0x7}}, {0x2, 0xfff9, {0x2, 0x27}}, {0x8, 0x1fe, {0x2, 0x3d}}, {0x3, 0x2abe, {0x2, 0x4}}, {0x401, 0xffff, {0x0, 0x45b}}, {0x7, 0x1cc, {0x0, 0x4}}, {0x5, 0x7fff, {0x1, 0x95}}, {0x5, 0xfff8, {0x0, 0x1}}, {0x9, 0x1, {0x731beac3634abdb, 0x401}}, {0x2, 0x0, {0x3, 0xc7f6}}, {0xff, 0x2, {0x1, 0x10}}, {0x1000, 0x5, {0x5, 0x1ff}}, {0x8, 0x7ff, {0x0, 0x6}}, {0x401, 0x1, {0x2, 0x1}}, {0x2, 0x1, {0x3, 0x66}}, {0x360, 0xfffd, {0x3, 0xc5}}, {0x401, 0x6, {0x0, 0x40}}, {0xa, 0x6, {0x1, 0xfffffff3}}, {0x8001, 0x8, {0x0, 0xfc}}, {0x8001, 0xd, {0x2, 0x6}}, {0x81, 0x401, {0x1, 0xffffffd2}}, {0x0, 0xb, {0x2, 0x25d1}}, {0x6, 0x4, {0x2, 0x1}}, {0x6, 0x1, {0x1, 0xfffffffb}}, {0x401, 0xb, {0x1, 0x3}}, {0xcff5, 0x6, {0x0, 0x2}}, {0x800, 0x1, {0x2, 0x520}}, {0x2000, 0x8, {0x3, 0x8001}}, {0x97ea, 0x9, {0x1, 0x9}}, {0x5d0, 0x2, {0x3, 0xffffffff}}, {0x8, 0x0, {0x3, 0x4}}, {0x5e5, 0x7, {0x2, 0x4}}, {0x2, 0x9, {0x3, 0xfffffff8}}, {0x0, 0x1000, {0x2, 0x7e}}, {0xff, 0x7, {0x3, 0xfffff800}}, {0x7, 0x7ff, {0x3, 0x4}}]}}}, {{0x254, 0x1, {{0x2, 0x8}, 0x4, 0x1, 0x1, 0xc, 0x1b, 'syz1\x00', "2c2ab4d3dd31b49cf02ce9427abfe4621f75102e271e84246d9a56f9942b2dcd", "0160d107ad0330e39d3639a9419c926192c56afe282eee7e7d8094fef80304e5", [{0xfffd, 0x14a0, {0x1, 0x9}}, {0x3}, {0x9, 0x20, {0x0, 0x4}}, {0x3, 0x0, {0x1, 0x4}}, {0x9, 0x2, {0x2, 0x2}}, {0x1, 0x696a, {0x3, 0x8}}, {0x0, 0x6, {0x1, 0xfff}}, {0x89f6, 0x1, {0x7, 0x5}}, {0x6, 0x8, {0x3, 0x4}}, {0x401, 0x5, {0x3, 0x6}}, {0xb, 0xb0a0, {0x0, 0x3}}, {0x3, 0x9, {0x2, 0xd8e}}, {0x4, 0x9, {0x3, 0x3}}, {0x2, 0x7fff, {0x2, 0x3}}, {0xe, 0x2, {0x0, 0xc}}, {0x4, 0x9, {0x3}}, {0x3, 0x1, {0x3, 0x8}}, {0x101, 0x5, {0x2, 0x6}}, {0x7, 0x1000, {0x2, 0x460}}, {0x20e, 0x5, {0x0, 0x7fff}}, {0xbc9, 0xb, {0x1, 0xff}}, {0x0, 0x1, {0x2, 0xb}}, {0x7, 0x401, {0x3, 0x5}}, {0x5, 0x10, {0x0, 0x10001}}, {0x8, 0x0, {0x3, 0xae}}, {0x80, 0x9, {0x2, 0x6}}, {0x7fc0, 0x7, {0x2, 0x3}}, {0x101, 0x101, {0x2, 0x3}}, {0x1, 0xfff9, {0x2, 0x4}}, {0x7, 0x400, {0x2}}, {0x9, 0xb0, {0x1, 0x4}}, {0x7ff, 0xb438, {0x0, 0x1}}, {0x6, 0x3, {0x0, 0x5}}, {0xa0e, 0x6, {0x1, 0x2}}, {0x4, 0x7, {0x2, 0x3}}, {0x9, 0x0, {0x0, 0x5}}, {0x768f, 0xd, {0x0, 0x1}}, {0x200, 0x0, {0x2, 0x4}}, {0x6, 0x2, {0x0, 0x8}}, {0xa8d8, 0x800, {0x2, 0x10001}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0x2, 0x5, 0x39, 0x800, 0x6, 'syz1\x00', "9fc52f6daecb2651ede80bfbaf0169f27357dfaf59e3f49647fda1a9d37843fc", "559bbf6debe2ebfdd525ea32a68c5783d8996045641a1172c381199cf4a1a5d1", [{0x1800, 0x2, {0x3, 0x8bf1}}, {0x4, 0x5}, {0x8, 0x2, {0x3}}, {0x3, 0x8, {0x1, 0xd}}, {0x6, 0x2, {0x0, 0x5}}, {0x8, 0x7f, {0x3, 0x1}}, {0xffff, 0x7, {0x3, 0x2}}, {0x0, 0x9, {0x0, 0x1}}, {0x7, 0x8, {0x1, 0x3}}, {0x3, 0x3, {0x2, 0x7fffffff}}, {0x0, 0x6, {0x0, 0x3}}, {0x800, 0x0, {0x1, 0x8}}, {0xffff, 0x1, {0x1, 0x1}}, {0x60c2, 0x3, {0x1, 0x1ff}}, {0x3, 0x6, {0x2, 0xa0d}}, {0x4, 0x6, {0x0, 0x6}}, {0x6, 0x40, {0x3, 0x8}}, {0x3, 0x6, {0x3, 0x5}}, {0xb3, 0x8, {0x2, 0x4332d02f}}, {0x3, 0x29, {0x1, 0xfffffffa}}, {0x2, 0x0, {0x1, 0x100}}, {0x7, 0x2, {0x0, 0x101}}, {0xfff8, 0x6, {0x1, 0xc}}, {0x3ff, 0x6, {0x0, 0x2}}, {0xd, 0x5, {0x0, 0x7}}, {0x2, 0x7, {0x1, 0x800000}}, {0xa2, 0x4, {0x3, 0x1ff}}, {0x56, 0x7, {0x1, 0x87b2}}, {0x5, 0x5, {0x2}}, {0xffff, 0x800, {0x0, 0x100}}, {0x5, 0x1, {0x2, 0x101}}, {0x0, 0x5, {0x2, 0x7e70}}, {0x4, 0x9088, {0x3, 0xb31}}, {0x7fff, 0x2, {0x0, 0x2}}, {0x2, 0x535, {0x1, 0x7}}, {0x81, 0x9f, {0x0, 0x8d2}}, {0x25a0, 0xfc5b, {0x2, 0x1}}, {0x100, 0xfffb, {0x1}}, {0x9, 0x80, {0x0, 0x2}}, {0x9, 0x8, {0x2, 0x1}}]}}}, {{0x254, 0x1, {{0x0, 0xb249}, 0xe, 0x3, 0xffff, 0x3fe1, 0x1e, 'syz1\x00', "9adaa18042571dea59f5204a8800ce87b0b7e7afb9f4dc385a5a8ebf9f8dce8a", "79f5a09f8ca8fec775d971787dc27a5510fa497f9c6fbd78cc2f86f2f3a27f3b", [{0x8, 0x7, {0x1, 0x2c00}}, {0x100, 0x4180, {0x3, 0x1000}}, {0x4, 0x9, {0x0, 0x81}}, {0x100, 0x3, {0x0, 0x4}}, {0x9a, 0x0, {0x1}}, {0x7ff, 0xfff, {0x3, 0x100}}, {0x2c00, 0x0, {0x3, 0x9}}, {0x3, 0x3bbf, {0x0, 0x9}}, {0x7, 0x117, {0x2, 0x7fffffff}}, {0x2, 0x4, {0x0, 0x7}}, {0x76, 0x0, {0x0, 0x400}}, {0x81, 0x121, {0x3, 0x8e}}, {0x1, 0x0, {0x3, 0x6}}, {0x0, 0x4, {0x3, 0x9}}, {0xfffd, 0x4120}, {0x1ff, 0xa18c, {0x1, 0xa}}, {0x9, 0x0, {0x2, 0xd0000000}}, {0x3183, 0x400, {0x1, 0x8}}, {0xffff, 0x17f5, {0x0, 0x8c45}}, {0x46b, 0x3ff, {0x0, 0x41806f89}}, {0x1, 0x2, {0x0, 0x1}}, {0x7, 0x8, {0x3, 0x800000}}, {0x2, 0x200, {0x1, 0x3}}, {0x7, 0xa, {0x1, 0x6}}, {0x1, 0x5, {0x3, 0x926a}}, {0x5, 0x0, {0x3, 0x767}}, {0x6, 0x7f, {0x3, 0x3}}, {0x5, 0x1, {0x2}}, {0x6, 0x9, {0x1, 0x6}}, {0x5, 0x8, {0x1, 0x7}}, {0x3, 0x502, {0x0, 0x5}}, {0x9, 0x80, {0x3, 0x9}}, {0x6, 0xbe, {0x0, 0x4}}, {0x800, 0x4, {0x3, 0x8000}}, {0x7fff, 0xc}, {0xb, 0xfff8, {0x1, 0x2}}, {0x7, 0x7, {0x0, 0x3}}, {0x9, 0xdf, {0x3, 0x3}}, {0x8, 0x1, {0x3, 0xffffffff}}, {0x3, 0x400, {0x0, 0x4}}]}}}, {{0x254, 0x1, {{0x3, 0x1}, 0xfe, 0x3, 0x9c25, 0x8, 0x26, 'syz0\x00', "4886d29e77655b438621e28bc67f52dab4cc155bac1840a853b099076563ea73", "2dac0df0cdd4197241fab61e2c24aa339c6bdcbc99501e276caf677cd82587c8", [{0x800, 0x7ff, {0x2, 0x1}}, {0x8, 0x7, {0x1, 0x5}}, {0xff68, 0x217f, {0x3, 0x7f}}, {0x5c, 0x5, {0x0, 0x6}}, {0x8001, 0x3, {0x1}}, {0x6, 0xa, {0x1, 0xf0000000}}, {0x81, 0xfffd, {0x2, 0x5}}, {0x1, 0x0, {0x2, 0xfae}}, {0x9, 0x8, {0xd14d209d1884419, 0x4}}, {0x50a2, 0x0, {0x0, 0x6}}, {0x9, 0x5, {0x3, 0x6}}, {0x1ce5, 0x1, {0x1, 0x8}}, {0x1, 0x4ce, {0x1, 0x1}}, {0xe317, 0x6, {0x1, 0x1a}}, {0x769d, 0x0, {0x0, 0x7fff}}, {0x5, 0x0, {0x0, 0xb4c9}}, {0x87f, 0x40, {0x3}}, {0x2, 0x100, {0x3, 0x5}}, {0x8, 0x9, {0x2, 0x5}}, {0x101, 0x6, {0x1, 0x6}}, {0x2, 0x101, {0x3, 0x40}}, {0x485e, 0x7, {0x0, 0x4}}, {0x5, 0x8000, {0x3, 0x3712}}, {0x3, 0xd8, {0x1, 0xc}}, {0x0, 0x3, {0x0, 0x875}}, {0xc, 0x200, {0x3, 0x8}}, {0x5, 0xfffa, {0x0, 0x7ff}}, {0x0, 0xcc1, {0x2, 0x2}}, {0x90fc, 0x9, {0x2, 0xffffffff}}, {0x7, 0x1, {0x2, 0x1}}, {0xa, 0x0, {0x3, 0xd}}, {0x9, 0xfffd, {0x2, 0x1}}, {0x9, 0x0, {0xd20c460d8476fc89, 0xfffffffd}}, {0xce, 0x0, {0x3, 0x9}}, {0x5, 0x4, {0x3, 0x7}}, {0x2e, 0x205a, {0x0, 0x1}}, {0x2, 0x3, {0x3, 0xc}}, {0x8, 0x8, {0x3, 0x7}}, {0x4, 0xb, {0x1, 0x4}}, {0xfff9, 0x0, {0x3, 0x2}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0x5, 0x7, 0x4, 0xd, 0xe, 'syz1\x00', "378c9251613448636ec37d8d9dd05e6ec1013de1c3ad37742b3ae1f74d7a483d", "16b067138357e0909d50f56156f63a1595678155f0da62a386d9e43d80cc7ea1", [{0x101, 0x4, {0x0, 0x1}}, {0x7f, 0xad, {0x2, 0x7}}, {0xfffa, 0x3, {0x0, 0x1}}, {0x3ff, 0xa, {0x2, 0x9}}, {0x2, 0x6, {0x3, 0x7f}}, {0x9, 0x9, {0x0, 0x9}}, {0x0, 0x9, {0x2, 0x5}}, {0x5, 0x3, {0x0, 0x5}}, {0x101, 0xfff, {0x3, 0x7fffffff}}, {0x3, 0x9, {0x3, 0x7}}, {0x4, 0xbf2, {0x3, 0x8}}, {0xa0, 0x9, {0x1, 0x3ff}}, {0x4, 0x3, {0x3, 0x3}}, {0x7, 0x401, {0x1, 0x31}}, {0x2, 0x5, {0x3, 0x6a9f}}, {0x9, 0x2, {0x1, 0x9}}, {0x8, 0x2, {0x0, 0xe}}, {0xfff9, 0xf982, {0x2, 0x1}}, {0x6, 0x9, {0x1, 0x8e9}}, {0xeb, 0x9001, {0x0, 0x6}}, {0xffff, 0xe1, {0xfb554788f9dac68d}}, {0x7f, 0x3, {0x0, 0x603}}, {0x6, 0x4, {0x3, 0x800}}, {0x5, 0x81, {0x3, 0x8}}, {0x8, 0x523e, {0x3, 0x2}}, {0x8, 0x9b6, {0x0, 0x4ec0}}, {0x5, 0x3, {0x2, 0x200}}, {0xecf, 0x4, {0x2, 0x2}}, {0x8, 0xffff, {0x0, 0x800}}, {0x6, 0xc000, {0x0, 0x2412}}, {0x9, 0x5, {0x0, 0x80}}, {0x9, 0x1, {0x2, 0x2}}, {0x1, 0xfffc, {0x1, 0xd}}, {0x7, 0x3, {0x1, 0x81}}, {0xa, 0x4, {0x2, 0x800}}, {0xde0f, 0x3, {0x0, 0x1}}, {0x3, 0x8, {0x1, 0xea26}}, {0xb999, 0x800, {0x7c48ba8a6319ef8e, 0x8}}, {0x2, 0x7, {0x2, 0x8}}, {0x0, 0x1ff, {0x4, 0xfff}}]}}}, {{0x254, 0x1, {{0x1, 0x3}, 0xff, 0x3, 0x1, 0x75c0, 0x12, 'syz1\x00', "27c357d600d6e0ce33e318b4a9445dc21dd01a1a893f7cafddf3ab22c7654ac5", "502e137d0dcce16db6a5db2b658b3e81cdce03f39f972ebf9d7668c80d5124b3", [{0x7ff, 0x8000, {0x1, 0x3}}, {0x6, 0x7, {0x0, 0x8000}}, {0x80, 0x3, {0x3, 0x2}}, {0x9, 0x10, {0x3, 0x8}}, {0x4, 0x5, {0x2, 0xfd2}}, {0x2, 0x7fff, {0x2, 0x3}}, {0xffff, 0xf, {0x3, 0x4}}, {0x7db, 0x8001, {0x0, 0x40}}, {0x8, 0x100, {0x0, 0x3}}, {0x7, 0x80f, {0x2, 0x1ff}}, {0x9, 0x2, {0x3, 0xffffffbe}}, {0xcc66, 0x6, {0x9fc5eccf7c7a9e07, 0x4}}, {0x5, 0x6, {0x3, 0x3}}, {0xfffb, 0x6, {0x0, 0x1000}}, {0xb, 0x1, {0x0, 0x4}}, {0xf, 0xff, {0x2, 0x80000000}}, {0x2, 0x8, {0x3, 0xfffffffa}}, {0xc, 0x1000, {0x2, 0x9}}, {0x8, 0x9598, {0x3, 0x5}}, {0x5, 0x10, {0x1, 0x101}}, {0x9, 0x2, {0x1, 0x73d}}, {0xbf6e, 0x7ff, {0x0, 0x8e}}, {0x3, 0xa, {0x1, 0xfffffff7}}, {0x3, 0x1, {0x2, 0x9}}, {0x400, 0xf800, {0x2, 0x7}}, {0x4, 0x8000, {0x0, 0x6}}, {0x1, 0x1, {0x2, 0x6}}, {0x4, 0x5f83, {0x3, 0x3}}, {0x0, 0x3, {0x3, 0xc8}}, {0x9dc, 0xbdc, {0x2, 0x7}}, {0x41fa, 0xf, {0x1, 0x9a}}, {0x3, 0x5, {0x2, 0x144}}, {0xfffd, 0xe, {0x3, 0x10001}}, {0x9, 0xc, {0x2, 0xb}}, {0x0, 0xfff8, {0x1, 0x1}}, {0xa, 0x101, {0x3, 0xfff}}, {0x8, 0x7, {0x2, 0x1}}, {0xe, 0x0, {0x2, 0x7ff}}, {0x7f17, 0x6, {0x1, 0x81}}, {0x295, 0x11, {0x2, 0x6}}]}}}, {{0x254, 0x1, {{0x2, 0x40b4}, 0x40, 0xb, 0x2, 0x8, 0x15, 'syz0\x00', "d87f3eba32db69e75efbee28a08cc128db73a387206beb408720a810453e9647", "23e26a05842faf629ba616fe3e6072d5c3f9d05ecf26692ec898ccda1575db65", [{0x6, 0x8000, {0x0, 0x5}}, {0x5, 0x9, {0x0, 0xe0}}, {0x6, 0x200, {0x2, 0x5}}, {0x6cd6, 0x401, {0x1, 0x9}}, {0x0, 0x3, {0x2, 0xfffffffc}}, {0x6fe1, 0x6, {0x0, 0x6}}, {0x0, 0x94, {0x2, 0x1}}, {0x1, 0x6, {0x3, 0x400}}, {0xf800, 0x100, {0x0, 0x6}}, {0x8, 0x200, {0x1}}, {0x3, 0x83, {0x3, 0x2}}, {0x831b, 0x5, {0x1, 0xc5d8}}, {0x2, 0xf, {0x3, 0x7}}, {0xe, 0x1ff, {0x1, 0x9}}, {0x5, 0x9}, {0x401, 0x3, {0x3, 0xf}}, {0x10, 0x5, {0x0, 0xff}}, {0xd454, 0x1000, {0x1, 0x5}}, {0x772, 0x6, {0x3, 0x4}}, {0x7ff, 0x8000, {0x3, 0x9}}, {0xde6e, 0x1, {0x2, 0x80}}, {0x0, 0x1, {0x0, 0x4}}, {0x4, 0x5, {0x0, 0x7fffffff}}, {0x4, 0x2, {0x2, 0x9}}, {0xbd82, 0x0, {0x2, 0x9}}, {0xfc01, 0x6, {0x3, 0x8}}, {0x1, 0x5b1c, {0x3, 0xffffcfd0}}, {0x5, 0x8, {0x1, 0x6}}, {0x9, 0x5, {0x1, 0xfffffffd}}, {0x3ff, 0x7, {0x2, 0x101}}, {0x7fff, 0x2, {0x0, 0x7}}, {0x7f, 0x4, {0x0, 0x5}}, {0x3a, 0x7, {0x1, 0x200000}}, {0x7fff, 0x5, {0x1, 0x6}}, {0x8, 0x8, {0x2, 0x8}}, {0xf, 0x5acf, {0x3}}, {0x5, 0x5, {0x0, 0xbec}}, {0x2, 0x1, {0x2, 0x3ff}}, {0x3e, 0xff96, {0x3, 0xa6e}}, {0xa, 0x4, {0x1, 0x100}}]}}}, {{0x254, 0x1, {{0x0, 0x9}, 0x5, 0xf7, 0x691, 0x1, 0x24, 'syz0\x00', "0ce49199bc82ed5d11140ca6c16756c2ac9e589211c032479334e80446a05786", "ca162a19c3255c23dca9a13f911ce4bb9a195787ca0713d9e9a9c7e8efc7ec5a", [{0x1, 0x7, {0x3, 0x2}}, {0x6, 0x401, {0x2, 0x6}}, {0x2eb, 0x9d27, {0x3, 0x8}}, {0x3, 0x56, {0x1, 0x4}}, {0x4, 0xa59d, {0x1, 0xe46}}, {0xfffd, 0xf77c, {0x0, 0xa}}, {0xfffc, 0x3eef, {0x2, 0x4}}, {0x7, 0x9, {0x1, 0x9}}, {0x2, 0xfff, {0x1, 0xfffffff7}}, {0x5, 0xffff, {0x1, 0xb03a}}, {0x7ff, 0xff, {0x0, 0x8}}, {0x5, 0x8, {0x0, 0x8001}}, {0x3, 0x2, {0x1, 0x4}}, {0x7, 0x401, {0x0, 0x7fffffff}}, {0x1, 0x5, {0x1, 0x7}}, {0x149, 0x6}, {0x8001, 0x8, {0x1, 0x7fff}}, {0x0, 0x4, {0x3}}, {0x4, 0x6, {0x1}}, {0x3, 0x9, {0x2, 0x2}}, {0x8e3, 0x7fff, {0x2, 0x38}}, {0xfffa, 0x1, {0x0, 0x8}}, {0x2, 0x3, {0x1, 0x77}}, {0x100, 0xec4, {0x387ab4415f93248f, 0x9}}, {0x3, 0x2, {0x1, 0x9}}, {0x4, 0x4, {0x3, 0xfff}}, {0x4, 0x1, {0x2}}, {0x101, 0xa, {0x2, 0x100}}, {0x6, 0x9, {0x2, 0x8}}, {0x365e, 0xffff, {0x2, 0x7}}, {0x4, 0x3, {0x3, 0x9}}, {0x7, 0xbd1, {0x2, 0x7}}, {0x2, 0x8000, {0x3, 0x5}}, {0x6, 0xff, {0x2, 0x7}}, {0x240, 0x7, {0x1, 0xc3}}, {0x4087, 0x10, {0x3, 0x2}}, {0xc, 0x800, {0x0, 0x367}}, {0xfff7, 0xf, {0x2, 0x1}}, {0x6, 0x1, {0x3, 0xc525}}, {0x0, 0x0, {0x0, 0xf}}]}}}, {{0x254, 0x1, {{0x3, 0x3}, 0x8, 0x1, 0x9, 0x7, 0x26, 'syz1\x00', "01b022b776924a7d9f233f423e0033e91c9774478cabe0f0514b59a9e1580c12", "9e2f42fbe6c1937e283d9f0581250ffe2b1e2c9e7055e984c83887ff46ba5fbf", [{0x4, 0x2143, {0x2, 0x7}}, {0x65a, 0x40, {0x3, 0x10000}}, {0x9711, 0x7, {0x0, 0xff}}, {0x9, 0x40, {0x1, 0x6}}, {0x0, 0x9, {0x3, 0x3}}, {0x800, 0x0, {0x2, 0x7}}, {0x3, 0x8000, {0x2, 0xffff0000}}, {0x6, 0xe9be, {0x2, 0xfffffffb}}, {0x4250, 0x5, {0x0, 0x1f}}, {0x5, 0x8001, {0x0, 0x7}}, {0x5, 0x2, {0x0, 0xffffffff}}, {0x7, 0xd, {0x3, 0xfffffff9}}, {0x150, 0x89a, {0x1, 0x9}}, {0x6, 0x5, {0x1, 0x6}}, {0x5, 0xc, {0x2, 0xfffffff7}}, {0x401, 0x81, {0x1, 0x101}}, {0x7ff, 0x3, {0x2, 0x7c}}, {0x6aae, 0x1, {0x2, 0x2}}, {0x5, 0x81, {0x4, 0x2}}, {0x2, 0x98f, {0x3, 0x2c1}}, {0x0, 0x9, {0x1, 0x1ff}}, {0x7f, 0x7, {0x0, 0x8}}, {0xff, 0x80, {0x3, 0x5}}, {0x8, 0x6, {0x1, 0x5}}, {0x40, 0x7, {0x1, 0x400}}, {0x1000, 0x7, {0x1, 0xb}}, {0x6, 0x101, {0x1, 0xf}}, {0x8, 0xfbb, {0x3, 0x1}}, {0x8, 0x6, {0x2, 0x8000}}, {0x9, 0x6, {0x3, 0x3ff}}, {0xf, 0xfffc, {0x2, 0x2c2}}, {0x9, 0x2, {0x2, 0x4}}, {0xff9d, 0x9, {0x3, 0x3}}, {0x5, 0xdcc, {0x2, 0xe}}, {0x9, 0x0, {0x2, 0xe}}, {0xb, 0x0, {0x1, 0x101}}, {0x40, 0x4, {0x1, 0x6}}, {0x9, 0x8, {0x2, 0xff}}, {0x9, 0x9, {0x2, 0x81}}, {0x3, 0x3, {0x2, 0x20002000}}]}}}]}, 0x175c}, 0x1, 0x0, 0x0, 0x4000}, 0x4050)
sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x34, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
ioctl$COMEDI_LOCK(r0, 0x6405)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000380), 0x800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f0000000480)={0x119, 0x0, 'client0\x00', 0x0, "238ce6e7702b9338", "a62585ae77772caa7965bb840c7f2db4f3b148f5dc746d2d46fc3b04b44115e0", 0x1, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r3, 0xc0505350, &(0x7f0000002140)={{0x7, 0x8}, {0x8, 0x8}, 0x8, 0x3, 0x8})
syz_emit_ethernet(0x56, &(0x7f0000000340)={@link_local, @random="0000fc00f5d6", @void, {@ipv4={0x800, @igmp={{0x10, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@timestamp_addr={0x44, 0xc, 0x4e, 0x1, 0x4, [{@multicast2, 0x4}]}, @timestamp_prespec={0x44, 0x4, 0xe5, 0x3, 0x2}, @generic={0x86, 0x2}, @lsrr={0x83, 0x17, 0xb7, [@empty, @dev={0xac, 0x14, 0x14, 0x27}, @rand_addr=0x64010100, @private=0xa010101, @broadcast]}]}}, {0x11, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0)

