last executing test programs:

5m53.31544707s ago: executing program 1 (id=1048):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'sit0\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
mmap$xdp(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x100000000)

5m53.007244312s ago: executing program 1 (id=1054):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000019100)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xadd, 0x8322, 0x6, 0x401, 0x8, 0x6, 0x8, 0x4}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004)

5m52.756889132s ago: executing program 1 (id=1057):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)

5m51.830255298s ago: executing program 1 (id=1059):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000140)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_remount}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
write$binfmt_script(r4, 0x0, 0x0)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xd8ef}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x3)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)

5m50.526926811s ago: executing program 1 (id=1071):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xfffffffc, 0x79, 0x10, 0x82}, [@ldst={0x7}]}, &(0x7f0000000140)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x9}, 0x10}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00'}, 0x10)
io_cancel(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xe75f0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f00000000c0)=0x192, 0x4)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r5, &(0x7f0000000100), 0x15)
listen(r5, 0xa2)
getsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, 0x0, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'caif0\x00', <r6=>0x0})
sendto$packet(r4, 0x0, 0x0, 0x1, &(0x7f0000000080)={0x11, 0x1c, r6, 0x1, 0x5}, 0x14)
recvfrom$packet(r4, 0x0, 0x0, 0x2000, 0x0, 0x0)

5m48.613177317s ago: executing program 1 (id=1081):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000140)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_remount}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
write$binfmt_script(r3, 0x0, 0x0)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xd8ef}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x3)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)

5m32.845248912s ago: executing program 32 (id=1081):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000140)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_remount}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
write$binfmt_script(r3, 0x0, 0x0)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xd8ef}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x3)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)

12.486229702s ago: executing program 4 (id=3222):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe6, 0xb}, {0xfff2, 0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, 0x0)

11.991996249s ago: executing program 4 (id=3228):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xfffffffc, 0x79, 0x10, 0x82}, [@ldst={0x7}]}, &(0x7f0000000140)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x9}, 0x10}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000600)=ANY=[@ANYRES16=r2, @ANYRES32=r2, @ANYBLOB="0000000000000000b70800004d6600007b8af8ff00000000bfa200000018000007020000f8ffffffb703000008000000b70400000000000085000000030000006500000008000000954b41cedb287ebef7c511793b84b23ecf52ae3d827e7ab5dc2842638011e68979b9b516c020ecee23e7b337d236810271013f088f16a03aed95b8decb39cb30cdd2220783a1f5f63916227278282d90030ac351e9e65c0b00094b7e3da61567602bcb07b03601f9a433773b4d4639ee6efe05f6e27d219cb7aa3f8ca2d91d27c88f15faa545d2350d610ab0112f1a7bff98"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r3}, 0x10)
io_cancel(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xe75f0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f00000000c0)=0x192, 0x4)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r7, &(0x7f0000000100), 0x15)
listen(r7, 0xa2)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, 0x0, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'caif0\x00', <r8=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x1, &(0x7f0000000080)={0x11, 0x1c, r8, 0x1, 0x5}, 0x14)
recvfrom$packet(r6, 0x0, 0x0, 0x2000, 0x0, 0x0)

6.766014684s ago: executing program 5 (id=3245):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, 0x0)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4)

6.082999287s ago: executing program 0 (id=3248):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
socket(0x10, 0x3, 0x0)
epoll_create1(0x0)
socket(0x1, 0x80802, 0x0)
epoll_create1(0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000040)=0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

5.770097528s ago: executing program 5 (id=3249):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f0000000440)='./file0\x00', 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@nombcache}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
mkdir(&(0x7f0000000300)='./bus\x00', 0xff8c)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r4}, 0x10)
socketpair(0xb, 0x6, 0x0, &(0x7f00000002c0))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
socket$nl_route(0x10, 0x3, 0x0)

5.745336814s ago: executing program 2 (id=3250):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f00000041c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="6fcf00"], 0x8)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081780000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afc0513466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea01d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a07f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a126a1bdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0d5d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f10bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d00b07862c4fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52c094016406cdd32abf77fea373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515dca8811922929e08538fab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f57cbc05cd897f40693ec427ea71578130cde48de3b4dda0c7b615b57ccd4f8ac729a80f891d91a89d967948b9d95b1f22480ab48969e86b854a8c17f3e264ce11f9f63552364e759eec94572f2f7b0e2f293573d0b80709815f4344f908c00"/2646], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000e80), 0x10}, 0xfffffd2c)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f00000001c0)=@getsa={0x34, 0x12, 0x1, 0x70bd22, 0x25dfdbff, {@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d5, 0x2, 0x32}, [@mark={0xc, 0x15, {0x35075d, 0x213}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x200040c0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x1f, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000c000000000000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7020000000000008500000086000000852000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018170000", @ANYRES32=r0, @ANYBLOB="0000000000000000bf91000800000000b70000000000fd009500"/48], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xce, &(0x7f0000000c80)=""/206, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRESDEC=r9], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

