program:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5e2, &(0x7f0000000cc0)="$eJzs3U9oHNcdB/DvrGXZ64KjJHaSlkJFDKaNqa3VNrULhbqlFB1CMfSSq7DXsfBaCdKmKKEU9f+1xxxySA/qIadeU3oITc899a67oXfdXGZ2VlrLa2XlWN5V/fnA2/fevJk37/0887QzwijAc2vp7ZzcTJGlS29tlPXtrXZ3e6t9b1BOcipJI5npZylWk+KL5Hr6KV8vN9bdFY87z5v3P/v44keftvu1mTpV+zcOOm48m3XKfJITdf5kis39/d38Sv2lnl1/hmXALgwCB5P24BGbhzn8K963wDQo+j839zud5Eydl98DUq8OjWc8vKfuUKscAAAAHFMv7GQnGzk76XEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAcVL//f+iTo1BeT7F4O//z9bbUpePtc8nPQAAAAAAAAAAeAq+tZOdbOTsoP6gqH7n/3pVOVd9fi3vZz2drOVyNrKcXnpZSyvJ3FBHsxvLvd5aa4wjF0ceufhs5gsAAAAAAAAA/6d+m6W93/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0KJIT/axK5wbluTRmkpxOMlvut5n8Y1A+zj6f9AAAAADgGXhhJzvZyNlB/UFRPfO/Uj33n877WU0vK+mlm05uVe8C+k/9je2tdnd7q32vTI/2++P/HmoYVY/pv3sYfeaFao/zu0cs5Wf5RS5lPjeylpX8MsvppZP5/LQqLafIXP32Ym4wztHjvf5Q7caXjfW1aiTN3M5KNbbLuZl3082tNKo5VPscfMbflNEpflQbM0a36ryc0Z/rfDrMVRE5uRuRhTr2ZTRePDgSh7xO9p+plcbuO6hzRxDzM3VexvqPUx3zxaGr75WDI5F85z//vHGnu3r3zu31S9MzpSe0PxLtoUi8+lxFYraORn8VPdxq+Xp17Nms5Od5N7fSydUspJVrWcgPspj2Q1fY+THutcaoe+3mY4N84dt1oZnkT3U+Hcq4vjgU1+GVbq5qG96yF6WXnv6KNPONulCe43d1Ph32R6I1FImXD47EXx6Un+vd1btrd5bfG/N8F+u8vKL+MFVrc3m9vFT+Y1W1h6+Osu3lkW2tqu3cblvjkbbzu21fdqfO1t/hHu2p3/bqyLZ21fbaUNuobzkATL0zb5yZbd5v/rv5SfP3zTvNt07/5NS1U9+czcl/zfz9xN8af238sHgjn+TXe8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk1v/4MO7y91uZ01BQUFhtzDplQk4ald69967sv7Bh99dubf8TuedzuritavXrra/3/reldsr3c5C/3PSowSOwt4P/UmPBAAAAAAAAAAAABjXkfzngWLmoS2TniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwvC29nZObKdJauLxQ1re32t0yDcp7e84kaSQpfpUUXyTX00+ZG+queNx53rz/2ccXP/q0vdfXzGD/xkHHjWezTplPcqLOn1Z/N8fvrxg9lb3NZcAuDAIHk/a/AAAA//9yPQ7w") (async)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5e2, &(0x7f0000000cc0)="$eJzs3U9oHNcdB/DvrGXZ64KjJHaSlkJFDKaNqa3VNrULhbqlFB1CMfSSq7DXsfBaCdKmKKEU9f+1xxxySA/qIadeU3oITc899a67oXfdXGZ2VlrLa2XlWN5V/fnA2/fevJk37/0887QzwijAc2vp7ZzcTJGlS29tlPXtrXZ3e6t9b1BOcipJI5npZylWk+KL5Hr6KV8vN9bdFY87z5v3P/v44keftvu1mTpV+zcOOm48m3XKfJITdf5kis39/d38Sv2lnl1/hmXALgwCB5P24BGbhzn8K963wDQo+j839zud5Eydl98DUq8OjWc8vKfuUKscAAAAHFMv7GQnGzk76XEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAcVL//f+iTo1BeT7F4O//z9bbUpePtc8nPQAAAAAAAAAAeAq+tZOdbOTsoP6gqH7n/3pVOVd9fi3vZz2drOVyNrKcXnpZSyvJ3FBHsxvLvd5aa4wjF0ceufhs5gsAAAAAAAAA/6d+m6W93/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0KJIT/axK5wbluTRmkpxOMlvut5n8Y1A+zj6f9AAAAADgGXhhJzvZyNlB/UFRPfO/Uj33n877WU0vK+mlm05uVe8C+k/9je2tdnd7q32vTI/2++P/HmoYVY/pv3sYfeaFao/zu0cs5Wf5RS5lPjeylpX8MsvppZP5/LQqLafIXP32Ym4wztHjvf5Q7caXjfW1aiTN3M5KNbbLuZl3082tNKo5VPscfMbflNEpflQbM0a36ryc0Z