10.912039937s ago: executing program 3 (id=1563):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa)
getdents64(r5, &(0x7f0000004440)=""/4096, 0x1000)

9.680324861s ago: executing program 3 (id=1568):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$IPSET_CMD_DEL(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x8080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9.637215384s ago: executing program 0 (id=1570):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000880)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0xffff, 0x5}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xec, 0xfbed, 0x10000002, 0x3, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}}, 0x800)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r9 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4)

7.904741862s ago: executing program 3 (id=1574):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x1)
r1 = fsmount(r0, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c81, 0xfffffffffffffffe)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x29, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x500}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000005c0)={@in={{0x2, 0x4e23, @loopback}}, 0x0, 0x0, 0x2d, 0x0, "11cba021ab00d7c3d795bc8741153034523fb8ca053ba1a69ecb02d499b8503ce487d03abab1b53320f25c724fe0d32fce049bf65bdef89efbd833d173b77087ea4ea3a853df466fa7859f68e3de5c95"}, 0xd8)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f0000000000))

7.904549532s ago: executing program 0 (id=1575):
fchown(0xffffffffffffffff, 0xffffffffffffffff, 0xee01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4040000}, 0x10)

7.151347323s ago: executing program 4 (id=1578):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x3a, [0xfffffff8, 0x8, 0x5, 0x10009, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x1, 0xb4, 0xa, 0xb2b9, 0x6, 0x8, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x1000, 0x1, 0x0, 0xd, 0x4, 0x12a0, 0x8000, 0x1, 0x7, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10001, 0x5, 0x91, 0x4, 0x4, 0x16, 0x0, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0xffffff81, 0xff, 0x2, 0x2, 0x2, 0x2, 0x7, 0x4, 0x7, 0x4, 0x4007f, 0xffffffff, 0x9212], [0x9, 0x16e, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000077, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffd, 0x80a, 0x4, 0x5, 0x1000, 0x0, 0x200b395, 0x400000, 0x80000000, 0x4, 0x19, 0x7, 0x1, 0x3, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x96, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x1, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1ce, 0x1, 0x80000004, 0x80000001, 0x6, 0x2, 0x9, 0x95, 0x80000000, 0x4, 0xfffffff9, 0x40000003, 0x1000, 0xfffff804, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x1ff, 0x80000001, 0x5, 0x5, 0x491, 0x5, 0x200006, 0x8, 0x400, 0xfffffffe, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x8000, 0x8000003, 0x5, 0x89, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x401, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x80, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0x0, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0x3, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x8000007, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x7, 0x5396, 0x936, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xffffffff, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x0, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0xc, 0x463f, 0x7fffffff, 0xdab, 0x8003, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000004c0), 0x10)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7.073497808s ago: executing program 4 (id=1579):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}})
r0 = socket(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
flistxattr(r2, &(0x7f0000000240)=""/53, 0x35)
sendmmsg$inet(r2, &(0x7f0000006d40), 0x0, 0x48000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a01010000000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

6.131555373s ago: executing program 5 (id=1582):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

5.866915841s ago: executing program 3 (id=1583):
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x2008a1f, &(0x7f0000000a00)={[{@debug}], [{@flag='nolazytime'}]}, 0x1, 0x4c9, &(0x7f0000000f00)="$eJzs3d9rHFsdAPDvTLLX/sg1e9WH6wWvF++VpGh3k8a2wYdaQfSpoNb3GJNNCNlkQ3bTNqFoin+AIKKCTz75IvgHCNI/QYSCvouKItrqgw/akZ2drW2620S6zZTk84HTPWdmd7/fs82e3TNzmA3g1HovIq5HxFhEXIiIyWJ7WpSFbmO/d79HD+8udUsSWXbzb0kkxbb+c3Xb4xFxvveQOBMRX/9KxLeS5+O2d/fWF5vNxnbRrnc2turt3b2LaxuLq43Vxubc3OyV+avzl+dnssJL9bMaEde+9Kcffu9nX772q8/e/v3CX6a/3U1rotj/dD9Gqdf1Sv5a9HVfo+1XEawEY0V/KmUnAgDAkUxHxEci4lP59//JGMu/zQEAAAAnSfaFifh3EpEBAAAAJ1aar4FN0lqx3nci0rRW663h/VicS5utduczK62dzeXeWtlqVNKVtWZjplgrXI1K0m3PFmts++1LB9pzEfFWRPxg8mzeri21mstlH/wAAACAU+L8gfn/PyfTvA4AAACcMNWyEwAAAABeOfN/AAAAOPnM/wEAAOBE++qNG92S9X//evnW7s5669bF5UZ7vbaxs1Rbam1v1VZbrdX8mn0bhz1fs9Xa+lxs7typdxrtTr29u7ew0drZ7CysPfMT2AAAAMAxeuuT93+XRMT+58/mpSspOyng9fPHshMARmms7ASA0oyXnQBQmkrZCQClO+yY39DFO78efS4AAMCrMfXx58//v1Hsc2wATra07AQAgGPn/D+cXhUrAOHU+/Ah+1/+/H+W/V8JAQAAIzeRlyStFecCJyJNa7WIN/OfBagkK2vNxkwxP/jtZOVD3fZs/sjEdQIAAAAAAAAAAAAAAAAAAAAAAAAA4IiyLIkMAAAAONEi0j8n+dX8I6YmP5g4eHzgjeRfk/ltRNz+yc0f3VnsdLZnu9v//mR758fF9ktlHMEAAAAADurP0/vzeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpUcP7y71y3HG/esXI6I6KP54nMlvz0QlIs79I4nxpx6XRMTYCOLv38tDDYifxOMsy6pFFoPinx1V/LcHx6/mL83g+GlEnB9BfDjN7nfHn+uD3n9pvJffDn7/jRflZQ0f/9In49/YkPHnzSPGeOfBL+pD49+LeGfI+NePnwyJ//4R43/zG3t7w/ZlP42YGvj5kzwTq97Z2Kq3d/curm0srjZWG5tzc7NX5q/OX56fqa+sNRvFvwNjfP8Tv3z8ov6fGxK/ekj/Pzhi///z4M7Dj/aqlUHxp98f/Pn79pD4afHZ9+mi3t0/1a/v9+pPe/fnv3n3Rf1fHtL/w/7/p4/Y/wtf++4fjnhXAOAYtHf31hebzca2ikqJlew7vb/H1yWfXiV7PdIopVL2yAQAAIza/770l50JAAAAAAAAAAAAAAAAAAAAnF7HcTmxgzH3y+kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAL/TcAAP//rBPfcA==")
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100"], 0x0}, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$hiddev(0x0, 0x0, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r3, 0x81044804, &(0x7f0000000400)={0x1})
ioctl$HIDIOCGUSAGES(r2, 0xd01c4813, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
close_range(r4, r2, 0x2)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r5, 0x0, 0x200081c0)

5.514942815s ago: executing program 1 (id=1584):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x10, 0x7fffffffffffffff, 0x5)
syz_io_uring_setup(0x497, 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0xfffffffffffffffd, 0xb4a}}, 0x28)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0xfffffffc, 0x0, 0xcd7e], [], 0x0, [0x1]}, 0x0, 0x2000}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "06010000"}]}, 0x54}}, 0x20000080)

5.513094765s ago: executing program 4 (id=1585):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc2c45512, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./control\x00', 0x21000700)
inotify_init()
futex(0x0, 0x0, 0x4, &(0x7f0000edfff0)={0x0, 0x989680}, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f00000001c0)=0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000000)=0xffb)
fcntl$setstatus(r1, 0x4, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
unshare(0x20000400)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000080)={{0x0, 0x0, 0xe044, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000a40)=0x2, 0x4)

5.328931977s ago: executing program 4 (id=1586):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x8}]}}, 0x0, 0x26}, 0x28)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
close(r3)
syz_emit_ethernet(0x22, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev, @val={@void, {0x8100, 0x4, 0x1}}, {@can={0xc, {{0x2, 0x1, 0x0, 0x1}, 0x0, 0x3, 0x0, 0x0, "8e8d37d00f2a35ea"}}}}, 0x0)