4.844685369s ago: executing program 3 (id=3251):
connect$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

4.621832846s ago: executing program 2 (id=3252):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)

4.600617252s ago: executing program 0 (id=3253):
socket$kcm(0x2c, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r1, &(0x7f0000019440)=[{&(0x7f0000000340)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed090f0000600000f3a1bc5603ca00000f7f89e3ff296aa1f6475322f000200000004a2471083ec6991778581acb6c0101", 0x46}], 0x1)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r1)

4.377206184s ago: executing program 3 (id=3254):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r3, 0x2, 0x5002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCGLCKTRMIOS(r5, 0x5456, 0x0)

4.306191016s ago: executing program 2 (id=3255):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0))
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

4.300571999s ago: executing program 0 (id=3256):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)={0x2c, 0x1, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}, [@CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x34}}, {0x8, 0x2, @empty}}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20049804}, 0x200000c4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
unshare(0x42000000)

3.91936348s ago: executing program 5 (id=3257):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7020000c3000000bf230000000000002703000000fefeff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400011000000404000001007d60b7030000000000006a0a00fe800000008500000026000000b7000000000000009500001000000000acaa8e53a53cb864c300094c07000000000000d94cf0987b00a749a8e53b5c9491cd1f2b94a64f1de23d03a8f0362ebfc44c77511e60070e25510070f7778d3e77ad85319f0113abbac795f8c24abca246150226eb93fe39233add8f68f87699162334343befce832cb8075c5f0ae30cde221371ff00000067e4b75da95370ae6fd2b99ac18f98403494d4a94e95fb8dcd813487b2bdb006c6465c15f04485a9f8c8e49d00000097184c8e9d34b1e382b25e9614634e8e09194f7b83138f5275d9ab463797a2f6dcb45d5f278cd4fb74559575da3560c01cdf1eaa3fc7a3fb4f1689dfd5b626174770e4dfd1c82a694efc62f9ef9c8c0ea1efa5b949ce22827f6fd1dfc69d03482d8ec264e3d96ad19a0c99a234b4b71b0bc22573f8594b91781cd8ff7f000000000000299ebf94588e60abe9a565c5bbdc0358226f8580dc1a83c6a44408de23475a74ef0deda8da4089269ccb4e728dee6320444576c87cc576291e5367a5f1a5d5a12f8313ffff0b7f73335279aa2b68c9f045831119881764c71bb65b5138c50e06024e80fd9656bc077e4e259695748989335ba9eeef288de73815f20fefd4acfb6813ffff00000b971aec1a3e618a08a94ecbd401c8109c87ee3f5c0501857538d2a766bfcf4128fbe726903aca577aa8943af747760718dee5a21396dce6f61c6f3c7e000000cb0868b48719e47296f2299df3ecfb5f3f0e42f6f1eb1dc64dcc8e397366d12033f6288edbda3b838100000000000000000000800000edd4e1266dc9d73223fe614f025a7f284de76b3b676a13c57a0ed24f6270c4cbbf93472eb8093d8296c68dfbb03ddedc3e029b08959b145a7b110068ba071e75d75716243052ad24b624fddc2f0f3a018c0085c2319c248d643cd09fa855b20a6d453f2e954ff0e55c010000008547c5a0ecefcc44cc9532f729167f215937357a4bb9746193c1ec000000000000dd43c108c2109d221