/rfDrMVRE5uRuRhTr2ZTRePDgSh7xO9p+plcbuO6hzRxDzM3VexvqPUx3zxaGr75WDI5F85z//vHGnu3r3zu31S9MzpSe0PxLtoUi8+lxFYraORn8VPdxq+Xp17Nms5Od5N7fSydUspJVrWcgPspj2Q1fY+THutcaoe+3mY4N84dt1oZnkT3U+Hcq4vjgU1+GVbq5qG96yF6WXnv6KNPONulCe43d1Ph32R6I1FImXD47EXx6Un+vd1btrd5bfG/N8F+u8vKL+MFVrc3m9vFT+Y1W1h6+Osu3lkW2tqu3cblvjkbbzu21fdqfO1t/hHu2p3/bqyLZ21fbaUNuobzkATL0zb5yZbd5v/rv5SfP3zTvNt07/5NS1U9+czcl/zfz9xN8af238sHgjn+TXe8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk1v/4MO7y91uZ01BQUFhtzDplQk4ald69967sv7Bh99dubf8TuedzuritavXrra/3/reldsr3c5C/3PSowSOwt4P/UmPBAAAAAAAAAAAABjXkfzngWLmoS2TniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwvC29nZObKdJauLxQ1re32t0yDcp7e84kaSQpfpUUXyTX00+ZG+queNx53rz/2ccXP/q0vdfXzGD/xkHHjWezTplPcqLOn1Z/N8fvrxg9lb3NZcAuDAIHk/a/AAAA//9yPQ7w")
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) (async)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) (async)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x10001, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/rcu_expedited', 0x4c502, 0x70)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000068000100040000000000008000000200000000000c00020001f98ea69b30cd99f9000000"], 0x28}}, 0x4000)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f00000000c0)="41ce830185f216bdb5a3a7b9bc28a5fb31e693cc8f0c462d9f0c9010f7a0ae4c5e215af04684577d8df4672ebafa45d2dd70dae6b9b2fb5a7ba6876822c01dd1e0f09d64c2da3421b1fa2ae695069a1931550b22ee3a247bc55e18bbf44916eb757d445192ffa5f044de0571631bfacf79e1b3010aa2c39767b6dfda781defcf4bde0279075d0820d7541cccb1985afc8e737329dfb6738292c96d699684", 0x9e}], 0x1, 0x6, 0x2000000, 0xb)
r6 = dup2(r1, r0)
setsockopt$RXRPC_SECURITY_KEYRING(r6, 0x110, 0x2, &(0x7f00000003c0)='/dev/kvm\x00', 0x9)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x0, @bcast, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdbc, 0x2, [@null, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) (async)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x0, @bcast, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdbc, 0x2, [@null, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
ioctl$SIOCNRDECOBS(r6, 0x89e2) (async)
ioctl$SIOCNRDECOBS(r6, 0x89e2)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r7, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) (async)
ioctl$sock_ifreq(r7, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