5.328330747s ago: executing program 5 (id=1587):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180002000000100000008000540efffffff0500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x5}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x3}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x31}, 0x20048808)
r1 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
unshare(0x48000900)
pipe2$watch_queue(&(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r5, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x0, 'syz0\x00', 0xfffffefd}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x44801}, 0x840)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0x1000000000000d0)
ioctl$BTRFS_IOC_ADD_DEV(r3, 0x5000940a, &(0x7f0000000440)={{r3}, "ea0387879e741ca9d7067d40c4f667fbefffa230a0e3f35a6ffc90913a347bf904e94ef277c394dc358a16f846d2a4e50204c22bc8e59423ce61b91ca17ef8836aba5e8d1e0c58ca4cbe175a7712b44f4a906124a641835e539092cfb1955bd3fb975494cc774451f45485263b546a12335acf1860043d0dd03aff9d89100877b7c320246fa9403f8676694790043472e1ad3b5f69698c19b86ecd19a20d7c3b299a550931ba042eb01447e32dcc72c19e12ed1e99784c2905bcdd8b6f5662edbbd2f9d1176379393cbed86ef4d5703183fdce10cf360b75cd01c42e05a3bd93a2774e8150906cadf4744eb63d1faa032767016f1f5d58b47e9501cc6702266f4e8f37a834bcd08d253617f0ba67d08ce9928208b7ebdacd4bb95d62acd00f21977e715ce9c426d051ab1f20ae75305c6fbdc6a674fcfd985a727052b3a7a7d998441ab4deaa6fcce0c67b3e8872042f6177a420b7892542c83a59dae3b766a0c5e828a3abed74e8aa2e48c9dab6654ca5739df2a855e02c353e60e4cef771b429f0ac71cbddd7058ba2c48993c9c53462f7d3423ac685ef1ed3ea5c40f05ca64620ec7a6eaaf14a24f9ab719a31f062e81a230f001ae2d11f20a965bc436958e9872b1489638ab86c91c723de8ea201b784de5c44487a3d8187172cab15fa3f51fcc43bd1ef6757dab5c19b03394b3ca0d2b0b08b23db83055493b6efd0c1a9bb70f4afc7ec34fd7ebafda0dfb7b52a121d845d665a67f312ce8217737232ed218406d09b8fa3c476a03b8c5eaaee2c844e49c9e9b9b431c92bedccd2eb99b13542d726329d9882cf1b0cc9e17daa438940d06af45539702e9c28371a9288ef32e8fe4395d332fd48457b1dd04ab3559f6818c9879e47e3e53bbf83fd55af6935f46515b53c3115b74c36a7b672dc73b9eb1b74565f00a56745be65088b4c30efc085f24e9291d1ad352d616ef43fa636a84593bcf10945dab7c95d07f604ebfa3caff086446bd626a447e4b926569cb3b89f8c18c6715bf26b2e5034e7055ac4d8a94e06848700b3ebcfa730df88dbed8d5c2ea45e091fc5a8cf64a9807474d7f6dce26b8f518c984d38c082629160bca98f8d27141639ba5b456cf641a470fd0cee9bc0df93a3b1eb3c76ede4a3b5eaf094d607a60471c53acf412f1c3d91a3d2d0995a5666a9a518e22aec7deec11937b1f7848a521617d1e774cc07ecf9d3c1e80526c5e25ea7458ce39fea1f7281b5f0b62e70a17db7a6a827eee06b4ad310c4028dae6f988e055c6df92db11f26fc9ad912b3d58b88289ee94f5e4c75b8d4a0f91fc52be16ce28447d80dbaada794e13c7b74d5590c07101118d494058e5f4bf08030dab4742380a3136c42aa5f982e57456671a114878915dc2adb7f8d5f296a69efccfcfeb6f5c21afa1b6752981ae3148b73a6d49d470f978c85cffcda07cad996a82e197119699699e25c8ffb05ddfd4d6170ad41b2f404ecbb7ae7e7bd18f0b2cc82cb817f23fa99435cf5dc6933e33b1c142bc818e78ce723f5b1af2b65c56efdde2687d6d37b7a59de6454835bbd36d96cfd38ced2faae26aa310de679e3b888d0d01471c62b8132fe16571f4e5f8eb8f52c295cff55d1d840f687868b45d234171ef33207d2dd0cf0991ddaaebb42df39c47cd22f5993dfe661fe22cc77aa35a5a795f17f66faa2d6b5893e954f58365a7d941a9eda60fced96a6d77710ae721e9f8724e05bcb29346da728d38fc814c0f033a77df8c3d6789ec4ade394777c29ed4b2f4088b89e956ba8d380ca6a953342bd1cfd4d662a0b28d78b6976a55d21dc02ffb504d732bc77416ec3bce2dc82e6e2ce205f9a85dd993feb8c2169248815f4266c1b5a886e338673d5de620dbfeefad2b30afff308349e2a6fb76b3cd0fffa7048c714c311820dddcfc3cf8dc386f5eb7f53f0ef31d44037eeeb0fc271ba35f951348b0ee353c09a0e8efaf1432c16816808d0f12f0a05f2df2df2316ae169a04ae3f987c3308a5d8d324a44fa52ed3461240f6eb0c269b7340422eb8551a7a7beac4754f81e13f5a757c9c14d768e0abd8753f375989e8e655a32b6dd9f0977ba89f9d27da3875d06e7b12c2ac448ae13c1c716fd4432a9b682ff61a3c64ca1a0aaaae2fc74399dc097690304518c347e9fd42e576a0ca2f246f64b0116c604f40a0814d1a00a1406de4bff6928ec13178999dcc11cc332eef4969750a56685e18da245e475c79631f3930b390f9f090297f7da15cd5df1ddc4aa5f0b75e3bcecad266745a04e823ffa2b11106e460a08d44ce3c0eb89d7b6656cfea634a05f8119364d7f2cda1d343b4d7f6fb26c2afd3def06f5ca10d98bc05b7cbdc5ac3a7c014c2ce70c7439d61a4a075c33f9502c3107ee38725cef23fb30286b8228c1b0dc7deed20545c5746add8fe8be2079a16dd3f28505048dd95fe09a9262e855363fb9510acdb7eceef31327e307fc09cd8b613ac8052913a2d91bc94b1df74f80f0cdb7af1b1fe065f86138261f987bfb338a9043fb9705146bcc0faa9a430c9b7842aae3e0a9a2f24a7c50c9963065de5507f6aa78778125b550699ef04dcc6ee3b3cd4a684596c2b7085788844de37ea4631ae3a923ab2ba96fbcf8843ee091ba368c45bea1ddbc4859dea1c992e10a53d832901d2bb8f8e5574ded126dfb0edf07095a02594d939941eee48802c1bf1c9e13e6be18663f9d60d59563d8d94558c65e397c3ee5b7edce1a6ab79760457bf454618536e3f041571b0656a3421740f51870464f2bb3f388f4af606ea814a1ccafc2123c34b0832d4f491db772ae2d7cb64546a0121bd35123c6a8e3515e0630e95c10bf961ae1257d094ca746ecc613246b5263b645ed1d161b38525973905e7e7a18d254e588e3e68acdc65727438882af57f03e5dde2c1a8639a40193ee6bb742816e0efc240159f0d30eeaeed827849931d57d68d6e17a2ee79f608e36fab1127c12fb18c119ab1dd426ed8e2886608f1c46e34295ac740d85b9bc7f66e98df652619323b3935bf468cd86ec1367a9d29a31329643e4c075d9258585a8bbc8251d3448412a3191944a0ee44e61618389ad554959d2a899e5356dda703c32db2b976e1caa624cda904e73840e6be33af5b00875de1c5367894d61ab166424b504fa1e069020f22e284fc0efc24bee4cdb9d307070fe039c02b648b5af9e347180551f2bd3774f0ee873e25f52aa3318f5d04995b165e881b0039cd377f4b44b97c74287b17616889844fa0236f17e3083c0de47bec217cba4ab4768c4fa350e88b3e4c99e3e78bf7c6f8fda404d407684f96e5d020f4ce461ecdcdb765012ef8ac2457857849f2c98263620505beda9cc325d78f37afa3fcbb550212118b9ca5b27225b4e0fa4570f50915535c211cd6d9ff453de9f035df124cdabdbf3091121491b56e8e7ad83b1c3a69469387506316ab4f7004a81b916e12e8c88b17c452cac5980f2c98fa11e2415ff95a6c8789acd742a640440eea3222f7ed7e69e74572168005a36694179f748708b1d6d7fb75e47b29fd20ed6b72b107f0c605fd50bf3046f0ed0d39900da8f8d0d75fc6eeebf3bd719a191bac680d328db47fe949d2cb43ad70880efd85345b4146d0d2492e7f2f67a3a6ac5e906ec0ea302a04143c0f48ecbeb1261e95c1df69640b17a5428c6009df0613f685fc0ede071379d874490883e288d55300832c9a189757e42ed798b65749abb65ea7faab0aeda68c29f864201d761850d920d7864a99b68214b6680397b292b90b3522544a079534fdcaef177e0f9f430ff0fbc840378a343f6c7842dca61dc6a502334ca63e988824365cdb819f59f8e3ccfbdb40f110c6273909b169f3e9c27d7e095657f33bfcafc6097ddf860355670a91c913f8f700e8953fe443ff7df1b9f7ccd1847e6929deca789dcd164a321c50f5fe16ee4e882603d5e42b76ab9ce6db5ffc93f5128055cdce63a667b22093905e194bf81f444a5a292572a6f093c3aff5c193822121fb0ed83166c689315a9f6af5a924e7cde7331658dce8814173111cc94cbb232d073549a77edfe4ab24bbf139813892c6dd0da41ed27a93d59cddbaabd55d50c4585742b017bfd32ff5fedb69b2fdf5e28a0e6450519a3063055fbd17399b7241c061505beb23aa59a208d92738417fe4dbd3ab101c4c55ae00cda860d96f30265886e1e08cdf6f903a1707490b70cb6bae0bc5947b359c155de5df0d66dda6d3484cfdeaabaf64dedb92c1557764ca15fbf4f3f37e155515a241c850f9b50b1ba2ae03be5f2c3a8a3c133e5068e4d17fd51e3a8d35e8a7a84505198105db31195dbe13027d15988dde46d4ba592b8ecf5798740ea7b541f4538b8dcc73233d915aca6fdc8c06be90085aa8a7a86b8da7066628d56254320bf25280210b9675a70e3e34035616888efa7bf1e429139a1f10c4b6e3b09a7c4ca86739a5a97a82759220bb14a6e1682919e82ef17cb7a68f3387bef656c41e638ec6e91b93c70221e1d2fb131187a8d624d4b911224140c4de306b3f51ff1a2055b0d6e03aa219e42dd4678d98e19f66313d57b10821435f0df14d493a2885ce4824b21236b20ce554123bd31a83967536257c19a71d5fcb89a04085ad4e687013fde70b6d1ca9b7e0eb0c72031d5855169e1a089883e94a882af0d0547ce2df8c7f6fd48f016d05b631f9cc1c9fe18b6540e06a7226a16842577f7cf666e805fbe79d3cad95282e8561165384ab0ab8fee55491b57a2426268abea3cbfa086897d53c2d1601955c618ef3f5ebac965e6ce840a71f4a2eabaad4125f79f1a36f6a5a6895e94ba3ffecdf285d4b72bb0fecf67075adc8becccfbb462dcba7752bc90fa9b283add9918e0bc925cceff56902e9bc92308b94f965082bc80b92c92bf731ae05cc556e57fa17d7ea0f469a3eec46ea6828dd78f6f1d1f349f83cb72c43ebd93d1e58e5aba650a154f90d488bcd139e75002c9486e3b8629d6d4ae69bc4e34ca5b5296f102cea0c2ba957980a78ed251f5cecf1858b8bfb18be58bb6912cf0ee377c8ba41d17a1b7dbfc41d1cf693b87b555a6d1b017bd66501b8a53f71344e473818f9e9a530421b2c5b45c398cd4d14a177bb141389648468d9c0acfac7465e56c095d6c42a491ddff674448bc6259501f7716a6aac0c39ee8344db638679567250538c69cde69f75028f71a64f14c1b1681b0b8850edd0028d670e9b7ac2f398db5a09873f87d2347a478d8661b7521e0144d007b6e12b79feebe7cb831ab838b6229327990b81de8421b397e925d71966648f2ca10b88747b93429615fc83d2ab430b17ace6aa2b5065c11462ed55e4b4d819336546f8190760d742b62f224c125e8669eedb741516111b707e046ef705ee3d5098195e2ac387fdbb4fdd6fc176d12f59f309940a5dbeec967a800704cb27b8331eb3459645925541a8a5ff3d523fc12d4d4ee0f8983deb54ed5df56497d48399f5c5ef5984db59c17fd8aa215b2f9c0f200b6791c13ee74b14dfded2301b2df1c50aad8ab2d600b3fbaab4a67efd27ac546828c9c01eaa2c43e0eb8d23b8a5d3d94adcf65d088b59437bc266e996907c9ea4628b0d3665f3f00c887dcd01709445d353cc4ce2df52b29ecd53b35db65f0bbcccc8005d58d01c3a3a025751cd7739f8757371f39c0e007f1f22cd56416e550e470b3f8b7049168baa4c816812b66dcaa241a08c3ed0ce157103be566624fc8b03d81e7073c10f586fadd10bb38e85a6d706de32185"})

4.658911083s ago: executing program 5 (id=1588):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x1070bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x20048884)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x4c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xe, 0x4}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x40}]}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x307000, 0x0)
close(r9)
socket$inet6(0xa, 0x400000000001, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

4.507596623s ago: executing program 1 (id=1589):
syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt6_stats\x00')
socket$inet6(0x10, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x3a)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e22, 0x7b, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}}}, &(0x7f0000000040)=0x84)
syz_open_procfs(0x0, &(0x7f00000001c0)='attr/fscreate\x00')
inotify_init1(0x0)
socket(0x11, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x81000000007, &(0x7f00000000c0), 0x13f, 0x8}}, 0x20)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r3, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

4.422113869s ago: executing program 1 (id=1590):
socket$inet(0x2b, 0xa, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x800})
poll(&(0x7f00000000c0)=[{r1, 0xe7d4c009da6c1985}], 0x1, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x2000094}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=ANY=[@ANYBLOB="340000001800dd8d00000000fbdbdf47020000002000fe09003400000600150006000000100016800c000100000801000000000a7f6a82326daa370e4ccf0d4b43c8f15907cf0710d6"], 0x34}}, 0x0)

4.25689809s ago: executing program 0 (id=1591):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0xa, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0xde02, 0x3, 0x92c, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x1, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0xa, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x2, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x4, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x14, 0x2, 0x6, 0x10000, 0x2, 0x7ff, 0x100100, 0x1ff, 0x7, 0xffffffff, 0xd, 0x8, 0x5, 0x8000002, 0x5, 0x0, 0x4, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x205, 0x8000, 0x8, 0x6, 0x8, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x5, 0x3, 0x2, 0x401, 0xa955, 0x5000, 0x3, 0x7fffffff, 0x2, 0x9, 0x6e4, 0x1, 0x80005, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0xd, 0x5, 0xff800, 0x1, 0x7, 0x6, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xd, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0xffff, 0x3, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x0, 0x6, 0xfffffffe, 0x6, 0x5, 0x7fc, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0x40, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x5, 0x9, 0x3, 0x1, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0x6, 0x2, 0x400, 0x7d75, 0x52, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x80, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0x4, 0xfffffb98, 0xfffffffb, 0x0, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x2, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x7d, 0x6572, 0x6}, {0x2, 0x2, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r9)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

3.406449758s ago: executing program 5 (id=1592):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x40})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000002000004000000000000000002000000000000000000000002000000000000000000000000000001"], 0x0, 0x4e}, 0x20)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

3.339801993s ago: executing program 1 (id=1593):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x4000884)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001a400)=""/102384, 0x18ff0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r5 = dup(0xffffffffffffffff)
openat$cgroup_int(r5, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='rpc_pipefs\x00', 0x1214040, 0x0)

3.327316224s ago: executing program 0 (id=1603):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x60, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xf, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x3ddc, 0x3, 0x80}, {0x7, 0x2, 0x1, 0xd72}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r9, 0x4003e}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="a2", 0x1}], 0x1}, 0x8014)

1.648700518s ago: executing program 5 (id=1594):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
r0 = fsopen(&(0x7f0000000040)='proc\x00', 0x1)
r1 = fsmount(r0, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c81, 0xfffffffffffffffe)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x29, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x500}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000005c0)={@in={{0x2, 0x4e23, @loopback}}, 0x0, 0x0, 0x2d, 0x0, "11cba021ab00d7c3d795bc8741153034523fb8ca053ba1a69ecb02d499b8503ce487d03abab1b53320f25c724fe0d32fce049bf65bdef89efbd833d173b77087ea4ea3a853df466fa7859f68e3de5c95"}, 0xd8)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f0000000000))

1.648297528s ago: executing program 4 (id=1595):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x8003, 0xbffc, 0x0, 0x5, 0x134, 0x48, 0x2}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r3, 0x0, r0, 0x0, 0xffff, 0x2)
write(r2, &(0x7f0000000140)="04", 0x1)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
write$FUSE_GETXATTR(r1, &(0x7f00000042c0)={0x18, 0xfffffffffffffffe}, 0x18)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)

1.648048948s ago: executing program 1 (id=1596):
r0 = socket$kcm(0x11, 0x2, 0x300)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x701, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x20000)
preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000500)=""/94, 0x5e}], 0x1, 0x4, 0x8)
recvmsg$kcm(r0, &(0x7f0000002280)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x8907, 0x0)

1.624125719s ago: executing program 3 (id=1597):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

1.565028783s ago: executing program 0 (id=1598):
socket(0x1, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f00000047c0)={0x2020}, 0x2020)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
r4 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r4, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @loopback={0x11}}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000780)="80005b020eaa4da2", 0xfdef}], 0x1, 0x0, 0x0, 0x900}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000194c0)={{0x6, 0x6, 0x4, 0x9, 'syz0\x00', 0xb18}, 0x1, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x2, 'syz0\x00', 0x0})

340.908197ms ago: executing program 4 (id=1599):
pipe(&(0x7f0000000440))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000100)='trans=rdma,')
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)

337.330277ms ago: executing program 5 (id=1600):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup/../file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$eventfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
socket$kcm(0x2, 0x200000000000001, 0x106)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x258, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

142.93294ms ago: executing program 0 (id=1601):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x1, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xb, 0xb}, {0x2, 0x5}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1, 0x4, 0x10, 0xc37, 0x4, 0xa8, 0x10, 0x5, 0xfffffffd}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x404c800}, 0x8000)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', <r9=>0x0})
sendto$packet(r5, &(0x7f00000002c0)="0503d6fcd3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14)

670.22µs ago: executing program 1 (id=1602):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
clock_nanosleep(0x8, 0x1, &(0x7f0000000080), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r4, 0x26, 0x0)
fcntl$lock(r4, 0x6, &(0x7f00000000c0)={0x2, 0x2, 0x8, 0x73eb})

0s ago: executing program 3 (id=1604):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), r0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
r3 = syz_clone(0x11, 0x0, 0xfffffffffffffede, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(r3, &(0x7f0000000100)='oom_score\x00')
pread64(r4, &(0x7f0000000500)=""/31, 0x1f, 0x6677)

kernel console output (not intermixed with test programs):

