last executing test programs:

6m23.831334018s ago: executing program 3 (id=911):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x18, 0x14, 0x509, 0x70bd27, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0xcb}}, 0x18}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x48, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, 0x21801, 0x1103}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OKEY={0x8, 0x5, 0xe6000000}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x410c0}, 0x4000020)
r3 = socket$netlink(0x10, 0x3, 0x0)
pipe(0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x4b564d05}]})
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9, 0x0, 0x0, 0x4000000}, 0x0)

6m23.625025024s ago: executing program 3 (id=912):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, 0x0)

6m22.130444116s ago: executing program 3 (id=917):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x9, 0x4, 0x2, 0x1000, 0x4000000000000f1, 0x0, 0x7fffffffffffb, 0x8, 0x0, 0x1, 0x0, 0x4000000000000005, 0x0, 0xbde], 0x1000, 0x3caa03})
ioctl$KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000000)={0x2, 0x0, [{0x0, 0x84, 0x4, 0x9, 0x4, 0x0, 0xb}, {0xb, 0x5, 0x0, 0xd, 0x6, 0x0, 0x9}]})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000100)={0xf, 0x5, 0x4})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m21.158492819s ago: executing program 3 (id=920):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)}, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140), 0x24, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x1400)
rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)

6m20.22595249s ago: executing program 3 (id=925):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000000500)=0x1)

6m18.027361532s ago: executing program 3 (id=932):
r0 = syz_io_uring_setup(0x951, &(0x7f0000000400)={0x0, 0x879, 0x400, 0x1, 0x40}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1b, 0x0, 0x10f0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec00000001090212"], 0x0)
socket$netlink(0x10, 0x3, 0x12)
socket(0x10, 0x803, 0x0)
pipe(&(0x7f0000000040))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x54, 0x0, @fd_index=0x9, 0xfffffffffffffffc, 0x6, 0x6, 0x1, 0x1, {0x2}})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

6m2.678464922s ago: executing program 32 (id=932):
r0 = syz_io_uring_setup(0x951, &(0x7f0000000400)={0x0, 0x879, 0x400, 0x1, 0x40}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x1b, 0x0, 0x10f0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec00000001090212"], 0x0)
socket$netlink(0x10, 0x3, 0x12)
socket(0x10, 0x803, 0x0)
pipe(&(0x7f0000000040))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x54, 0x0, @fd_index=0x9, 0xfffffffffffffffc, 0x6, 0x6, 0x1, 0x1, {0x2}})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

16.790635303s ago: executing program 0 (id=2219):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f00000002c0)=0x3)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'fl512\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x2000001, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x40400, 0x8, 0x48f3, 0x1ff, 0x80000089, 0xa, 0x1400000, 0x20001e54, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485b]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

13.753368025s ago: executing program 0 (id=2225):
socket$inet(0x2, 0x2, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[], 0x74}, 0x1, 0x0, 0x0, 0x20040080}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$dri(0x0, 0x1, 0x402)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000300)={'pcl812\x00', [0x2f00, 0x4, 0xd09c, 0xfff7ffff, 0x4, 0xfffffffe, 0x20000004, 0x4, 0xffe, 0x9, 0x200110, 0x1001, 0x9, 0x4, 0xffff, 0x6, 0x5, 0x40000109, 0x830, 0x30000, 0xffffffff, 0x2, 0x800, 0xe2db, 0x2, 0xd, 0x7, 0x3, 0xc, 0x5, 0x70f]})
ioctl$COMEDI_INSN(r2, 0x8028640c, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, 0x0, 0x0)

11.906290961s ago: executing program 0 (id=2228):
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x14, r4, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)

11.541845173s ago: executing program 5 (id=2229):
r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
connect$nfc_llcp(r4, &(0x7f0000000180)={0x27, 0x0, 0x0, 0x4, 0xf, 0xbb, "4aa2940d2d313d8d264b584544b7862882233de393f56bb194a7449c71fc860dd452af2bb614ebe0bf6a373e9e4709b84800ec2b6f8ab865c3aac026c30601", 0x8}, 0x60)

10.430203106s ago: executing program 0 (id=2232):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4)
r3 = inotify_init1(0x0)
r4 = inotify_add_watch(r3, &(0x7f0000000440)='.\x00', 0x20000000)
write$binfmt_elf32(r2, &(0x7f0000005640)=ANY=[@ANYRES16=r4], 0x69)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

9.136329814s ago: executing program 5 (id=2235):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$netlink(0x10, 0x3, 0xa)
openat$binderfs_ctrl(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000000140)='./file1\x00', 0x109cc2, 0x5c)
ftruncate(r5, 0x200004)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)

7.672134831s ago: executing program 4 (id=2238):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fchdir(0xffffffffffffffff)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)

6.767609372s ago: executing program 2 (id=2240):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x6}, 0x69}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000200)="27030200112014000e00003c0ff000000040ff840000000200000003125ce882cbf490d908f1523f000000000000", 0x2e}], 0x1}, 0x4005)

6.618743595s ago: executing program 4 (id=2242):
syz_mount_image$reiserfs(&(0x7f0000000040), &(0x7f0000000080)='./bus\x00', 0x86, &(0x7f00000002c0)={[{}, {@usrjquota_file, 0x4}, {@grpjquota}, {@usrjquota_file}, {@usrjquota, 0x3d}]}, 0xfc, 0x110a, &(0x7f0000006580)="$eJzs2LFqFEEYB/D/7B2YbmXTL4IWFhISzs4qRYRrrW1EUpkqV0UE8V18HEllH/IAFgFLYWQ3t0YkEDBnJPD7wcwO38438005EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALj0Yui2m6SbIk2SkvT96fI8ST/FH36ZNSl5dbhcHRwvXq6SzMbpZWhD1pCWbu/xVrfoFt1e93x7/0m3Onn/7s3R0eHxepmSPmcXmz9IWddzra3N7wcAAAD3Rb219s8l53e7PwAAAHCTjT4mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyF2l6NuyQ/aq1pkpSk70+X50n6/1kgAAAAcGslTV6318UzPgNceZavbRnjU/tehjm7+TzmP7izmgEAAOD+md84o/x2H3+aeWqtH6d/jzLPzs7leP3Jt/1kdnKQ3V938k9jf3bx4e3USp39g7MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9mBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAOClAAAA///LONy9")
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)

5.607185916s ago: executing program 2 (id=2245):
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7})
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0x8)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
listen(r3, 0x100)
listen(r2, 0x8)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

5.378623813s ago: executing program 2 (id=2246):
unshare(0x2000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})

4.835809642s ago: executing program 1 (id=2247):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x451c, &(0x7f00000000c0)={0x0, 0x11e, 0x400, 0x0, 0x8002ae}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
r6 = socket(0x2a, 0x2, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x100})
io_uring_enter(r3, 0x4ce1, 0x0, 0x0, 0x0, 0x0)