b7b26b7c9c209000005b7918a6cd856b8fa806c85480443159c6bed51a0e021f05f7caa1b99cdb4d08d9031210ac00e67d8c40a18503cb7aabcc066dfbfd7f87abe1122f00e5454bec3563a19582e0000000000000000000000000084b27fc6a3f95bf02b4eb5f1599dd46edcad432cc216316fe07afe27649c89cf022a90d895a2d70fcde7a9c37ede0c47c27f44595ab4b1fb1ed5b1d91314b2d50f94a768fb605679485041a6376b8344a39af68aed2be39794dd86ae82f9660cf4f935255d71f9fab2e430ac42bba1f54141cf39d4d50c4ded504beacb0de210d7a3716dca7362c134b91cef3efc514fbcb4747e6814ac16449ac02a43d9d4151697b4b7890ec6b481c5f0ca8c52a6322f34a796fa5941d23409ecf73458223baaffb94a89ee2884df000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x36}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x40000f0, 0xe40, 0xffffffff, &(0x7f0000000280)="7b5515ccc8bca12641e65d58fd1a12f639", 0x0, 0x8001}, 0x28)
r1 = gettid()
tkill(r1, 0x15)
getpid()
r2 = syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000440)=ANY=[@ANYBLOB='shortname=mixed,iocharset=iso8859-=winnt,uni_xlate=1,uni_xlate=1,nonumtail=0,utf8=0,errors=continue,utf8=1,check=strict,iocharset=cp855,utf8=0,iocharset=koi8-u,codepage=857,utf8=0,rodir,shortname=win95,\x00'], 0x6, 0x2d4, &(0x7f00000006c0)="$eJzs3T9rZFUUAPDzkjdvZlWYKaxE8IEWVutmW5sJsgExlUsKtdDg7oJkgrALAf/g7Fa2NhYWfgJB8IPY+A0EW8HOVRauvH/MSzKJO8GJaH6/Jod7z3n3vJdL8lLkzgcvHh7cKePeo89/jtEoi41pTONxFpPYiM7DOGb6VQAA/2WPU4rfUuPMpOdOD2URMVpvawDAmpz9+7/sxfki/OHSWgMA1uT2O+++tb27e+vtshzFzuGXR3vVX/bV12Z++158FLO4GzdiHE8i6heFQdRvC1W4k1Ka52VlEq8czo/2qsrD939sr7/9a0RdvxXjmNRDKaW8C9LOm7u3tspGr35e9fFMu/60qr8Z43i+Xb99W+nqby6pj70iXn251//1GMdPH8bHMYs79dqL+i+2yvKN9PXvn71XdVXVZ/OjvWGdt5A2L/UbAwAAAAAAAAAAAAAAAAAAAADA/9r19uycYZSTP5szANvzdzafVPODKDuT4+fzNPVZd6H++UAppXmKb7vzdW6UZZnaxEV9Hi/k/YMFAQAAAAAAAAAAAAAAAAAA4Op68MmnB/uz2d37Fw6uxWKkOw0gj4g/bkdc9MrT3shLUQf5Wa0O2zX3Z7ONNjyek/dHYrPLySLObaO6iYs/loNVkq+d6rkNvvt+1dVHf58zWL7WPxl0u+tgP1v+DIfRjYzaTfJNEb2NVMRTrlWcNZVile1XLJ0ar3zvxbN1MD8nJ7LzGnv9l+bJtSPZybso6qfajLw2aHLbqUGb0ys/sTeeaj/HqCk//bMic1oHAAAAAAAAAAAAAAAAAACs1eK/f5dMPjq3dCMN19YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyqxef/rxDM2+KTU/GwGe8lF3H/wb95fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwNfwUAAP//ThJUUw==")
r3 = getpid()
syz_pidfd_open(r3, 0x0)
setns(0xffffffffffffffff, 0x66020000)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000014c0)={{{@in, @in6=@initdev}}, {{}, 0x0, @in6=@mcast2}}, &(0x7f00000003c0)=0xe8)
statx(r2, &(0x7f0000000040)='./file0\x00', 0x400, 0x100, &(0x7f0000003740))
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000880))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000008c0)={{{@in6, @in6}}, {{@in=@dev}, 0x0, @in=@remote}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id', @ANYBLOB])
write$FUSE_INIT(r4, 0x0, 0x0)
syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f0000006d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x7, {0x0, 0x0, 0x20000000, 0x4, 0x1ff, 0x0, {0x5, 0x0, 0x7, 0x0, 0x9, 0x632e105e, 0x2f3c, 0x0, 0x0, 0xc000, 0x0, 0x0, 0x0, 0x403}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lstat(&(0x7f0000000b00)='./file0\x00', &(0x7f0000000b40))