.941376][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.950776][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.963059][ T4186] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.972037][ T4186] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.981068][ T4186] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.990060][ T4186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.002111][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.011416][ T1189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.013707][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.021090][ T1189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.036417][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.048435][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.058473][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.068936][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.080146][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.092351][ T4189] device veth1_macvtap entered promiscuous mode
[   67.111054][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.120250][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.129823][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.138561][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.149011][ T1189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.149589][ T4187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.166576][ T1189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.171384][ T2305] Bluetooth: hci1: command 0x040f tx timeout
[   67.174160][ T4187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.188910][ T2305] Bluetooth: hci0: command 0x040f tx timeout
[   67.190003][ T4187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.194929][ T2305] Bluetooth: hci2: command 0x040f tx timeout
[   67.209252][ T4187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.209937][ T2305] Bluetooth: hci3: command 0x040f tx timeout
[   67.235527][ T4232] Bluetooth: hci4: command 0x040f tx timeout
[   67.255478][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.279449][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.292287][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.311716][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.329203][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.339605][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.350284][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.361693][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.372150][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.382007][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.392647][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.404830][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.420157][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.428644][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.441960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.511194][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.522669][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.549626][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.554382][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.581855][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.602082][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.612203][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.623166][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.633368][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.644928][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.671548][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.705935][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.714062][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.725390][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.742814][ T4189] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.752197][ T4189] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.761133][ T4189] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.765785][ T4269] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   67.770300][ T4189] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.858016][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.889494][ T4248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.910682][ T4248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.914028][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.129111][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.141425][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.608719][  T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.853906][  T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.899757][ T4269] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   68.909620][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.950099][ T4269] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   68.968364][  T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.000533][  T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.031796][  T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.040388][  T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.063869][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.107167][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.235515][ T4226] Bluetooth: hci3: command 0x0419 tx timeout
[   69.261903][ T4226] Bluetooth: hci2: command 0x0419 tx timeout
[   69.278212][ T4226] Bluetooth: hci0: command 0x0419 tx timeout
[   69.288602][ T4226] Bluetooth: hci1: command 0x0419 tx timeout
[   69.315490][ T4226] Bluetooth: hci4: command 0x0419 tx timeout
[   69.594102][ T4302] syz.4.12 uses obsolete (PF_INET,SOCK_PACKET)
[   69.603948][ T4302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12'.
[   69.810529][ T4304] loop0: detected capacity change from 0 to 40427
[   69.863739][ T4304] F2FS-fs (loop0): invalid crc value
[   69.900161][ T4304] F2FS-fs (loop0): Found nat_bits in checkpoint
[   69.943597][ T4304] F2FS-fs (loop0): Start checkpoint disabled!
[   69.973309][ T4304] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   70.056272][ T4313] Zero length message leads to an empty skb
[   70.191266][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   70.200218][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #10a!!!
[   70.209200][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.218164][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.227126][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.236181][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.245149][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.255065][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.265065][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   70.400266][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[   71.376633][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[   71.386087][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[   72.063724][ T4325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.18'.
[   72.085402][ T4325] netlink: 28 bytes leftover after parsing attributes in process `syz.4.18'.
[   73.239610][ T4325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.18'.
[   73.268931][  T151] attempt to access beyond end of device
[   73.268931][  T151] loop0: rw=2049, want=40984, limit=40427
[   73.283069][ T4325] netlink: 28 bytes leftover after parsing attributes in process `syz.4.18'.
[   73.294003][ T4325] netlink: 'syz.4.18': attribute type 6 has an invalid length.
[   73.590531][ T4350] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   73.815668][    T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   73.898527][ T4359] loop1: detected capacity change from 0 to 1024
[   73.948235][ T4345] loop4: detected capacity change from 0 to 40427
[   73.981037][ T4345] F2FS-fs (loop4): Unrecognized mount option "age_extent_cache" or missing value
[   75.425482][    T7] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   75.522906][ T4385] device syzkaller0 entered promiscuous mode
[   75.615356][    T7] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[   75.646471][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.654736][    T7] usb 3-1: Product: syz
[   75.702606][    T7] usb 3-1: Manufacturer: syz
[   75.719997][    T7] usb 3-1: SerialNumber: syz
[   75.760756][    T7] usb 3-1: config 0 descriptor??
[   75.790173][ T4393] loop0: detected capacity change from 0 to 512
[   75.804714][ T4393] =======================================================
[   75.804714][ T4393] WARNING: The mand mount option has been deprecated and
[   75.804714][ T4393]          and is ignored by this kernel. Remove the mand
[   75.804714][ T4393]          option from the mount to silence this warning.
[   75.804714][ T4393] =======================================================
[   75.844286][    T7] ims_pcu 3-1:0.0: Union descriptor too short (2 vs 5)
[   75.895769][    T7] ims_pcu: probe of 3-1:0.0 failed with error -22
[   75.942342][ T4393] FAT-fs (loop0): Unrecognized mount option "/dev/comedi5" or missing value
[   76.437540][ T4282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   76.667272][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   76.794890][ T4409] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   76.794890][ T4409] The task syz.0.39 (4409) triggered the difference, watch for misbehavior.
[   76.805957][ T4349] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26'.
[   76.921190][   T13] usb 3-1: USB disconnect, device number 2
[   77.040391][ T4282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   77.093980][ T4420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'.
[   77.397468][ T4422] tipc: Started in network mode
[   77.410787][ T4422] tipc: Node identity 067f886ab58c, cluster identity 4711
[   77.418764][ T4422] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.434585][ T4422] device syzkaller0 entered promiscuous mode
[   77.478937][ T4282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   78.636478][ T4422] tipc: Resetting bearer <eth:syzkaller0>
[   78.741762][ T4421] tipc: Resetting bearer <eth:syzkaller0>
[   78.855029][    C0] sched: RT throttling activated
[   78.878573][ T4230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   78.891852][ T4275] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   78.901662][ T4421] tipc: Disabling bearer <eth:syzkaller0>
[   79.255684][ T4282] tipc: Node number set to 3019081834
[   79.262929][ T4275] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   79.271766][    T7] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   79.555274][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   79.610412][ T4442] loop4: detected capacity change from 0 to 4096
[   79.650139][ T4442] EXT4-fs (loop4): inline encryption not supported
[   80.873236][ T4230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   81.121075][ T4442] EXT4-fs (loop4): Test dummy encryption mode enabled
[   81.131809][ T4442] EXT4-fs (loop4): Ignoring removed oldalloc option
[   81.173833][ T4442] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   81.184881][ T4442] System zones: 0-5
[   81.230927][ T4442] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,i_version,oldalloc,delalloc,barrier,,errors=continue. Quota mode: writeback.
[   82.275197][ T4230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   82.333786][ T4226] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   82.794676][ T4490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.68'.
[   82.912206][ T4490] bond1 (unregistering): Released all slaves
[   83.390740][ T4230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   84.071292][ T4500] loop4: detected capacity change from 0 to 1024
[   84.935512][ T4518] netlink: 'syz.2.75': attribute type 13 has an invalid length.
[   85.759560][ T4226] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   85.775990][ T4500] hfsplus: failed to load root directory
[   85.844744][ T4282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   85.952285][ T4526] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   85.959391][ T4528] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   85.980866][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   86.059778][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   86.069401][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   86.162912][ T4535] comedi comedi0: Minor 3 could not be opened
[   86.417103][ T4528] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   86.621755][   T21] cfg80211: failed to load regulatory.db
[   86.843772][ T4530] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   86.913443][ T4530] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   86.951901][ T4526] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[   87.916387][ T4552] netlink: 24 bytes leftover after parsing attributes in process `syz.3.84'.
[   89.203481][ T4564] device macvtap0 entered promiscuous mode
[   89.204847][ T4564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'.
[   89.207231][ T4564] device veth0_macvtap left promiscuous mode
[   90.644433][ T4564] device macvtap0 left promiscuous mode
[   90.666197][ T4574] device team_slave_0 entered promiscuous mode
[   90.666276][ T4574] device team_slave_1 entered promiscuous mode
[   90.680487][ T4574] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   90.686365][ T4574] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[   90.692854][ T4578] bridge0: port 3(vlan3) entered blocking state
[   90.692894][ T4578] bridge0: port 3(vlan3) entered disabled state
[   90.693959][ T4578] device vlan3 entered promiscuous mode
[   90.693973][ T4578] device bond0 entered promiscuous mode
[   90.693982][ T4578] device bond_slave_0 entered promiscuous mode
[   90.694153][ T4578] device bond_slave_1 entered promiscuous mode
[   90.694257][ T4578] device macvlan2 entered promiscuous mode
[   90.694268][ T4578] device team0 entered promiscuous mode
[   90.808854][ T4581] kvm: pic: non byte write
[   90.991508][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   90.991890][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.001023][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.019069][ T4586] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   91.048704][ T4586] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   91.519975][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.520957][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.521801][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.522604][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.523617][ T4586] virt_wifi0 speed is unknown, defaulting to 1000
[   91.888198][ T4595] loop4: detected capacity change from 0 to 64
[   91.901147][ T4592] loop1: detected capacity change from 0 to 512
[   92.153779][ T4592] FAT-fs (loop1): bogus number of FAT sectors
[   92.154301][ T4592] FAT-fs (loop1): Can't find a valid FAT filesystem
[   92.680234][ T4602] netlink: 12 bytes leftover after parsing attributes in process `syz.3.99'.
[   93.967578][ T4627] trusted_key: encrypted_key: master key parameter 'šÙ|™{E' is invalid
[   94.783976][ T4633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.110'.
[   95.917395][ T4640] netlink: 4 bytes leftover after parsing attributes in process `syz.3.110'.
[   96.036527][ T4640] device vlan3 left promiscuous mode
[   96.045176][ T4640] device bond0 left promiscuous mode
[   96.050520][ T4640] device bond_slave_0 left promiscuous mode
[   96.106436][ T4640] device bond_slave_1 left promiscuous mode
[   96.198903][ T4640] device macvlan2 left promiscuous mode
[   97.506359][ T4655] gfs2: gfs2 mount does not exist
[   97.926481][ T4640] device team0 left promiscuous mode
[   97.990434][ T4640] bridge0: port 3(vlan3) entered disabled state
[   98.450965][ T4664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.116'.
[   98.473100][ T4671] netlink: 68 bytes leftover after parsing attributes in process `syz.2.117'.
[   98.737326][ T4665] netlink: 32 bytes leftover after parsing attributes in process `syz.3.116'.
[   99.203171][ T4676] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  100.910859][ T4688] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.919278][ T4688] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.571618][ T4688] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.631157][ T4688] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.901441][ T4688] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.917416][ T4688] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.930101][ T4688] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.940534][ T4688] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.205715][ T4711] device bridge1 entered promiscuous mode
[  104.213955][ T4688] syz.1.122 (4688) used greatest stack depth: 19792 bytes left
[  104.268098][ T4711] team0: Port device bridge1 added
[  104.286758][ T4714] bridge0: port 3(team0) entered blocking state
[  104.293288][ T4714] bridge0: port 3(team0) entered disabled state
[  104.709867][ T4714] device team0 entered promiscuous mode
[  104.715602][ T4714] device team_slave_0 entered promiscuous mode
[  104.723361][ T4714] device team_slave_1 entered promiscuous mode
[  104.735373][ T4714] bridge0: port 3(team0) entered blocking state
[  104.741996][ T4714] bridge0: port 3(team0) entered forwarding state
[  105.760586][ T4743] loop3: detected capacity change from 0 to 128
[  106.902067][ T4749] device syzkaller0 entered promiscuous mode
[  107.040568][ T4753] loop1: detected capacity change from 0 to 256
[  107.181087][ T4756] loop4: detected capacity change from 0 to 128
[  107.225644][ T4758] loop2: detected capacity change from 0 to 512
[  107.243050][ T4753] exfat: Deprecated parameter 'namecase'
[  107.251324][ T4753] exfat: Deprecated parameter 'namecase'
[  107.259250][ T4753] exfat: Unknown parameter 'keep_last_dots'
[  107.305795][   T26] audit: type=1800 audit(1775682684.543:2): pid=4756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.139" name="bus" dev="loop4" ino=1048590 res=0 errno=0
[  107.557424][ T4758] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noquota,,errors=continue. Quota mode: writeback.
[  107.748845][ T4758] ext4 filesystem being mounted at /30/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.008267][ T4756] attempt to access beyond end of device
[  108.008267][ T4756] loop4: rw=0, want=1041, limit=128
[  108.919009][ T4781] xt_l2tp: missing protocol rule (udp|l2tpip)
[  111.085809][ T4796] device syzkaller0 entered promiscuous mode
[  111.384875][ T4806] bridge0: port 3(vlan2) entered blocking state
[  111.392189][ T4806] bridge0: port 3(vlan2) entered disabled state
[  111.406285][ T4806] device vlan2 entered promiscuous mode
[  112.300422][ T4816] tipc: Started in network mode
[  112.305428][ T4816] tipc: Node identity 1e7bece69e01, cluster identity 4711
[  112.312797][ T4816] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.445441][ T4816] netlink: 16 bytes leftover after parsing attributes in process `syz.1.154'.
[  114.024514][ T4282] tipc: Node number set to 2155539686
[  114.034660][ T4829] netlink: 16 bytes leftover after parsing attributes in process `syz.1.154'.
[  114.116944][ T4815] tipc: Disabling bearer <eth:syzkaller0>
[  115.463634][ T4855] device syzkaller0 entered promiscuous mode
[  115.578964][ T4861] loop3: detected capacity change from 0 to 4096
[  115.761415][ T4868] process 'syz.1.171' launched './file0' with NULL argv: empty string added
[  115.885042][ T4873] loop4: detected capacity change from 0 to 256
[  116.113994][ T4873] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  116.357893][ T4873] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  116.539151][ T4873] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  116.702394][ T4882] device syzkaller0 entered promiscuous mode
[  116.844896][ T4884] device syzkaller0 entered promiscuous mode
[  116.859220][ T4890] loop4: detected capacity change from 0 to 128
[  116.922152][ T4890] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  116.933227][ T4890] ext4 filesystem being mounted at /33/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  118.152548][ T4907] loop1: detected capacity change from 0 to 2048
[  118.194738][ T4911] loop3: detected capacity change from 0 to 512
[  119.525278][ T4911] EXT4-fs (loop3): Ignoring removed nobh option
[  119.541999][ T4911] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  119.572137][ T4919] Illegal XDP return value 4292423680, expect packet loss!
[  119.583991][ T4911] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  119.697745][ T4911] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  119.765646][ T4926] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  119.868632][ T4928] netlink: 56 bytes leftover after parsing attributes in process `syz.0.191'.
[  119.913220][ T4890] ODEBUG: Out of memory. ODEBUG disabled
[  119.932877][ T4911] EXT4-fs (loop3): 1 truncate cleaned up
[  119.944860][ T4911] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nobh,debug_want_extra_isize=0x0000000000000068,mb_optimize_scan=0x0000000000000001,max_batch_time=0x0000000000000007,dioread_lock,. Quota mode: none.
[  120.989042][ T4938] loop0: detected capacity change from 0 to 764
[  121.036235][ T4938] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  122.104297][ T4955] netlink: 116 bytes leftover after parsing attributes in process `syz.3.199'.
[  122.939886][ T4958] syz.1.197 (4958) used greatest stack depth: 18128 bytes left
[  122.960262][ T4961] __sock_release: fasync list not empty!
[  123.119536][ T4973] IPVS: nq: FWM 3 0x00000003 - no destination available
[  123.147852][ T4975] loop0: detected capacity change from 0 to 1024
[  123.171164][ T4975] EXT4-fs (loop0): Ignoring removed bh option
[  123.235994][ T4975] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,nodioread_nolock,noquota,delalloc,nobarrier,commit=0x0000000000000000,usrquota,data_err=abort,,errors=continue. Quota mode: writeback.
[  123.262019][ T4975] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.285800][   T21] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  123.476329][ T4982] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  123.656064][   T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  123.690890][   T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.745892][   T21] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  123.820083][   T21] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  123.900966][   T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.012091][   T21] usb 3-1: config 0 descriptor??
[  124.179916][ T5001] IPv6: Can't replace route, no match found
[  124.220336][ T5002] netlink: zone id is out of range
[  125.070252][   T26] audit: type=1326 audit(1775682701.743:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4998 comm="syz.4.213" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x0
[  125.431134][ T5002] netlink: zone id is out of range
[  125.472448][ T5002] netlink: zone id is out of range
[  125.614066][ T5002] netlink: zone id is out of range
[  125.640807][ T5002] netlink: zone id is out of range
[  125.651780][   T21] plantronics 0003:047F:FFFF.0001: unbalanced collection at end of report description
[  125.665610][   T21] plantronics 0003:047F:FFFF.0001: parse failed
[  125.671902][   T21] plantronics: probe of 0003:047F:FFFF.0001 failed with error -22
[  125.680262][ T5002] netlink: zone id is out of range
[  125.725731][ T5002] netlink: zone id is out of range
[  125.730970][ T5002] netlink: zone id is out of range
[  125.961133][ T5002] netlink: zone id is out of range
[  127.472861][ T4282] usb 3-1: USB disconnect, device number 3
[  128.898681][   T26] audit: type=1326 audit(1775682706.143:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  128.959993][ T5035] vcan0: tx drop: invalid da for name 0x00000000000000c7
[  129.015608][   T26] audit: type=1326 audit(1775682706.143:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  129.940332][ T5052] device bond_slave_0 entered promiscuous mode
[  129.947034][ T5052] device bond_slave_1 entered promiscuous mode
[  130.051068][   T26] audit: type=1326 audit(1775682706.153:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.073861][ T5052] device vlan3 entered promiscuous mode
[  130.083399][ T5052] device bond0 entered promiscuous mode