4.680938253s ago: executing program 4 (id=2248):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1ff, 0x20000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0x1, 0x6, 0x6, 0xf, 'syz1\x00', 0x8}, 0x1, [0x7, 0xd5, 0x2, 0xfff, 0x6, 0x6, 0x2, 0x4, 0x2, 0xbd, 0x8, 0x102d, 0x8, 0x1, 0x4, 0x1, 0x1, 0x7, 0x6, 0x200, 0x80, 0x7, 0x5, 0x7, 0x8, 0x2, 0x2, 0x7, 0xffffffffffffffff, 0x3, 0x100000001, 0x2, 0x1, 0x4, 0x3, 0x3, 0x3, 0xfffffffffffffffe, 0x0, 0x6, 0x9, 0x4, 0xaa, 0x50f, 0x9ac2, 0x6fe5, 0xffffffffba36ba5a, 0x4, 0x9, 0x88b, 0x6, 0x6, 0xffffffffffffffff, 0x400, 0x3, 0xfffffffffffff8f6, 0x4, 0xfffffffffffffff9, 0x0, 0xf9800000, 0x0, 0x5, 0x4, 0x4, 0x82d, 0x9, 0x6, 0x0, 0x9, 0xfffffffffffffffa, 0x3ff, 0x6, 0x2, 0x2f, 0x1, 0x7, 0x40, 0x2, 0x42843379, 0x1, 0x7, 0x200, 0x77d, 0xb3, 0x5, 0xe, 0xad, 0x6, 0x0, 0x7, 0x4, 0x200, 0x7, 0x8, 0x0, 0x5, 0x93, 0x8, 0x80, 0x2, 0x2775e12f, 0x680000000000, 0x5, 0x7, 0xe88, 0x80000004, 0x0, 0xfffffffffffffffa, 0x10001, 0x8, 0x8, 0x1000, 0x0, 0x5, 0x7, 0xfffffffffffff000, 0x10000, 0x7fff, 0xfffffffffffffff7, 0x6, 0x46b, 0x8, 0x5, 0x6, 0x4, 0x0, 0x7f, 0xd1]})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x11, @private, 0x3, 0x0, 'lblcr\x00'}, 0x2c)
socket$inet_icmp(0x2, 0x2, 0x1)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x3e, 0x0, 0x0)
syz_fuse_handle_req(r4, &(0x7f00000020c0)="c6cfdab7e6f83fe5e44dd3a8d886a720a29cfb7e50ef99fcf38be6c3b9a9f8c9fdb7b1332c99b85247977ad2d66a577e6f0853366c7561476cb35cf07e6fc1c21d33853a21771a8835a50d941d35a4ccb511cb67ed64259c99811f0e6f176fba1e0fa45fefe030a588f0cf64895fb12a794fd0bd176a38440328d3c6c24c85f50e95c5190eb03fb04f1eb34cae287ed75c8ca8fab2c04dc1fafa14ef93e2a721a12238700dfdabd057e94e697534e1af81921756270313d22a185c146852a5e94300bc8de9904e8c6948d5d2aed05337b9572ee74b77209c6b4710e87fa6661b19283079a46f70a538d96f484b63171bdc3622fcbab6d9bafeaacd755923209c07b8c2f39c04ea713020bcd9e6f1120ea3fbc8dd0b55986c05aa0c0b13ad52f250e9505ba53a887ed7c857e0f56282d6dd5932930efe384bbb198c50aae4b9a65e6a6ccc2904a9121a28df865011c39a54fb0f890cc1f7ef5f5172754f1c2aa8e8acf8c754f22efa88ffea91f2a14133e0a7a8a06bc80d042ce1affa2ebc74b49b48169404b33c62915e54c554d10bc432ec988f7081a8690335d58d0a819d33296db1377af876d84fd557f9a2018ee91f7d39819fc72b0a9bbdd05d6efe6cc459cd42e16f955dcb1a6a2b8b2a71b3a7e1bfa82816abf8c7d3688d53decbc480eaa3821cef557290284d9c504a63768852e15b39841ef3648f14c7edab006a30c7bd518f300df6ff307c0740150dddfdab1e408edb96b2e6ed612b0bc2fca570fa1813d86160a766fe6c11cdbc7a67014fa7645b4b1d3aad378bcce27aa4725ecf7675b2682cc5a15673136e7181ed5ef122017dc72df65af147dcb9ac702f8a6a2eb3f6824ba7db3c32fa4bfbf63dcd45e42a49b6edee22856fc2a43aeb6a3eea91dbd53a231b559ca7b38564853be3bdee7f820966faa916ed4fd335159328f8b727ba068b0ade0e11c9f2c2af4d5244f5d49f9c9f94105a6fe4c71112bcacf9c3dd2861d06cb3fa6b2159bc2028e513298b594ca7da60f4ed30edd7b066c23ca7d9b7d9555b47e687b43b7b5ca3210d939e34dd3d176d8b3d3d2f32f28518aa8b5169362fee4a4ede7d3d218db0ecc3de14789344df20188d907093bbf621fe67ab2a1f29221b2ec334dadc15345fc829005f4f81fc13ad0f5590742295812a7f2108cbbbc37387a7d4174592bf4f94f272306942e6c44b23e96d92911ef416b4159e81b19f267aad20c2aabf7fd285330cbf4c1bb8ac86493e0ef84de88eb7953fcf833e6cc5ebdd50b706bcc148971d24e9d3736ed66e28f75e6a1e2c9a4e2abba887b27815d2f5739fe5f8afe7240841337bfe7a69308186180fed5736fe3cbc2892cb991d0f4400d66952459c54a16448f06fd49995aa65501631d5c42e2abd8f0d890a6bbe49b384bfe27599afd536493981be5f7dbb15bfbc198fcd8ebfca182c53156742e237df31c1dca495e40cf030623a8a081e3bec3b8e5109ba05c0830ef00ff98a4419bae14762d8e0a790c1d517f1f683bb1712a6a0951f024a46efb5c2122460495fa0f4ebaae86286b8a626be2052874f947f18b0c2860ce681a33d5f4217415363fe7a6f8fca125742f03433988d88a5b8e2bf4f3079eb990b6e1ff381b7199717fb885f4f37351bf18bedbeeca351b7bfca5b791b91be0dcf8d169914c449829669e0577d1ebc4fa783d57e0c695cafae201014831a16d8fec47f22d9b79c2acc820f4dba9d1a2986731681ed1f8dd1e83bc2d491302d2f769e6b0bc470404930cad6511492b3adadc6f5073220590d1ce89a520b6d51d6903dd54360cd7047aed76e0a6cd3c3625e67b7c1636fd627aa48f1ee6dd567730c6ec19d1634f62a77f70c64736532455f0d2ae85003e7bb32f06b480a9f7fba5e6917305fd77e38f6936e49c1a3b2a07e242ccc2f9d629d7992937a035574b3efefd515096e30058cb60cc89d8565205f15e71d805ba5d1c4f7b971918e32bd81611a574fc651bc8094f7f3aef8a3ebf95aef1c062ec66e288b1d1ee17ab75723bc46b031744a25cf055c1bc8b083313e38d0fd5d60e832ef28fbff4c93d2d2ed283575a486167c7158e08fe7094d23984bdf38cf6000db39c5d0f7db72325af909b18247d8fddd89eff8831c294d52194a11dae2339938a79ae903eb63bc6e5535796e1c0416cdad01e1493a3075930a0b3b50ad904ff760bec5c6406b10808bf13251df73b4d6fd149a378ac277ccbbfddd9536abdf5c7a8d29e128a290f0d56c9635540f4c9a3ff1d3e0e2b974b50497ebd690dc9393f8b3acfd1650627db8ab784233727f997dab536f1e993980a41f510fa0128d6bf2c8445ed1578b25a36e05f7170b9fbe8ca63e1b4a7235c27f56790c4dd38168ce26358d12b143e9dbae1d01406778250f1c77c80643016ffd4a7a6703b9c3dfa4e7b51fa1d59605d57c9712159eb34c306a988ac95eeb15c3225ccd022d2ccf5f31a81009d2a25891b83e60efe8f718d6c124202f108d23e5e6c89e269890bda8e5681315db361cdf30e4269f2cb530a188f26621a8b263f22bb385d779b3c4eebd16656451087457892e15074abb1c796f0b7f635b9496f3a17220716c449c11c0e82b67b8f1ee6a2709a20676f40f2751df3d74db503db6cb73c955ae1d6983da44de4d349004f3d9db4ba40124416a67bd18d1d9b3c1e4706ddbb2099a2ae16e99c144860d46ef66bc6844963c0563fe2cb8c4049dea32ce5656fbfec6d1aff7ef48bac92c932c9787d9e4cb0c78fc3d70f730c452c20d077b4d9ea304f1b8a2967b1e7af7f05fd35f84d633bf5095b1af53a506f6f61abc99186eba707843e9db2a18fc1c6c77dd79ab9353eaad6457245709acbe9cb381d4458eb5571fa4f4df069ae668b1df2c97f91271be5fc2040031c3980c7555af2d4186875ea4599c873ffaf47aa08c27a0580ceef6251dce4cfd6eb175a1bf36c1fd750826f4e14966e6f196b68da0a524baf86f49ce8c09430554b50a0b387c02ebd59fae9caa1054cba1304aa6732f3990ce6b7bca6b65237f0fc3c79a102e2989dcf3f884002f2efe83e25a3fb217c24c4f66e0973e7ca62483bb52c943ccfbf31324f2b7938de0555a54f47256c903ab65489906c382d7d1022f7f302b186d18b5775e042ba83b874793420a6d854aaec01e3c819d0b11b51558fb9c10b1e2ff96639fb119d90f80aa302c9a6420b4b1230d79fd1e8105259c4ebf9cc3f1eac67f15bcb9d49ae537084c96994ad08214ac07db663c1bbce6499b5665fb5a949ab3d65062467824a2065a9de2f1edc243e03ad38f0ef227519de50a3dc2e8f4a38538be5557c5de56d0110a0759fe96b0e66d20fcb6066995f77fba9c7468434a53892cf2b3f41d58e08bd2ea3b1da2a1178acf50249d77757353943cd126b511098230698782ca88d018381f233f4331d3980f72f30caf915a18794de1253734b89303f25826a80ddd75a9bdf14c6f01690833190872ca5431ab92ab3dca92595983b11de0076125059234720906641119dab9c96be9c10d60fb54267bda61fcb85a491df037cd563b229eea02cd192796d36803b04691d385471a5f68bb76afafe9df28f50dcabfefc8e2eb334bcace928b8eb8f6449116fb5a0fa4a0c51e21b8b1f99308d396db60418cb5385bdf6bce7227e514f6cbc9a9fc50b79e8b0530fd51b21679ea1c404dba52811b3c9487f670e622ac7b1ce8028eadbd882d4325663d8dc4f0960c047c5f3099c90c6256bc11e8eef6b325e0f1ed00279a695f2828762f28ecacdc726aedf42064727ec100ffa74d38d47f383946b9f856e53cb939f98df1bb5af2a12810a619f205e030a302628ffb9b2cfcc2e881e239f33844a118a4de2a5c3d6b857c5105db775a61c5d54d1d82048670e8cd2c44a032904005125eb9f999e845efba3a063e3e26b06298f28799975b51118eece2b7fec02d4b888bfb90919bec287aba71296c66dcf749efa3abcddfccee6ef80d03a1638045f18fb96131cbd9a93e657c29eb74de40f433969e1988ac335bdd9c671b5b75ce6e2440be247775f9d597b4d8523c283e774ed0987e10b88e0c5616720502149db329babc91b225359927f88e0b42f02d41a4c9e0ad7c55a0d2c52cf45da6152c0c742f661b562c3a8ecff1145cac3f63fc053e1a14fe7a57742ab709581604fabe54ff13172b5049434d12f6ed9623265af643f725efea21e2ac1b82365033b9cff4158318f40c8894d2bcffdc954fcf7068c97ca2d2b1bf19b9232b918864e3f63fd59f4c8c578821ec5083e46363d9158451c5a92b425e68081b2c7572df44658a4aae41a439c6bb4bdd2f26ff2a357fa2946e5be5cd97ba25f73bbcc6c05fa966d0aa0cf2e45f22e0021468b37d5afebbfba3233e2cd4fd64e1578be72c38891224cd6c70c4cfd146df6a8142f1493772d48650f8fcbd1435ff704e02ec121e9f43de623eff8070f88a623cd395a02b6b1ffe4ea7ae7f443dc8bdac2cfaa126d4ac9d7788dc972c88fd87d3c8758853f1882532e4ff298b466e7d198daa9015127f2937544b34aaf545f39ee00d74e0e1017a30ff2edff701d53f3a13fc61b31fe7d9032a6c4a517c7527e48c0c44a2beebc9a9f9e6f989bc6c255e05bec5ff99547658143d9eb43a1d96aa5288638b4477aa1f84c59d41194335c09d9d5d660640acb84b53520482fb200ca616e1a6f486e6da3e6721479e85d0676ba142d95ecdf1acc76a49e9bf016f951d8b95adc7e8d4317ddbb28b678135a4a9b98fb8b8b5948b682ee70e04a31f7e3c49c52a11acbb29bd8152bbb4fedd2aae8e7ad5330365213d207677855e6cd72bf93502c14b11bd2f2d6e797efc2cc5bc198730e5cc51c92751ece5c167b3328a6deed4bd73c62623bb3874c9ef18e24997e3ac93b0ad9ca7ddd4c0401ec1b942cb21dfe6abfd3aefe2588ac1684bf6b37dc09d9b9d932d5534c707ef8fe0812a403e057d00955559ca3e0f7e70d3cdfab918b8d125061fd53374c97bd0c9d19e68bacb3db46974d36cb1c96b4475acaf4d46b88a578ed570ce09eb540f30cce4c3f853a9fd669ca36c36ff1f0432713f60e6d6bc789fdae7c7fcf4049e6166b63a12aaa3da6fc35d8783020ceb92f7f90082d4826735618905fc9fdbeb65990882ce130a7e5ebfcdc796ef293019925e80af5074bfed5f62833d9d98e324dd54e30e1d69a15e4beed5da9c6ec01a32978aa29cd26c5703a28e504e7c9264e0421718422b88ef90f6fb4e51c619f29b5fc2f600f88be036eaf28d7f5433715bd493ce55811901a59964f20ac0b06dc3a555eac123c40d3b397053501523a51e8b53a92bbd99ec3bdcd57904cfac3c0d7bcc6613b11a771d32f0f6c60c05449b42820c0a41f757ea1efebebb37f8ea567b2f7dcc4a67ebbdc00716a70f5fe255b9232e27ba05888e034fc50ac0934a43c84577183b83019008edbeb27546e8be7d8402a4c1852198c0e050b96129fd66247c39abff19338300fc3cbe20a395e5805d8bc64c2d87ba27264716e211ab023765e8d454b637aa1320cb18eb4a3dbfa94027a4d75a9a2cc784cbdc22694a8f7e97bd6cea5a4e26b538be9a9dde5637be2d386a85a79ed4df541ab7d0b1370d99d2cfd1f7bf1458bedd0a53f5e6972ee424ed08acb4b49db83cae427d315d1fea4e680258e73b3fc50fdb77692c8798bcda57ac0c34823d69a8ead14c41e9613813838ef80f63138cc9ba3a6b83dfc77b6aa1248678409bd96b64c0b625e88e33262fa0bbee94fec8f3bffedaf8b12d229d0f637848a1dba01892d80f5a5596d37ac1c9c54d32dec3ca56b49aa1157583074af418d0d95a5a46fc3c234814e377963dd4c9c8a5f7cc35aacc892afb9bcede477760688e06f0b2c5a702954f4532c715151eda02f78830129b2612de8fc62fb992d1ba52da164920eb1d1dbc7d1f8f16e31c763581f4c478cf7a84cf01ca904160475a1eabae393bcb852fd550374002bad1ba0827dadcf3f6a2354a3f8f67e6da4f567fe21f55cc34840e79f6af947561c79a141721f6da4625a20fb203f96bd1a3b7322a14a0ab4a38835e1f235f772a18643824cbb9f76664b1212c785055ae17e89f590fdb1b81535e1e3e8a726a9aaf67ae2a8e67eab8f32781bc21027cb1babd932d63bafe7faf48bc57820c5e32288583db4cf369a7fbb479e1e97ca67f63b1880fb33ccf2661d7af9041ea1afc0e90ee0b4b510d094268e4576584a17fcb21b3c3f68bf1e1c4748177cb4cab92df4c254e0d0759d507e5eb096861efcf1aa66805474e3bd32f7055a7d53d47f416d24a5ac7d5fc953206db3a012234d8693e0ff662457ddaf977eaf37d043c407a7ade1fa8eaf85b6e1b1456aec3064ee858742f4e22f2d6084e3881a4783b3a9086009202eb6eb77fc1ce2236d6384cbc62c7db9cecd2fdb06f328d49c066562cf1dee863d33b48288fbb1d4d5bcafcd1b6391879e670c7189bbebafe48214d6e2b405e36192e1067eb8d0363777a174e630467673ca968ea51476b0b8a04d598f6fc593d3f3267ab37e17831dab86a67aac3ec8336c5b6e9e416b1f46d0a9e8ec6c515d86e773baa409e2afae30ea1744f2bc777af11c42f2bf6177e95245c6d601f7cb7b589ccda76a2a314dab023da8128c667a0df682f5c7bbf842a2bb51d4d842cd09d02d67444e5d8ae1f3260c4ef2da5a1c4121fdd47e953d03ff6fea10e35db2c0c110704f513b9d1c57c9da80881ced16d92faf1be60471dc4d82529ea50fd6060be18e8e6deffb15e0a0df4e36117dc22d78bd43b3fedb24cba54c2f2e3bba015bc4c817f70fc1e8b21adb04a9d8c229e9ec178fee0f35d4f169bb7dadd14f46ddc13fc62da4e21e42270a4ed0d60b4034db31ee1e13c97d8d941b2627b255d4283cf0af9044a65765ba88dcb2010fae98a6aeb0a5605d8a904d1cfa0cf8fa67a9d29670a108f014a1b21862e20d4f0f3f0cb99c97f289c657dbd08237aba2f616804ebb0e71819fa46df1a018d8336b534391596cd24b0720dd8a95e5c74b9d047da1da93d653b2aa98e67a65c3868a0c464ad24d427c3c81b41f0b2fb78f6aecd5487c29f4fd871bec21f54d22b661eeed67c866cdf057d585beace568ed52a4399dfdcc8c9a80c94f3cb92f0974b9b33ed893e8db33cf95220e03f3d28edd8b80991b0754010e7252392d1e846011defb6c46c73ee015bcb9b288f6945771af90ddd8c548eb6649efff32b0a2b36e743e46135e47fc65d1eb3f7a580104c22bbcc75ec041813cf2496a4793d17112f40333e3c874e0bcbcd889a6bb484e43632b2f9a628a461a2a5d58808b848751642b5c426c50fd82398894dc78c56ed1f0358b626cde2a0167dcb210c8ae2f6d9c95356331cf2a21ed0dfd5165bcac2681ce070f60ffffe69dd75836c4be0aa7f8630bf345a32d246c838552cbb35a6dfdb6ea54c4ecf0ad16990901b7a72280872fc807eda1de4fdce2c223fd089e0f0eac84c1e2980b9b5a032dd1294bd2eb49372f55b9b4cf4d3c1b14050bec1344d71a8316e173bd36f5917100de4dfedfff896517a04468006e5c632c8ad15521324f3abd72545b47df874a4a95d3bb30915ebcc3ed371528f89c7e943286a8cf4ff2cca3f3496ded16b139658bd5d3323ae9007b4dab665cd24e7888735de2cce7bc1b3af39a6d92d787dd237f8d72283f7aab1d99985f3783e5cb0661cadb552293f189f75e7f3fa933c775a27415a3ad22239986364ba7a582f2d9c31e7247aa8d44d5a7e8169fec65daaf62756b34dd307ebc7fbe8a8023aac1553fbf15b48a8ee3bd0c35c7ced684f667500ab2997aa75382475eb35888e72b30ad5aad3910c5ead6797f4182adce92dafc2073f1529ff5f1a42daf3c78e499039864e8e768fb11b33c0d7779e6128579d882761f9b21fcc0696da03eeb049c90b86da8dba548058f0caddb83ec9051a04f3133341e9a17a17b72ac20cd9e242fb383365f6a2f5c795087c7ee682555adadb7305bfe2886a57f3718f30f24b52d481aa35eb2c40417df5ea9d8af1b7b871ce37fb1c84402d269e3a01a5c9a00d3c7d6ff21c90d437066850ea92773288ba925294f9368b74fd1f3c4512ae8be2f86b73641507480f3db07634df10fca86bb4431664ade710d5a8894c368660c95f7a0b8ce5ffcdae136b5c8b4ed8c3b4cd9b71079dfd6d1501df9b7f1477b516f3cceecb2def619c05061502b253af7e3deccc839de56292c95a3912e809b100897a85705cf59af66e194143d13c12b6dc1a31cd15a74fe57666931e3fd6b75512d22f063c68576b1bd6a1ab6d7f4065447daee300b7d4fe330daeda866beb44eb8ed4041d0a36bfa49871e0623eb6f5d7b967e8f969985063e2fc4f4097c2a5189b10c1776713f78193c6e0e847025936b36eaa2e817ebb45c375f18350247f6586214a200f2f17536b52b8fa196d4a6a77317807075d130a77badf745a6076b1241e47942501cba893fd0db02545e49f559e9712a60ffce9f3154459c69984de49e11192266196497c81b7c5b45997c1369c8e8490b1a748985fd4c9ab8929d17a51c331dc160c8ae8d2961351ef103e3427299e4f28faff6ac1905be2814cb02511472c7232bd104ac438d846b4a727df2ed24364e061f157c2447e7d5265b1cd75797603e220a9d2e280868f3c2c56befbc6b1b1a07be1070b293adf324b3aee5140ef5f643c952726d9b770989b07f2cdea2e1d6951027e8b386faccff07b2547dd78aa85cc113b599ab168ef602e40fc097396341a8e5b97b59032110ddf114129feaed96e85237bb4bb886b287279b96234c18947ce7d2d5e92dd5c68829edd271bfccff21b87f6a061c9b43b51252add291c8f59be1a222d00fb7719664a8b89c452e78cf1d491a036107f0a521545fd96d2548735847e278065c196153028b91f59c7b70f9883f14cfb3343bb230f4af9bd51132cc62ee5459e34e77bb2983d30e65e65ab769fa0a0578bed01f33c76f4138208659a97fbbf380f1321336c14d21012f3cc4ee2101d42321f0123d51377e319e4ff4551f7f83ca62ff9448a28b6134da582f609be7dea5d70370772ef2552f12e97cf390ee2697022168d622ae0c813d86a43c25c758162ab0aadf25c84c790fb32a459997068be01325e473871cb024ff030070434d197558b8df442e1d2ad0c7b33fe021fa6cd57b7477dd76c6a802ddf405e909d48d23321e986d791b44d32d417d63638246fcdd661e6a1453d1411ec85fa0b750354aecdd4f4b90a420d2d4f67c514f15a8fe590735f660dc5eaa7f2873c7841edaf2c0d46a92fc07c6cd22fc978f74bac72e468d96ba370fb88f9a629d4de0a8a83d43c1949aae33fe24859c1bbf8663adc6936e305cf9c56aacc84e7515caf18d0d049bec2f0a484b75a8c2c23abbca66b039a52e606f08df0a3cdd2dc6449e84ce463206d2878de0e4d0f438764a0fe360e95494e9e61581001785b081254971197024460a68ec029052f2d8841dac7e714798027696067e739cd1525df28ac9514c02e25f8ea1146e356fc5941e4661cd244dccee4a1450e4334a20cb572b842d44a8431abf4d5bb82ac6b78ce3c6d394e5969c6fe8216805f6e2db2889f27849e0dd26a5a387958a36c833a8b3d861033c00ffef267e4b09350ca1b819d5c83025e4ad69328970db92520e6ce569d5632caeb6dc42c8f6f8759256ad9c1ffe8c30a92b795bf00544714c957d5d982a4e91ec7a30dfdcacbd41ceb61f208e5442f7f7ce19ba2f0dddf50020ed1c271afe5007277e2496c3bc7f3101d6fa7f0ea2627a99de0c441a11c6afbb721037dcfc897fc5d9e0ed644b9c3aee328bc2beb3801d2bf43b1e360759c1056c74a63aa33cb6e5933b7a0b4f654113ea5830de7e8374e939e4c794be77f1f0c1e1bcedc8f584a56db0c38b6c8da60bad62b41d754d9b6cbf3379374a6126db0ef1ee2da5862acaf117408ad26c66ec8ee4f9f1844fb4cc64bc61212b303c7c622f05d29b7fd540bdc253bc948d373886e5cd4dc9bc1b551dfc514f12cc64ecc3b276ab43a4adc2142fea9c5ecf983b0841729d1771b51c2ff787ac2439f305ca3fe31cdbe24f034fcd3d41141cc0ed5cdd82e3171be1381ad4f0bf81b3be200524c98cad5a3dee3ee618c97d0678c7b4fbf729dbc2baaa2385fb63e6b906b08681c19d55200924c0edb4c3b48463fd9c2ac86510ce1e0a641def11e9e7b7fa74a629895221b06a15c995cafe55dee6c06e01b34f4f18e5ffeb76ffb412277bdfa4cee10823a1e55832c3d1d19ba5b84560668b33fafc672cfba1a85c60c61c45bd562506d9d28542c4b4795ed011a8005862f7add9dc2533dd29d0ddd534eb0a3b537b391c423b527b3ae4ce0c829a6efcf8671e9e5224df6ed6c1f20452cb46cd578a620788f9af325d45825ced3043ef3693ffebf7b881518ba2c71587251edf150772ae1e24f4415f9d9307151b8fbcb83d0da908f4b6c762b777dc406991353e962f181bc06e892ff9e49e557639dafd09b291f79720b866e46bcf14d5bd1ed15a468a8996ecec8ce3d9890fb45c96804dddfe5b7280c0e30934f129e14b344506f70d484eea40baac63b89dc71b030a6c8149ffca2434c773bffe76bbf2e778f0034666970a96bf336ee5240e765ea3715382bd8fe19c5ce5a8814717d87d4d6304a3b0d6581a6fed44975ef8a8186c19a513f5c6c0610acbd31fd58e2cb683162464cf7f50ade879461ee91f433b09d1febe058c101a0ff96cbffd547c2beab15ca343cfe592ea435f980ff03e0aeadcc80d64383d287997a6a937fc22221cec2a1aa6e8dfc1dc6e0f2e02060a18c09957376a72e165728acddf73873a958f43bcd2e9c6c71a83f744bf14c75f5e8308523a7d39bcbfd832c6597b2928b07630ae50540bb71b44b5b4040a1d172fabe8dbfb96a99e7498b12dcc8ed9e43fb36c202d019b4fbe11f715f5de76bede175c22d8355323eb004c5021d892fbe48fa7b6bf382eb03d0e447a38c63bb7fa1154c2cdf08a1cf5fa95ec75a5aa9037ebf8916cb78e6da650016a0c7ed34290e25e2122be24e4373c49c4fc81c39ec1a1ce4b658e1b80562bf911a1f6a5fc2e69d2554d4abf5ad79d9c9b7d9ac8c4122c11f590a35dcee3fbe185027832b4e2a71ebc591a60bb874b36b415b455bd942fe1a69a92b70ce1a1c867c85138449529cab5f63feab609a2ba3344191c416d8409b59962bcee1c4a40874069e28432fcade20f07c9259dec75fb978a6b84b6e8f50fdb341c7c19f55a8fa389cf085f44661c9618d56d32be0bdb3b2928fc2c372e86ea109afaee022bb832e80e869c7cb1053921b862b27599d3665f7fabfd6436743ea893ec43e4e4daa598127df8ee3249be4668d717117a038f0e734a894457df4c64dd76a9d9d42efc29f2311085c9e6fcef385f40af94f283edca078797e96b79719875aed3900252c3acc6a92e23083b3fa24057d9ebf7886df99d652e7d18cbd445560a0afc81bf7c011777837f94b32094fa1bc99472cc2a40bff245abb27d3f628b1b649fd", 0x2000, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
stat(&(0x7f0000000280)='./file0\x00', 0x0)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