3.305868311s ago: executing program 3 (id=3258):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xe75f0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
rename(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18)
stat(0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000000c0)=0x192, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x1, &(0x7f0000000080)={0x11, 0x1c, 0x0, 0x1, 0x5}, 0x14)
recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
getuid()
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x67, 0x52b, &(0x7f0000000a00)="$eJzs3V9rLGcZAPBnNrvHk3NymlS90IK12krOQc9u0tg2eFEriF4V1HpfY7IJIZtsyG7ak1BMDn4AQUQFr/TGG8EPIEjBGy9FKOi1oqKInuqFF9qR2Z1Nc5L913aTTZPfDybzvjPvzPO8G2Z2ZmeYCeDKeiIiXoiIt9I0vRMR0/n0Qj7EYXvI2r354LXlbEgiTV/6RxJJPq2zriQf38wXux4RX/tyxDeT03Ebe/sbS7VadSevV5qb25XG3v7d9c2ltepadWthYf7ZxecWn1mcG0k/b0XE81/8y/e/89MvPf/Lz7z6x5f/dvtbWVpT+fzj/XiHiv1mtrtean0WxxfYeZfBLqJiq4e5yW4tJk5NuX/GOQEA0F12jP/BiPhkRNyJ6ZjofzgLAAAAvA+ln5+K/yYRaXfXekwHAAAA3kcKrXtgk0I5vxdgKgqFcrl9D++H40ahVm80P71a391aad8rOxOlwup6rTqX3ys8E6Ukq8+3ym/Xnz5RX4iIRyPie9OTrXp5uV5bGfePHwAAAHBF3Dxx/v/v6fb5f8fBOJMDAAAARmdm3AkAAAAAZ27Y8/8bZ5wHAAAAcHZc/wcAAIBL7SsvvpgNaef91yuv7O1u1F+5u1JtbJQ3d5fLy/Wd7fJavb7Wembf5qD11er17c/G1u69SrPaaFYae9djs7671Xx5/aFXYAMAAADn6NGPv/77JCIOPzfZGjLXhlt0yGbARVU8KiX5uMtm/YdH2uM/n1NSwLmYGHcCwNgUx50AMDalcScAjF0yYH7Pm3d+k48/Mdp8AACA0Zv9aO/r/4W+Sx72nw1ceDZiuLpc/4erq3X9f9g7eR0swKVSGnQE0HebPxhxNsA4vOfr/wOl6TtKCAAAGLmp1pAUysVOvVAolyNutV4LUEpW12vVuYh4JCJ+N136QFafb7VMBp4zAAAAAAAAAAAAAAAAAAAAAAAAAABtaZpECgAAAFxqEYW/Jr9qP8t/dvqpqZO/D1xL/jMd+StCX/3RSz+4t9Rs7sxn0/95NL35w3z60+P4BQMAAACuhAEv8H9Y5zy9cx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP05oPXljvDecb9+xciYqZb/GJcb42vRykibvwrieKx5ZKImBhB/Mnsz0e6xU+ytI5Cdos/OYL4h/f7xo/D/FPoFv/mCOLDVfZ6tv95odv2V4gnWuPu218x4qH6u9V7/xdH+7+JHtv/rSFjPPbGzys949+PeKx4Kv5BFqETP+kR/8kh43/j6/v7vealP46Y7fr9k3SaZHvIqDQ3tyuNvf2765tLa9W16tbCwvyzi88tPrM4V1ldr1Xzv11jfPdjv3irX/9v9Ig/M6D/T51a27WuMf73xr0HH2oXS93i336yS/xf/yRvcTp+If/u+1RezubPdsqH7fJxj//st4/36/9Kj/4P+v/f7rXSE+589dt/GrIpAHAOGnv7G0u1WnXn0hays/QhG2dHZxciZ4XzKRyMdIVpmqbZNvUe1pPERfhYWoVx75kAAIBRe/ugf9yZAAAAAAAAAAAAAAAAAAAAwNV1Ho8TOxnz8KiUjOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/H/AAAA///s19ky")

2.989985866s ago: executing program 4 (id=3259):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x2, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r1], 0x0, 0x8000000, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x13, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x22, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xe, 0x0, 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa30}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r2}, 0x8)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000780)="daecbc0bd519f08fb6f683a5370d224e2892ad469f21d79f2d47bdd9b423611d7179a06adb5baa81c6f9b0cb2fe058323bef276fbfc25133a93a2e3e4d8708eecd34115fb1b807c3ada337ebd4fa4dcccb4141876f2267771508de13ccf9853e7cf20c9b07691ac105be249800b477de1e7a1027b2f0bda9f42c8f454d8cf271a629d3e29dd5436e6647e853060b31f1ca87a1527d3af23b34d37a5d1f780d6655751b18422c272d660f0baaab60fb52cbad", 0xb2)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.898307482s ago: executing program 2 (id=3260):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, 0x0, 0x0)