[  130.110804][   T26] audit: type=1326 audit(1775682706.163:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.135088][   T26] audit: type=1326 audit(1775682706.203:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.187745][   T26] audit: type=1326 audit(1775682706.253:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5039 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fbf0087904e code=0x7ffc0000
[  130.261434][ T5064] overlayfs: failed to clone upperpath
[  130.316372][   T26] audit: type=1326 audit(1775682706.263:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.349195][   T26] audit: type=1326 audit(1775682706.263:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.384077][   T26] audit: type=1326 audit(1775682707.133:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5039 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fbf008b8819 code=0x7ffc0000
[  130.680230][ T1110] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  132.131194][ T5088] netlink: 12 bytes leftover after parsing attributes in process `syz.2.235'.
[  132.850804][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  132.857294][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  133.045764][ T5094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.237'.
[  133.116351][ T4197] block nbd0: Receive control failed (result -1)
[  133.428307][ T5101] loop0: detected capacity change from 0 to 512
[  133.572890][ T5082] loop4: detected capacity change from 0 to 262144
[  133.646003][ T5082] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop4 scanned by syz.4.234 (5082)
[  133.681889][ T5082] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  133.692246][ T5082] BTRFS info (device loop4): using free space tree
[  133.699012][ T5082] BTRFS info (device loop4): has skinny extents
[  133.705368][ T5082] BTRFS info (device loop4): flagging fs with big metadata feature
[  133.716526][ T1110] usb 4-1: device descriptor read/all, error -71
[  134.591007][ T5101] EXT4-fs (loop0): 1 truncate cleaned up
[  134.616318][ T5101] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,jqfmt=vfsv1,noload,errors=remount-ro,usrjquota=,. Quota mode: none.
[  134.821045][ T5082] BTRFS info (device loop4): enabling ssd optimizations
[  136.746664][ T4770] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 9 /dev/loop4 scanned by udevd (4770)
[  136.989604][ T5146] netlink: 'syz.2.245': attribute type 12 has an invalid length.
[  136.998062][ T5146] netlink: 'syz.2.245': attribute type 29 has an invalid length.
[  137.006044][ T5146] netlink: 148 bytes leftover after parsing attributes in process `syz.2.245'.
[  137.019620][ T5146] bridge0: port 3(syz_tun) entered blocking state
[  137.026955][ T5146] bridge0: port 3(syz_tun) entered disabled state
[  137.040706][ T5146] device syz_tun entered promiscuous mode
[  137.050114][ T5146] bridge0: port 3(syz_tun) entered blocking state
[  137.056682][ T5146] bridge0: port 3(syz_tun) entered forwarding state
[  137.173849][ T5153] loop2: detected capacity change from 0 to 1024
[  140.238252][ T5165] device syzkaller0 entered promiscuous mode
[  141.199187][ T5175] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  141.265840][ T5179] loop3: detected capacity change from 0 to 8
[  144.648624][ T5188] loop4: detected capacity change from 0 to 4096
[  145.123067][ T5199] loop2: detected capacity change from 0 to 2048
[  145.175923][ T5202] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  147.439359][ T5199] EXT4-fs: failed to create workqueue
[  147.605166][ T5199] EXT4-fs (loop2): mount failed
[  148.815737][ T5226] loop2: detected capacity change from 0 to 40427
[  148.920422][ T5226] F2FS-fs (loop2): invalid crc value
[  148.941876][ T5226] F2FS-fs (loop2): Found nat_bits in checkpoint
[  148.981550][ T5226] F2FS-fs (loop2): Start checkpoint disabled!
[  149.003012][ T5226] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  152.511138][ T5253] loop3: detected capacity change from 0 to 32768
[  152.530784][ T5253] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.274 (5253)
[  152.553987][ T5253] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  152.562895][ T5253] BTRFS info (device loop3): enabling disk space caching
[  152.570009][ T5253] BTRFS info (device loop3): force clearing of disk cache
[  152.577387][ T5253] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  152.587093][ T5253] BTRFS info (device loop3): use zstd compression, level 3
[  152.594296][ T5253] BTRFS info (device loop3): disk space caching is enabled
[  152.601547][ T5253] BTRFS info (device loop3): has skinny extents
[  152.753093][    T9] attempt to access beyond end of device
[  152.753093][    T9] loop2: rw=2049, want=40976, limit=40427
[  152.856940][ T5247] loop4: detected capacity change from 0 to 2048
[  153.537382][ T5247] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  153.568583][ T5253] BTRFS info (device loop3): enabling ssd optimizations
[  153.580385][ T5253] BTRFS info (device loop3): clearing free space tree
[  153.587713][ T5253] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  153.597809][ T5253] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  157.199188][ T5313] delete_channel: no stack
[  158.611257][ T5331] syz.3.287 (5331): drop_caches: 2
[  159.627590][ T5341] loop4: detected capacity change from 0 to 131072
[  159.661134][ T5351] netlink: 80 bytes leftover after parsing attributes in process `syz.1.295'.
[  159.668174][ T5351] netlink: 'syz.1.295': attribute type 12 has an invalid length.
[  159.813951][ T5341] F2FS-fs (loop4): Test dummy encryption mode enabled
[  159.844291][ T5341] F2FS-fs (loop4): invalid crc value
[  159.956495][ T5355] loop0: detected capacity change from 0 to 40427
[  160.026570][ T5341] F2FS-fs (loop4): Current segment's next free block offset is inconsistent with bitmap, logtype:1, segno:1, type:0, next_blkoff:0, blkofs:1
[  160.041031][ T5341] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117)
[  160.061613][ T5363] loop2: detected capacity change from 0 to 256
[  160.085161][ T5355] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  160.093132][ T5355] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  160.105625][ T5355] F2FS-fs (loop0): invalid crc value
[  160.221669][ T5355] F2FS-fs (loop0): Found nat_bits in checkpoint
[  160.664084][ T5355] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  160.672154][ T5355] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  160.749322][ T5363] FAT-fs (loop2): Directory bread(block 64) failed
[  160.786255][ T5363] FAT-fs (loop2): Directory bread(block 65) failed
[  160.805142][ T5363] FAT-fs (loop2): Directory bread(block 66) failed
[  160.812120][ T5363] FAT-fs (loop2): Directory bread(block 67) failed
[  160.965398][ T5363] FAT-fs (loop2): Directory bread(block 68) failed
[  161.001459][ T5363] FAT-fs (loop2): Directory bread(block 69) failed
[  161.008202][ T5363] FAT-fs (loop2): Directory bread(block 70) failed
[  161.014855][ T5363] FAT-fs (loop2): Directory bread(block 71) failed
[  161.028588][ T5363] FAT-fs (loop2): Directory bread(block 72) failed
[  161.057637][ T5363] FAT-fs (loop2): Directory bread(block 73) failed
[  161.953247][  T151] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  161.983181][  T151] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  162.148323][ T5376] net_ratelimit: 24 callbacks suppressed
[  162.148341][ T5376] sctp: failed to load transform for md5: -2
[  162.353411][ T5396] netlink: 16 bytes leftover after parsing attributes in process `syz.1.306'.
[  166.718495][ T5469] fuse: Bad value for 'fd'
[  166.731800][ T5469] overlayfs: failed to clone upperpath
[  167.441317][ T5477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.324'.
[  167.537472][ T5480] loop4: detected capacity change from 0 to 128
[  167.720109][ T5480] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  167.776296][ T5480] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  169.563806][ T5503] device syzkaller0 entered promiscuous mode
[  169.644571][ T5480] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  169.712593][ T5480] fscrypt: loop4: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  170.010427][ T5515] netlink: 60 bytes leftover after parsing attributes in process `syz.0.332'.
[  173.064069][ T5545] loop2: detected capacity change from 0 to 512
[  173.159820][ T5551] kvm: pic: single mode not supported
[  173.160043][ T5551] kvm: pic: level sensitive irq not supported
[  173.194464][ T5551] kvm: pic: single mode not supported
[  173.231191][ T5551] kvm: pic: single mode not supported
[  174.631458][ T5564] capability: warning: `syz.0.348' uses 32-bit capabilities (legacy support in use)
[  175.600784][ T5154] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  175.853927][ T5154] usb 5-1: Using ep0 maxpacket: 32
[  176.035536][ T5154] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.110448][ T5154] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  176.564456][ T5578] loop3: detected capacity change from 0 to 40427
[  176.612797][ T5578] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  176.620657][ T5578] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  176.636554][ T5578] F2FS-fs (loop3): invalid crc value
[  176.668143][ T5578] F2FS-fs (loop3): Found nat_bits in checkpoint
[  176.760731][ T5578] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  176.767836][ T5578] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  177.355176][ T5154] usb 5-1: string descriptor 0 read error: -71
[  177.364907][ T5154] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  177.409876][ T5592] loop4: detected capacity change from 0 to 1024
[  177.418091][ T5154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.031489][ T5154] usb 5-1: config 0 descriptor??
[  178.055294][ T5154] usb 5-1: can't set config #0, error -71
[  178.082958][ T5154] usb 5-1: USB disconnect, device number 2
[  178.205194][ T4375] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  178.214091][ T4375] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  179.277158][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.318727][ T5605] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.329635][ T5594] loop2: detected capacity change from 0 to 2048
[  179.385369][ T5605] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.432077][ T5594] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  179.469129][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.479770][ T5594] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  179.490412][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.520424][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.540419][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.567413][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.581081][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.592903][ T5592] VFS: Lookup of 'file0' in hfsplus loop4 would have caused loop
[  179.842090][ T5618] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[  182.496311][ T5642] loop4: detected capacity change from 0 to 1024
[  182.639398][ T4198] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[  182.838623][ T4198] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[  183.013350][ T5652] device vlan2 entered promiscuous mode
[  183.082199][ T5652] device ip6gretap0 entered promiscuous mode
[  183.156521][ T4198] bridge0: port 3(syz_tun) entered disabled state
[  183.181096][ T4198] device syz_tun left promiscuous mode
[  183.186712][ T4198] bridge0: port 3(syz_tun) entered disabled state
[  183.220551][ T5657] syz.0.370 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  183.245798][ T5657] loop0: detected capacity change from 0 to 1024
[  183.594441][ T5657] EXT4-fs (loop0): Ignoring removed orlov option
[  183.912773][ T5658] overlayfs: statfs failed on './file0'
[  184.153586][ T5657] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,usrjquota=,,errors=continue. Quota mode: none.
[  185.267567][   T26] audit: type=1800 audit(2000000014.430:13): pid=5657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.370" name="bus" dev="loop0" ino=18 res=0 errno=0
[  185.457321][ T5676] netlink: 16 bytes leftover after parsing attributes in process `syz.3.376'.
[  185.477315][ T5657] Trying to write to read-only block-device loop0
[  185.507436][ T5657] Trying to write to read-only block-device loop0
[  185.521523][ T5675] EXT4-fs error (device loop0): mb_free_blocks:1874: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  185.551014][ T5680] virt_wifi0 speed is unknown, defaulting to 1000
[  185.567364][ T5657] Trying to write to read-only block-device loop0
[  185.581243][ T5657] Trying to write to read-only block-device loop0
[  185.955215][ T2305] Bluetooth: hci0: command 0x0406 tx timeout
[  185.964353][ T2305] Bluetooth: hci3: command 0x0406 tx timeout
[  186.092201][ T2305] Bluetooth: hci1: command 0x0406 tx timeout
[  186.234606][ T2305] Bluetooth: hci2: command 0x0406 tx timeout
[  186.302965][ T5692] netlink: 'syz.4.381': attribute type 12 has an invalid length.
[  186.436501][ T5692] netlink: 'syz.4.381': attribute type 29 has an invalid length.
[  186.454939][ T5692] netlink: 148 bytes leftover after parsing attributes in process `syz.4.381'.
[  186.496633][ T4185] Trying to write to read-only block-device loop0
[  186.503177][ T5694] bridge0: port 4(syz_tun) entered blocking state
[  186.515421][ T4185] Trying to write to read-only block-device loop0
[  186.522480][ T4185] Trying to write to read-only block-device loop0
[  186.525785][ T5694] bridge0: port 4(syz_tun) entered disabled state
[  186.554009][ T4185] Trying to write to read-only block-device loop0
[  186.562902][ T4185] Trying to write to read-only block-device loop0
[  186.574132][ T4185] Trying to write to read-only block-device loop0
[  186.577702][ T5694] device syz_tun entered promiscuous mode
[  186.587513][ T5694] bridge0: port 4(syz_tun) entered blocking state
[  186.594006][ T5694] bridge0: port 4(syz_tun) entered forwarding state
[  186.611868][ T5680] chnl_net:caif_netlink_parms(): no params data found
[  186.885936][ T5700] loop3: detected capacity change from 0 to 40427
[  186.911379][ T5680] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.950959][ T5700] F2FS-fs (loop3): invalid crc value
[  186.978176][ T5680] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.002633][ T5700] F2FS-fs (loop3): Found nat_bits in checkpoint
[  187.045397][ T5700] F2FS-fs (loop3): Start checkpoint disabled!
[  187.062635][ T5700] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  187.101352][ T5680] device bridge_slave_0 entered promiscuous mode
[  187.161385][ T5709] loop4: detected capacity change from 0 to 40427
[  187.172365][ T5713] device bond_slave_0 entered promiscuous mode
[  187.178734][ T5713] device bond_slave_1 entered promiscuous mode
[  187.191451][ T5713] device vlan2 entered promiscuous mode
[  187.199777][ T5713] device bond0 entered promiscuous mode
[  187.290336][ T5709] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  187.298224][ T5709] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  187.304239][ T5680] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.326319][ T5680] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.335194][ T5680] device bridge_slave_1 entered promiscuous mode
[  187.345426][ T5709] F2FS-fs (loop4): invalid crc value
[  187.376439][ T5709] F2FS-fs (loop4): Found nat_bits in checkpoint
[  187.383609][ T5680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.555163][ T2305] Bluetooth: hci4: command 0x0409 tx timeout
[  187.742716][ T5680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.842616][ T5680] team0: Port device team_slave_0 added
[  187.889208][ T5680] team0: Port device team_slave_1 added
[  187.926057][ T5709] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  187.933199][ T5709] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  188.026044][ T5680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.064726][ T5680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.096516][ T5721] loop0: detected capacity change from 0 to 2048
[  188.117602][ T4375] attempt to access beyond end of device
[  188.117602][ T4375] loop3: rw=2049, want=40976, limit=40427
[  188.161428][ T5680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.173806][ T5680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.180913][ T5680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.226304][ T5680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.821522][ T5727] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  189.635409][ T4230] Bluetooth: hci4: command 0x041b tx timeout
[  189.897517][ T5680] device hsr_slave_0 entered promiscuous mode
[  189.924090][ T5680] device hsr_slave_1 entered promiscuous mode
[  190.001867][ T5680] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.041534][ T5680] Cannot create hsr debugfs directory
[  190.107326][ T5736] netlink: 'syz.0.393': attribute type 12 has an invalid length.
[  190.145691][ T5736] netlink: 'syz.0.393': attribute type 29 has an invalid length.
[  190.153778][ T5736] netlink: 148 bytes leftover after parsing attributes in process `syz.0.393'.
[  190.263493][ T5736] bridge0: port 4(syz_tun) entered blocking state
[  190.326166][ T5736] bridge0: port 4(syz_tun) entered disabled state
[  190.483468][ T5736] device syz_tun entered promiscuous mode
[  190.565534][ T5736] bridge0: port 4(syz_tun) entered blocking state
[  190.572055][ T5736] bridge0: port 4(syz_tun) entered forwarding state
[  191.344167][ T4197] Bluetooth: Unexpected continuation frame (len 16)
[  191.456983][ T5680] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  191.499733][ T5680] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  191.548477][ T5680] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  191.561655][ T5680] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  192.039694][ T4230] Bluetooth: hci4: command 0x040f tx timeout
[  192.740383][ T5680] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.771385][ T1324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.779775][ T1324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.800437][ T5680] 8021q: adding VLAN 0 to HW filter on device team0
[  192.819355][ T1324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.835992][ T1324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  192.853329][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.860455][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.875748][ T1324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.886111][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  192.894907][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.903531][ T4248] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.910879][ T4248] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.427549][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.459953][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  193.478941][ T5760] device bond_slave_0 entered promiscuous mode
[  193.485663][ T5760] device bond_slave_1 entered promiscuous mode
[  193.494689][ T5760] device vlan3 entered promiscuous mode
[  193.500936][ T5760] device bond0 entered promiscuous mode
[  193.546439][ T5760] device macvlan2 entered promiscuous mode
[  193.676784][ T5760] device team0 entered promiscuous mode
[  193.722538][ T5765] sctp: [Deprecated]: syz.1.399 (pid 5765) Use of struct sctp_assoc_value in delayed_ack socket option.
[  193.722538][ T5765] Use struct sctp_sack_info instead
[  194.051108][ T5767] loop4: detected capacity change from 0 to 2048
[  194.125985][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  194.132884][ T4230] Bluetooth: hci4: command 0x0419 tx timeout
[  194.141807][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  194.251307][ T5768] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  194.327380][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  194.353029][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  194.684161][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  195.107285][ T5608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  195.146988][ T5608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  195.165890][ T5608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  195.199836][ T5608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  195.219810][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  195.244148][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  195.341872][ T5784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  196.174006][ T5680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  198.931418][ T5680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.941706][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  198.955545][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  198.976362][ T5809] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  199.025207][ T4230] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  200.403775][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  200.413051][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  200.431601][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  200.440141][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  200.450988][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  200.458968][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  200.469739][ T5680] device veth0_vlan entered promiscuous mode
[  200.481236][ T5680] device veth1_vlan entered promiscuous mode
[  200.495573][ T4230] usb 4-1: device not accepting address 4, error -71
[  200.502770][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  200.511196][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  200.519835][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  200.528573][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  200.539908][ T5680] device veth0_macvtap entered promiscuous mode
[  200.551030][ T5680] device veth1_macvtap entered promiscuous mode
[  200.566350][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  200.578089][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.588411][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  200.600526][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.610708][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  200.621228][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.631162][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  200.641732][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.653575][ T5680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  200.661474][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  200.670068][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  200.678266][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  200.687045][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  200.698657][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.710638][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.720908][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.731803][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.741781][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.753289][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.763857][ T5680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.774318][ T5680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.785502][ T5680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.793407][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  200.802883][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  200.813690][ T5680] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.823719][ T5680] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.832745][ T5680] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.842667][ T5680] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.898370][ T4654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.909253][ T4654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.931708][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  200.946189][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.954124][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.964492][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  201.026566][ T5826] loop5: detected capacity change from 0 to 1024
[  201.231595][ T5826] d_splice_alias: 1 callbacks suppressed