syz_read_part_table(0x5d6, &(0x7f0000000600)="$eJzs3LFrU1scB/CTIBEFETc3gxkiLilkDBE0xEsJmBAEHUTsFocsOjwcYgQD4mBcIoJLHRRBg/LQSUQQREwcCplKS/uWtpQOj0KXQCl5FG7/gMLLewifD5zh/M733t89XO54T+C3lgx/TyaTRAhhcvSw1zb+mKuVL8+maxfrV0NIhBshhJk/C439tUScObjr2Xi+Gs/zX440n7yNHnV7J05/Su/+SsbrD+KxMXxx81/YHlN27u75b2fGo1OfK+Hl4MKgcLx5vdHPltr9hdrHS6/Tbw7ee25K/T8Uf5x82LkTde8Vby9GrbVoM7mzHV15Pp9LPW3Xs1szce7WlPo3966l3r36XuqsH8v/rFSrvffLzzKt8tfO/dEwszR+PBfnVg79dQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H84d/f8tzPj0anPlfBycGFQON683uhnS+3+Qu3jpdfpN2fjXG5K/T8Uf5x82LkTde8Vby9GrbVoM7mzHV15Pp9LPW3Xs1szce7WlPo3966l3r36XuqsH8v/rFSrvffLzzKt8tfO/dEwszR+PBfnVo5O6QEAAAAAAAAAAAAAAAAAAAAghFC+PJuuXaxfDSERboQQCvOzy/v1Sfy/eyLOHZwDsBrX81+ONJ+8jR51eydOf0rv/vorrj+Ix8bwxc3/fDMc2j8BAAD//6xzisE=") (async)
syz_read_part_table(0x5d6, &(0x7f0000000600)="$eJzs3LFrU1scB/CTIBEFETc3gxkiLilkDBE0xEsJmBAEHUTsFocsOjwcYgQD4mBcIoJLHRRBg/LQSUQQREwcCplKS/uWtpQOj0KXQCl5FG7/gMLLewifD5zh/M733t89XO54T+C3lgx/TyaTRAhhcvSw1zb+mKuVL8+maxfrV0NIhBshhJk/C439tUScObjr2Xi+Gs/zX440n7yNHnV7J05/Su/+SsbrD+KxMXxx81/YHlN27u75b2fGo1OfK+Hl4MKgcLx5vdHPltr9hdrHS6/Tbw7ee25K/T8Uf5x82LkTde8Vby9GrbVoM7mzHV15Pp9LPW3Xs1szce7WlPo3966l3r36XuqsH8v/rFSrvffLzzKt8tfO/dEwszR+PBfnVg79dQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H84d/f8tzPj0anPlfBycGFQON683uhnS+3+Qu3jpdfpN2fjXG5K/T8Uf5x82LkTde8Vby9GrbVoM7mzHV15Pp9LPW3Xs1szce7WlPo3966l3r36XuqsH8v/rFSrvffLzzKt8tfO/dEwszR+PBfnVo5O6QEAAAAAAAAAAAAAAAAAAAAghFC+PJuuXaxfDSERboQQCvOzy/v1Sfy/eyLOHZwDsBrX81+ONJ+8jR51eydOf0rv/vorrj+Ix8bwxc3/fDMc2j8BAAD//6xzisE=")
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x258800, 0x0)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000340)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz0\x00', @bcast, 0x7, 0x4, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]})
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1e)

[   85.861369][ T5339] Bluetooth: hci0: command tx timeout
[   85.946318][ T5364] loop0: detected capacity change from 0 to 1024
[   86.003527][ T5364] /dev/loop0: Can't open blockdev
[   86.040632][ T5363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   86.070889][ T5364] 
[   86.072056][ T5364] ======================================================
[   86.075109][ T5364] WARNING: possible circular locking dependency detected
[   86.078120][ T5364] syzkaller #0 Not tainted
[   86.080103][ T5364] ------------------------------------------------------
[   86.083222][ T5364] syz.0.0/5364 is trying to acquire lock:
[   86.085622][ T5364] ffffffff8f8919f8 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xa9/0x720
[   86.092972][ T5364] 
[   86.092972][ T5364] but task is already holding lock:
[   86.096176][ T5364] ffffffff8f891998 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720
[   86.100247][ T5364] 
[   86.100247][ T5364] which lock already depends on the new lock.