1.339860006s ago: executing program 3 (id=3261):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c00)=ANY=[@ANYBLOB="d0010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf25150000003c00018008000100", @ANYRES32, @ANYBLOB="1400020070696d3672656730000000000000000008000300020000001400020076657468315f6d61637674617000000048000180140002006970766c616e310000000000000000001400020076657468315f746f5f6873720000000014000200697036746e6c3000000000000000000008000100", @ANYRES32, @ANYBLOB="4400018008000100", @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="1400020064756d6d7930000000000000000000001400020070696d3672656730000000000000000008000300030000000c000180080003000300000068000180140002006261746164763000000000000000000008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="140002006970766c616e300000000000000000001400020076657468305f746f5f7465616d00000008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="2c0001800800030000000000080003000000000008000100", @ANYRES32, @ANYBLOB="080003"], 0x1d0}, 0x1, 0x0, 0x0, 0x10004010}, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.267662125s ago: executing program 4 (id=3262):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x4000006}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x211}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xd769, 0xe00000, 0x49b, 0x10007, 0x6b9, 0x7}}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000804)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xfff2, 0xd}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0xff43}, 0x1, 0x0, 0x0, 0xc0ea}, 0x4010004)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.239229682s ago: executing program 0 (id=3263):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f00000041c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="6fcf00"], 0x8)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081780000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afc0513466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea01d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a07f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a126a1bdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0d5d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f10bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d00b07862c4fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52c094016406cdd32abf77fea373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515dca8811922929e08538fab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f57cbc05cd897f40693ec427ea71578130cde48de3b4dda0c7b615b57ccd4f8ac729a80f891d91a89d967948b9d95b1f22480ab48969e86b854a8c17f3e264ce11f9f63552364e759eec94572f2f7b0e2f293573d0b80709815f4344f908c00"/2646], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000e80), 0x10}, 0xfffffd2c)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f00000001c0)=@getsa={0x34, 0x12, 0x1, 0x70bd22, 0x25dfdbff, {@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d5, 0x2, 0x32}, [@mark={0xc, 0x15, {0x35075d, 0x213}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x200040c0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x1f, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000c000000000000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7020000000000008500000086000000852000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018170000", @ANYRES32=r0, @ANYBLOB="0000000000000000bf91000800000000b70000000000fd009500"/48], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xce, &(0x7f0000000c80)=""/206, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRESDEC=r9], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

1.034113271s ago: executing program 5 (id=3264):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
socket(0x10, 0x3, 0x0)
epoll_create1(0x0)
socket(0x1, 0x80802, 0x0)
epoll_create1(0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000040)=0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

843.471804ms ago: executing program 2 (id=3265):
connect$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

703.391538ms ago: executing program 3 (id=3266):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0xc, 0x0, &(0x7f0000000280)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

623.825699ms ago: executing program 0 (id=3267):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb77, &(0x7f0000000c40)="$eJzs3c9vFFUcAPDvzG5LKWgX40GMCTUeIDFsW0BB4gE8Gg8mkqAnXPuDNCxgaE0sIbHcTLyowZMnT2qiR6+GGPXkweiJ/8CQEFP4A2pmdnZZ6W5LYcuQ8vkks/vePJb3nSbffW86bzoBPLHGs5c0Ym9EfJ5EjBX704gYzksjEcutf3dn5cp0tiWxuvrOv0kkEXF75cp0+/9Kivdd2Us1/2T89UvEM5W1/S4sXT7XaDZnLxX1icXzH04sLF0+OH++cXb27OyFQ69OHp567cixV44M7FiXjqaf/fnmG99dO/P1Hz8ee+HTJE7E7qKt+zgGZTzGOz+TbtWIeG/QnZWkUhxPr+MEAODxk3bN4fbGWFTyUstY1OdLDQ4AAAAYiE8iYhUAAADY5hLn/wAAALDNtdcB3F65Mt3eyl2RADwqt05GRK2V/+37+1st1VjO30diKCJG7yRddwa17veuDaD/8Yj44auj+7Ittug+fKC35asR8Vyv8T/J87+W/xWPtfmfRsTkAPofv6cu/+HReZj8PzGA/uU/AAAAAAAADM71k60L+Wuv/6Wd9T/R4/pfpce1uwex8fW/9OYAugF6uHUy4vWuZ/vc6cr/Qq1S1J7K1wMMJXPzzdnJiHg6Ig7E0I6sPrVOH9/+dPzvfm3d6/+yLeu/vRawiONmdcf/PzPTWGw8zDEDLbeuRjxf7ZX/SWf8T/qs/337Pvv47fTPc/3aNs5/YKusfhOxv+f4f/eJbsn6z+ebyOcDE+1ZwVqnX/z1+379y38oTzb+j66f/7Wk+3mdC5vvY3L04Nl+bQ86/x9OTuVPFR0u9n3cWFy8NBUxnLy1dv+hzccM21E7H9r5kuX/gZd6n/+vN//Pkuz94lsijYhG8Z7VP7inzx1nfv+iXzzGfyhPlv8zmxr/N1/48t2VU/36v7/x/0g+ph8o9vj9H6zvfhO07DgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgcZJGxO5I0nqnnKb1esSuiHg2RtPmxYXFl+cufnRhJmuLqMVQOjffnJ2MiLFWPcnqU3n5bv3QPfXDEbEnIq6N7czr9emLzZmyDx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICOXRGxO5K0HhFpXk7Ter3V9s9Y2dEBAAAAA1MrOwAAAABgyzn/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAh7dl3/UYSEcvHd+ZbZrhoGyo1MmCrpWUHAJSmUnYAQGmqZQcAlMY5PpBs0D7St8UMAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBJsn/v9RtJRCwf35lvmeGibajUyICtlpYdAFCaStkBAKWplh0AUBrn+ECyQftI3xYzCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAnycLS5XONZnP2koKCgkKnUPY3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvZfwEAAP//vlL7zw==")
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./bus\x00', 0x20000, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_nlink(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, 0x0, 0x3)