4.61355879s ago: executing program 4 (id=2249):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
close(0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b7040000000000008500000033000000850000000800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48c8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.752454659s ago: executing program 2 (id=2250):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x80002, 0x0)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x331, 0x2000, 0x40000000, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400400c}, 0x0)

3.748254119s ago: executing program 1 (id=2251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)

3.59474481s ago: executing program 5 (id=2252):
socket$nl_route(0x10, 0x3, 0x0)
inotify_init()
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x400]}, 0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
pipe(&(0x7f0000000080))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000101010100000000000000000200000004000180180002801400018008000100b04c94a708000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x8000)

2.335688655s ago: executing program 2 (id=2253):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_io_uring_setup(0x810, 0x0, 0x0, &(0x7f0000000140))
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='highspeed', 0x9)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f00000000c0), 0xffffffffffffffef, 0x0, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

2.334806215s ago: executing program 4 (id=2254):
futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)

2.333394175s ago: executing program 1 (id=2255):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r0, 0x7)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r1, 0x100)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x5, 0x0)
listen(r3, 0x1)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x8)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)

2.25293492s ago: executing program 5 (id=2256):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2000003, 0x4082172, 0xffffffffffffffff, 0x418a6000)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)

2.246745719s ago: executing program 1 (id=2257):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000300)='(\xed\xef(.(\\-]\x00', &(0x7f0000000340)="02", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', &(0x7f0000000700)="19", 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000380)='}\x00', &(0x7f0000000880)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='(\xed\xef(.(\\-]\x00', &(0x7f00000000c0)='f\xf0p\xce\x97\xbb\xd2dH\xdf\xbd\x18\x9baE\xef\x90\x90\x057g\x85\xf4\xf0\xba\xb0\xb1\x06\xa6q\xef\x03H\xda\"`\xd6', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000240)='fuseblk\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000440)=')\x00', &(0x7f0000000480)='#^\x00', 0x0)
read(r0, 0x0, 0xfffffea1)
close(r0)

2.229752105s ago: executing program 0 (id=2258):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {0x5, 0xb}, {0x2, 0x3}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004070}, 0x4008000)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x5)

1.61108322s ago: executing program 1 (id=2259):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8901, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
io_uring_setup(0x33c9, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x3c, r5, 0x1, 0xffffffff, 0x0, {0x37}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xfcb3ae1e096881cb}, 0x8006)

1.241796441s ago: executing program 5 (id=2260):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r3)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r4, 0x400, 0x1)
r5 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r5, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.18070696s ago: executing program 0 (id=2261):
syz_mount_image$msdos(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="2c1e0d3fa5ff"], 0x1, 0x52e, &(0x7f0000000600)="$eJzs2j+LE0EcBuAxd+YOG1OLxYKN1XFaWbpIDg4XhMgWWrlwsdkVYbfZpLpvI/jZ7NJcF7nskrv4rzFx1DwPhHnJm8Bvmt0p5t3DD+XFx+b9sy+fwvHzJAxCCIOrEEar1LnTr4NVHobbLgMA8K+ZTIo09gzsVl2nxfUZ7ui7Jv8cZSAAAAAAAAAAAAB+m/v/ALB/3P///9V1Wgz789sm9/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAeK6Wy/vLX3xizwcAbJ/3PwDsn9dv3r5Ms2w8SZLjEBaXbd7m3dr1Z+fZ+DRZGd38a9G2+cG6f9L1yWZ/N9zr+6c/7Ifh8aOuv+5evMq+6Y/Cxe63DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANxykqyNbr5dtG1+0PUnP+u7dHaejU/7H2z2h+HB4R/bBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAFzWxeFlU1rQVBENYh9pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIpZnNy6KqpnUTexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4G/RzOZlUVXTeoch9h4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L6vAQAA//+aYmE9")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x9006}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc786b409ac930c90ff90f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d85893f229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09e3187a10d905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5de0900000000000000cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367638cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e1217c1342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c67df4c6505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a2d4f12e8e717eaaa2a6d14fee0c15f36c203dbc7c06128bec84231d43e152ef19ce027436fb4ebb9fce431b913f4817597a6f53d1626f9d1cb7b36fb18ac19547a9b20ede70c81a75686cea85dcd34408128da7cab045541bc6b9a0a79f63f2e7646356e04b977c9f47467537015240b974184be9c54b7c628ae4d97ebdb06070344468994afbaac71e5ffac2c61d9af66f9de2760a38e968a781528531c1c936a02065be48f1eee77be878873206d65bd0b1241fab9139abd7f40febe81fed3684e6b59273da01f1743c6a5df300ec59c65e8174fc2d95a62ca7b937289ad14107333007eab833a5849eb19f18ae41743dfb949377e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x146, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638777fbacf01416ac141416440c05114d2f87e5940c05ab440c13f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

1.12978588s ago: executing program 2 (id=2262):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {0xfff2}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8, 0x1, 0x3}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=@newqdisc={0x40, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfb, {0x0, 0x0, 0x0, r3, {0x4}, {0xffff, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x7, 0x1}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)

561.119424ms ago: executing program 1 (id=2263):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 0000409'], 0x2a, 0xfffffffffffffffc)
r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000002c0)='s', 0x1, 0xfffffffffffffffe)
keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55)

418.430547ms ago: executing program 4 (id=2264):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x704, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x258, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

0s ago: executing program 5 (id=2265):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25d7dbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x10, 0x8, 0x8, 0x8, 0x81}, 0x103, 0x0, 0x7, 0x7, 0x7, 0xa, 0x12, 0x7, 0x7, 0x3, {0x3, 0x2, 0x3, 0x35db, 0x2, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40188c0}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=@newtfilter={0x44, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x136bc}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0))
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x14}], 0x1}, 0x4)

kernel console output (not intermixed with test programs):