[   86.100247][ T5364] 
[   86.104698][ T5364] 
[   86.104698][ T5364] the existing dependency chain (in reverse order) is:
[   86.108563][ T5364] 
[   86.108563][ T5364] -> #2 (nr_neigh_list_lock){+...}-{3:3}:
[   86.112056][ T5364]        lock_acquire+0x120/0x360
[   86.114528][ T5364]        _raw_spin_lock_bh+0x36/0x50
[   86.116891][ T5364]        nr_rt_ioctl+0x390/0xd50
[   86.119145][ T5364]        sock_do_ioctl+0xdc/0x300
[   86.121363][ T5364]        sock_ioctl+0x576/0x790
[   86.123544][ T5364]        __se_sys_ioctl+0xfc/0x170
[   86.125819][ T5364]        do_syscall_64+0xfa/0x3b0
[   86.127962][ T5364]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.130701][ T5364] 
[   86.130701][ T5364] -> #1 (&nr_node->node_lock){+...}-{3:3}:
[   86.134300][ T5364]        lock_acquire+0x120/0x360
[   86.136454][ T5364]        _raw_spin_lock_bh+0x36/0x50
[   86.138622][ T5364]        nr_rt_ioctl+0x193/0xd50
[   86.140715][ T5364]        sock_do_ioctl+0xdc/0x300
[   86.142809][ T5364]        sock_ioctl+0x576/0x790
[   86.144913][ T5364]        __se_sys_ioctl+0xfc/0x170
[   86.147144][ T5364]        do_syscall_64+0xfa/0x3b0
[   86.149339][ T5364]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.152107][ T5364] 
[   86.152107][ T5364] -> #0 (nr_node_list_lock){+...}-{3:3}:
[   86.155443][ T5364]        validate_chain+0xb9b/0x2140
[   86.157751][ T5364]        __lock_acquire+0xab9/0xd20
[   86.160044][ T5364]        lock_acquire+0x120/0x360
[   86.162253][ T5364]        _raw_spin_lock_bh+0x36/0x50
[   86.164553][ T5364]        nr_rt_device_down+0xa9/0x720
[   86.166902][ T5364]        nr_device_event+0x137/0x150
[   86.169176][ T5364]        notifier_call_chain+0x1b3/0x3e0
[   86.171601][ T5364]        netif_close_many+0x29c/0x410
[   86.173903][ T5364]        netif_close+0x158/0x210
[   86.176262][ T5364]        dev_close+0x10a/0x220
[   86.178817][ T5364]        bpq_device_event+0x377/0x6a0
[   86.181637][ T5364]        notifier_call_chain+0x1b3/0x3e0
[   86.184748][ T5364]        netif_close_many+0x29c/0x410
[   86.187686][ T5364]        netif_close+0x158/0x210
[   86.190336][ T5364]        dev_close+0x10a/0x220
[   86.192473][ T5364]        bond_setup_by_slave+0x5f/0x3f0
[   86.194799][ T5364]        bond_enslave+0x7a0/0x3a70
[   86.196965][ T5364]        bond_do_ioctl+0x635/0x9b0
[   86.199173][ T5364]        dev_ifsioc+0x908/0xf00
[   86.201367][ T5364]        dev_ioctl+0x7b4/0x1150
[   86.203656][ T5364]        sock_do_ioctl+0x22c/0x300
[   86.205882][ T5364]        sock_ioctl+0x576/0x790
[   86.208043][ T5364]        __se_sys_ioctl+0xfc/0x170
[   86.210316][ T5364]        do_syscall_64+0xfa/0x3b0
[   86.212605][ T5364]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.215484][ T5364] 
[   86.215484][ T5364] other info that might help us debug this:
[   86.215484][ T5364] 
[   86.220017][ T5364] Chain exists of:
[   86.220017][ T5364]   nr_node_list_lock --> &nr_node->node_lock --> nr_neigh_list_lock