578.109119ms ago: executing program 3 (id=3268):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x4b, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$P9_RGETLOCK(r1, &(0x7f00000002c0)=ANY=[], 0x200002e6)

544.800572ms ago: executing program 2 (id=3269):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r3, 0x2, 0x5002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCGLCKTRMIOS(r6, 0x5456, 0x0)

411.5714ms ago: executing program 0 (id=3270):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0xfffffffc, 0x79, 0x10, 0x82}, [@ldst={0x7}]}, &(0x7f0000000140)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x9}, 0x10}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000600)=ANY=[@ANYRES16=r2, @ANYRES32=r2, @ANYBLOB="0000000000000000b70800004d6600007b8af8ff00000000bfa200000018000007020000f8ffffffb703000008000000b70400000000000085000000030000006500000008000000954b41cedb287ebef7c511793b84b23ecf52ae3d827e7ab5dc2842638011e68979b9b516c020ecee23e7b337d236810271013f088f16a03aed95b8decb39cb30cdd2220783a1f5f63916227278282d90030ac351e9e65c0b00094b7e3da61567602bcb07b03601f9a433773b4d4639ee6efe05f6e27d219cb7aa3f8ca2d91d27c88f15faa545d2350d610ab0112f1a7bff98"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r3}, 0x10)
io_cancel(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xe75f0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f00000000c0)=0x192, 0x4)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r7, &(0x7f0000000100), 0x15)
listen(r7, 0xa2)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, 0x0, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'caif0\x00', <r8=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x1, &(0x7f0000000080)={0x11, 0x1c, r8, 0x1, 0x5}, 0x14)
recvfrom$packet(r6, 0x0, 0x0, 0x2000, 0x0, 0x0)

357.479732ms ago: executing program 5 (id=3271):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x4e}, 0x28)

133.981203ms ago: executing program 5 (id=3272):
socket$tipc(0x1e, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xab, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

96.782375ms ago: executing program 4 (id=3273):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x2, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r1], 0x0, 0x8000000, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x13, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x22, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xe, 0x0, 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa30}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r2}, 0x8)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000780)="daecbc0bd519f08fb6f683a5370d224e2892ad469f21d79f2d47bdd9b423611d7179a06adb5baa81c6f9b0cb2fe058323bef276fbfc25133a93a2e3e4d8708eecd34115fb1b807c3ada337ebd4fa4dcccb4141876f2267771508de13ccf9853e7cf20c9b07691ac105be249800b477de1e7a1027b2f0bda9f42c8f454d8cf271a629d3e29dd5436e6647e853060b31f1ca87a1527d3af23b34d37a5d1f780d6655751b18422c272d660f0baaab60fb52cbad", 0xb2)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 4 (id=3274):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x0, 0x0)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
inotify_init()
timerfd_create(0x8, 0x0)
epoll_create1(0x80000)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRESDEC=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000001c0), &(0x7f0000000200)='./file1\x00', 0x8, 0x2)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[])
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x2000c8, &(0x7f00000005c0)=ANY=[@ANYBLOB='codepage=874,nodots,dots,tz=UTC,dots,nodots,codepage=862,dots,dots,check=strict,allow_utime=000000000000000000001,sys_immutable,nodots,nfs,quiet,dots,nodots,nodots,debug,usefree,tz=UTC,flush,nodots,\x00'], 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")

kernel console output (not intermixed with test programs):