838 ns i8254 timer period limited to 200000 ns
[  113.153167][ T5118] pit: kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[  113.182693][ T5118] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  113.216565][   T25] audit: type=1804 audit(2000000054.143:7): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.285" name="/newroot/51/file0" dev="fuse" ino=1 res=1 errno=0
[  113.306784][   T26] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  114.167021][   T26] usb 2-1: Using ep0 maxpacket: 16
[  114.476273][   T26] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  114.485556][   T26] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.506209][   T26] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  114.717143][   T26] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  114.816390][   T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.994677][   T26] usb 2-1: Product: syz
[  115.088482][   T26] usb 2-1: Manufacturer: syz
[  115.228941][   T26] usb 2-1: SerialNumber: syz
[  115.735714][   T26] usb 2-1: 0:2 : does not exist
[  117.718679][ T1108] usb 2-1: USB disconnect, device number 3
[  117.752858][ T5198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[  117.784476][ T5198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[  118.022767][ T5211] binder: 5210:5211 ioctl c0306201 0 returned -14
[  118.396981][   T25] audit: type=1804 audit(2000000059.303:8): pid=5219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.315" name="/newroot/57/file0" dev="fuse" ino=1 res=1 errno=0
[  119.029898][ T5223] netlink: 20 bytes leftover after parsing attributes in process `syz.4.318'.
[  119.048550][ T4184] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  119.057638][ T5223] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  119.066979][ T5223] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  119.075694][ T5223] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  119.084452][ T5223] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  119.095739][ T5226] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'.
[  119.106496][ T5223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'.
[  119.120026][ T5226] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'.
[  119.229158][ T5231] loop4: detected capacity change from 0 to 16
[  119.246100][ T5231] erofs: (device loop4): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version
[  119.336486][ T4184] usb 1-1: Using ep0 maxpacket: 32
[  119.516637][ T4184] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.546717][ T4184] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  119.555885][ T4184] usb 1-1: New USB device found, idVendor=0458, idProduct=706e, bcdDevice=35.64
[  119.565548][ T4184] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.582833][ T4184] usb 1-1: config 0 descriptor??
[  119.753956][ T5252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'.
[  119.968632][   T26] usb 1-1: USB disconnect, device number 5
[  121.824132][ T5322] tipc: Started in network mode
[  121.850172][ T5322] tipc: Node identity ac1414aa, cluster identity 4711
[  122.652476][ T5322] tipc: Enabled bearer <udp:s>, priority 10
[  123.431404][ T5333] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  123.440306][ T5333] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  123.449056][ T5333] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  123.457887][ T5333] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  123.473237][ T5333] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  123.482324][ T5333] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  123.491545][ T5333] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  123.500474][ T5333] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  123.603464][ T5341] bond1: option mode: unable to set because the bond device has slaves
[  123.635547][ T5343] netlink: 24 bytes leftover after parsing attributes in process `syz.2.347'.
[  123.657865][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.670989][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.707742][ T5345] bond1: (slave batadv_slave_1): Enslaving as a backup interface with an up link
[  123.727678][ T5348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.348'.
[  123.752887][    T7] tipc: Node number set to 2886997162
[  123.771841][ T5346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.347'.
[  123.886182][ T5348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.348'.
[  125.536546][ T5392] netlink: 24 bytes leftover after parsing attributes in process `syz.0.363'.
[  125.567199][ T5383] loop1: detected capacity change from 0 to 256
[  125.927324][   T21] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  126.046747][ T5401] netlink: 20 bytes leftover after parsing attributes in process `syz.0.367'.
[  126.186319][   T21] usb 2-1: Using ep0 maxpacket: 8
[  126.306757][   T21] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.332774][   T21] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  126.517130][   T21] usb 2-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a
[  126.530386][   T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.542423][   T21] usb 2-1: Product: syz
[  126.552564][   T21] usb 2-1: Manufacturer: syz
[  126.552873][ T5424] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  126.578345][ T5423] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4259298950/4259298952
[  126.592012][   T21] usb 2-1: SerialNumber: syz
[  126.598951][ T5423] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4259298950/4259298951
[  126.629297][   T21] usb 2-1: config 0 descriptor??
[  126.644820][ T5423] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4259298950/4259298952
[  126.660764][ T5423] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4259298950/4259298951
[  126.809188][ T5430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.374'.
[  126.893639][ T5383] Disabled LAPIC found during irq injection
[  126.915169][   T26] usb 2-1: USB disconnect, device number 4
[  129.220152][ T5469] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  131.042924][ T5465] loop1: detected capacity change from 0 to 32768
[  131.188114][   T25] audit: type=1800 audit(2000000072.124:9): pid=5465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.385" name="file1" dev="loop1" ino=7 res=0 errno=0
[  131.462152][ T5493] netlink: 104 bytes leftover after parsing attributes in process `syz.2.393'.
[  131.598644][ T5498] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer.
[  131.643429][ T5498] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer.
[  132.096735][ T5512] loop4: detected capacity change from 0 to 1156
[  132.346351][ T4184] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  132.588515][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  132.595247][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  132.646043][ T4184] usb 2-1: Using ep0 maxpacket: 8
[  132.765859][ T4184] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.780855][ T4184] usb 2-1: config 0 has no interfaces?
[  132.796472][ T4184] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  132.815792][ T4184] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.849333][ T4184] usb 2-1: config 0 descriptor??
[  133.166755][ T5529] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  135.718549][    T7] usb 2-1: USB disconnect, device number 5
[  136.031086][ T5560] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer.
[  136.879577][ T5566] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer.
[  137.273728][ T5584] binder: BINDER_SET_CONTEXT_MGR already set
[  137.290374][ T5584] binder: 5583:5584 ioctl 4018620d 200000004a80 returned -16
[  137.344409][ T5584] binder: 5583:5584 ioctl c0306201 200000000440 returned -14
[  137.553815][ T5599] netlink: 'syz.2.429': attribute type 8 has an invalid length.
[  137.760621][ T5608] loop1: detected capacity change from 0 to 256
[  137.810530][ T5608] exfat: Deprecated parameter 'namecase'
[  137.873853][ T5614] binder: 5613:5614 ioctl c0306201 200000000440 returned -14
[  137.914907][ T5608] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  138.337800][   T25] audit: type=1326 audit(2000000079.274:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae36281799 code=0x0
[  138.400735][   T25] audit: type=1326 audit(2000000079.324:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.466422][   T25] audit: type=1326 audit(2000000079.324:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.507866][   T25] audit: type=1326 audit(2000000079.324:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.544484][   T25] audit: type=1326 audit(2000000079.324:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.641481][   T25] audit: type=1326 audit(2000000079.324:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.664281][   T25] audit: type=1326 audit(2000000079.324:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  138.735435][   T25] audit: type=1326 audit(2000000079.324:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  139.022799][   T25] audit: type=1326 audit(2000000079.324:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  139.373952][   T25] audit: type=1326 audit(2000000079.324:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5621 comm="syz.1.439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fae36281799 code=0x7ffc0000
[  139.597080][ T5657] binder_alloc: 5656: binder_alloc_buf size 64768 failed, no address space
[  139.634493][ T5657] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280)
[  141.286675][ T5694] syz.3.460 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  141.502207][ T5694] loop3: detected capacity change from 0 to 8192
[  142.403962][ T5711] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  142.413921][ T5711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  142.446809][ T5711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  142.453746][ T5713] loop4: detected capacity change from 0 to 128
[  142.463115][ T5711] device bridge_slave_0 left promiscuous mode
[  142.475702][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.489279][ T5711] device bridge_slave_1 left promiscuous mode
[  142.496475][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.508896][ T5711] bond0: (slave bond_slave_0): Releasing backup interface
[  142.516882][ T5711] device bond_slave_0 left promiscuous mode
[  142.531561][ T5711] bond0: (slave bond_slave_1): Releasing backup interface
[  142.567526][ T5713] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  142.567965][ T5711] device bond_slave_1 left promiscuous mode
[  142.643646][ T5708] netlink: 52 bytes leftover after parsing attributes in process `syz.4.463'.
[  142.673528][ T5708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.463'.
[  142.714273][ T5711] team0: Port device team_slave_0 removed
[  142.754919][ T5711] team0: Port device team_slave_1 removed
[  142.765722][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.773289][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.810338][ T5711] bond1: (slave batadv_slave_1): Releasing backup interface
[  142.848043][ T5711] bond1: (slave macvlan2): Releasing backup interface
[  143.025408][ T5715] team0: Mode changed to "broadcast"
[  143.061171][ T5717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'.
[  145.813921][ T5781] loop4: detected capacity change from 0 to 128
[  145.873980][ T5781] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  146.238862][ T4304] FAT-fs (loop4): error, invalid FAT chain (i_pos 548, last_block 8)
[  146.256588][ T4304] FAT-fs (loop4): Filesystem has been set read-only
[  146.271250][ T5793] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  146.280862][ T4304] FAT-fs (loop4): error, corrupted file size (i_pos 548, 522)
[  146.423485][ T5799] loop4: detected capacity change from 0 to 512
[  146.906560][ T5799] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  147.209895][ T5799] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.670504][ T5829] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.772427][ T5835] device syzkaller0 entered promiscuous mode
[  147.896984][ T5829] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.007118][ T5829] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.108366][ T5829] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.288200][ T5829] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.423881][ T5847] loop1: detected capacity change from 0 to 128
[  148.665217][ T5847] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  149.008916][ T5829] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.037800][ T5829] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.058170][ T5829] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.140272][   T21] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  149.158789][ T4304] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8)
[  149.181147][ T4304] FAT-fs (loop1): Filesystem has been set read-only
[  149.382377][ T4304] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522)
[  150.244718][   T21] usb 5-1: Using ep0 maxpacket: 16
[  150.419032][ T5852] loop3: detected capacity change from 0 to 8192
[  150.594873][   T21] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  150.705716][   T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.723520][ T5852] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  150.816407][ T5852] REISERFS (device loop3): using ordered data mode
[  150.896613][   T21] usb 5-1: Product: syz
[  150.956872][ T5852] reiserfs: using flush barriers
[  150.988073][   T21] usb 5-1: Manufacturer: syz
[  151.094457][   T21] usb 5-1: SerialNumber: syz
[  151.143886][ T5866] loop2: detected capacity change from 0 to 4096
[  151.151630][ T5852] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  151.197288][ T5852] REISERFS (device loop3): checking transaction log (loop3)
[  151.223910][   T21] r8152-cfgselector 5-1: config 0 descriptor??
[  151.264789][   T21] r8152-cfgselector 5-1: can't set config #0, error -71
[  151.287039][ T5866] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[  151.325152][ T5852] REISERFS (device loop3): Using r5 hash to sort names
[  151.332052][ T5852] REISERFS (device loop3): using 3.5.x disk format
[  151.345456][   T21] r8152-cfgselector 5-1: Unknown version 0x0000
[  151.363202][   T21] r8152-cfgselector 5-1: USB disconnect, device number 5
[  151.387242][ T5852] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  151.446621][ T4383] ntfs3: loop2: ntfs3_write_inode r=3 failed, -22.
[  151.453348][ T4195] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[  151.484678][ T4195] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  151.491682][ T4195] ntfs3: loop2: ntfs_set_state r=3 failed, -22.
[  151.500083][ T5884] loop4: detected capacity change from 0 to 256
[  151.520055][ T4383] ntfs3: loop2: ntfs3_write_inode r=3 failed, -22.
[  151.546345][ T4195] ntfs3: loop2: ntfs_evict_inode r=3 failed, -22.
[  151.561821][   T25] kauditd_printk_skb: 472 callbacks suppressed
[  151.561833][   T25] audit: type=1800 audit(2000000092.495:492): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.510" name="file1" dev="loop3" ino=3 res=0 errno=0
[  151.904431][ T5899] HTB: quantum of class FFF10008 is big. Consider r2q change.
[  151.968064][ T5903] loop3: detected capacity change from 0 to 512
[  151.995058][ T1111] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  152.115210][ T5903] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  152.127291][ T5903] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  153.435007][ T1111] usb 5-1: Using ep0 maxpacket: 8
[  153.555186][ T1111] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.575287][ T1111] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  153.616219][ T5918] netlink: 20 bytes leftover after parsing attributes in process `syz.2.526'.
[  153.728874][ T5921] TCP: TCP_TX_DELAY enabled
[  153.735113][ T1111] usb 5-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a
[  153.744158][ T1111] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.766343][ T5921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.528'.
[  153.776006][ T1111] usb 5-1: Product: syz
[  153.780185][ T1111] usb 5-1: Manufacturer: syz
[  153.805036][ T1111] usb 5-1: SerialNumber: syz
[  153.828002][ T1111] usb 5-1: config 0 descriptor??
[  154.086357][ T5881] Disabled LAPIC found during irq injection
[  154.155135][   T21] usb 5-1: USB disconnect, device number 6
[  154.355678][ T5941] ceph: No mds server is up or the cluster is laggy
[  154.375041][ T1111] libceph: connect (1)[c::]:6789 error -101
[  154.570435][ T1111] libceph: mon0 (1)[c::]:6789 connect error
[  155.331015][ T5937] loop2: detected capacity change from 0 to 8192
[  155.363916][ T4184] libceph: connect (1)[c::]:6789 error -101
[  155.370128][ T4184] libceph: mon0 (1)[c::]:6789 connect error
[  155.477163][ T5937] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  155.506075][ T5937] REISERFS (device loop2): using ordered data mode
[  155.512611][ T5937] reiserfs: using flush barriers
[  155.656196][ T5937] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  155.738205][ T5937] REISERFS (device loop2): checking transaction log (loop2)
[  155.911285][ T5937] REISERFS (device loop2): Using r5 hash to sort names
[  155.966295][ T5963] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  155.976236][ T5963] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  155.983501][ T5937] REISERFS (device loop2): using 3.5.x disk format
[  155.985697][ T5963] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.000595][ T5963] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.014103][ T5937] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  156.067514][ T5969] fuse: Bad value for 'fd'
[  156.161473][   T25] audit: type=1800 audit(2000000097.095:493): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.532" name="file1" dev="loop2" ino=3 res=0 errno=0
[  156.441353][ T5985] netlink: 20 bytes leftover after parsing attributes in process `syz.3.543'.
[  156.899395][ T6001] loop2: detected capacity change from 0 to 256
[  157.019009][ T6009] netlink: 'syz.1.559': attribute type 4 has an invalid length.
[  157.021319][ T4231] libceph: connect (1)[c::]:6789 error -101
[  157.041291][ T4231] libceph: mon0 (1)[c::]:6789 connect error
[  157.132243][ T6006] ceph: No mds server is up or the cluster is laggy
[  157.285757][ T6012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.334661][ T4184] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  157.348640][ T6012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.550'.
[  157.584785][ T4184] usb 3-1: Using ep0 maxpacket: 8
[  158.465068][ T4184] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.475836][ T4184] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  158.535583][ T6026] loop3: detected capacity change from 0 to 512
[  158.655118][ T4184] usb 3-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a
[  158.666649][ T6026] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  158.683290][ T4184] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.687286][ T6026] ext4 filesystem being mounted at /115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  158.697418][ T4184] usb 3-1: Product: syz
[  158.754629][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.1.560'.
[  158.769970][ T4184] usb 3-1: Manufacturer: syz
[  158.793048][ T4184] usb 3-1: SerialNumber: syz
[  158.796915][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.1.560'.
[  158.807258][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.1.560'.
[  158.826450][ T6039] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  158.832616][ T4184] usb 3-1: config 0 descriptor??
[  159.012084][ T4452] libceph: connect (1)[c::]:6789 error -101
[  159.019791][ T4452] libceph: mon0 (1)[c::]:6789 connect error
[  159.044307][ T6050] ceph: No mds server is up or the cluster is laggy
[  159.396900][ T4452] libceph: connect (1)[c::]:6789 error -101
[  159.442368][ T4452] libceph: mon0 (1)[c::]:6789 connect error
[  160.384476][ T6001] Disabled LAPIC found during irq injection
[  160.392078][    T7] usb 3-1: USB disconnect, device number 2
[  160.494296][ T6068] netlink: 'syz.4.566': attribute type 6 has an invalid length.
[  161.413784][ T6084] bond1: (slave ip6gretap1): making interface the new active one
[  161.442665][ T6084] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  161.486331][ T6084] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  161.500800][ T6084] bond1 (unregistering): Released all slaves
[  162.994113][ T4231] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  163.593618][   T25] audit: type=1326 audit(2000000104.525:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6116 comm="syz.2.583" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3e9472799 code=0x0
[  163.720596][ T4231] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  163.734792][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.746059][ T4231] usb 4-1: config 0 descriptor??
[  164.969821][ T4231] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  165.087569][ T6130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.586'.
[  166.125232][ T4231] usb 4-1: USB disconnect, device number 4
[  169.595056][ T6163] overlayfs: failed to clone upperpath
[  169.731343][ T6169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.597'.
[  169.874793][ T6169] capability: warning: `syz.0.597' uses 32-bit capabilities (legacy support in use)
[  173.056696][ T6205] device syzkaller0 entered promiscuous mode
[  173.118623][ T6205] tipc: Started in network mode
[  173.152535][ T6205] tipc: Node identity 3eec05d351b3, cluster identity 4711
[  173.207942][ T6205] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  173.285350][ T6214] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  173.845190][ T6203] tipc: Resetting bearer <eth:syzkaller0>
[  173.901536][ T6203] tipc: Disabling bearer <eth:syzkaller0>
[  174.058650][ T6232] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  176.584336][   T21] Bluetooth: hci0: command 0x0406 tx timeout
[  176.605190][ T6240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.608254][ T4452] Bluetooth: hci2: command 0x0406 tx timeout
[  176.621191][ T4452] Bluetooth: hci1: command 0x0406 tx timeout
[  176.628529][ T4452] Bluetooth: hci3: command 0x0406 tx timeout
[  176.757247][ T6257] team0: Mode changed to "broadcast"
[  176.796742][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.620'.
[  177.101088][ T6274] netlink: 'syz.3.622': attribute type 4 has an invalid length.
[  179.248240][ T6285] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  179.322344][ T6289] loop3: detected capacity change from 0 to 128
[  179.588899][ T6289] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  179.833596][ T6289] ext4 filesystem being mounted at /127/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  180.505593][ T6289] EXT4-fs (loop3): shut down requested (2)
[  180.512282][ T6289] fscrypt (loop3, inode 12): Error -5 getting encryption context
[  180.871268][ T6320] IPVS: Error connecting to the multicast addr
[  182.136205][ T6339] netlink: 16 bytes leftover after parsing attributes in process `syz.0.639'.
[  182.145649][ T6332] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  182.194242][ T6332] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  182.856547][ T6346] netlink: 'syz.0.641': attribute type 4 has an invalid length.
[  183.009267][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.645'.
[  183.083535][ T6354] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  183.092349][ T6354] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  183.101170][ T6354] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  183.110116][ T6354] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  183.219743][ T6364] loop2: detected capacity change from 0 to 512
[  183.224865][ T6362] device ipip0 entered promiscuous mode
[  183.232707][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.645'.
[  183.275690][ T6364] EXT4-fs (loop2): Ignoring removed oldalloc option
[  183.312339][ T6364] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  183.354726][ T6364] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  183.397407][ T6364] EXT4-fs (loop2): 1 truncate cleaned up