[  201.231612][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.500747][ T5842] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.792858][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.907594][ T5844] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.969394][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.984030][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  201.995391][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  202.004208][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  202.012584][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  202.021695][ T5826] VFS: Lookup of 'file0' in hfsplus loop5 would have caused loop
[  204.028441][ T5849] loop3: detected capacity change from 0 to 16
[  204.334724][   T26] audit: type=1326 audit(2000000033.490:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  204.339412][ T5849] erofs: Unknown parameter '
'
[  205.282604][ T5871] device bond_slave_0 entered promiscuous mode
[  205.289026][ T5871] device bond_slave_1 entered promiscuous mode
[  205.379891][   T26] audit: type=1326 audit(2000000033.490:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.403517][ T5871] device vlan2 entered promiscuous mode
[  205.409302][ T5871] device bond0 entered promiscuous mode
[  205.427385][   T26] audit: type=1326 audit(2000000033.530:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.476800][   T26] audit: type=1326 audit(2000000033.530:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.506731][   T26] audit: type=1326 audit(2000000033.530:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.546840][   T26] audit: type=1326 audit(2000000033.530:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.581804][   T26] audit: type=1326 audit(2000000033.530:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.604379][   T26] audit: type=1326 audit(2000000033.530:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.637059][   T26] audit: type=1326 audit(2000000033.530:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.667577][   T26] audit: type=1326 audit(2000000033.530:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.1.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d112e819 code=0x7ffc0000
[  205.830108][ T5891] overlayfs: failed to clone lowerpath
[  206.709675][ T5901] netlink: 16166 bytes leftover after parsing attributes in process `syz.5.434'.
[  207.815425][ T5911] netlink: 28 bytes leftover after parsing attributes in process `syz.1.432'.
[  209.659678][ T5933] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  218.100047][ T6036] device syzkaller0 entered promiscuous mode
[  221.780569][ T6069] device lo entered promiscuous mode
[  221.786672][ T6069] device tunl0 entered promiscuous mode
[  221.792935][ T6069] device gre0 entered promiscuous mode
[  221.799110][ T6069] device gretap0 entered promiscuous mode
[  221.805562][ T6069] device erspan0 entered promiscuous mode
[  221.811864][ T6069] device ip_vti0 entered promiscuous mode
[  221.818229][ T6069] device ip6_vti0 entered promiscuous mode
[  221.824690][ T6069] device sit0 entered promiscuous mode
[  221.839340][ T6069] device ip6tnl0 entered promiscuous mode
[  221.852934][ T6069] device ip6gre0 entered promiscuous mode
[  221.869664][ T6069] device ip6gretap0 entered promiscuous mode
[  221.897107][ T6069] device bridge0 entered promiscuous mode
[  221.912842][ T6069] device vcan0 entered promiscuous mode
[  221.921107][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  221.931244][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  221.957204][ T6069] device dummy0 entered promiscuous mode
[  221.971895][ T6069] device nlmon0 entered promiscuous mode
[  221.986780][ T6069] device caif0 entered promiscuous mode
[  221.994952][ T6069] device batadv0 entered promiscuous mode
[  222.015225][ T6069] device vxcan0 entered promiscuous mode
[  222.023833][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  222.034295][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  222.042018][ T6069] device vxcan1 entered promiscuous mode
[  222.047842][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  222.055269][ T6069] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  222.063157][ T6069] device veth0 entered promiscuous mode
[  222.069387][ T6069] device veth1 entered promiscuous mode
[  222.075504][ T6069] device wg0 entered promiscuous mode
[  222.081494][ T6069] device wg1 entered promiscuous mode
[  222.087363][ T6069] device wg2 entered promiscuous mode
[  222.093413][ T6069] device veth0_to_bridge entered promiscuous mode
[  222.101261][ T6069] device veth1_to_bridge entered promiscuous mode
[  222.109183][ T6069] device veth0_to_bond entered promiscuous mode
[  222.116673][ T6069] device veth1_to_bond entered promiscuous mode
[  222.124155][ T6069] device veth0_to_team entered promiscuous mode
[  222.131727][ T6069] device veth1_to_team entered promiscuous mode
[  222.139292][ T6069] device veth0_to_batadv entered promiscuous mode
[  222.146291][ T6069] device batadv_slave_0 entered promiscuous mode
[  222.153198][ T6069] device veth1_to_batadv entered promiscuous mode
[  222.160537][ T6069] device batadv_slave_1 entered promiscuous mode
[  222.167543][ T6069] device xfrm0 entered promiscuous mode
[  222.173634][ T6069] device veth0_to_hsr entered promiscuous mode
[  222.180866][ T6069] device veth1_to_hsr entered promiscuous mode
[  222.188105][ T6069] device hsr0 entered promiscuous mode
[  222.194115][ T6069] device veth1_virt_wifi entered promiscuous mode
[  222.201092][ T6069] device veth0_virt_wifi entered promiscuous mode
[  222.208254][ T6069] device virt_wifi0 entered promiscuous mode
[  222.216095][ T6069] device vlan0 entered promiscuous mode
[  222.222392][ T6069] device vlan1 entered promiscuous mode
[  222.229277][ T6069] device macvlan0 entered promiscuous mode
[  222.235934][ T6069] device macvlan1 entered promiscuous mode
[  222.242524][ T6069] device ipvlan0 entered promiscuous mode
[  222.248365][ T6069] device ipvlan1 entered promiscuous mode
[  222.255288][ T6069] device macvtap0 entered promiscuous mode
[  222.261881][ T6069] device macsec0 entered promiscuous mode
[  222.268389][ T6069] device geneve0 entered promiscuous mode
[  222.274927][ T6069] device geneve1 entered promiscuous mode
[  222.281400][ T6069] device netdevsim0 entered promiscuous mode
[  222.288077][ T6069] device netdevsim1 entered promiscuous mode
[  222.294757][ T6069] device netdevsim2 entered promiscuous mode
[  222.301788][ T6069] device netdevsim3 entered promiscuous mode
[  222.308509][ T6069] device wlan0 entered promiscuous mode
[  222.315146][ T6069] device wlan1 entered promiscuous mode
[  222.321955][ T6069] device vlan2 entered promiscuous mode
[  222.328725][ T6069] device vlan4 entered promiscuous mode
[  223.050758][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  223.050772][   T26] audit: type=1326 audit(2000000051.003:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.081556][   T26] audit: type=1326 audit(2000000051.003:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.282810][   T26] audit: type=1326 audit(2000000051.003:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.329452][   T26] audit: type=1326 audit(2000000051.003:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.397432][   T26] audit: type=1326 audit(2000000051.003:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.558615][   T26] audit: type=1326 audit(2000000051.003:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.591805][   T26] audit: type=1326 audit(2000000051.003:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.617584][ T6083] sctp: failed to load transform for md5: -2
[  223.617784][   T26] audit: type=1326 audit(2000000051.003:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.650881][ T6087] sctp: failed to load transform for md5: -4
[  223.685637][ T6091] sctp: failed to load transform for md5: -4
[  223.699687][   T26] audit: type=1326 audit(2000000051.003:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.723461][   T26] audit: type=1326 audit(2000000051.003:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6073 comm="syz.4.480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96be7ed819 code=0x7ffc0000
[  223.834507][ T6104] autofs4:pid:6104:autofs_fill_super: called with bogus options
[  224.088921][ T6110] virt_wifi0 speed is unknown, defaulting to 1000
[  225.147635][ T6114] siw: device registration error -23
[  227.352674][ T6158] device batadv_slave_1 entered promiscuous mode
[  227.399082][ T6155] device batadv_slave_1 left promiscuous mode
[  228.903176][ T6175] ptrace attach of "./syz-executor exec"[4187] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  231.118619][ T6200] loop3: detected capacity change from 0 to 8
[  231.205679][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.362791][ T6200] SQUASHFS error: Unable to read inode 0x11f
[  233.010556][ T5138] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  233.529803][ T5138] usb 6-1: Using ep0 maxpacket: 32
[  234.507677][ T5138] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  234.534551][ T6246] netlink: 44 bytes leftover after parsing attributes in process `syz.0.523'.
[  234.537708][ T5138] usb 6-1: config 0 has no interface number 0
[  234.665724][ T5138] usb 6-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping
[  234.881422][ T5138] usb 6-1: config 0 interface 1 has no altsetting 0
[  235.207936][ T5138] usb 6-1: string descriptor 0 read error: -71
[  235.214692][ T5138] usb 6-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  235.267806][ T5138] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.431650][ T5138] usb 6-1: config 0 descriptor??
[  235.464696][ T5138] usb 6-1: can't set config #0, error -71
[  236.142708][ T5138] usb 6-1: USB disconnect, device number 2
[  240.138570][ T6297] loop5: detected capacity change from 0 to 4096
[  240.158945][ T6297] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512)
[  240.216592][ T6310] fuse: Bad value for 'fd'
[  240.828773][ T6311] mmap: syz.0.537 (6311) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  241.064077][ T6327] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  241.645943][ T6332] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) !
[  241.692415][ T6332] device syzkaller0 entered promiscuous mode
[  241.793663][ T6332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  242.120717][ T6330] tipc: Resetting bearer <eth:syzkaller0>
[  242.374204][ T6330] tipc: Disabling bearer <eth:syzkaller0>
[  242.408043][ T6344] netlink: 16 bytes leftover after parsing attributes in process `syz.5.544'.
[  242.619346][ T6347] netlink: 16 bytes leftover after parsing attributes in process `syz.5.544'.
[  243.192337][ T6351] loop3: detected capacity change from 0 to 16
[  243.424086][ T6351] erofs: (device loop3): mounted with root inode @ nid 36.
[  245.575993][ T6379] loop5: detected capacity change from 0 to 512
[  245.685120][ T6379] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  245.692879][ T6379] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  245.825019][ T6379] EXT4-fs (loop5): 1 truncate cleaned up
[  245.833230][ T6379] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,nomblk_io_submit,noload,abort,auto_da_alloc,,errors=continue. Quota mode: none.
[  246.112477][ T4275] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  247.518247][ T6412] netlink: 24 bytes leftover after parsing attributes in process `syz.0.566'.
[  249.020302][ T4275] usb 4-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02
[  249.029722][ T4275] usb 4-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255
[  249.046797][ T4275] usb 4-1: config 0 descriptor??
[  249.074923][ T4275] usb 4-1: can't set config #0, error -71
[  249.088531][ T4275] usb 4-1: USB disconnect, device number 6
[  249.146525][ T6441] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 33554436, id = 0
[  249.165697][ T6437] IPVS: stopping master sync thread 6441 ...
[  253.143304][ T6472] 8021q: adding VLAN 0 to HW filter on device bond1
[  253.150419][ T6486] loop3: detected capacity change from 0 to 512
[  253.322570][ T6483] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.386826][ T6483] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.396132][ T6483] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.405139][ T6483] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.416379][ T6483] bond1: (slave geneve2): Enslaving as a backup interface with an up link
[  253.428200][ T1189] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  253.442413][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  253.463165][ T6486] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.581: inode has both inline data and extents flags
[  253.516260][ T6472] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  253.538788][ T6486] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.581: couldn't read orphan inode 15 (err -117)
[  253.554933][  T144] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  253.567234][ T6486] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  254.766382][ T6513] netlink: 4 bytes leftover after parsing attributes in process `syz.5.588'.
[  255.381991][ T6523] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  255.797815][ T6534] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0
[  255.849929][ T6532] netlink: 20 bytes leftover after parsing attributes in process `syz.4.593'.
[  256.557617][ T6545] device syzkaller0 entered promiscuous mode
[  256.566166][ T6540] netlink: 'syz.4.595': attribute type 9 has an invalid length.
[  256.566820][ T6545] 0: reclassify loop, rule prio 0, protocol 800
[  256.667553][   T26] kauditd_printk_skb: 84 callbacks suppressed
[  256.667566][   T26] audit: type=1800 audit(2000000338.455:122): pid=6546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.597" name="/" dev="fuse" ino=1 res=0 errno=0
[  258.025093][ T6564] device dummy0 left promiscuous mode
[  258.248477][ T6578] device vlan2 entered promiscuous mode
[  258.254232][ T6578] device geneve1 entered promiscuous mode
[  259.011440][ T6589] block device autoloading is deprecated and will be removed.
[  259.093743][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  259.100067][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  259.310629][   T21] hid-generic 0004:0004:FFFF0001.0002: unknown main item tag 0x0
[  259.319986][   T21] hid-generic 0004:0004:FFFF0001.0002: unknown main item tag 0x0
[  259.996112][   T21] hid-generic 0004:0004:FFFF0001.0002: unknown main item tag 0x0
[  260.012196][   T21] hid-generic 0004:0004:FFFF0001.0002: hidraw0: <UNKNOWN> HID v0.b3 Device [syz0] on syz1
[  260.093077][ T6586] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  260.100880][ T6586] IPv6: NLM_F_CREATE should be set when creating new route
[  260.171724][ T6601] loop5: detected capacity change from 0 to 8
[  260.260653][ T6602] fido_id[6602]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  261.398493][ T6591] bridge0: port 4(syz_tun) entered disabled state
[  261.428442][ T6591] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.437544][ T6591] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.905907][ T6591] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.936768][ T6591] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.215452][ T6591] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.224567][ T6591] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.234069][ T6591] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.244441][ T6591] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.429122][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.618'.
[  266.124389][ T6678] tipc: Started in network mode
[  266.129358][ T6678] tipc: Node identity 4, cluster identity 4711
[  266.135555][ T6678] tipc: Node number set to 4
[  266.723487][ T6692] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  266.783270][ T6695] netlink: 'syz.3.636': attribute type 10 has an invalid length.
[  266.794398][ T6695] device vxcan1 left promiscuous mode
[  267.598729][ T6695] device vxcan1 entered promiscuous mode
[  267.623260][ T6695] team0: Device vxcan1 is of different type
[  267.705140][ T6692] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready
[  267.743824][ T6692] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  268.091823][ T6709] loop5: detected capacity change from 0 to 40427
[  268.215539][ T6719] loop3: detected capacity change from 0 to 512
[  268.246642][ T6709] F2FS-fs (loop5): Unrecognized mount option "age_extent_cache" or missing value
[  268.337743][ T6719] EXT4-fs (loop3): Ignoring removed bh option
[  268.690114][ T6719] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  268.741622][ T6719] EXT4-fs (loop3): 1 truncate cleaned up
[  269.214912][ T6727] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  269.241108][ T6727] CIFS mount error: No usable UNC path provided in device string!
[  269.241108][ T6727] 
[  269.251381][ T6727] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  269.764533][ T6719] EXT4-fs (loop3): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none.
[  269.947934][ T6719] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.643: bg 0: block 465: padding at end of block bitmap is not set
[  270.022707][ T6719] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28
[  270.184607][ T6719] EXT4-fs (loop3): This should not happen!! Data will be lost
[  270.184607][ T6719] 
[  270.226403][ T6719] EXT4-fs (loop3): Total free blocks count 0
[  270.257181][ T6719] EXT4-fs (loop3): Free/Dirty block details
[  270.305223][ T6719] EXT4-fs (loop3): free_blocks=0
[  270.329369][ T6719] EXT4-fs (loop3): dirty_blocks=2
[  270.361070][ T6719] EXT4-fs (loop3): Block reservation details
[  270.387363][ T6719] EXT4-fs (loop3): i_reserved_data_blocks=2
[  270.555341][ T6750] netlink: 'syz.4.650': attribute type 10 has an invalid length.
[  270.568580][ T6750] team0: Device vxcan1 is of different type
[  270.579548][ T4537] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  270.594337][ T4537] EXT4-fs (loop3): This should not happen!! Data will be lost
[  270.594337][ T4537] 
[  274.749241][ T6794] futex_wake_op: syz.0.661 tries to shift op by 144; fix this program
[  275.079167][ T6817] loop5: detected capacity change from 0 to 512
[  277.193242][ T6835] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.543458][ T6852] loop3: detected capacity change from 0 to 512
[  277.564895][ T6852] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  277.566545][ T6835] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  277.572103][ T6852] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  277.618884][ T6853] device syzkaller0 entered promiscuous mode
[  277.650716][ T4248] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  277.701863][ T6852] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,mblk_io_submit,nojournal_checksum,init_itable=0x0000000000000006,dioread_nolock,,errors=continue. Quota mode: writeback.
[  277.775548][ T6852] ext4 filesystem being mounted at /132/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  277.788306][ T4248] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  277.809242][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  278.096346][ T6868] ipt_CLUSTERIP: Please specify destination IP
[  281.835484][ T6898] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  281.938497][ T6903] 8021q: adding VLAN 0 to HW filter on device bond1
[  281.954600][ T6898] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  282.473974][ T6908] fuse: Bad value for 'fd'
[  282.639757][ T6903] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  282.648741][ T6903] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  282.657627][ T6903] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  282.669554][ T6903] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  282.684260][ T6903] bond1: (slave geneve2): Enslaving as a backup interface with an up link
[  282.846213][ T4654] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  282.883443][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  283.198344][ T4654] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  283.503433][ T6903] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  285.860551][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.709'.
[  286.099285][ T6957] bridge0: port 3(team0) entered disabled state
[  286.175814][ T6957] device team0 left promiscuous mode
[  286.195385][ T6957] device team_slave_0 left promiscuous mode
[  286.253742][ T6957] device team_slave_1 left promiscuous mode
[  286.312644][ T6957] bridge0: port 3(team0) entered disabled state
[  286.593608][ T6957] team0 (unregistering): Port device team_slave_0 removed
[  286.795226][ T6957] team0 (unregistering): Port device team_slave_1 removed
[  286.948602][ T6957] team0 (unregistering): Port device bridge1 removed
[  287.202726][ T6984] device syzkaller0 entered promiscuous mode
[  289.536008][ T7014] netlink: 'syz.1.732': attribute type 12 has an invalid length.
[  291.718462][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.726'.
[  292.271124][ T7045] team0 (unregistering): Port device team_slave_0 removed
[  292.290134][ T7045] team0 (unregistering): Port device team_slave_1 removed
[  292.455292][ T7049] loop3: detected capacity change from 0 to 1024
[  292.485790][ T7051] device syzkaller0 entered promiscuous mode
[  293.270910][ T7049] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  294.681386][ T7049] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,delalloc,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none.
[  295.734590][ T7083] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  298.496420][   T21] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  298.892336][   T21] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  298.924348][   T21] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  299.121983][   T21] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  299.153758][   T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  299.162157][   T21] usb 4-1: SerialNumber: syz
[  301.352363][   T21] usb 4-1: 0:2 : does not exist
[  303.462264][   T21] usb 4-1: USB disconnect, device number 7
[  303.752972][ T4770] udevd[4770]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  305.247431][ T7181] netlink: 'syz.1.761': attribute type 1 has an invalid length.
[  305.361834][ T7181] 8021q: adding VLAN 0 to HW filter on device bond2
[  305.441382][ T7181] device ipvlan2 entered promiscuous mode
[  305.515419][ T7181] bond2: (slave ip6gretap2): making interface the new active one
[  305.548122][ T7181] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link
[  305.560587][ T1189] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  305.650675][ T7190] loop5: detected capacity change from 0 to 128
[  305.972809][ T7190] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  306.158066][ T7190] ext4 filesystem being mounted at /65/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  307.672336][ T7222] netlink: 36 bytes leftover after parsing attributes in process `syz.4.773'.
[  307.712728][ T7224] loop5: detected capacity change from 0 to 1024
[  307.900959][ T7224] EXT4-fs (loop5): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none.
[  307.924822][ T7230] batman_adv: batadv0: Removing interface: batadv_slave_0
[  307.933545][ T7230] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.958096][ T7224] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  310.683519][ T7203] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  310.761817][ T7264] netlink: 24 bytes leftover after parsing attributes in process `syz.3.783'.
[  311.812305][ T7271] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  312.072635][ T7281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.314121][ T7285] virt_wifi0 speed is unknown, defaulting to 1000
[  314.501678][   T26] audit: type=1326 audit(2000000392.549:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.625758][   T26] audit: type=1326 audit(2000000392.587:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.648983][   T26] audit: type=1326 audit(2000000392.587:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.672345][   T26] audit: type=1326 audit(2000000392.587:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.848358][   T26] audit: type=1326 audit(2000000392.587:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.864580][ T7310] netlink: 24 bytes leftover after parsing attributes in process `syz.0.804'.
[  314.913402][   T26] audit: type=1326 audit(2000000392.587:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.942937][   T26] audit: type=1326 audit(2000000392.587:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  314.966798][   T26] audit: type=1326 audit(2000000392.587:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  316.909018][ T4231] Bluetooth: hci4: command 0x0406 tx timeout