6][T11177] veth1_to_hsr: left allmulticast mode
[  387.229086][T11177] veth1_to_hsr: left promiscuous mode
[  387.319248][T11183] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1850'.
[  387.885057][   T37] Bluetooth: (null): Invalid header checksum
[  387.952267][   T37] Bluetooth: (null): Invalid header checksum
[  388.088648][   T37] Bluetooth: (null): Invalid header checksum
[  388.199240][   T37] Bluetooth: (null): Invalid header checksum
[  388.224537][ T6227] Bluetooth: (null): Invalid header checksum
[  389.884728][T11200] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  390.531333][T11208] dvmrp8: entered allmulticast mode
[  390.613443][T11213] dvmrp8: left allmulticast mode
[  391.979638][T11242] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1871'.
[  392.535918][T11239] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1871'.
[  392.611273][T11246] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1871'.
[  393.167079][T11250] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  393.284956][T11254] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  393.333117][T11254] batman_adv: batadv0: Removing interface: batadv_slave_1
[  393.378438][T11257] dvmrp8: entered allmulticast mode
[  393.405813][T11257] dvmrp8: left allmulticast mode
[  393.717877][T11268] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1881'.
[  393.770375][T11270] netlink: 'syz.5.1882': attribute type 13 has an invalid length.
[  393.906759][T11275] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1884'.
[  394.497687][T11296] dvmrp8: entered allmulticast mode
[  394.553788][T11296] dvmrp8: left allmulticast mode
[  394.721802][T11301] loop5: detected capacity change from 0 to 256
[  395.996223][T11326] 8021q: adding VLAN 0 to HW filter on device bond3
[  396.130591][T11329] 8021q: adding VLAN 0 to HW filter on device bond3
[  396.175833][T11326] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1902'.
[  396.205154][T11329] bond3: (slave vxcan5): The slave device specified does not support setting the MAC address
[  396.245059][T11329] bond3: (slave vxcan5): Error -95 calling set_mac_address
[  396.373113][T11331] veth17: entered promiscuous mode
[  396.400367][T11331] bond3: (slave veth17): Enslaving as an active interface with an up link
[  396.429303][T11326] 8021q: adding VLAN 0 to HW filter on device bond3
[  396.580275][T11353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1910'.
[  396.597679][T11353] tc_dump_action: action bad kind
[  397.031113][T11375] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1920'.
[  397.219652][T11387] loop5: detected capacity change from 0 to 256
[  398.178160][T11419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1934'.
[  398.224553][T11418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  398.270021][T11418] batman_adv: batadv0: Removing interface: batadv_slave_1
[  398.325188][T11419] bond_slave_0: entered promiscuous mode
[  398.331261][T11419] bond_slave_1: entered promiscuous mode
[  398.337104][T11419] dummy0: entered promiscuous mode
[  398.370937][T11419] macvtap1: entered promiscuous mode
[  398.379196][T11419] bond0: entered promiscuous mode
[  398.386129][T11419] macvtap1: entered allmulticast mode
[  398.393251][T11419] bond0: entered allmulticast mode
[  398.399023][T11419] bond_slave_0: entered allmulticast mode
[  398.411795][T11419] bond_slave_1: entered allmulticast mode
[  398.418448][T11419] dummy0: entered allmulticast mode
[  398.429329][T11419] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  398.442092][T11422] bond0: left allmulticast mode
[  398.461724][T11422] bond_slave_0: left allmulticast mode
[  398.470880][T11422] bond_slave_1: left allmulticast mode
[  398.477198][T11422] dummy0: left allmulticast mode
[  398.482505][T11422] bond0: left promiscuous mode
[  398.495142][T11422] bond_slave_0: left promiscuous mode
[  398.500898][T11422] bond_slave_1: left promiscuous mode
[  398.506514][T11422] dummy0: left promiscuous mode
[  398.991033][T11449] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1947'.
[  399.705904][T11463] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1950'.
[  400.188330][T11486] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1962'.
[  400.424427][T11500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1965'.
[  401.866627][T11537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'.
[  401.896812][T11540] netlink: 'syz.4.1983': attribute type 5 has an invalid length.
[  402.585374][   T56] Bluetooth: (null): Invalid header checksum
[  403.056538][T11547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1987'.
[  404.745701][T11604] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2006'.
[  406.340164][T11660] loop0: detected capacity change from 0 to 256
[  406.412859][T11662] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  406.538802][T11662] batman_adv: batadv0: Removing interface: batadv_slave_1
[  406.830660][T11654] loop5: detected capacity change from 0 to 512
[  406.871471][T11673] netlink: 'syz.2.2034': attribute type 1 has an invalid length.
[  406.964994][T11654] EXT4-fs (loop5): orphan cleanup on readonly fs
[  406.988985][T11659] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  407.007237][T11673] 8021q: adding VLAN 0 to HW filter on device bond1
[  407.031315][T11654] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2027: bad orphan inode 13
[  407.061396][T11654] ext4_test_bit(bit=12, block=18) = 1
[  407.086238][T11654] is_bad_inode(inode)=0
[  407.093150][T11682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2036'.
[  407.102564][T11654] NEXT_ORPHAN(inode)=2130706432
[  407.108011][T11682] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  407.124163][T11682] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  407.140180][T11654] max_ino=32
[  407.154462][T11673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2034'.
[  407.155788][T11676] 8021q: adding VLAN 0 to HW filter on device bond1
[  407.180837][T11654] i_nlink=1