[  183.444486][ T6364] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,errors=continue,inode_readahead_blks=0x0000000000004000,stripe=0x0000000000000003,bsdgroups,oldalloc,,errors=continue. Quota mode: none.
[  183.676764][   T25] audit: type=1800 audit(2000000124.576:495): pid=6364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.649" name="file1" dev="loop2" ino=15 res=0 errno=0
[  184.745182][ T6398] capability: warning: `syz.2.654' uses deprecated v2 capabilities in a way that may be insecure
[  189.749039][  T264] block nbd0: Attempted send on invalid socket
[  189.761714][  T264] blk_update_request: I/O error, dev nbd0, sector 128 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  189.786518][  T264] gfs2: error 10 reading superblock
[  191.280793][ T6505] loop2: detected capacity change from 0 to 128
[  192.045200][ T6494] netlink: 52 bytes leftover after parsing attributes in process `syz.1.674'.
[  192.178862][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.674'.
[  192.520770][ T6519] IPVS: persistence engine module ip_vs_pe_ not found
[  192.550365][ T6526] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  192.799559][ T6538] netlink: 'syz.4.689': attribute type 1 has an invalid length.
[  192.812817][ T6538] netlink: 146340 bytes leftover after parsing attributes in process `syz.4.689'.
[  195.551520][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  195.557879][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  195.564232][   T25] audit: type=1800 audit(2000000136.477:496): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.683" name="/" dev="fuse" ino=4 res=0 errno=0
[  196.782414][ T6560] loop3: detected capacity change from 0 to 128
[  197.610618][ T6573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.699'.
[  197.654863][ T6576] loop2: detected capacity change from 0 to 128
[  197.848771][ T6578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.701'.
[  198.080130][ T6576] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  198.750876][ T6569] netlink: 52 bytes leftover after parsing attributes in process `syz.2.696'.
[  198.816351][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.696'.
[  199.179240][ T6593] loop2: detected capacity change from 0 to 256
[  199.239234][ T6593] exfat: Unknown parameter '��������'
[  201.099426][ T6621] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  201.943407][ T6642] overlayfs: failed to clone upperpath
[  203.672530][ T6660] netlink: 52 bytes leftover after parsing attributes in process `syz.2.723'.
[  203.777369][ T6666] netlink: 76 bytes leftover after parsing attributes in process `syz.2.723'.
[  203.799482][ T6666] netlink: 52 bytes leftover after parsing attributes in process `syz.2.723'.
[  204.004167][ T6673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.727'.
[  204.263485][ T6685] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  204.481676][   T26] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  204.912718][   T26] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  204.934525][   T26] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  204.973131][   T26] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  205.009710][   T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.036282][   T26] usb 3-1: config 0 descriptor??
[  205.057154][ T6687] netlink: 'syz.4.732': attribute type 39 has an invalid length.
[  205.088855][   T26] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  205.179092][ T6699] netlink: 52 bytes leftover after parsing attributes in process `syz.4.739'.
[  205.204630][ T6699] netlink: 76 bytes leftover after parsing attributes in process `syz.4.739'.
[  205.215631][ T6699] netlink: 52 bytes leftover after parsing attributes in process `syz.4.739'.
[  205.234106][ T6703] device bond_slave_0 entered promiscuous mode
[  205.240346][ T6703] device bond_slave_1 entered promiscuous mode
[  205.246876][ T6703] device vlan2 entered promiscuous mode
[  205.252907][ T6703] device bond0 entered promiscuous mode
[  205.352057][ T1111] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  205.359651][ T6707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.616882][ T1111] usb 1-1: Using ep0 maxpacket: 32
[  205.742068][ T1111] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.758171][ T1111] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  205.923633][ T1111] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  205.952022][ T1111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.988752][ T1111] usb 1-1: Product: syz
[  205.999002][ T1111] usb 1-1: Manufacturer: syz
[  206.008441][ T1111] usb 1-1: SerialNumber: syz
[  206.052640][ T1111] usb 1-1: config 0 descriptor??
[  206.113503][ T6728] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  206.947355][ T6733] 8021q: adding VLAN 0 to HW filter on device bond1
[  206.973030][ T6738] fuse: Unknown parameter '4'
[  206.988032][ T6737] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  207.004287][ T6737] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  207.016773][ T6738] sctp: [Deprecated]: syz.4.750 (pid 6738) Use of int in max_burst socket option deprecated.
[  207.016773][ T6738] Use struct sctp_assoc_value instead
[  207.071926][ T5291] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  207.127966][ T6745] binder: 6744:6745 ioctl c0306201 2000000003c0 returned -14
[  207.212379][ T1111] usb 3-1: USB disconnect, device number 3
[  207.448671][ T6761] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  208.251748][   T26] usb 1-1: USB disconnect, device number 6
[  209.741775][ T1111] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  210.320289][ T6818] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  211.481855][ T1111] usb 4-1: unable to get BOS descriptor or descriptor too short
[  211.522337][ T6825] netlink: 4 bytes leftover after parsing attributes in process `syz.4.777'.
[  211.606625][ T1111] usb 4-1: unable to read config index 0 descriptor/start: -71
[  211.637004][ T1111] usb 4-1: can't read configurations, error -71
[  212.643890][ T6844] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'.
[  213.569904][ T6856] netlink: 'syz.0.789': attribute type 27 has an invalid length.
[  213.734838][ T6865] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  214.416163][ T6856] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  214.528884][ T6874] netlink: 28 bytes leftover after parsing attributes in process `syz.4.791'.
[  214.638838][ T6880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.797'.
[  214.648731][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.797'.
[  214.758605][ T6880] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  214.767523][ T6880] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  214.776267][ T6880] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  214.785027][ T6880] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  214.862807][ T6885] netlink: 'syz.0.793': attribute type 7 has an invalid length.
[  215.315511][ T6889] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  215.843738][ T6889] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  219.215764][ T6925] loop3: detected capacity change from 0 to 512
[  219.281400][ T6925] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  219.306706][ T6925] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  220.273385][ T6940] block device autoloading is deprecated and will be removed.
[  220.329500][ T6942] block device autoloading is deprecated and will be removed.
[  222.694608][ T6987] netlink: 20 bytes leftover after parsing attributes in process `syz.4.827'.
[  222.710224][ T6987] device ip6gre1 entered promiscuous mode
[  222.733031][ T6987] netlink: 'syz.4.827': attribute type 6 has an invalid length.
[  222.741311][ T6987] netlink: 72 bytes leftover after parsing attributes in process `syz.4.827'.
[  224.149002][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.4.833'.
[  227.197557][ T7037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  228.477859][   T25] audit: type=1804 audit(2000000169.419:497): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.848" name="bus" dev="ramfs" ino=42984 res=1 errno=0
[  228.520403][   T25] audit: type=1804 audit(2000000169.419:498): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.848" name="bus" dev="ramfs" ino=42984 res=1 errno=0
[  229.385849][ T7026] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  229.395506][ T7026] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  229.410379][ T7026] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  229.552062][ T7026] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  229.561046][ T7026] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  229.569892][ T7026] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  229.614147][ T7045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.843'.
[  229.674816][ T7054] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  229.834160][ T7054] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.641187][   T25] audit: type=1326 audit(2000000171.589:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57fd027799 code=0x7ffc0000
[  230.710403][ T7077] xt_policy: output policy not valid in PREROUTING and INPUT
[  231.086946][   T25] audit: type=1326 audit(2000000171.589:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57fd027799 code=0x7ffc0000
[  231.215227][   T25] audit: type=1326 audit(2000000172.029:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f57fd027799 code=0x7ffc0000
[  231.275358][   T25] audit: type=1326 audit(2000000172.089:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57fd027799 code=0x7ffc0000
[  231.298690][   T25] audit: type=1326 audit(2000000172.089:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7074 comm="syz.4.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57fd027799 code=0x7ffc0000
[  231.406972][ T7091] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  234.247395][ T7143] netlink: 'syz.3.873': attribute type 1 has an invalid length.
[  234.478184][ T7143] 8021q: adding VLAN 0 to HW filter on device bond2
[  236.033108][ T7143] bond2: (slave gretap1): making interface the new active one
[  236.042163][ T7143] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  236.097306][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  237.815016][ T7182] device syzkaller0 entered promiscuous mode
[  241.658300][ T7251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.911'.
[  242.539453][   T25] audit: type=1800 audit(2000000183.480:504): pid=7252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.909" name="/" dev="fuse" ino=9 res=0 errno=0
[  243.308971][ T7266] bridge0: port 1(syz_tun) entered blocking state
[  243.660093][ T7266] bridge0: port 1(syz_tun) entered disabled state
[  243.998382][ T7266] device syz_tun entered promiscuous mode
[  244.140295][ T7266] device bridge0 entered promiscuous mode
[  245.323503][ T7312] xt_hashlimit: size too large, truncated to 1048576
[  245.340747][   T25] audit: type=1804 audit(2000000186.230:505): pid=7313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.926" name="file0" dev="hugetlbfs" ino=43375 res=1 errno=0
[  245.392685][ T7312] xt_hashlimit: invalid rate
[  245.404734][ T7317] netlink: 12 bytes leftover after parsing attributes in process `syz.4.927'.
[  245.415557][   T25] audit: type=1804 audit(2000000186.310:506): pid=7316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.926" name="file0" dev="hugetlbfs" ino=43375 res=1 errno=0
[  245.440217][ T7317] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  245.447917][ T7317] IPv6: NLM_F_CREATE should be set when creating new route
[  245.474075][ T7317] netlink: 12 bytes leftover after parsing attributes in process `syz.4.927'.
[  245.499727][ T7320] netlink: 798 bytes leftover after parsing attributes in process `syz.1.928'.
[  247.382193][ T7330] netlink: 24 bytes leftover after parsing attributes in process `syz.4.931'.
[  247.458719][ T6044] Bluetooth: hci4: command 0x0406 tx timeout
[  247.513368][ T7336] bridge0: port 3(syz_tun) entered blocking state
[  247.539202][ T7336] bridge0: port 3(syz_tun) entered disabled state
[  247.551814][ T7336] device syz_tun entered promiscuous mode
[  247.589801][ T7337] bridge0: port 3(syz_tun) entered blocking state
[  247.596292][ T7337] bridge0: port 3(syz_tun) entered forwarding state
[  247.639309][ T7337] device bridge0 entered promiscuous mode
[  247.646473][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0.257: link becomes ready
[  248.509237][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  249.025074][ T7362] loop2: detected capacity change from 0 to 1024
[  249.118686][ T7362] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  249.170407][ T7362] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,mblk_io_submit,,errors=continue. Quota mode: none.
[  256.163214][ T7057] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  256.183266][ T7420] loop2: detected capacity change from 0 to 4096
[  256.242970][ T7420] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  256.353176][ T7420] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  256.386838][ T7420] EXT4-fs (loop2): Ignoring removed bh option
[  256.408320][ T7420] EXT4-fs (loop2): re-mounted. Opts: delalloc,noblock_validity,nouid32,nodiscard,max_batch_time=0x0000000000000002,bh,. Quota mode: writeback.
[  256.419139][ T7057] usb 1-1: Using ep0 maxpacket: 16
[  256.549247][ T7057] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  256.602891][ T7057] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  256.617992][ T7057] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  256.629500][ T7057] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.644888][ T7427] netlink: 24 bytes leftover after parsing attributes in process `syz.1.965'.
[  256.645399][ T7057] usb 1-1: config 0 descriptor??
[  256.794474][ T7057] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  256.826071][ T7435] fuse: Bad value for 'fd'
[  256.839303][ T7435] fuse: Bad value for 'fd'
[  256.883845][ T7436] netlink: 8 bytes leftover after parsing attributes in process `syz.2.967'.
[  256.893018][ T7436] netlink: zone id is out of range
[  257.517168][ T7443] netlink: 'syz.4.972': attribute type 1 has an invalid length.
[  257.554529][ T7443] 8021q: adding VLAN 0 to HW filter on device bond1
[  257.594775][ T7443] bond1: (slave gretap1): making interface the new active one
[  257.625976][ T7443] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  257.634997][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  257.650294][ T7446] overlayfs: statfs failed on './file0'
[  259.021073][ T6044] usb 1-1: USB disconnect, device number 7
[  259.587528][ T7472] 9pnet: Insufficient options for proto=fd
[  260.737068][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  260.743404][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  260.803319][ T7486] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  260.884813][ T7490] netlink: 'syz.0.986': attribute type 1 has an invalid length.
[  260.993935][ T7490] 8021q: adding VLAN 0 to HW filter on device bond1
[  261.125146][ T7498] bond1: (slave gretap1): making interface the new active one
[  261.170788][ T7498] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  261.199724][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  261.209689][ T7497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.988'.
[  261.232682][ T7498] syz.0.986 (7498) used greatest stack depth: 18992 bytes left
[  261.400898][ T7507] irq bypass consumer (token ffff8880565db700) registration fails: -16
[  261.467196][ T7501] bridge2: port 1(veth5) entered blocking state
[  261.480520][ T7501] bridge2: port 1(veth5) entered disabled state
[  261.487625][ T7482] xt_TPROXY: Can be used only with -p tcp or -p udp
[  261.488066][ T7501] device veth5 entered promiscuous mode
[  261.513792][ T7501] bridge2: port 1(veth5) entered blocking state
[  261.520142][ T7501] bridge2: port 1(veth5) entered forwarding state
[  261.601170][ T7502] bridge2: port 2(veth7) entered blocking state
[  261.621968][ T7502] bridge2: port 2(veth7) entered disabled state
[  261.629813][ T7502] device veth7 entered promiscuous mode
[  261.635943][ T7502] bridge2: port 2(veth7) entered blocking state
[  261.642290][ T7502] bridge2: port 2(veth7) entered forwarding state
[  261.743096][ T7514] netlink: 12 bytes leftover after parsing attributes in process `syz.0.993'.
[  261.749358][ T7516] xt_hashlimit: max too large, truncated to 1048576
[  261.756972][ T7514] netlink: 12 bytes leftover after parsing attributes in process `syz.0.993'.
[  261.764528][ T7516] xt_hashlimit: overflow, try lower: 0/0
[  262.350149][ T4307] bridge2: port 1(veth5) entered disabled state
[  262.396405][ T4307] bridge2: port 2(veth7) entered disabled state
[  262.932072][ T7533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.996'.
[  266.901656][ T7543] chnl_net:caif_netlink_parms(): no params data found
[  267.302170][ T7543] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.358212][ T7543] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.368752][ T4231] Bluetooth: hci5: command 0x0409 tx timeout
[  267.408150][ T7543] device bridge_slave_0 entered promiscuous mode
[  267.434171][ T7543] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.461639][ T7543] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.481823][ T7543] device bridge_slave_1 entered promiscuous mode
[  267.546842][ T7543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.579295][ T7543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  267.657144][ T7543] team0: Port device team_slave_0 added
[  267.677693][ T7543] team0: Port device team_slave_1 added
[  267.783348][ T7543] batman_adv: batadv0: Adding interface: batadv_slave_0
[  267.807232][ T7543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.356067][ T7543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.474596][ T7543] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.500952][ T7543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.529421][ T7543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.566934][ T7543] device hsr_slave_0 entered promiscuous mode
[  268.579854][ T7543] device hsr_slave_1 entered promiscuous mode
[  268.586504][ T7543] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  268.599835][ T7543] Cannot create hsr debugfs directory
[  268.772488][ T7598] Set syz0 is full, maxelem 0 reached
[  269.359668][ T7600] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1018'.
[  269.427933][ T7589] syz.1.1016 (7589) used greatest stack depth: 17232 bytes left
[  269.785942][ T4229] Bluetooth: hci5: command 0x041b tx timeout
[  269.876542][ T7543] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  269.892124][ T7543] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  269.907110][ T7543] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  269.922399][ T7608] loop2: detected capacity change from 0 to 512
[  269.947446][ T7543] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  270.037074][ T7608] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  270.047226][ T7590] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1014'.
[  270.064384][ T7608] EXT4-fs (loop2): orphan cleanup on readonly fs
[  270.141926][ T7611] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1021'.
[  270.201540][ T7608] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  270.610078][ T7608] EXT4-fs (loop2): 1 truncate cleaned up
[  270.672353][ T7608] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,dioread_lock,quota,,errors=continue. Quota mode: writeback.
[  270.831574][ T7608] EXT4-fs (loop2): shut down requested (1)
[  270.875151][ T7543] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.937674][ T7543] 8021q: adding VLAN 0 to HW filter on device team0
[  270.956576][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  270.988866][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  271.011054][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  271.028345][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  271.063449][ T4304] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.070567][ T4304] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.087164][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  271.124709][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  271.174126][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  271.187016][ T4304] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.194176][ T4304] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.210741][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  271.257948][ T7543] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  271.268822][ T7543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  271.319582][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  271.332587][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  272.551665][ T4231] Bluetooth: hci5: command 0x040f tx timeout
[  272.579691][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  272.619547][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  272.698571][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  272.844017][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  272.864548][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  272.882096][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  272.919944][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  272.971845][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  272.985628][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  273.588731][ T7653] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1032'.
[  274.390635][ T7657] device bridge0 left promiscuous mode
[  274.568211][ T7057] Bluetooth: hci5: command 0x0419 tx timeout
[  274.626820][ T7669] netlink: 'syz.2.1037': attribute type 3 has an invalid length.
[  274.641359][ T7669] netlink: 'syz.2.1037': attribute type 10 has an invalid length.
[  274.663667][ T7669] 8021q: adding VLAN 0 to HW filter on device team0
[  274.683667][ T7669] bond0: (slave team0): Enslaving as an active interface with an up link
[  274.707181][ T7543] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.732200][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  274.743628][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  275.081676][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1042'.
[  275.122966][ T7687] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  275.131823][ T7687] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  275.140072][ T7687] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  275.148269][ T7687] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  275.169327][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): : link becomes ready
[  275.178429][ T7689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[  275.188096][ T7689] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  275.196955][ T7689] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (68719607821)
[  275.214290][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  275.261400][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  275.304810][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1042'.
[  275.349070][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): : link becomes ready
[  275.409264][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  275.599413][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  275.748426][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  275.884509][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  276.089101][ T7543] device veth0_vlan entered promiscuous mode
[  276.101064][ T7543] device veth1_vlan entered promiscuous mode
[  276.130924][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  276.156964][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  276.168438][ T7543] device veth0_macvtap entered promiscuous mode
[  276.182089][ T7543] device veth1_macvtap entered promiscuous mode