[   86.220017][ T5364] 
[   86.226073][ T5364]  Possible unsafe locking scenario:
[   86.226073][ T5364] 
[   86.229496][ T5364]        CPU0                    CPU1
[   86.231859][ T5364]        ----                    ----
[   86.234218][ T5364]   lock(nr_neigh_list_lock);
[   86.236385][ T5364]                                lock(&nr_node->node_lock);
[   86.239674][ T5364]                                lock(nr_neigh_list_lock);
[   86.242912][ T5364]   lock(nr_node_list_lock);
[   86.244987][ T5364] 
[   86.244987][ T5364]  *** DEADLOCK ***
[   86.244987][ T5364] 
[   86.248551][ T5364] 2 locks held by syz.0.0/5364:
[   86.250709][ T5364]  #0: ffffffff8f73c1c8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150
[   86.254493][ T5364]  #1: ffffffff8f891998 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x28/0x720
[   86.258848][ T5364] 
[   86.258848][ T5364] stack backtrace:
[   86.261502][ T5364] CPU: 0 UID: 0 PID: 5364 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.261519][ T5364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.261526][ T5364] Call Trace:
[   86.261533][ T5364]  <TASK>
[   86.261539][ T5364]  dump_stack_lvl+0x189/0x250
[   86.261558][ T5364]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.261571][ T5364]  ? __pfx__printk+0x10/0x10
[   86.261586][ T5364]  ? print_lock_name+0xde/0x100
[   86.261599][ T5364]  print_circular_bug+0x2ee/0x310
[   86.261612][ T5364]  check_noncircular+0x134/0x160
[   86.261624][ T5364]  validate_chain+0xb9b/0x2140
[   86.261636][ T5364]  ? rt6_disable_ip+0x6b3/0x720
[   86.261653][ T5364]  ? __lock_acquire+0xab9/0xd20
[   86.261668][ T5364]  __lock_acquire+0xab9/0xd20
[   86.261683][ T5364]  ? nr_rt_device_down+0xa9/0x720
[   86.261697][ T5364]  lock_acquire+0x120/0x360
[   86.261711][ T5364]  ? nr_rt_device_down+0xa9/0x720
[   86.261726][ T5364]  ? nr_rt_device_down+0xa9/0x720
[   86.261738][ T5364]  _raw_spin_lock_bh+0x36/0x50
[   86.261755][ T5364]  ? nr_rt_device_down+0xa9/0x720
[   86.261768][ T5364]  nr_rt_device_down+0xa9/0x720
[   86.261782][ T5364]  ? do_raw_spin_unlock+0x4d/0x240
[   86.261795][ T5364]  nr_device_event+0x137/0x150
[   86.261808][ T5364]  notifier_call_chain+0x1b3/0x3e0
[   86.261830][ T5364]  netif_close_many+0x29c/0x410
[   86.261848][ T5364]  ? __pfx_netif_close_many+0x10/0x10
[   86.261862][ T5364]  ? bond_netdev_event+0x227/0xe80
[   86.261875][ T5364]  netif_close+0x158/0x210
[   86.261888][ T5364]  ? __pfx_netif_close+0x10/0x10
[   86.261901][ T5364]  ? tun_device_event+0x77/0x1020
[   86.261910][ T5364]  ? __pfx___neigh_ifdown+0x10/0x10
[   86.261924][ T5364]  ? macsec_notify+0x104/0x660
[   86.261936][ T5364]  dev_close+0x10a/0x220
[   86.261946][ T5364]  bpq_device_event+0x377/0x6a0
[   86.261961][ T5364]  notifier_call_chain+0x1b3/0x3e0
[   86.261973][ T5364]  netif_close_many+0x29c/0x410
[   86.261988][ T5364]  ? __pfx_netif_close_many+0x10/0x10
[   86.262004][ T5364]  netif_close+0x158/0x210