[  316.968774][   T26] audit: type=1326 audit(2000000392.587:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  317.046293][   T26] audit: type=1326 audit(2000000392.587:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7291 comm="syz.3.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  317.115030][ T7327] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  317.329455][ T7327] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  320.115399][ T7385] siw: device registration error -23
[  320.264424][ T7393] device syzkaller0 entered promiscuous mode
[  320.281431][ T7393] 0: reclassify loop, rule prio 0, protocol 800
[  320.490695][ T7407] loop3: detected capacity change from 0 to 1024
[  321.151148][ T7407] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none.
[  321.338725][ T7407] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  323.560844][ T7417] bridge0: port 4(syz_tun) entered disabled state
[  323.659031][ T7417] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.666458][ T7417] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.888442][ T7417] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.954369][ T7417] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  324.165344][ T7438] loop5: detected capacity change from 0 to 512
[  324.294612][ T7438] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  324.311987][ T7438] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  324.385729][ T7438] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #2: comm syz.5.826: corrupted inode contents
[  324.430675][ T7438] EXT4-fs error (device loop5): ext4_dirty_inode:6058: inode #2: comm syz.5.826: mark_inode_dirty error
[  324.459493][ T7438] EXT4-fs error (device loop5): ext4_do_update_inode:5222: inode #2: comm syz.5.826: corrupted inode contents
[  324.492222][ T7438] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.826: mark_inode_dirty error
[  324.549546][ T7417] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  324.558460][ T7417] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  324.567864][ T7417] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  324.577237][ T7417] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  324.750006][ T7435] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.824'.
[  324.778280][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  324.784625][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  324.970598][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  326.623721][ T7474] loop5: detected capacity change from 0 to 16
[  328.098074][ T7474] erofs: (device loop5): mounted with root inode @ nid 36.
[  329.248892][ T7468] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.256377][ T7468] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.535308][ T7468] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  329.564382][ T7468] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  329.735770][ T7468] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.760116][ T7468] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.772399][ T7468] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.781908][ T7468] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.874659][ T7478] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.830'.
[  333.762512][ T7527] loop5: detected capacity change from 0 to 8
[  343.292731][ T7569] loop5: detected capacity change from 0 to 32768
[  344.389401][ T7573] fuse: Bad value for 'fd'
[  344.802794][ T7569] XFS (loop5): Mounting V5 Filesystem
[  346.082844][ T7569] XFS (loop5): Ending clean mount
[  346.109069][ T7569] XFS (loop5): Quotacheck needed: Please wait.
[  346.249303][ T7569] XFS (loop5): Quotacheck: Done.
[  346.277798][ T5680] XFS (loop5): Unmounting Filesystem
[  346.302884][ T7613] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  346.334638][ T7608] loop3: detected capacity change from 0 to 4096
[  349.443623][ T7643] netlink: 20 bytes leftover after parsing attributes in process `syz.5.870'.
[  349.995280][    C0] hrtimer: interrupt took 48678 ns
[  350.459157][ T7647] orangefs_mount: mount request failed with -4
[  351.341877][ T7667] tipc: Started in network mode
[  351.346886][ T7667] tipc: Node identity eec2a3028503, cluster identity 4711
[  351.354966][ T7667] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  351.375582][ T7667] device syzkaller0 entered promiscuous mode
[  351.420017][ T7671] netlink: 64985 bytes leftover after parsing attributes in process `syz.1.883'.
[  351.655761][ T7667] tipc: Resetting bearer <eth:syzkaller0>
[  351.867586][ T7662] tipc: Resetting bearer <eth:syzkaller0>
[  351.939618][ T7662] tipc: Disabling bearer <eth:syzkaller0>
[  353.811445][ T7688] loop5: detected capacity change from 0 to 40427
[  354.032213][ T7688] F2FS-fs (loop5): invalid crc value
[  354.238342][ T7688] F2FS-fs (loop5): Found nat_bits in checkpoint
[  354.282442][ T7688] F2FS-fs (loop5): Start checkpoint disabled!
[  354.329182][ T7688] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  356.493046][ T7711] netlink: 'syz.0.896': attribute type 1 has an invalid length.
[  357.254564][ T7711] 8021q: adding VLAN 0 to HW filter on device bond2
[  357.360469][ T7720] device ipvlan2 entered promiscuous mode
[  357.397267][  T151] attempt to access beyond end of device
[  357.397267][  T151] loop5: rw=2049, want=40984, limit=40427
[  357.732679][ T7735] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.902'.
[  357.761587][ T7735] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.902'.
[  359.060467][ T7746] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  359.222256][ T7746] overlayfs: failed to look up (tracing) for ino (-66)
[  359.769363][ T7750] device syzkaller0 entered promiscuous mode
[  360.055414][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.910'.
[  361.610129][ T7773] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  363.473962][ T7773] device syzkaller0 entered promiscuous mode
[  363.689130][ T1107] tipc: Node number set to 1807852290
[  363.699585][ T7784] tipc: Resetting bearer <eth:syzkaller0>
[  363.718108][ T7764] tipc: Resetting bearer <eth:syzkaller0>
[  364.630695][ T7764] tipc: Disabling bearer <eth:syzkaller0>
[  368.144844][ T7814] loop5: detected capacity change from 0 to 4096
[  369.562714][ T7850] loop3: detected capacity change from 0 to 128
[  372.158313][ T7871] loop5: detected capacity change from 0 to 16
[  372.250053][ T7871] erofs: (device loop5): mounted with root inode @ nid 36.
[  372.341525][ T7873] device syzkaller0 entered promiscuous mode
[  372.548265][ T7867] 9pnet: Could not find request transport: 0xffffffffffffffff-‹"çŽ0x0000000000000003
[  375.655700][ T7911] netlink: 24 bytes leftover after parsing attributes in process `syz.5.949'.
[  378.737204][ T7936] loop5: detected capacity change from 0 to 512
[  378.816912][ T7936] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  378.856905][ T7936] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  379.552529][ T7936] EXT4-fs (loop5): 1 orphan inode deleted
[  379.558635][ T7936] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,jqfmt=vfsv0,resgid=0x0000000000000000,mblk_io_submit,auto_da_alloc=0x0000000000000002,quota,. Quota mode: writeback.
[  379.581531][ T7936] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  381.666179][ T7966] loop5: detected capacity change from 0 to 1024
[  383.397591][ T1324] hfsplus: b-tree write err: -5, ino 3
[  383.412229][ T7964] overlayfs: failed to clone lowerpath
[  383.420389][ T7964] overlayfs: failed to clone lowerpath
[  383.617116][ T5680] hfsplus: node 4:3 still has 1 user(s)!
[  383.644444][ T7978] netlink: 12 bytes leftover after parsing attributes in process `syz.4.974'.
[  384.522888][ T7978] device bond2 entered promiscuous mode
[  384.556963][ T7978] 8021q: adding VLAN 0 to HW filter on device bond2
[  384.571231][ T7982] device erspan1 entered promiscuous mode
[  384.615812][ T7982] bond2: (slave erspan1): Enslaving as an active interface with an up link
[  384.645446][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  386.773408][ T8014] loop3: detected capacity change from 0 to 512
[  387.009407][ T8014] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  387.040341][ T8014] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  387.372926][ T8014] EXT4-fs (loop3): 1 orphan inode deleted
[  387.462633][ T8014] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,jqfmt=vfsv0,resgid=0x0000000000000000,mblk_io_submit,auto_da_alloc=0x0000000000000002,quota,. Quota mode: writeback.
[  387.957321][ T8014] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  390.705065][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  390.711383][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  391.938520][ T8079] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  391.957014][ T8079] device syzkaller0 entered promiscuous mode
[  392.017512][ T8079] tipc: Resetting bearer <eth:syzkaller0>
[  392.034186][ T8077] tipc: Resetting bearer <eth:syzkaller0>
[  392.054017][ T8077] tipc: Disabling bearer <eth:syzkaller0>
[  392.095831][ T8084] device syzkaller0 entered promiscuous mode
[  392.151525][ T8088] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  396.301299][ T8125] device syzkaller0 entered promiscuous mode
[  396.966593][ T8128] loop5: detected capacity change from 0 to 1024
[  398.685814][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1006'.
[  399.460889][ T8165] device bond1 entered promiscuous mode
[  399.466871][ T8165] 8021q: adding VLAN 0 to HW filter on device bond1
[  399.754496][ T8175] device erspan1 entered promiscuous mode
[  399.766544][ T8175] bond1: (slave erspan1): Enslaving as an active interface with an up link
[  399.789926][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  399.808749][ T8165] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1006'.
[  399.850985][ T8165] bond1 (unregistering): (slave erspan1): Releasing backup interface
[  399.867101][ T8165] device erspan1 left promiscuous mode
[  399.883957][ T8165] bond1 (unregistering): Released all slaves
[  401.465793][ T8203] loop3: detected capacity change from 0 to 512
[  401.859859][ T8203] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1020: inode has both inline data and extents flags
[  402.107051][ T8203] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1020: couldn't read orphan inode 15 (err -117)
[  402.120336][ T8203] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  404.363497][ T8243] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1028'.
[  408.037157][ T8249] capability: warning: `syz.3.1031' uses deprecated v2 capabilities in a way that may be insecure
[  408.210655][ T8253] netlink: 399 bytes leftover after parsing attributes in process `syz.0.1032'.
[  409.066933][ T8264] netlink: 'syz.0.1036': attribute type 29 has an invalid length.
[  409.076875][ T8264] netlink: 'syz.0.1036': attribute type 29 has an invalid length.
[  409.292666][ T8268] TC_ACT_REPEAT abuse ?
[  409.656497][ T8274] IPVS: wrr: FWM 3 0x00000003 - no destination available
[  409.703575][ T8283] netlink: 'syz.3.1044': attribute type 1 has an invalid length.
[  410.257577][ T8283] 8021q: adding VLAN 0 to HW filter on device bond1
[  410.285832][ T8287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'.
[  410.665897][ T8283] bond1: (slave geneve2): making interface the new active one
[  410.878175][ T8283] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  410.889723][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  411.251426][ T8301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1049'.
[  416.102932][ T8359] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1066'.
[  417.676856][ T8377] Cannot find del_set index 4 as target
[  418.014427][ T8375] loop5: detected capacity change from 0 to 40427
[  418.176151][ T8375] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  418.183989][ T8375] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  418.205365][ T8375] F2FS-fs (loop5): invalid crc value
[  418.211094][ T8383] device syzkaller0 entered promiscuous mode
[  418.450932][ T8375] F2FS-fs (loop5): Found nat_bits in checkpoint
[  418.607587][ T8375] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  418.614719][ T8375] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  420.089571][   T26] kauditd_printk_skb: 16 callbacks suppressed
[  420.090021][   T26] audit: type=1800 audit(2000000490.289:149): pid=8396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1070" name="file1" dev="loop5" ino=10 res=0 errno=0
[  420.423414][ T5680] attempt to access beyond end of device
[  420.423414][ T5680] loop5: rw=2049, want=40968, limit=40427
[  421.942349][ T8428] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1078'.
[  425.182947][ T8468] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1086'.
[  430.253095][ T8499] netlink: 'syz.1.1095': attribute type 29 has an invalid length.
[  430.264148][ T8499] netlink: 'syz.1.1095': attribute type 29 has an invalid length.
[  430.688997][ T8510] device syzkaller0 entered promiscuous mode
[  434.183888][ T8536] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  434.297934][ T8544] fuse: Unknown parameter '0xffffffffffffffff'
[  435.794804][ T8565] netlink: 'syz.4.1110': attribute type 29 has an invalid length.
[  435.804655][ T8565] netlink: 'syz.4.1110': attribute type 29 has an invalid length.
[  437.755643][ T8597] loop5: detected capacity change from 0 to 256
[  437.918600][ T8597] FAT-fs (loop5): Directory bread(block 64) failed
[  437.949857][ T8597] FAT-fs (loop5): Directory bread(block 65) failed
[  437.981426][ T8597] FAT-fs (loop5): Directory bread(block 66) failed
[  438.014428][ T8597] FAT-fs (loop5): Directory bread(block 67) failed
[  438.030157][ T8597] FAT-fs (loop5): Directory bread(block 68) failed
[  438.102314][ T8597] FAT-fs (loop5): Directory bread(block 69) failed
[  438.127254][ T8597] FAT-fs (loop5): Directory bread(block 70) failed
[  438.295983][ T8597] FAT-fs (loop5): Directory bread(block 71) failed
[  438.399646][ T8597] FAT-fs (loop5): Directory bread(block 72) failed
[  438.599701][ T8597] FAT-fs (loop5): Directory bread(block 73) failed
[  441.415297][ T8629] netlink: 'syz.5.1125': attribute type 29 has an invalid length.
[  441.425060][ T8629] netlink: 'syz.5.1125': attribute type 29 has an invalid length.
[  447.437274][ T8687] netlink: 'syz.3.1139': attribute type 29 has an invalid length.
[  447.447044][ T8687] netlink: 'syz.3.1139': attribute type 29 has an invalid length.
[  448.321082][ T8690] bridge0: port 3(vxlan0) entered blocking state
[  449.299038][ T8690] bridge0: port 3(vxlan0) entered disabled state
[  449.306868][ T8690] device vxlan0 entered promiscuous mode
[  449.337953][ T8704] device wlan1 left promiscuous mode
[  449.467877][ T8709] netlink: 'syz.3.1145': attribute type 10 has an invalid length.
[  449.499970][ T8709] device wlan1 entered promiscuous mode
[  449.580707][ T8709] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  449.634662][ T8718] loop5: detected capacity change from 0 to 1024
[  450.854710][ T8726] hfsplus: bad catalog entry type
[  454.770301][ T8770] netlink: 'syz.0.1161': attribute type 2 has an invalid length.
[  455.406153][ T8778] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1165'.
[  456.488445][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  456.508250][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  459.328976][ T8803] hub 8-0:1.0: USB hub found
[  459.338653][ T8803] hub 8-0:1.0: 1 port detected
[  459.959739][ T8808] netlink: 'syz.4.1172': attribute type 29 has an invalid length.
[  459.972952][ T8808] netlink: 'syz.4.1172': attribute type 29 has an invalid length.
[  461.185033][ T8815] loop5: detected capacity change from 0 to 128
[  466.560867][ T8862] netlink: 'syz.1.1186': attribute type 29 has an invalid length.
[  466.573244][ T8862] netlink: 'syz.1.1186': attribute type 29 has an invalid length.
[  471.188962][ T8886] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1193'.
[  472.263287][ T8899] loop5: detected capacity change from 0 to 128
[  472.274671][ T8899] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  472.320681][ T8899] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  475.706965][ T4559] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  476.594446][ T8936] ªªªªªª: renamed from vlan0
[  476.759181][ T8926] loop3: detected capacity change from 0 to 4096
[  477.010305][ T8926] ntfs3: Unknown parameter 'windows_names'
[  477.263797][ T8946] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1208'.
[  477.294276][ T8946] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  477.670230][ T8947] 9pnet_virtio: no channels available for device syz
[  478.811282][ T8965] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  480.433938][ T8972] device syzkaller0 entered promiscuous mode
[  480.445108][ T8973] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  480.465659][ T8965] tipc: Resetting bearer <eth:syzkaller0>
[  480.642584][ T8964] tipc: Resetting bearer <eth:syzkaller0>
[  480.665633][ T8964] tipc: Disabling bearer <eth:syzkaller0>
[  482.198852][ T8998] loop3: detected capacity change from 0 to 128
[  483.844223][ T9011] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1226'.
[  483.854268][ T8998] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  483.904485][ T8998] ext4 filesystem being mounted at /230/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  487.329926][ T9038] overlayfs: failed to clone lowerpath
[  492.191647][ T9083] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  492.210862][ T9083] device syzkaller0 entered promiscuous mode
[  492.254752][ T9083] tipc: Resetting bearer <eth:syzkaller0>
[  492.286809][ T9082] tipc: Resetting bearer <eth:syzkaller0>
[  492.313728][ T9082] tipc: Disabling bearer <eth:syzkaller0>
[  492.430283][ T9103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1250'.
[  492.443889][ T9103] device macvtap1 entered promiscuous mode
[  492.450729][ T9103] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  494.058590][ T9148] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1257'.
[  494.082857][ T9148] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  497.311539][ T9169] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  497.378391][ T9175] device syz_tun left promiscuous mode
[  497.383946][ T9175] bridge0: port 4(syz_tun) entered disabled state
[  499.377371][ T9195] device syzkaller0 entered promiscuous mode
[  499.422778][ T9197] loop3: detected capacity change from 0 to 4096
[  499.423079][ T9195] tc action pedit offset 128 out of bounds
[  499.604397][ T9205] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  512.504995][ T9317] loop5: detected capacity change from 0 to 512
[  512.605369][ T9317] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  513.546204][ T9317] EXT4-fs (loop5): 1 orphan inode deleted
[  513.909014][ T9317] EXT4-fs (loop5): 1 truncate cleaned up
[  513.918067][ T9317] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback.
[  514.729984][ T9317] EXT4-fs error (device loop5): empty_inline_dir:1873: inode #12: block 7: comm syz.5.1296: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=784, size=60 fake=0
[  514.795710][ T9317] EXT4-fs (loop5): Remounting filesystem read-only
[  514.809719][ T9317] EXT4-fs warning (device loop5): empty_inline_dir:1880: bad inline directory (dir #12) - inode 13, rec_len 784, name_len 5inline size 60
[  514.882126][ T9317] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  519.456298][   T26] audit: type=1326 audit(2000000584.260:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  519.493633][   T26] audit: type=1326 audit(2000000584.297:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  519.523796][ T9379] kvm: emulating exchange as write
[  519.529881][   T26] audit: type=1326 audit(2000000584.297:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.007263][   T26] audit: type=1326 audit(2000000584.297:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.244048][   T26] audit: type=1326 audit(2000000584.297:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.266456][   T26] audit: type=1326 audit(2000000584.297:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.296607][   T26] audit: type=1326 audit(2000000584.297:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.328819][   T26] audit: type=1326 audit(2000000584.297:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.561542][   T26] audit: type=1326 audit(2000000585.111:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  520.919010][   T26] audit: type=1326 audit(2000000585.111:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9372 comm="syz.3.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f171ebdb819 code=0x7ffc0000
[  521.845381][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  521.852185][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  529.317479][   T23] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  530.427876][   T23] usb 4-1: Using ep0 maxpacket: 8
[  533.074100][   T26] audit: type=1326 audit(2000000597.000:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.5.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe348a39819 code=0x7ffc0000
[  533.138047][   T26] audit: type=1326 audit(2000000597.065:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.5.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe348a39819 code=0x7ffc0000
[  533.208634][   T23] usb 4-1: unable to read config index 0 descriptor/start: -71
[  533.216714][   T23] usb 4-1: can't read configurations, error -71
[  536.278383][ T9573] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1364'.
[  536.291331][ T9573] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  536.299552][ T9573] CPU: 0 PID: 9573 Comm: syz.1.1364 Not tainted syzkaller #0
[  536.306943][ T9573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  536.317141][ T9573] Call Trace:
[  536.320428][ T9573]  <TASK>
[  536.323377][ T9573]  dump_stack_lvl+0x188/0x250
[  536.328188][ T9573]  ? show_regs_print_info+0x20/0x20
[  536.333400][ T9573]  ? load_image+0x400/0x400
[  536.337920][ T9573]  sysfs_warn_dup+0x8a/0xa0
[  536.342425][ T9573]  sysfs_do_create_link_sd+0xc0/0x110
[  536.347813][ T9573]  device_add+0x7ed/0xfb0
[  536.352167][ T9573]  wiphy_register+0x1e81/0x2c30
[  536.357054][ T9573]  ? cfg80211_event_work+0x40/0x40
[  536.362172][ T9573]  ? minstrel_ht_alloc+0x808/0x980
[  536.367306][ T9573]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[  536.373482][ T9573]  ieee80211_register_hw+0x2aa1/0x3af0
[  536.379119][ T9573]  ? ieee80211_tasklet_handler+0x20/0x20
[  536.384784][ T9573]  ? rcu_is_watching+0x11/0xa0
[  536.389578][ T9573]  ? memset+0x1e/0x40
[  536.393581][ T9573]  ? hrtimer_init+0x10c/0x220
[  536.398290][ T9573]  mac80211_hwsim_new_radio+0x20d3/0x4080
[  536.404070][ T9573]  hwsim_new_radio_nl+0xa6f/0xc40
[  536.409128][ T9573]  genl_rcv_msg+0xcea/0xf90
[  536.413779][ T9573]  ? genl_bind+0x380/0x380
[  536.418223][ T9573]  ? verify_lock_unused+0x140/0x140
[  536.423440][ T9573]  ? verify_lock_unused+0x140/0x140
[  536.428656][ T9573]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  536.434668][ T9573]  ? hwsim_tx_info_frame_received_nl+0x1020/0x1020
[  536.441302][ T9573]  netlink_rcv_skb+0x1f5/0x440
[  536.446090][ T9573]  ? genl_bind+0x380/0x380
[  536.450664][ T9573]  ? netlink_ack+0xb50/0xb50
[  536.455275][ T9573]  ? __lock_acquire+0x7d10/0x7d10
[  536.460323][ T9573]  ? down_read+0x1aa/0x2e0
[  536.464762][ T9573]  genl_rcv+0x24/0x40
[  536.468756][ T9573]  netlink_unicast+0x774/0x920
[  536.473547][ T9573]  netlink_sendmsg+0x8ba/0xbe0
[  536.478549][ T9573]  ? netlink_getsockopt+0x570/0x570
[  536.483772][ T9573]  ? aa_sock_msg_perm+0x94/0x150
[  536.488721][ T9573]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  536.494018][ T9573]  ? security_socket_sendmsg+0x7c/0xa0
[  536.499483][ T9573]  ? netlink_getsockopt+0x570/0x570
[  536.504789][ T9573]  ____sys_sendmsg+0x5b7/0x8f0
[  536.509575][ T9573]  ? __sys_sendmsg_sock+0x30/0x30
[  536.514619][ T9573]  ? import_iovec+0x6f/0xa0
[  536.519147][ T9573]  ___sys_sendmsg+0x236/0x2e0
[  536.523930][ T9573]  ? __sys_sendmsg+0x2a0/0x2a0
[  536.528749][ T9573]  __se_sys_sendmsg+0x1af/0x290
[  536.533611][ T9573]  ? asm_sysvec_call_function_single+0x16/0x20
[  536.539867][ T9573]  ? __x64_sys_sendmsg+0x80/0x80
[  536.545091][ T9573]  ? __sanitizer_cov_trace_pc+0x41/0x60