[  276.199206][ T7543] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.210804][ T7543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.222094][ T7543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.271154][ T7543] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.292381][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  276.317339][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  276.530141][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  276.539480][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  276.549022][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  277.275665][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  277.501795][ T7543] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.510804][ T7543] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.520295][ T7543] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.529744][ T7543] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.666897][ T4383] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.686691][ T4383] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.696630][ T4304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.722711][ T4304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.751069][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  277.786557][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  284.910245][ T7816] cgroup: fork rejected by pids controller in /syz0
[  285.285035][ T8544] sctp: [Deprecated]: syz.2.1096 (pid 8544) Use of int in max_burst socket option.
[  285.285035][ T8544] Use struct sctp_assoc_value instead
[  285.309505][ T8644] netlink: 'syz.4.1086': attribute type 10 has an invalid length.
[  285.500516][   T25] audit: type=1804 audit(4147483874.446:507): pid=8647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1087" name="/newroot/3/file0" dev="fuse" ino=1 res=1 errno=0
[  285.540964][   T25] audit: type=1804 audit(4147483874.446:508): pid=8647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1087" name="/newroot/3/file0" dev="fuse" ino=1 res=1 errno=0
[  286.364384][ T8665] netlink: 'syz.4.1093': attribute type 10 has an invalid length.
[  286.428850][ T8665] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1093'.
[  286.471861][ T8665] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  286.647746][ T4227] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  286.713069][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1097'.
[  287.037157][ T4227] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  287.137485][ T4227] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  287.146679][ T4227] usb 6-1: New USB device strings: Mfr=172, Product=0, SerialNumber=0
[  287.159875][ T4227] usb 6-1: Manufacturer: syz
[  287.166389][ T4227] usb 6-1: config 0 descriptor??
[  287.208925][ T4227] hub 6-1:0.0: USB hub found
[  289.605310][   T21] Bluetooth: hci3: command 0x1003 tx timeout
[  289.611601][ T4198] Bluetooth: hci3: sending frame failed (-49)
[  289.657022][ T4227] hub 6-1:0.0: config failed, can't read hub descriptor (err -22)
[  289.777000][ T4227] usbhid 6-1:0.0: can't add hid device: -71
[  289.801816][ T4227] usbhid: probe of 6-1:0.0 failed with error -71
[  290.310519][ T4227] usb 6-1: USB disconnect, device number 2
[  290.556102][ T8706] device vlan2 entered promiscuous mode
[  290.577715][ T8698] netlink: 'syz.4.1104': attribute type 39 has an invalid length.
[  290.605288][ T8706] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1105'.
[  290.834091][ T8718] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1112'.
[  290.914032][ T8720] batman_adv: batadv0: Adding interface: dummy0
[  290.920472][ T8720] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  290.949265][ T8720] batman_adv: batadv0: Interface activated: dummy0
[  290.974367][ T8721] batadv0: mtu less than device minimum
[  290.981563][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  290.994115][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.006098][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.018260][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.030277][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.042335][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.054361][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.066392][ T8721] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  291.686951][   T21] Bluetooth: hci3: command 0x1001 tx timeout
[  291.705957][ T4198] Bluetooth: hci3: sending frame failed (-49)
[  292.983956][ T8740] fuse: Bad value for 'fd'
[  293.125331][ T8752] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1124'.
[  293.766824][   T21] Bluetooth: hci3: command 0x1009 tx timeout
[  294.413487][ T8769] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1130'.
[  294.609725][   T25] audit: type=1800 audit(4147483883.556:509): pid=8745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1121" name="bus" dev="ramfs" ino=46671 res=0 errno=0
[  294.669153][ T4231] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  294.893970][ T8775] loop2: detected capacity change from 0 to 1024
[  294.933334][ T8775] Quota error (device loop2): v2_read_file_info: Number of blocks too big for quota file size (6144 > 256).
[  294.961823][ T8775] EXT4-fs warning (device loop2): ext4_enable_quotas:6486: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  294.980959][ T8775] EXT4-fs (loop2): mount failed
[  295.057610][ T4231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  295.069962][ T4231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.103189][ T4231] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  295.497917][ T4231] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  295.587170][ T4231] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.627162][ T4231] usb 6-1: config 0 descriptor??
[  295.955614][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'.
[  295.964771][ T8793] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1136'.
[  295.980606][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'.
[  295.989901][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'.
[  295.998960][ T8793] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1136'.
[  296.013255][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'.
[  296.022665][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'.
[  296.031787][ T8793] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1136'.
[  296.548450][ T4231] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  296.708148][ T8802] netlink: 'syz.0.1139': attribute type 1 has an invalid length.
[  296.709672][ T8800] binder: BINDER_SET_CONTEXT_MGR already set
[  296.729102][ T4231] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  296.749982][ T8800] binder: 8799:8800 ioctl 4018620d 200000000040 returned -16
[  296.803063][ T8800] binder: 8799:8800 ioctl c0306201 200000000240 returned -11
[  296.814315][ T8802] 8021q: adding VLAN 0 to HW filter on device bond2
[  296.894477][ T8804] bond2: (slave vlan3): Opening slave failed
[  297.154654][ T8812] bond2: (slave vcan0): refused to change device type
[  297.215923][ T8771] loop5: detected capacity change from 0 to 40427
[  297.371271][ T8821] IPv6: Can't replace route, no match found
[  297.439362][ T8824] netlink: 'syz.1.1145': attribute type 10 has an invalid length.
[  297.472955][ T8824] net_ratelimit: 11 callbacks suppressed
[  297.472970][ T8824] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  297.565036][ T8829] debugfs: Directory 'netdev:nicvf0' with parent 'phy10' already present!
[  297.843845][   T25] audit: type=1326 audit(4147483886.786:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  298.736442][   T25] audit: type=1326 audit(4147483886.806:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  298.986331][   T25] audit: type=1326 audit(4147483886.806:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.028959][   T25] audit: type=1326 audit(4147483886.806:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.052201][   T25] audit: type=1326 audit(4147483886.806:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.103582][   T25] audit: type=1326 audit(4147483886.806:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.128751][ T8848] Invalid option length (57448) for dns_resolver key
[  299.224704][   T25] audit: type=1326 audit(4147483886.806:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.498172][   T25] audit: type=1326 audit(4147483886.806:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  299.665307][ T8846] __nla_validate_parse: 24 callbacks suppressed
[  299.665324][ T8846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1152'.
[  299.806790][ T8846] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  299.929977][   T25] audit: type=1326 audit(4147483886.806:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  300.044043][ T4227] usb 6-1: USB disconnect, device number 3
[  301.011862][   T25] audit: type=1326 audit(4147483886.806:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.034544][   T25] audit: type=1326 audit(4147483886.806:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.066986][   T25] audit: type=1326 audit(4147483886.806:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.162778][   T25] audit: type=1326 audit(4147483886.806:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.167186][ T8860] netlink: 'syz.2.1155': attribute type 10 has an invalid length.
[  301.252860][ T8860] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  301.601218][   T25] audit: type=1326 audit(4147483886.806:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.743270][   T25] audit: type=1326 audit(4147483886.806:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.765989][   T25] audit: type=1326 audit(4147483886.806:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.788610][   T25] audit: type=1326 audit(4147483886.806:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  301.887540][   T25] audit: type=1326 audit(4147483886.806:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8770 comm="syz.5.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7fc00000
[  305.730241][ T8909] trusted_key: encrypted_key: master key parameter '��|�{E' is invalid
[  306.718835][ T8925] overlayfs: failed to clone upperpath
[  307.082666][ T8939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1175'.
[  310.292259][ T8976] loop5: detected capacity change from 0 to 512
[  310.381379][ T8976] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  310.402940][ T8976] EXT4-fs (loop5): Test dummy encryption mode enabled
[  313.781018][ T9025] batman_adv: batadv0: Adding interface: dummy0
[  313.787590][ T9025] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.814073][ T9025] batman_adv: batadv0: Interface activated: dummy0
[  313.857352][ T9025] batadv0: mtu less than device minimum
[  314.629123][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.641480][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.653797][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.666177][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.678472][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.690714][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.702956][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.715215][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  314.727496][ T9025] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  315.855869][ T9044] xt_CT: No such helper "pptp"
[  317.235826][ T4229] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  317.276979][ T9069] netlink: 'syz.0.1220': attribute type 21 has an invalid length.
[  317.293829][ T9069] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1220'.
[  318.170289][ T9084] netlink: 'syz.0.1224': attribute type 10 has an invalid length.
[  318.233520][ T4229] usb 3-1: Using ep0 maxpacket: 16
[  318.355771][ T4229] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  318.375577][ T4229] usb 3-1: config 8 has 0 interfaces, different from the descriptor's value: 1
[  319.645235][ T4229] usb 3-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=d4.ce
[  319.660532][ T4229] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.700164][ T9099] batman_adv: batadv0: Adding interface: dummy0
[  319.706526][ T9099] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.708195][ T9049] loop2: detected capacity change from 0 to 8192
[  319.742486][ T9099] batman_adv: batadv0: Interface activated: dummy0
[  319.745591][ T4229] usb 3-1: Product: syz
[  319.781016][ T9102] net_ratelimit: 10 callbacks suppressed
[  319.781033][ T9102] batadv0: mtu less than device minimum
[  319.785590][ T4229] usb 3-1: Manufacturer: syz
[  319.799710][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.812100][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.824471][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.836718][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.845588][ T4229] usb 3-1: can't set config #8, error -71
[  319.848892][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.865068][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.868509][ T4229] usb 3-1: USB disconnect, device number 4
[  319.877244][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.893633][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  319.905900][ T9102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.006722][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  322.013077][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  322.843227][   T26] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  323.097574][ T9153] netlink: 'syz.2.1244': attribute type 1 has an invalid length.
[  323.125030][   T26] usb 1-1: Using ep0 maxpacket: 32
[  323.166455][ T6044] libceph: connect (1)[c::]:6789 error -101
[  323.172705][ T6044] libceph: mon0 (1)[c::]:6789 connect error
[  323.180525][ T9152] ceph: No mds server is up or the cluster is laggy
[  323.255883][   T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.287387][   T26] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  323.298267][   T26] usb 1-1: New USB device found, idVendor=0458, idProduct=706e, bcdDevice=35.64
[  323.310060][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.357554][   T26] usb 1-1: config 0 descriptor??
[  323.648331][ T9129] device syz_tun left promiscuous mode
[  323.659820][ T9129] bridge0: port 1(syz_tun) entered disabled state
[  323.674736][ T9129] batman_adv: batadv0: Interface deactivated: dummy0
[  323.830123][ T9129] batman_adv: batadv0: Removing interface: dummy0
[  324.035179][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  324.160591][ T9129] bond1: (slave gretap1): Releasing active interface
[  324.490967][ T4229] usb 1-1: USB disconnect, device number 8
[  328.995629][ T9226] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1266'.
[  329.094151][ T9228] netlink: 'syz.0.1267': attribute type 10 has an invalid length.
[  329.166163][ T9228] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  332.213015][ T9281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1284'.
[  332.285354][ T9284] loop5: detected capacity change from 0 to 2048
[  332.352310][ T9284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  334.347598][ T9296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'.
[  334.465897][ T9296] device team0 entered promiscuous mode
[  334.496545][ T9296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'.
[  334.590939][ T9296] team1 (uninitialized): Failed to send options change via netlink (err -105)
[  335.443895][ T9296] device team1 entered promiscuous mode
[  335.692102][ T9313] netlink: 'syz.1.1295': attribute type 10 has an invalid length.
[  336.737736][ T9322] sctp: [Deprecated]: syz.1.1298 (pid 9322) Use of struct sctp_assoc_value in delayed_ack socket option.
[  336.737736][ T9322] Use struct sctp_sack_info instead
[  343.162109][ T9389] loop5: detected capacity change from 0 to 256
[  343.203979][ T9392] overlayfs: failed to clone upperpath
[  343.280061][ T9389] FAT-fs (loop5): Unrecognized mount option "short" or missing value
[  343.452619][ T4196] Bluetooth: unknown link type 130
[  344.436407][ T9413] mmap: syz.2.1327 (9413) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  346.623840][ T6044] Bluetooth: hci5: command 0x0409 tx timeout
[  347.562782][ T6044] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  348.797274][ T6044] Bluetooth: hci5: Injecting HCI hardware error event
[  348.807322][ T4198] Bluetooth: hci5: hardware error 0x00
[  349.023286][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.049965][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.240730][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.511017][ T9467] infiniband syz2: set down
[  349.515998][ T9467] infiniband syz2: added vxcan1
[  349.532142][ T9467] infiniband syz2: Couldn't open port 1
[  349.559893][   T21] vxcan1 speed is unknown, defaulting to 1000
[  349.575481][ T9467] RDS/IB: syz2: added
[  349.580101][ T9467] smc: adding ib device syz2 with port count 1
[  349.586723][ T9467] smc:    ib device syz2 port 1 has pnetid 
[  349.621895][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.718945][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.825872][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  349.838342][ T6044] vxcan1 speed is unknown, defaulting to 1000
[  349.930934][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  350.024610][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  350.122672][ T9467] vxcan1 speed is unknown, defaulting to 1000
[  350.975916][ T9489] netlink: 'syz.4.1348': attribute type 1 has an invalid length.
[  351.077360][ T9489] 8021q: adding VLAN 0 to HW filter on device bond3
[  351.098884][ T9494] device macvlan2 entered promiscuous mode
[  351.109691][ T9494] device bond3 entered promiscuous mode
[  351.140751][ T9494] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  351.175421][ T9494] device bond3 left promiscuous mode
[  351.350397][ T9489] bond3: (slave ip6gretap1): making interface the new active one
[  351.360139][ T9489] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  352.124820][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  352.234725][ T9504] device syzkaller0 entered promiscuous mode
[  352.288748][   T26] syzkaller0: tun_net_xmit 48
[  352.335274][ T9528] device ip6gre2 entered promiscuous mode
[  352.352515][ T9528] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  353.061517][ T4232] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  353.214102][ T4232] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  353.263071][ T4231] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  353.504555][ T4232] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  354.283155][ T4232] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  354.324725][ T7057] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  354.405836][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1369'.
[  354.460535][ T9566] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1368'.
[  354.536582][ T4232] usb 3-1: Using ep0 maxpacket: 32
[  355.301096][ T4232] usb 3-1: config 2 has an invalid interface number: 45 but max is 0
[  355.474516][ T4232] usb 3-1: config 2 has no interface number 0
[  355.480734][ T4232] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 27, changing to 8
[  355.492483][ T4232] usb 3-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid maxpacket 41505, setting to 1024
[  356.404445][ T4232] usb 3-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92
[  356.450736][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.483455][ T4232] usb 3-1: Product: syz
[  356.493664][ T4232] usb 3-1: Manufacturer: syz
[  356.523568][ T4232] usb 3-1: can't set config #2, error -71
[  356.555340][ T4232] usb 3-1: USB disconnect, device number 5
[  356.883041][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  361.828849][ T9641] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1387'.
[  362.032505][ T9641] device hsr_slave_0 left promiscuous mode
[  362.083938][ T9645] loop2: detected capacity change from 0 to 4096
[  362.146412][ T9640] batman_adv: batadv0: Interface deactivated: dummy0
[  364.242632][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  366.222702][ T9708] loop2: detected capacity change from 0 to 40427
[  366.258411][ T9708] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  366.266629][ T9708] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  366.283317][ T9708] F2FS-fs (loop2): invalid crc value
[  368.919234][ T9708] F2FS-fs (loop2): Found nat_bits in checkpoint
[  369.096900][ T9738] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1414'.
[  370.482083][ T9762] device ip6gre1 entered promiscuous mode
[  370.490044][ T7057] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  370.498589][ T7057] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  370.509577][ T9762] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  370.522380][ T7057] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  370.556780][ T7057] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  370.695426][ T9764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1423'.
[  371.294437][ T4232] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  374.242080][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  374.320797][ T9795] device syzkaller0 entered promiscuous mode
[  374.562896][ T9801] xt_l2tp: missing protocol rule (udp|l2tpip)
[  378.322022][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  382.838086][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  382.914113][ T9892] loop5: detected capacity change from 0 to 64
[  384.085380][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  384.100476][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  387.448660][ T9928] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1472'.
[  387.607460][ T9933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1472'.
[  389.375028][ T9954] loop5: detected capacity change from 0 to 256
[  389.512887][ T9954] FAT-fs (loop5): Unrecognized mount option "smackfsroot=shortname=mixed" or missing value
[  391.577825][ T9974] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  392.867580][ T9983] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1491'.
[  397.017359][T10027] netlink: 'syz.0.1502': attribute type 1 has an invalid length.
[  397.105783][T10032] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  397.121775][T10032] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  397.168987][T10032] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  397.178466][T10032] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  397.190050][T10032] bond3: (slave geneve2): making interface the new active one
[  397.202561][T10032] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  397.520845][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  398.212101][T10027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1502'.
[  398.241653][T10027] 8021q: adding VLAN 0 to HW filter on device bond3
[  398.275260][T10049] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1508'.
[  398.397253][T10049] HTB: quantum of class 4000A is big. Consider r2q change.
[  398.410183][T10051] HTB: quantum of class 4000A is big. Consider r2q change.
[  398.628984][T10053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1509'.
[  400.421025][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  400.433466][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  400.536397][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  400.545127][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  400.557686][T10083] 8021q: adding VLAN 0 to HW filter on device bond0
[  400.570332][T10083] 8021q: adding VLAN 0 to HW filter on device team0
[  400.580958][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  400.588600][T10083] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  401.677158][T10083] net_ratelimit: 43 callbacks suppressed
[  401.677168][T10083] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  403.146261][T10105] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1520'.
[  403.175826][T10105] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  403.184659][T10105] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  403.193511][T10105] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  403.202317][T10105] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  404.744823][T10112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1522'.