[   86.262018][ T5364]  ? __pfx_netif_close+0x10/0x10
[   86.262031][ T5364]  ? do_raw_spin_lock+0x121/0x290
[   86.262042][ T5364]  ? __local_bh_enable_ip+0x12d/0x1c0
[   86.262052][ T5364]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.262062][ T5364]  dev_close+0x10a/0x220
[   86.262071][ T5364]  bond_setup_by_slave+0x5f/0x3f0
[   86.262087][ T5364]  bond_enslave+0x7a0/0x3a70
[   86.262099][ T5364]  ? arch_stack_walk+0xfc/0x150
[   86.262113][ T5364]  ? stack_trace_save+0x9c/0xe0
[   86.262128][ T5364]  ? stack_depot_save_flags+0x40/0x860
[   86.262143][ T5364]  ? __pfx_bond_enslave+0x10/0x10
[   86.262157][ T5364]  ? apparmor_capable+0x137/0x1b0
[   86.262168][ T5364]  ? full_name_hash+0x92/0xe0
[   86.262183][ T5364]  ? netdev_name_node_lookup+0xdf/0x120
[   86.262197][ T5364]  bond_do_ioctl+0x635/0x9b0
[   86.262213][ T5364]  ? __pfx_bond_do_ioctl+0x10/0x10
[   86.262227][ T5364]  ? __mutex_lock+0x335/0x1350
[   86.262240][ T5364]  ? full_name_hash+0x92/0xe0
[   86.262254][ T5364]  ? netdev_name_node_lookup+0xdf/0x120
[   86.262266][ T5364]  dev_ifsioc+0x908/0xf00
[   86.262282][ T5364]  ? dev_load+0x21/0x1f0
[   86.262296][ T5364]  dev_ioctl+0x7b4/0x1150
[   86.262310][ T5364]  sock_do_ioctl+0x22c/0x300
[   86.262325][ T5364]  ? __pfx_sock_do_ioctl+0x10/0x10
[   86.262336][ T5364]  ? __lock_acquire+0xab9/0xd20
[   86.262352][ T5364]  sock_ioctl+0x576/0x790
[   86.262365][ T5364]  ? __pfx_sock_ioctl+0x10/0x10
[   86.262377][ T5364]  ? __fget_files+0x2a/0x420
[   86.262391][ T5364]  ? __fget_files+0x3a0/0x420
[   86.262403][ T5364]  ? __fget_files+0x2a/0x420
[   86.262416][ T5364]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.262428][ T5364]  ? __pfx_sock_ioctl+0x10/0x10
[   86.262439][ T5364]  __se_sys_ioctl+0xfc/0x170
[   86.262451][ T5364]  do_syscall_64+0xfa/0x3b0
[   86.262462][ T5364]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.262470][ T5364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.262481][ T5364]  ? clear_bhb_loop+0x60/0xb0
[   86.262493][ T5364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.262504][ T5364] RIP: 0033:0x7f541ef8eec9
[   86.262516][ T5364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.262525][ T5364] RSP: 002b:00007f541fe14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.262538][ T5364] RAX: ffffffffffffffda RBX: 00007f541f1e6090 RCX: 00007f541ef8eec9
[   86.262545][ T5364] RDX: 0000200000000180 RSI: 0000000000008990 RDI: 000000000000000d
[   86.262551][ T5364] RBP: 00007f541f011f91 R08: 0000000000000000 R09: 0000000000000000
[   86.262557][ T5364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.262563][ T5364] R13: 00007f541f1e6128 R14: 00007f541f1e6090 R15: 00007ffd03882958
[   86.262573][ T5364]  </TASK>
[   86.567899][ T5364] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.575826][ T5364] bond0: (slave rose0): Enslaving as an active interface with an up link
[   86.583831][ T5366] bond0: (slave rose0): Error: Device is in use and cannot be enslaved