[  536.550650][ T9573]  do_syscall_64+0x4c/0xa0
[  536.555115][ T9573]  ? clear_bhb_loop+0x30/0x80
[  536.559833][ T9573]  ? clear_bhb_loop+0x30/0x80
[  536.564519][ T9573]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  536.570430][ T9573] RIP: 0033:0x7fc7d112e819
[  536.574979][ T9573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  536.594605][ T9573] RSP: 002b:00007fc7cf367028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  536.603050][ T9573] RAX: ffffffffffffffda RBX: 00007fc7d13a8090 RCX: 00007fc7d112e819
[  536.611033][ T9573] RDX: 0000000000000e00 RSI: 0000200000000000 RDI: 0000000000000003
[  536.619021][ T9573] RBP: 00007fc7d11c4c91 R08: 0000000000000000 R09: 0000000000000000
[  536.626995][ T9573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  536.634980][ T9573] R13: 00007fc7d13a8128 R14: 00007fc7d13a8090 R15: 00007ffc43ef92f8
[  536.643122][ T9573]  </TASK>
[  538.519362][ T9602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1370'.
[  545.959815][ T9660] loop3: detected capacity change from 0 to 164
[  546.196069][ T9647] netlink: 'syz.4.1380': attribute type 3 has an invalid length.
[  547.219519][ T9676] device syzkaller0 entered promiscuous mode
[  548.014363][ T9695] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1395'.
[  552.825201][ T9754] device syzkaller0 entered promiscuous mode
[  555.887425][ T9803] bridge0: port 3(syz_tun) entered blocking state
[  555.920749][ T9803] bridge0: port 3(syz_tun) entered disabled state
[  555.935461][ T9803] device syz_tun entered promiscuous mode
[  556.986213][ T4230] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  558.365433][ T4230] usb 6-1: Using ep0 maxpacket: 8
[  558.866524][ T4230] usb 6-1: config index 0 descriptor too short (expected 30, got 18)
[  559.603967][ T4230] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  559.663611][ T4230] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.899708][ T4230] usb 6-1: Product: syz
[  560.040581][ T4230] usb 6-1: config 0 descriptor??
[  560.258700][ T4230] usb 6-1: can't set config #0, error -71
[  560.280366][ T4230] usb 6-1: USB disconnect, device number 3
[  560.299995][ T9861] loop5: detected capacity change from 0 to 164
[  561.036440][ T9868] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  561.126034][ T9868] loop3: detected capacity change from 0 to 2048
[  561.348010][ T9868] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  562.343421][ T9882] ptrace attach of "./syz-executor exec"[4189] was attempted by "./syz-executor exec"[9882]
[  565.203575][ T9902] device syzkaller0 entered promiscuous mode
[  565.394393][ T9904] device syzkaller0 entered promiscuous mode
[  565.404979][ T9904] 0: reclassify loop, rule prio 0, protocol 700
[  573.002685][ T9991] device syzkaller0 entered promiscuous mode
[  579.100757][T10039] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.833783][T10039] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  582.798659][T10055] loop3: detected capacity change from 0 to 8192
[  587.592139][ T1433] ieee802154 phy0 wpan0: encryption failed: -22
[  587.598621][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  591.976785][T10145] device syzkaller0 entered promiscuous mode
[  593.283064][T10158] device syzkaller0 entered promiscuous mode
[  597.091969][T10206] netlink: 'syz.4.1532': attribute type 6 has an invalid length.
[  600.104727][T10251] loop3: detected capacity change from 0 to 164
[  600.204832][T10253] overlayfs: failed to clone upperpath
[  600.449787][T10257] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1542'.
[  600.469447][T10257] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  601.153456][T10261] loop5: detected capacity change from 0 to 512
[  602.979036][T10261] EXT4-fs (loop5): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  604.340951][T10297] 9pnet_virtio: no channels available for device 127.0.0.1
[  606.517487][T10314] loop5: detected capacity change from 0 to 164
[  606.644743][T10313] bridge0: port 4(syz_tun) entered blocking state
[  606.651796][T10313] bridge0: port 4(syz_tun) entered forwarding state
[  606.700767][ T4537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  611.529350][T10393] nfs4: Unknown parameter 'noa'
[  611.916967][T10395] deleting an unspecified loop device is not supported.
[  612.060579][T10399] netlink: 'syz.4.1579': attribute type 5 has an invalid length.
[  612.238901][T10399] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  612.248379][T10399] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  612.257345][T10399] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  612.266094][T10399] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  612.284087][T10399] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  612.293766][T10399] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  612.302702][T10399] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  612.311581][T10399] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  612.987202][T10400] netlink: 'syz.4.1579': attribute type 5 has an invalid length.
[  613.010464][T10400] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  613.019484][T10400] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  613.028428][T10400] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  613.037240][T10400] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  613.402856][T10400] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  613.411829][T10400] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  613.422211][T10400] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  613.431346][T10400] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  613.433651][T10416] loop3: detected capacity change from 0 to 512
[  613.496403][T10412] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1581'.
[  613.692439][T10416] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=a842c018, mo2=0000]
[  613.700693][T10416] System zones: 0-1, 18-18, 34-34, 40-40
[  613.707630][T10416] EXT4-fs (loop3): orphan cleanup on readonly fs
[  613.715692][T10416] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  613.727117][T10416] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  613.737130][T10416] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.1583: Failed to acquire dquot type 0
[  613.859093][T10416] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  613.917242][T10416] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  614.171204][T10416] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.1583: Failed to acquire dquot type 0
[  614.358565][T10416] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1583: bg 0: block 64: padding at end of block bitmap is not set
[  614.404963][T10416] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6192: Corrupt filesystem
[  614.438002][T10416] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  614.471563][T10416] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  614.499299][T10416] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.1583: Failed to acquire dquot type 0
[  614.549307][T10416] EXT4-fs (loop3): 1 orphan inode deleted
[  614.597125][T10416] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,nolazytime,,errors=continue. Quota mode: writeback.
[  614.981301][ T5139] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  614.992508][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1590'.
[  615.473531][ T5139] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.632788][ T5139] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  615.654630][ T5139] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  615.731610][ T5139] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  615.759602][ T5139] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.792779][ T5139] usb 4-1: config 0 descriptor??
[  617.472354][ T5139] usb 4-1: can't set config #0, error -71
[  617.487528][ T5139] usb 4-1: USB disconnect, device number 10
[  617.542151][T10475] bridge0: port 3(syz_tun) entered blocking state
[  617.548703][T10475] bridge0: port 3(syz_tun) entered forwarding state
[  617.755354][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  617.777109][T10484] device syzkaller0 entered promiscuous mode
[  619.134992][T10497] 
[  619.137557][T10497] ======================================================
[  619.144578][T10497] WARNING: possible circular locking dependency detected
[  619.151608][T10497] syzkaller #0 Not tainted
[  619.156024][T10497] ------------------------------------------------------
[  619.163034][T10497] syz.5.1600/10497 is trying to acquire lock:
[  619.169154][T10497] ffff88807bc80ca0 (msk_lock-AF_INET){+.+.}-{0:0}, at: inet_sk_diag_fill+0xf5e/0x1ca0
[  619.179239][T10497] 
[  619.179239][T10497] but task is already holding lock:
[  619.186869][T10497] ffffc90001870ce0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  619.196464][T10497] 
[  619.196464][T10497] which lock already depends on the new lock.
[  619.196464][T10497] 
[  619.207072][T10497] 
[  619.207072][T10497] the existing dependency chain (in reverse order) is:
[  619.216084][T10497] 
[  619.216084][T10497] -> #2 (&h->lhash2[i].lock){+.+.}-{2:2}:
[  619.224013][T10497]        _raw_spin_lock+0x2a/0x40
[  619.229040][T10497]        inet_unhash+0xd0/0x540
[  619.233896][T10497]        tcp_set_state+0x35b/0x520
[  619.239004][T10497]        __tcp_close+0x8b/0xfa0
[  619.243868][T10497]        __mptcp_close_ssk+0x1ea/0x460
[  619.249344][T10497]        __mptcp_destroy_sock+0x3b5/0x6f0
[  619.255145][T10497]        mptcp_close+0x5a7/0x9f0
[  619.260077][T10497]        inet_release+0x139/0x180
[  619.265104][T10497]        sock_close+0xd5/0x240
[  619.269870][T10497]        __fput+0x234/0x930
[  619.274455][T10497]        task_work_run+0x125/0x1a0
[  619.279656][T10497]        exit_to_user_mode_loop+0x10f/0x130
[  619.285549][T10497]        exit_to_user_mode_prepare+0xee/0x180
[  619.291632][T10497]        syscall_exit_to_user_mode+0x16/0x40
[  619.297675][T10497]        do_syscall_64+0x58/0xa0
[  619.302725][T10497]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  619.309345][T10497] 
[  619.309345][T10497] -> #1 (k-sk_lock-AF_INET6/1){+.+.}-{0:0}:
[  619.317458][T10497]        mptcp_close+0x297/0x9f0
[  619.322431][T10497]        inet_release+0x139/0x180
[  619.327483][T10497]        sock_release+0x7b/0x140
[  619.332602][T10497]        mptcp_nl_cmd_flush_addrs+0x990/0xa90
[  619.338684][T10497]        genl_rcv_msg+0xcea/0xf90
[  619.343716][T10497]        netlink_rcv_skb+0x1f5/0x440
[  619.349007][T10497]        genl_rcv+0x24/0x40
[  619.353521][T10497]        netlink_unicast+0x774/0x920
[  619.358805][T10497]        netlink_sendmsg+0x8ba/0xbe0
[  619.364094][T10497]        ____sys_sendmsg+0x5b7/0x8f0
[  619.369381][T10497]        ___sys_sendmsg+0x236/0x2e0
[  619.374716][T10497]        __se_sys_sendmsg+0x1af/0x290
[  619.380137][T10497]        do_syscall_64+0x4c/0xa0
[  619.385174][T10497]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  619.391609][T10497] 
[  619.391609][T10497] -> #0 (msk_lock-AF_INET){+.+.}-{0:0}:
[  619.399495][T10497]        __lock_acquire+0x2c42/0x7d10
[  619.404907][T10497]        lock_acquire+0x19e/0x400
[  619.410657][T10497]        mptcp_diag_get_info+0x1f2/0x9e0
[  619.416304][T10497]        inet_sk_diag_fill+0xf5e/0x1ca0
[  619.421880][T10497]        mptcp_diag_dump+0xce6/0x12b0
[  619.427258][T10497]        __inet_diag_dump+0x1f6/0x380
[  619.432640][T10497]        inet_diag_dump_compat+0x17e/0x220
[  619.438553][T10497]        netlink_dump+0x694/0xcf0
[  619.443603][T10497]        __netlink_dump_start+0x523/0x700
[  619.449381][T10497]        inet_diag_rcv_msg_compat+0x207/0x420
[  619.455474][T10497]        sock_diag_rcv_msg+0x164/0x3e0
[  619.461213][T10497]        netlink_rcv_skb+0x1f5/0x440
[  619.466515][T10497]        sock_diag_rcv+0x26/0x40
[  619.471462][T10497]        netlink_unicast+0x774/0x920
[  619.476757][T10497]        netlink_sendmsg+0x8ba/0xbe0
[  619.482049][T10497]        ____sys_sendmsg+0x5b7/0x8f0
[  619.487341][T10497]        ___sys_sendmsg+0x236/0x2e0
[  619.492652][T10497]        __se_sys_sendmsg+0x1af/0x290
[  619.498038][T10497]        do_syscall_64+0x4c/0xa0
[  619.502988][T10497]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  619.509410][T10497] 
[  619.509410][T10497] other info that might help us debug this:
[  619.509410][T10497] 
[  619.519775][T10497] Chain exists of:
[  619.519775][T10497]   msk_lock-AF_INET --> k-sk_lock-AF_INET6/1 --> &h->lhash2[i].lock
[  619.519775][T10497] 
[  619.533829][T10497]  Possible unsafe locking scenario:
[  619.533829][T10497] 
[  619.541302][T10497]        CPU0                    CPU1
[  619.546680][T10497]        ----                    ----
[  619.552054][T10497]   lock(&h->lhash2[i].lock);
[  619.556746][T10497]                                lock(k-sk_lock-AF_INET6/1);
[  619.564268][T10497]                                lock(&h->lhash2[i].lock);
[  619.571567][T10497]   lock(msk_lock-AF_INET);
[  619.576099][T10497] 
[  619.576099][T10497]  *** DEADLOCK ***
[  619.576099][T10497] 
[  619.584232][T10497] 6 locks held by syz.5.1600/10497:
[  619.589767][T10497]  #0: ffffffff8d4466e8 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x17/0x40
[  619.599266][T10497]  #1: ffffffff8d4465a8 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x14a/0x3e0
[  619.609843][T10497]  #2: ffff88804d31f698 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x700
[  619.620564][T10497]  #3: ffffffff8d520588 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x181/0x380
[  619.630862][T10497]  #4: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  619.640271][T10497]  #5: ffffc90001870ce0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  619.650280][T10497] 
[  619.650280][T10497] stack backtrace:
[  619.656245][T10497] CPU: 1 PID: 10497 Comm: syz.5.1600 Not tainted syzkaller #0
[  619.663901][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  619.673959][T10497] Call Trace:
[  619.677248][T10497]  <TASK>
[  619.680261][T10497]  dump_stack_lvl+0x188/0x250
[  619.684955][T10497]  ? load_image+0x400/0x400
[  619.689458][T10497]  ? show_regs_print_info+0x20/0x20
[  619.694667][T10497]  ? print_circular_bug+0x12b/0x1a0
[  619.699865][T10497]  check_noncircular+0x296/0x330
[  619.704817][T10497]  ? add_chain_block+0x940/0x940
[  619.709942][T10497]  ? lockdep_lock+0xf1/0x1f0
[  619.714567][T10497]  ? __lock_acquire+0x13bc/0x7d10
[  619.719599][T10497]  ? mark_lock+0x94/0x320
[  619.724013][T10497]  __lock_acquire+0x2c42/0x7d10
[  619.728890][T10497]  ? mark_lock+0x94/0x320
[  619.733320][T10497]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  619.739407][T10497]  ? verify_lock_unused+0x140/0x140
[  619.744626][T10497]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  619.750605][T10497]  ? __local_bh_enable_ip+0xd7/0x1c0
[  619.755974][T10497]  ? __local_bh_enable_ip+0x136/0x1c0
[  619.761342][T10497]  ? lockdep_hardirqs_on+0x94/0x140
[  619.766721][T10497]  ? __local_bh_enable_ip+0x136/0x1c0
[  619.772091][T10497]  ? _local_bh_enable+0xa0/0xa0
[  619.776948][T10497]  ? nla_put+0x130/0x1e0
[  619.781207][T10497]  lock_acquire+0x19e/0x400
[  619.785712][T10497]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  619.790925][T10497]  ? memcpy+0x3c/0x60
[  619.794914][T10497]  ? nla_put+0x130/0x1e0
[  619.799168][T10497]  ? read_lock_is_recursive+0x10/0x10
[  619.804654][T10497]  ? sock_diag_put_meminfo+0xc6/0x120
[  619.810201][T10497]  ? sock_diag_save_cookie+0xc0/0xc0
[  619.815482][T10497]  ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30
[  619.822071][T10497]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  619.827273][T10497]  mptcp_diag_get_info+0x1f2/0x9e0
[  619.832393][T10497]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  619.837616][T10497]  inet_sk_diag_fill+0xf5e/0x1ca0
[  619.842676][T10497]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  619.848488][T10497]  ? lockdep_hardirqs_on+0x94/0x140
[  619.853794][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  619.859430][T10497]  ? inet_diag_bc_sk+0x18b/0x1120
[  619.864461][T10497]  ? mptcp_diag_dump+0xbcc/0x12b0
[  619.869532][T10497]  mptcp_diag_dump+0xce6/0x12b0
[  619.874396][T10497]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  619.881000][T10497]  __inet_diag_dump+0x1f6/0x380
[  619.886717][T10497]  inet_diag_dump_compat+0x17e/0x220
[  619.892044][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  619.897815][T10497]  ? inet_diag_dump_start_compat+0x20/0x20
[  619.904071][T10497]  ? netlink_dump+0x271/0xcf0
[  619.909101][T10497]  netlink_dump+0x694/0xcf0
[  619.913625][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  619.919701][T10497]  ? netlink_lookup+0x1d0/0x1d0
[  619.924557][T10497]  ? __inet_diag_dump_start+0x805/0x970
[  619.930106][T10497]  __netlink_dump_start+0x523/0x700
[  619.935312][T10497]  inet_diag_rcv_msg_compat+0x207/0x420
[  619.940956][T10497]  ? inet_diag_unregister+0xb0/0xb0
[  619.946393][T10497]  ? lock_chain_count+0x20/0x20
[  619.951347][T10497]  ? mutex_lock_io_nested+0x60/0x60
[  619.956643][T10497]  ? __inet_diag_dump+0x380/0x380
[  619.961669][T10497]  ? inet_diag_dump_start_compat+0x20/0x20
[  619.967630][T10497]  ? inet_diag_dump+0x50/0x50
[  619.972307][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  619.977950][T10497]  ? inet_diag_unregister+0xb0/0xb0
[  619.983150][T10497]  sock_diag_rcv_msg+0x164/0x3e0
[  619.988096][T10497]  netlink_rcv_skb+0x1f5/0x440
[  619.992867][T10497]  ? sock_diag_bind+0xa0/0xa0
[  619.997540][T10497]  ? netlink_ack+0xb50/0xb50
[  620.002129][T10497]  ? __lock_acquire+0x7d10/0x7d10
[  620.007202][T10497]  ? rcu_lock_acquire+0x5/0x30
[  620.012053][T10497]  sock_diag_rcv+0x26/0x40
[  620.016469][T10497]  netlink_unicast+0x774/0x920
[  620.021235][T10497]  netlink_sendmsg+0x8ba/0xbe0
[  620.026003][T10497]  ? netlink_getsockopt+0x570/0x570
[  620.031200][T10497]  ? aa_sock_msg_perm+0x94/0x150
[  620.036139][T10497]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  620.041694][T10497]  ? security_socket_sendmsg+0x7c/0xa0
[  620.047155][T10497]  ? netlink_getsockopt+0x570/0x570
[  620.052373][T10497]  ____sys_sendmsg+0x5b7/0x8f0
[  620.057142][T10497]  ? __sys_sendmsg_sock+0x30/0x30
[  620.062186][T10497]  ? import_iovec+0x6f/0xa0
[  620.066710][T10497]  ___sys_sendmsg+0x236/0x2e0
[  620.071392][T10497]  ? __sys_sendmsg+0x2a0/0x2a0
[  620.076181][T10497]  __se_sys_sendmsg+0x1af/0x290
[  620.081057][T10497]  ? __x64_sys_sendmsg+0x80/0x80
[  620.086081][T10497]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  620.092078][T10497]  ? lockdep_hardirqs_on+0x94/0x140
[  620.097363][T10497]  do_syscall_64+0x4c/0xa0
[  620.101774][T10497]  ? clear_bhb_loop+0x30/0x80
[  620.106445][T10497]  ? clear_bhb_loop+0x30/0x80
[  620.111122][T10497]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  620.117054][T10497] RIP: 0033:0x7fe348a39819
[  620.121581][T10497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  620.141189][T10497] RSP: 002b:00007fe346c51028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  620.149609][T10497] RAX: ffffffffffffffda RBX: 00007fe348cb3180 RCX: 00007fe348a39819
[  620.157582][T10497] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  620.165712][T10497] RBP: 00007fe348acfc91 R08: 0000000000000000 R09: 0000000000000000
[  620.173776][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  620.181831][T10497] R13: 00007fe348cb3218 R14: 00007fe348cb3180 R15: 00007fffe3a0eea8
[  620.189815][T10497]  </TASK>
[  620.192896][T10497] BUG: sleeping function called from invalid context at net/core/sock.c:3291
[  620.201672][T10497] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10497, name: syz.5.1600
[  620.211055][T10497] INFO: lockdep is turned off.
[  620.215993][T10497] Preemption disabled at:
[  620.216001][T10497] [<0000000000000000>] 0x0
[  620.224741][T10497] CPU: 1 PID: 10497 Comm: syz.5.1600 Not tainted syzkaller #0
[  620.232193][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  620.242244][T10497] Call Trace:
[  620.245519][T10497]  <TASK>
[  620.248551][T10497]  dump_stack_lvl+0x188/0x250
[  620.253232][T10497]  ? show_regs_print_info+0x20/0x20
[  620.258434][T10497]  ? load_image+0x400/0x400
[  620.262942][T10497]  ___might_sleep+0x493/0x610
[  620.267631][T10497]  ? __might_sleep+0xf0/0xf0
[  620.272310][T10497]  ? nla_put+0x130/0x1e0
[  620.276558][T10497]  ? read_lock_is_recursive+0x10/0x10
[  620.281928][T10497]  ? sock_diag_put_meminfo+0xc6/0x120
[  620.287296][T10497]  ? sock_diag_save_cookie+0xc0/0xc0
[  620.292577][T10497]  ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30
[  620.299177][T10497]  __lock_sock_fast+0x2f/0xe0
[  620.303856][T10497]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  620.309053][T10497]  mptcp_diag_get_info+0x1fe/0x9e0
[  620.314284][T10497]  inet_sk_diag_fill+0xf5e/0x1ca0
[  620.319316][T10497]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  620.325042][T10497]  ? lockdep_hardirqs_on+0x94/0x140
[  620.330239][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  620.335869][T10497]  ? inet_diag_bc_sk+0x18b/0x1120
[  620.340892][T10497]  ? mptcp_diag_dump+0xbcc/0x12b0
[  620.345937][T10497]  mptcp_diag_dump+0xce6/0x12b0
[  620.350794][T10497]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  620.357385][T10497]  __inet_diag_dump+0x1f6/0x380
[  620.362239][T10497]  inet_diag_dump_compat+0x17e/0x220
[  620.367533][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  620.373173][T10497]  ? inet_diag_dump_start_compat+0x20/0x20
[  620.379071][T10497]  ? netlink_dump+0x271/0xcf0
[  620.383837][T10497]  netlink_dump+0x694/0xcf0
[  620.388333][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  620.393978][T10497]  ? netlink_lookup+0x1d0/0x1d0
[  620.398827][T10497]  ? __inet_diag_dump_start+0x805/0x970
[  620.404373][T10497]  __netlink_dump_start+0x523/0x700
[  620.409600][T10497]  inet_diag_rcv_msg_compat+0x207/0x420
[  620.415152][T10497]  ? inet_diag_unregister+0xb0/0xb0
[  620.420370][T10497]  ? lock_chain_count+0x20/0x20
[  620.425223][T10497]  ? mutex_lock_io_nested+0x60/0x60
[  620.430417][T10497]  ? __inet_diag_dump+0x380/0x380
[  620.435435][T10497]  ? inet_diag_dump_start_compat+0x20/0x20
[  620.441323][T10497]  ? inet_diag_dump+0x50/0x50
[  620.446088][T10497]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  620.451727][T10497]  ? inet_diag_unregister+0xb0/0xb0
[  620.456925][T10497]  sock_diag_rcv_msg+0x164/0x3e0
[  620.461875][T10497]  netlink_rcv_skb+0x1f5/0x440
[  620.466638][T10497]  ? sock_diag_bind+0xa0/0xa0
[  620.471319][T10497]  ? netlink_ack+0xb50/0xb50
[  620.475905][T10497]  ? __lock_acquire+0x7d10/0x7d10
[  620.480936][T10497]  ? rcu_lock_acquire+0x5/0x30
[  620.485787][T10497]  sock_diag_rcv+0x26/0x40
[  620.490310][T10497]  netlink_unicast+0x774/0x920
[  620.495075][T10497]  netlink_sendmsg+0x8ba/0xbe0
[  620.499851][T10497]  ? netlink_getsockopt+0x570/0x570
[  620.505076][T10497]  ? aa_sock_msg_perm+0x94/0x150
[  620.510027][T10497]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  620.515342][T10497]  ? security_socket_sendmsg+0x7c/0xa0
[  620.520807][T10497]  ? netlink_getsockopt+0x570/0x570
[  620.526095][T10497]  ____sys_sendmsg+0x5b7/0x8f0
[  620.530875][T10497]  ? __sys_sendmsg_sock+0x30/0x30
[  620.535907][T10497]  ? import_iovec+0x6f/0xa0
[  620.540486][T10497]  ___sys_sendmsg+0x236/0x2e0
[  620.545194][T10497]  ? __sys_sendmsg+0x2a0/0x2a0
[  620.550100][T10497]  __se_sys_sendmsg+0x1af/0x290
[  620.555085][T10497]  ? __x64_sys_sendmsg+0x80/0x80
[  620.560432][T10497]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  620.566447][T10497]  ? lockdep_hardirqs_on+0x94/0x140
[  620.571793][T10497]  do_syscall_64+0x4c/0xa0
[  620.576362][T10497]  ? clear_bhb_loop+0x30/0x80
[  620.581140][T10497]  ? clear_bhb_loop+0x30/0x80
[  620.585845][T10497]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  620.591768][T10497] RIP: 0033:0x7fe348a39819
[  620.596292][T10497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  620.616174][T10497] RSP: 002b:00007fe346c51028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  620.624697][T10497] RAX: ffffffffffffffda RBX: 00007fe348cb3180 RCX: 00007fe348a39819
[  620.632860][T10497] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  620.640939][T10497] RBP: 00007fe348acfc91 R08: 0000000000000000 R09: 0000000000000000
[  620.648965][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  620.657041][T10497] R13: 00007fe348cb3218 R14: 00007fe348cb3180 R15: 00007fffe3a0eea8
[  620.665034][T10497]  </TASK>