[  405.707127][T10125] tipc: Started in network mode
[  405.741324][T10125] tipc: Node identity 84e, cluster identity 4711
[  405.757370][T10125] tipc: Node number set to 2126
[  405.818940][T10131] tipc: Failed to remove unknown binding: 66,0,0/0:3671094645/3671094646
[  405.841346][T10135] tipc: Failed to remove unknown binding: 66,0,0/0:3712087410/3712087412
[  405.868739][T10131] tipc: Failed to remove unknown binding: 66,0,0/0:3671094645/3671094646
[  405.957891][T10143] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1534'.
[  406.108545][T10143] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1534'.
[  407.120273][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  409.787838][T10203] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000
[  412.270374][   T25] kauditd_printk_skb: 49 callbacks suppressed
[  412.270389][   T25] audit: type=1326 audit(2000000034.881:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae36281799 code=0x7fc00000
[  412.358962][T10224] IPv6: NLM_F_CREATE should be specified when creating new route
[  412.861236][T10231] vxcan1 speed is unknown, defaulting to 1000
[  413.263480][ T7057] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  413.846476][ T7057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.893956][ T7057] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x4B, skipping
[  414.217475][ T7057] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD9, skipping
[  414.398835][ T7057] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  414.490659][ T7057] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.ff
[  414.620426][ T7057] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  414.743499][ T7057] usb 6-1: Manufacturer: syz
[  416.405891][T10265] tipc: Failed to remove unknown binding: 66,0,0/2126:2937629269/2937629270
[  416.429933][T10270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.478163][T10268] tipc: Failed to remove unknown binding: 66,0,0/2126:3715119053/3715119055
[  416.491474][T10276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'.
[  416.523807][ T7057] usb 6-1: config 0 descriptor??
[  416.549799][ T7057] usb 6-1: can't set config #0, error -71
[  416.555350][T10270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.557414][ T7057] usb 6-1: USB disconnect, device number 4
[  419.221332][T10319] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1583'.
[  419.339482][T10323] IPVS: set_ctl: invalid protocol: 0 100.1.0.255:20000
[  419.353254][T10329] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  419.353254][T10329] The task syz.4.1587 (10329) triggered the difference, watch for misbehavior.
[  419.633015][T10332] loop0: detected capacity change from 0 to 2048
[  419.732720][T10332] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  419.746558][T10332] NILFS (loop0): invalid segment: Checksum error in segment payload
[  419.755259][T10332] NILFS (loop0): unable to fall back to spare super block
[  419.762404][T10332] NILFS (loop0): error -22 while searching super root
[  419.929083][ T9678] udevd[9678]: incorrect nilfs2 checksum on /dev/loop0
[  420.265406][T10354] gfs2: gfs2 mount does not exist
[  424.132686][T10396] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1604'.
[  424.351648][T10400] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1604'.
[  424.409491][T10400] device veth5 entered promiscuous mode
[  425.667236][T10414] loop7: detected capacity change from 0 to 7
[  425.716072][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  425.719550][T10416] syz.0.1612 sent an empty control message without MSG_MORE.
[  425.727318][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  425.806231][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  425.817183][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  425.860003][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  425.870977][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  426.644588][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  426.655593][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  426.781046][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  426.792002][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  426.908775][    C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  426.919746][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  427.735601][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  427.747032][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  427.757985][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  427.767873][T10414] ldm_validate_partition_table(): Disk read failed.
[  427.847661][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  427.858593][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  427.871632][    C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  427.882568][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  427.895305][    C1] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  427.906253][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  427.963149][T10414] Dev loop7: unable to read RDB block 0
[  428.004635][T10414]  loop7: unable to read partition table
[  428.012905][T10414] loop7: partition table beyond EOD, truncated
[  428.270819][T10444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  428.288031][T10414] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  430.099066][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.106722][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.114397][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.122013][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.129657][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.137265][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.144883][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.152499][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.160113][T10464] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  430.826325][T10472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1630'.
[  431.776170][   T25] audit: type=1326 audit(2000000053.703:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10478 comm="syz.5.1632" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0839d6799 code=0x0
[  434.261627][T10522] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1645'.
[  434.359780][T10527] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1645'.
[  434.375262][T10527] device veth7 entered promiscuous mode
[  434.408713][   T21] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  434.533916][T10532] loop5: detected capacity change from 0 to 128
[  434.587622][T10532] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  434.602115][T10532] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  434.928959][   T21] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  434.960340][   T21] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  435.798754][   T21] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  435.814067][   T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.828368][   T21] usb 1-1: Product: syz
[  435.853353][   T21] usb 1-1: Manufacturer: syz
[  435.863872][   T21] usb 1-1: SerialNumber: syz
[  436.025330][ T4307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.037527][ T4307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.055899][T10579] tipc: Started in network mode
[  436.081677][T10579] tipc: Node identity 080211000001, cluster identity 4711
[  436.099918][T10579] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  436.107634][T10582] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  436.144341][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  436.168918][   T21] cdc_ncm 1-1:1.0: bind() failure
[  436.195535][   T21] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  436.210351][T10579] syzkaller0: mtu less than device minimum
[  436.246702][   T21] cdc_ncm 1-1:1.1: bind() failure
[  436.332918][   T21] usb 1-1: USB disconnect, device number 9
[  437.098560][   T21] tipc: Node number set to 134418688
[  443.171239][T10697] xt_CT: You must specify a L4 protocol and not use inversions on it
[  443.251300][T10675] loop5: detected capacity change from 0 to 40427
[  443.318842][T10675] F2FS-fs (loop5): invalid crc value
[  443.351766][T10675] F2FS-fs (loop5): Found nat_bits in checkpoint
[  443.668277][T10675] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  444.387016][T10713] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1701'.
[  444.490901][T10689] overlayfs: failed to clone upperpath
[  444.879798][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  444.886370][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  445.781111][T10733] netlink: 'syz.5.1703': attribute type 21 has an invalid length.
[  447.633672][T10778] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1722'.
[  447.766422][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1724'.
[  450.750778][T10819] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1731'.
[  451.571218][T10823] nftables ruleset with unbound set
[  452.459372][T10842] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  453.511089][T10859] loop5: detected capacity change from 0 to 764
[  453.530954][T10864] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  454.792971][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1750'.
[  454.953355][T10859] rock: directory entry would overflow storage
[  455.142270][T10859] rock: sig=0x4654, size=5, remaining=4
[  456.280969][T10872] syz.0.1751 (10872): drop_caches: 2
[  456.613855][T10878] vxcan1 speed is unknown, defaulting to 1000
[  456.767949][T10897] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1756'.
[  457.622160][T10904] siw: device registration error -23
[  457.644710][T10902] device batadv_slave_1 entered promiscuous mode
[  457.665549][T10904] smc: removing ib device syz2
[  457.677531][T10909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1762'.
[  457.720708][T10909] 8021q: adding VLAN 0 to HW filter on device ipvlan1
[  457.799366][T10909] team0: Device ipvlan1 is already an upper device of the team interface
[  457.915364][T10900] device batadv_slave_1 left promiscuous mode
[  464.076206][T10978] tipc: Started in network mode
[  464.087223][T10978] tipc: Node identity 76cda9c93407, cluster identity 4711
[  464.094620][T10978] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  464.108960][T10978] device syzkaller0 entered promiscuous mode
[  464.131707][T10978] tipc: Resetting bearer <eth:syzkaller0>
[  464.169055][T10975] tipc: Resetting bearer <eth:syzkaller0>
[  464.227023][T10975] tipc: Disabling bearer <eth:syzkaller0>
[  466.023402][T10998] device syzkaller0 entered promiscuous mode
[  466.989571][   T26] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  467.029458][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1790'.
[  467.076931][T11017] chnl_net:caif_netlink_parms(): no params data found
[  470.686076][    C0] ip6_tnl_xmit_ctl: 372 callbacks suppressed
[  470.686092][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  470.852941][   T26] usb 6-1: device descriptor read/all, error -71
[  478.488723][   T26] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  480.997117][   T25] audit: type=1326 audit(2000000103.635:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  483.532289][   T25] audit: type=1326 audit(2000000103.635:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  483.580079][   T25] audit: type=1326 audit(2000000103.665:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  483.686609][   T25] audit: type=1326 audit(2000000103.665:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  483.709835][   T25] audit: type=1326 audit(2000000103.665:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  483.777592][   T25] audit: type=1326 audit(2000000103.665:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  484.475190][   T25] audit: type=1326 audit(2000000103.665:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  484.498475][   T25] audit: type=1326 audit(2000000103.665:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  484.542078][   T25] audit: type=1326 audit(2000000103.665:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  484.694196][   T25] audit: type=1326 audit(2000000103.665:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11116 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0839d6799 code=0x7ffc0000
[  484.768263][   T26] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  485.004201][T11168] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1819'.
[  485.505984][   T21] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  485.827420][   T21] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  488.464875][T11222] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  490.225782][T11245] bond4: (slave ip6gretap1): making interface the new active one
[  490.234604][T11245] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link
[  492.118315][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  492.918912][T11279] lo speed is unknown, defaulting to 1000
[  492.937431][T11279] lo speed is unknown, defaulting to 1000
[  492.945164][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  492.958339][T11279] lo speed is unknown, defaulting to 1000
[  493.189537][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.329398][T11284] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.359619][T11279] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  493.382902][T11279] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  493.486492][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.514656][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.533722][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.586875][T11279] lo speed is unknown, defaulting to 1000
[  493.587247][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.607762][T11280] netlink: 'syz.2.1861': attribute type 29 has an invalid length.
[  493.620967][T11279] lo speed is unknown, defaulting to 1000
[  493.647917][T11279] lo speed is unknown, defaulting to 1000
[  493.670883][T11279] lo speed is unknown, defaulting to 1000
[  493.795873][T11279] lo speed is unknown, defaulting to 1000
[  493.865094][T11279] lo speed is unknown, defaulting to 1000
[  494.573764][T11303] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1870'.
[  496.500559][T11315] lo speed is unknown, defaulting to 1000
[  502.377919][T11350] device syzkaller0 entered promiscuous mode
[  503.946280][T11359] loop5: detected capacity change from 0 to 1024
[  504.048277][T11359] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  504.612967][T11377] xt_CT: You must specify a L4 protocol and not use inversions on it
[  504.809766][T11359] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  505.551331][T11388] x_tables: ip_tables: osf match: only valid for protocol 6
[  508.866610][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  508.872923][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  511.530846][T11431] IPVS: stopping master sync thread 11427 ...
[  511.541396][T11427] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 33554436, id = 0
[  511.608969][T11429] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1903'.
[  514.013800][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  514.037196][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  514.047887][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  514.059122][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  514.069268][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  514.534317][T11461] siw: device registration error -23
[  514.562416][T11463] loop5: detected capacity change from 0 to 512
[  514.780695][T11463] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  515.879658][T11463] EXT4-fs (loop5): orphan cleanup on readonly fs
[  517.082636][T11463] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1912: bg 0: block 248: padding at end of block bitmap is not set
[  517.116579][T11463] __quota_error: 4 callbacks suppressed
[  517.116593][T11463] Quota error (device loop5): write_blk: dquota write failed
[  517.130727][T11463] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  517.151774][T11463] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.1912: Failed to acquire dquot type 1
[  517.271854][T11463] EXT4-fs (loop5): 1 truncate cleaned up
[  517.341103][T11463] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,jqfmt=vfsv0,grpjquota=,nogrpid,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  519.009555][T11519] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  519.018501][T11519] tipc: Enabled bearer <udp:s>, priority 10
[  519.159999][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  519.459208][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  519.980843][T11531] Malformed UNC in devname
[  519.980843][T11531] 
[  519.987828][T11531] CIFS: VFS: Malformed UNC in devname
[  520.025942][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  521.173108][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  522.260149][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  523.384042][T11557] lo speed is unknown, defaulting to 1000
[  523.420375][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  523.716863][T11569] wlan0 speed is unknown, defaulting to 1000
[  524.569382][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  525.589975][T11569] wlan0 speed is unknown, defaulting to 1000
[  525.647711][T11569] wlan0 speed is unknown, defaulting to 1000
[  525.661237][T11569] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  525.691842][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  525.834476][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.372264][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.379441][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.386369][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.394068][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.401893][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.417858][T11569] wlan0 speed is unknown, defaulting to 1000
[  526.977337][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  528.075879][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  528.236344][ T4231] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  528.631996][ T4231] usb 1-1: Using ep0 maxpacket: 16
[  528.878152][ T4231] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  529.187744][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  529.259907][ T4231] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  529.276082][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.364639][T11650] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  529.446585][ T4231] usb 1-1: config 0 descriptor??
[  529.551661][T11650] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  529.629750][ T4231] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  529.653704][T11650] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  529.911882][ T4231] usb 1-1: USB disconnect, device number 11
[  530.299475][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  531.781510][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  532.226870][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1967'.
[  532.875988][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  533.987792][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  535.088964][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  536.200702][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  537.312711][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  538.424462][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  539.547134][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  540.648041][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  541.770638][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  542.882319][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  542.941946][T11824] trusted_key: encrypted_key: insufficient parameters specified
[  543.994284][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  544.083796][T11840] xt_time: unknown flags 0xc
[  545.105956][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  546.207180][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  546.403002][T11860] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2013'.
[  547.391880][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  547.449159][T11860] batman_adv: batadv0: Removing interface: dummy0
[  548.516386][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  549.638775][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  550.421643][T11907] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  550.709203][ T4452] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  550.718496][T11913] MPTCP: kernel_bind error, err=-99
[  550.740047][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  551.029463][ T4452] usb 6-1: Using ep0 maxpacket: 16
[  551.081127][T11913] siw: device registration error -23
[  551.160070][ T4452] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  551.191596][ T4452] usb 6-1: config 0 has no interfaces?
[  551.201404][ T4452] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  551.215724][ T4452] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.289263][ T4452] usb 6-1: config 0 descriptor??
[  551.852348][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  552.108792][T11925] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2034'.
[  552.737747][ T4452] usb 6-1: USB disconnect, device number 7
[  552.896230][T11932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2037'.
[  552.914786][T11932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2037'.
[  552.941210][T11932] device netdevsim3 entered promiscuous mode
[  552.963669][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  552.973012][T11932] device netdevsim2 entered promiscuous mode
[  552.995210][T11932] hsr1: Slave A (netdevsim3) is not up; please bring it up to get a fully working HSR network
[  553.049651][T11932] hsr1: Slave B (netdevsim2) is not up; please bring it up to get a fully working HSR network
[  553.825385][T11961] MPTCP: kernel_bind error, err=-98
[  553.852386][T11961] siw: device registration error -23
[  554.001557][T11966] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2044'.
[  554.086071][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  554.331803][T11976] ptrace attach of "./syz-executor exec"[4187] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  555.925055][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  557.068796][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  557.325969][T11995] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.2050'.
[  557.992252][T12012] siw: device registration error -23
[  558.191372][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  558.281295][T12015] ip6t_srh: unknown srh invflags 7F00
[  558.852377][T12017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2059'.
[  559.292398][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  559.378169][T12027] lo speed is unknown, defaulting to 1000
[  559.390251][T12027] wlan0 speed is unknown, defaulting to 1000
[  560.404308][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  560.784839][T12035] loop5: detected capacity change from 0 to 256
[  560.861586][T12035] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[  561.052306][T12035] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  561.526871][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  562.009443][T12045] attempt to access beyond end of device
[  562.009443][T12045] loop5: rw=16777216, want=24247, limit=256
[  562.138803][   T25] audit: type=1800 audit(2000000435.341:593): pid=12045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2064" name="file1" dev="loop5" ino=1048614 res=0 errno=0
[  562.484612][T12055] netlink: 496 bytes leftover after parsing attributes in process `syz.4.2069'.
[  562.747896][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  563.379729][T12065] vivid-001: disconnect
[  564.377984][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  564.606922][T12062] vivid-001: reconnect
[  565.084871][T12086] loop5: detected capacity change from 0 to 512
[  565.408018][T12086] EXT4-fs error (device loop5): __ext4_iget:4912: inode #11: block 1: comm syz.5.2079: invalid block
[  565.457801][T12086] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.2079: couldn't read orphan inode 11 (err -117)
[  565.469830][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  565.685884][T12086] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,,errors=continue. Quota mode: none.
[  566.572713][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  567.762922][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  568.871277][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  568.925287][T12144] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2092'.
[  569.993693][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  570.693791][T12172] device syzkaller0 entered promiscuous mode
[  571.105650][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  572.206662][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  573.614820][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  574.564423][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  574.570771][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  574.697566][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  575.202528][T12232] binder: BC_ATTEMPT_ACQUIRE not supported
[  575.208361][T12232] binder: 12231:12232 ioctl c0306201 2000000001c0 returned -22
[  575.798837][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  576.910521][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  576.920568][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2122'.
[  577.342786][T12265] netlink: 'syz.2.2125': attribute type 10 has an invalid length.
[  578.022536][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  579.041433][T12292] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2131'.
[  579.144860][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  579.555060][T12307] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  580.379121][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  581.528912][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  581.758060][T12324] netlink: 'syz.1.2150': attribute type 4 has an invalid length.
[  582.573684][T12337] lo speed is unknown, defaulting to 1000
[  582.582155][T12337] wlan0 speed is unknown, defaulting to 1000
[  582.649678][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  584.145957][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  584.415526][T12356] netlink: 'syz.0.2146': attribute type 29 has an invalid length.
[  584.425470][T12356] netlink: 'syz.0.2146': attribute type 29 has an invalid length.
[  585.292153][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  586.414481][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  586.971937][T12382] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2155'.
[  587.131416][T12382] unsupported nlmsg_type 40
[  587.515795][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  587.617897][T12357] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2147'.
[  588.967054][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  590.686861][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  590.720289][T12418] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2165'.
[  591.705251][T12418] bridge2: port 1(veth5) entered blocking state
[  591.721206][T12418] bridge2: port 1(veth5) entered disabled state
[  591.728753][T12418] device veth5 entered promiscuous mode
[  591.791984][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  591.797589][T12438] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  591.832566][T12439] bridge2: port 2(veth0_to_bond) entered blocking state
[  591.844324][T12439] bridge2: port 2(veth0_to_bond) entered disabled state
[  591.853089][T12439] device veth0_to_bond entered promiscuous mode
[  591.860682][T12428] device syzkaller0 entered promiscuous mode
[  591.947427][T12447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2170'.
[  592.120699][T12441] bridge2: port 3(veth7) entered blocking state
[  592.880457][T12450] Process accounting resumed
[  592.949350][T12441] bridge2: port 3(veth7) entered disabled state
[  592.968333][T12441] device veth7 entered promiscuous mode
[  592.991263][ T4232] tipc: Node number set to 1120577993
[  593.016258][T12428] tipc: Resetting bearer <eth:syzkaller0>
[  593.036230][T12447] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  593.045481][T12447] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  593.054976][T12447] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  593.071204][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  593.100725][T12423] tipc: Resetting bearer <eth:syzkaller0>
[  593.129452][T12423] tipc: Disabling bearer <eth:syzkaller0>
[  594.197447][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  595.610208][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  596.048900][T12476] 0: reclassify loop, rule prio 0, protocol 700
[  596.150198][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  596.423788][T12490] sctp: [Deprecated]: syz.1.2182 (pid 12490) Use of struct sctp_assoc_value in delayed_ack socket option.
[  596.423788][T12490] Use struct sctp_sack_info instead
[  596.763388][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  597.864323][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  598.986625][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  600.099005][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  600.304215][   T25] audit: type=1326 audit(2000000471.223:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.1.2197" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae36281799 code=0x0
[  600.381990][T12554] device syzkaller0 entered promiscuous mode
[  601.573480][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  602.778005][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  603.850999][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  605.161339][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  607.044365][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  608.438654][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  610.111712][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  610.719801][T12639] loop5: detected capacity change from 0 to 2048
[  611.067031][T12639] FAT-fs (loop5): Unrecognized mount option "?��" or missing value
[  613.355920][T12654] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0)
[  613.615450][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  614.743701][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  616.115581][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  617.524403][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  617.533309][T12692] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2233'.
[  618.646999][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  618.956881][T12747] lo speed is unknown, defaulting to 1000
[  618.967644][T12747] wlan0 speed is unknown, defaulting to 1000
[  619.758637][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  620.881133][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  621.993163][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  623.028745][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  623.104707][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  623.345826][T12803] device syzkaller0 entered promiscuous mode
[  624.205879][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  625.357742][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  625.390775][T12814] loop0: detected capacity change from 0 to 2048
[  626.094495][T12833] 
[  626.096849][T12833] ======================================================
[  626.103856][T12833] WARNING: possible circular locking dependency detected
[  626.110869][T12833] syzkaller #0 Not tainted
[  626.115272][T12833] ------------------------------------------------------
[  626.122281][T12833] syz.4.2264/12833 is trying to acquire lock:
[  626.128335][T12833] ffff888079351820 (msk_lock-AF_INET){+.+.}-{0:0}, at: inet_sk_diag_fill+0xf5e/0x1ca0
[  626.137915][T12833] 
[  626.137915][T12833] but task is already holding lock:
[  626.145266][T12833] ffffc9000183fb60 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  626.154833][T12833] 
[  626.154833][T12833] which lock already depends on the new lock.
[  626.154833][T12833] 
[  626.165220][T12833] 
[  626.165220][T12833] the existing dependency chain (in reverse order) is:
[  626.174231][T12833] 
[  626.174231][T12833] -> #2 (&h->lhash2[i].lock){+.+.}-{2:2}:
[  626.182127][T12833]        _raw_spin_lock+0x2a/0x40
[  626.187147][T12833]        inet_unhash+0xd0/0x540
[  626.191990][T12833]        tcp_set_state+0x35b/0x520
[  626.197091][T12833]        __tcp_close+0x8b/0xfa0
[  626.201932][T12833]        __mptcp_close_ssk+0x1ea/0x460
[  626.207381][T12833]        __mptcp_destroy_sock+0x3b5/0x6f0
[  626.213088][T12833]        mptcp_close+0x5a7/0x9f0
[  626.218017][T12833]        inet_release+0x139/0x180
[  626.223033][T12833]        sock_release+0x7b/0x140
[  626.227961][T12833]        mptcp_nl_cmd_flush_addrs+0x990/0xa90
[  626.234019][T12833]        genl_rcv_msg+0xcea/0xf90
[  626.239032][T12833]        netlink_rcv_skb+0x1f5/0x440
[  626.244307][T12833]        genl_rcv+0x24/0x40
[  626.248801][T12833]        netlink_unicast+0x774/0x920
[  626.254080][T12833]        netlink_sendmsg+0x8ba/0xbe0
[  626.259354][T12833]        ____sys_sendmsg+0x5b7/0x8f0
[  626.264642][T12833]        ___sys_sendmsg+0x236/0x2e0
[  626.269837][T12833]        __se_sys_sendmsg+0x1af/0x290
[  626.275202][T12833]        do_syscall_64+0x4c/0xa0
[  626.280137][T12833]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  626.286548][T12833] 
[  626.286548][T12833] -> #1 (k-sk_lock-AF_INET/1){+.+.}-{0:0}:
[  626.294539][T12833]        mptcp_close+0x297/0x9f0
[  626.299575][T12833]        inet_release+0x139/0x180
[  626.304601][T12833]        sock_release+0x7b/0x140
[  626.306953][T12814] FAT-fs (loop0): Unrecognized mount option "?��" or missing value
[  626.309533][T12833]        mptcp_nl_cmd_flush_addrs+0x990/0xa90
[  626.309555][T12833]        genl_rcv_msg+0xcea/0xf90
[  626.328635][T12833]        netlink_rcv_skb+0x1f5/0x440
[  626.333920][T12833]        genl_rcv+0x24/0x40
[  626.338422][T12833]        netlink_unicast+0x774/0x920
[  626.343705][T12833]        netlink_sendmsg+0x8ba/0xbe0
[  626.348986][T12833]        ____sys_sendmsg+0x5b7/0x8f0
[  626.354276][T12833]        ___sys_sendmsg+0x236/0x2e0
[  626.359474][T12833]        __se_sys_sendmsg+0x1af/0x290
[  626.364845][T12833]        do_syscall_64+0x4c/0xa0
[  626.369778][T12833]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  626.376189][T12833] 
[  626.376189][T12833] -> #0 (msk_lock-AF_INET){+.+.}-{0:0}:
[  626.383918][T12833]        __lock_acquire+0x2c42/0x7d10
[  626.389287][T12833]        lock_acquire+0x19e/0x400
[  626.394307][T12833]        mptcp_diag_get_info+0x1f2/0x9e0
[  626.399924][T12833]        inet_sk_diag_fill+0xf5e/0x1ca0
[  626.405453][T12833]        mptcp_diag_dump+0xce6/0x12b0
[  626.410803][T12833]        __inet_diag_dump+0x1f6/0x380
[  626.416154][T12833]        inet_diag_dump_compat+0x17e/0x220
[  626.421934][T12833]        netlink_dump+0x694/0xcf0
[  626.426936][T12833]        __netlink_dump_start+0x523/0x700
[  626.432632][T12833]        inet_diag_rcv_msg_compat+0x207/0x420
[  626.438679][T12833]        sock_diag_rcv_msg+0x164/0x3e0
[  626.444116][T12833]        netlink_rcv_skb+0x1f5/0x440
[  626.449377][T12833]        sock_diag_rcv+0x26/0x40
[  626.454290][T12833]        netlink_unicast+0x774/0x920
[  626.459555][T12833]        netlink_sendmsg+0x8ba/0xbe0
[  626.464817][T12833]        ____sys_sendmsg+0x5b7/0x8f0
[  626.470081][T12833]        ___sys_sendmsg+0x236/0x2e0
[  626.475265][T12833]        __se_sys_sendmsg+0x1af/0x290
[  626.480614][T12833]        do_syscall_64+0x4c/0xa0
[  626.485526][T12833]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  626.491918][T12833] 
[  626.491918][T12833] other info that might help us debug this:
[  626.491918][T12833] 
[  626.502117][T12833] Chain exists of:
[  626.502117][T12833]   msk_lock-AF_INET --> k-sk_lock-AF_INET/1 --> &h->lhash2[i].lock
[  626.502117][T12833] 
[  626.515820][T12833]  Possible unsafe locking scenario:
[  626.515820][T12833] 
[  626.523245][T12833]        CPU0                    CPU1
[  626.528582][T12833]        ----                    ----
[  626.533922][T12833]   lock(&h->lhash2[i].lock);
[  626.538578][T12833]                                lock(k-sk_lock-AF_INET/1);
[  626.545923][T12833]                                lock(&h->lhash2[i].lock);
[  626.553091][T12833]   lock(msk_lock-AF_INET);
[  626.557571][T12833] 
[  626.557571][T12833]  *** DEADLOCK ***
[  626.557571][T12833] 
[  626.565775][T12833] 6 locks held by syz.4.2264/12833:
[  626.570945][T12833]  #0: ffffffff8d4463e8 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x17/0x40
[  626.580231][T12833]  #1: ffffffff8d4462a8 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x14a/0x3e0
[  626.590555][T12833]  #2: ffff888076d50698 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x700
[  626.601224][T12833]  #3: ffffffff8d520288 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x181/0x380
[  626.611460][T12833]  #4: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  626.620736][T12833]  #5: ffffc9000183fb60 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  626.630706][T12833] 
[  626.630706][T12833] stack backtrace:
[  626.636576][T12833] CPU: 1 PID: 12833 Comm: syz.4.2264 Not tainted syzkaller #0
[  626.644007][T12833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  626.654038][T12833] Call Trace:
[  626.657294][T12833]  <TASK>
[  626.660203][T12833]  dump_stack_lvl+0x188/0x250
[  626.664866][T12833]  ? load_image+0x400/0x400
[  626.669348][T12833]  ? show_regs_print_info+0x20/0x20
[  626.674524][T12833]  ? print_circular_bug+0x12b/0x1a0
[  626.679703][T12833]  check_noncircular+0x296/0x330
[  626.684618][T12833]  ? add_chain_block+0x940/0x940
[  626.689534][T12833]  ? lockdep_lock+0xf1/0x1f0
[  626.694104][T12833]  ? mark_lock+0x94/0x320
[  626.698411][T12833]  ? mark_lock+0x94/0x320
[  626.702713][T12833]  __lock_acquire+0x2c42/0x7d10
[  626.707548][T12833]  ? mark_lock+0x94/0x320
[  626.711854][T12833]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  626.717812][T12833]  ? verify_lock_unused+0x140/0x140
[  626.722987][T12833]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  626.728943][T12833]  ? __local_bh_enable_ip+0xd7/0x1c0
[  626.734208][T12833]  ? __local_bh_enable_ip+0x136/0x1c0
[  626.739559][T12833]  ? lockdep_hardirqs_on+0x94/0x140
[  626.744735][T12833]  ? __local_bh_enable_ip+0x136/0x1c0
[  626.750080][T12833]  ? _local_bh_enable+0xa0/0xa0
[  626.754907][T12833]  ? nla_put+0x130/0x1e0
[  626.759129][T12833]  lock_acquire+0x19e/0x400
[  626.763612][T12833]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  626.768789][T12833]  ? memcpy+0x3c/0x60
[  626.772751][T12833]  ? nla_put+0x130/0x1e0
[  626.776972][T12833]  ? read_lock_is_recursive+0x10/0x10
[  626.782320][T12833]  ? sock_diag_put_meminfo+0xc6/0x120
[  626.787667][T12833]  ? sock_diag_save_cookie+0xc0/0xc0
[  626.792930][T12833]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  626.798106][T12833]  mptcp_diag_get_info+0x1f2/0x9e0
[  626.803208][T12833]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  626.808390][T12833]  inet_sk_diag_fill+0xf5e/0x1ca0
[  626.813397][T12833]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  626.819094][T12833]  ? do_raw_spin_lock+0x128/0x2f0
[  626.824096][T12833]  ? __rwlock_init+0x140/0x140
[  626.828838][T12833]  ? inet_diag_bc_sk+0x18b/0x1120
[  626.833842][T12833]  mptcp_diag_dump+0xce6/0x12b0
[  626.838671][T12833]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  626.845240][T12833]  __inet_diag_dump+0x1f6/0x380
[  626.850068][T12833]  inet_diag_dump_compat+0x17e/0x220
[  626.855328][T12833]  ? inet_diag_dump_start_compat+0x20/0x20
[  626.861110][T12833]  ? __alloc_skb+0x473/0x750
[  626.865677][T12833]  netlink_dump+0x694/0xcf0
[  626.870160][T12833]  ? netlink_lookup+0x1d0/0x1d0
[  626.874989][T12833]  ? __inet_diag_dump_start+0x805/0x970
[  626.880513][T12833]  __netlink_dump_start+0x523/0x700
[  626.885688][T12833]  inet_diag_rcv_msg_compat+0x207/0x420
[  626.891211][T12833]  ? inet_diag_unregister+0xb0/0xb0
[  626.896392][T12833]  ? __mutex_trylock_common+0x155/0x260
[  626.901920][T12833]  ? mutex_lock_io_nested+0x60/0x60
[  626.907097][T12833]  ? __inet_diag_dump+0x380/0x380
[  626.912098][T12833]  ? inet_diag_dump_start_compat+0x20/0x20
[  626.917880][T12833]  ? inet_diag_dump+0x50/0x50
[  626.922533][T12833]  ? inet_diag_unregister+0xb0/0xb0
[  626.927711][T12833]  sock_diag_rcv_msg+0x164/0x3e0
[  626.932634][T12833]  netlink_rcv_skb+0x1f5/0x440
[  626.937387][T12833]  ? sock_diag_bind+0xa0/0xa0
[  626.942045][T12833]  ? netlink_ack+0xb50/0xb50
[  626.946628][T12833]  ? __lock_acquire+0x7d10/0x7d10
[  626.951648][T12833]  sock_diag_rcv+0x26/0x40
[  626.956053][T12833]  netlink_unicast+0x774/0x920
[  626.960810][T12833]  netlink_sendmsg+0x8ba/0xbe0
[  626.965558][T12833]  ? netlink_getsockopt+0x570/0x570
[  626.970732][T12833]  ? aa_sock_msg_perm+0x94/0x150
[  626.975647][T12833]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  626.980909][T12833]  ? security_socket_sendmsg+0x7c/0xa0
[  626.986371][T12833]  ? netlink_getsockopt+0x570/0x570
[  626.991544][T12833]  ____sys_sendmsg+0x5b7/0x8f0
[  626.996290][T12833]  ? __sys_sendmsg_sock+0x30/0x30
[  627.001298][T12833]  ? import_iovec+0x6f/0xa0
[  627.005783][T12833]  ___sys_sendmsg+0x236/0x2e0
[  627.010443][T12833]  ? __sys_sendmsg+0x2a0/0x2a0
[  627.015192][T12833]  ? percpu_counter_add_batch+0x13b/0x160
[  627.020902][T12833]  __se_sys_sendmsg+0x1af/0x290
[  627.025744][T12833]  ? __x64_sys_sendmsg+0x80/0x80
[  627.030659][T12833]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  627.036623][T12833]  ? lockdep_hardirqs_on+0x94/0x140
[  627.041802][T12833]  do_syscall_64+0x4c/0xa0
[  627.046194][T12833]  ? clear_bhb_loop+0x30/0x80
[  627.050851][T12833]  ? clear_bhb_loop+0x30/0x80
[  627.055505][T12833]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  627.061381][T12833] RIP: 0033:0x7f57fd027799
[  627.065784][T12833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  627.085369][T12833] RSP: 002b:00007f57fb23f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  627.093762][T12833] RAX: ffffffffffffffda RBX: 00007f57fd2a1180 RCX: 00007f57fd027799
[  627.101709][T12833] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  627.109657][T12833] RBP: 00007f57fd0bdbd9 R08: 0000000000000000 R09: 0000000000000000
[  627.117605][T12833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  627.125555][T12833] R13: 00007f57fd2a1218 R14: 00007f57fd2a1180 R15: 00007ffea482fb88
[  627.133516][T12833]  </TASK>
[  627.136804][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  627.144299][T12833] BUG: sleeping function called from invalid context at net/core/sock.c:3291
[  627.153215][T12833] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 12833, name: syz.4.2264
[  627.162356][T12833] INFO: lockdep is turned off.
[  627.167155][T12833] Preemption disabled at:
[  627.167162][T12833] [<0000000000000000>] 0x0
[  627.175900][T12833] CPU: 1 PID: 12833 Comm: syz.4.2264 Not tainted syzkaller #0
[  627.183352][T12833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  627.193399][T12833] Call Trace:
[  627.196675][T12833]  <TASK>
[  627.199607][T12833]  dump_stack_lvl+0x188/0x250
[  627.204284][T12833]  ? show_regs_print_info+0x20/0x20
[  627.209481][T12833]  ? load_image+0x400/0x400
[  627.213986][T12833]  ___might_sleep+0x493/0x610
[  627.218667][T12833]  ? __might_sleep+0xf0/0xf0
[  627.223245][T12833]  ? nla_put+0x130/0x1e0
[  627.227491][T12833]  ? read_lock_is_recursive+0x10/0x10
[  627.232864][T12833]  ? sock_diag_put_meminfo+0xc6/0x120
[  627.238234][T12833]  ? sock_diag_save_cookie+0xc0/0xc0
[  627.243514][T12833]  __lock_sock_fast+0x2f/0xe0
[  627.248193][T12833]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  627.253389][T12833]  mptcp_diag_get_info+0x1fe/0x9e0
[  627.258498][T12833]  inet_sk_diag_fill+0xf5e/0x1ca0
[  627.263528][T12833]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  627.269243][T12833]  ? do_raw_spin_lock+0x128/0x2f0
[  627.274269][T12833]  ? __rwlock_init+0x140/0x140
[  627.279025][T12833]  ? inet_diag_bc_sk+0x18b/0x1120
[  627.284048][T12833]  mptcp_diag_dump+0xce6/0x12b0
[  627.288904][T12833]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  627.295502][T12833]  __inet_diag_dump+0x1f6/0x380
[  627.300356][T12833]  inet_diag_dump_compat+0x17e/0x220
[  627.305638][T12833]  ? inet_diag_dump_start_compat+0x20/0x20
[  627.311443][T12833]  ? __alloc_skb+0x473/0x750
[  627.316029][T12833]  netlink_dump+0x694/0xcf0
[  627.320531][T12833]  ? netlink_lookup+0x1d0/0x1d0
[  627.325379][T12833]  ? __inet_diag_dump_start+0x805/0x970
[  627.330950][T12833]  __netlink_dump_start+0x523/0x700
[  627.336150][T12833]  inet_diag_rcv_msg_compat+0x207/0x420
[  627.341680][T12833]  ? inet_diag_unregister+0xb0/0xb0
[  627.346856][T12833]  ? __mutex_trylock_common+0x155/0x260
[  627.352383][T12833]  ? mutex_lock_io_nested+0x60/0x60
[  627.357561][T12833]  ? __inet_diag_dump+0x380/0x380
[  627.362562][T12833]  ? inet_diag_dump_start_compat+0x20/0x20
[  627.368345][T12833]  ? inet_diag_dump+0x50/0x50
[  627.373003][T12833]  ? inet_diag_unregister+0xb0/0xb0
[  627.378179][T12833]  sock_diag_rcv_msg+0x164/0x3e0
[  627.383092][T12833]  netlink_rcv_skb+0x1f5/0x440
[  627.387834][T12833]  ? sock_diag_bind+0xa0/0xa0
[  627.392487][T12833]  ? netlink_ack+0xb50/0xb50
[  627.397059][T12833]  ? __lock_acquire+0x7d10/0x7d10
[  627.402064][T12833]  sock_diag_rcv+0x26/0x40
[  627.406457][T12833]  netlink_unicast+0x774/0x920
[  627.411201][T12833]  netlink_sendmsg+0x8ba/0xbe0
[  627.415945][T12833]  ? netlink_getsockopt+0x570/0x570
[  627.421123][T12833]  ? aa_sock_msg_perm+0x94/0x150
[  627.426038][T12833]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  627.431300][T12833]  ? security_socket_sendmsg+0x7c/0xa0
[  627.436735][T12833]  ? netlink_getsockopt+0x570/0x570
[  627.441910][T12833]  ____sys_sendmsg+0x5b7/0x8f0
[  627.446656][T12833]  ? __sys_sendmsg_sock+0x30/0x30
[  627.451659][T12833]  ? import_iovec+0x6f/0xa0
[  627.456149][T12833]  ___sys_sendmsg+0x236/0x2e0
[  627.460823][T12833]  ? __sys_sendmsg+0x2a0/0x2a0
[  627.465575][T12833]  ? percpu_counter_add_batch+0x13b/0x160
[  627.471293][T12833]  __se_sys_sendmsg+0x1af/0x290
[  627.476134][T12833]  ? __x64_sys_sendmsg+0x80/0x80
[  627.481062][T12833]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  627.487029][T12833]  ? lockdep_hardirqs_on+0x94/0x140
[  627.492207][T12833]  do_syscall_64+0x4c/0xa0
[  627.496604][T12833]  ? clear_bhb_loop+0x30/0x80
[  627.501259][T12833]  ? clear_bhb_loop+0x30/0x80
[  627.505911][T12833]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  627.511802][T12833] RIP: 0033:0x7f57fd027799
[  627.516196][T12833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  627.535782][T12833] RSP: 002b:00007f57fb23f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  627.544172][T12833] RAX: ffffffffffffffda RBX: 00007f57fd2a1180 RCX: 00007f57fd027799
[  627.552126][T12833] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  627.560075][T12833] RBP: 00007f57fd0bdbd9 R08: 0000000000000000 R09: 0000000000000000
[  627.568028][T12833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  627.575976][T12833] R13: 00007f57fd2a1218 R14: 00007f57fd2a1180 R15: 00007ffea482fb88
[  627.583931][T12833]  </TASK>
[  628.225491][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  629.337264][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  630.449168][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  631.560920][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  632.672795][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  633.784552][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  634.896414][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  636.008262][    C1] IPVS: ovf: UDP 224.0.0.2:0 - no destination available