[  407.204489][T11654] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  407.248203][T11676] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  407.302563][T11676] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  407.532137][T11679] veth9: entered promiscuous mode
[  407.576571][T11679] bond1: (slave veth9): Enslaving as an active interface with an up link
[  407.614813][T11673] 8021q: adding VLAN 0 to HW filter on device bond1
[  407.901871][T11702] dvmrp8: entered allmulticast mode
[  407.928080][T11702] dvmrp8: left allmulticast mode
[  408.201897][T11708] lo speed is unknown, defaulting to 1000
[  409.691450][T11727] Bluetooth: MGMT ver 1.23
[  409.775461][T11732] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  410.439210][T11762] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2065'.
[  410.499893][T11765] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  410.738676][T11777] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  410.777954][T11775] syzkaller0: entered promiscuous mode
[  410.786951][T11775] syzkaller0: entered allmulticast mode
[  411.104991][T11785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2072'.
[  411.140300][T11785] veth1_to_hsr: entered promiscuous mode
[  411.146668][T11785] macsec1: entered promiscuous mode
[  411.152944][T11785] macsec1: entered allmulticast mode
[  411.158639][T11785] veth1_to_hsr: entered allmulticast mode
[  411.204844][T11785] veth1_to_hsr: left allmulticast mode
[  411.211555][T11785] veth1_to_hsr: left promiscuous mode
[  411.531278][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  411.543135][T11787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2075'.
[  411.568634][T11789] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  411.641995][T11789] batman_adv: batadv0: Removing interface: batadv_slave_1
[  411.857832][T11793] lo speed is unknown, defaulting to 1000
[  412.192660][T11825] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2087'.
[  412.762943][T11813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  413.445716][T11862] dummy0: entered promiscuous mode
[  413.451047][T11862] vlan2: entered promiscuous mode
[  413.491232][T11864] wg2: entered promiscuous mode
[  413.602729][T11869] syz_tun: entered allmulticast mode
[  413.663129][T11869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2102'.
[  413.730906][T11876] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2106'.
[  413.741753][T11880] netlink: 272 bytes leftover after parsing attributes in process `syz.4.2105'.
[  413.771893][T11876] openvswitch: netlink: nsh attribute has 5276 unknown bytes.
[  413.780872][T11869] syz_tun (unregistering): left allmulticast mode
[  413.781292][T11876] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  413.856479][T11870] svc: failed to register nfsdv3 RPC service (errno 111).
[  413.880891][T11870] svc: failed to register nfsaclv3 RPC service (errno 111).
[  414.362006][T11893] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2111'.
[  414.585131][T11898] netlink: 'syz.3.2113': attribute type 1 has an invalid length.
[  414.645383][T11898] 8021q: adding VLAN 0 to HW filter on device bond2
[  414.673042][T11900] bond2: (slave geneve2): making interface the new active one
[  414.685493][T11900] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  414.723889][T11900] syz.3.2113 (11900) used greatest stack depth: 18792 bytes left
[  414.854417][T11909] ipip0: entered allmulticast mode
[  415.097036][T11926] wg2: entered promiscuous mode
[  415.114624][T11926] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  415.375403][T11935] lo speed is unknown, defaulting to 1000
[  415.452642][T11913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.127539][T11952] syzkaller1: entered promiscuous mode
[  416.133149][T11952] syzkaller1: entered allmulticast mode
[  416.789992][T11982] lo speed is unknown, defaulting to 1000
[  416.975697][T11975] loop4: detected capacity change from 0 to 40427
[  417.012680][T11975] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  417.021465][T11975] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  417.673988][T11975] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  417.803432][T11998] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2149'.
[  417.808984][T11975] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  417.884187][T11975] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  418.003264][   T30] audit: type=1804 audit(1755624612.123:82): pid=11975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2143" name="/newroot/494/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  418.527849][T11998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2149'.
[  418.994127][T12031] veth3: entered promiscuous mode
[  419.011654][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2160'.
[  419.291685][T12057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2171'.
[  419.337306][T12054] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.857943][T12054] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.961537][T12054] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.068640][T12054] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.305088][ T3013] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  420.364846][ T3013] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  420.392069][ T3013] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  420.416138][ T3013] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  420.707192][T12083] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2182'.
[  420.720761][T12083] veth1_to_hsr: entered promiscuous mode
[  420.727054][T12083] macsec1: entered promiscuous mode
[  420.732455][T12083] macsec1: entered allmulticast mode
[  420.737798][T12083] veth1_to_hsr: entered allmulticast mode
[  420.775543][T12083] veth1_to_hsr: left allmulticast mode
[  420.781966][T12083] veth1_to_hsr: left promiscuous mode
[  421.627408][T12097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  421.848498][T12129] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2199'.
[  422.309721][T12161] bridge0: entered promiscuous mode
[  422.442146][T12167] lo speed is unknown, defaulting to 1000
[  422.471246][T12166] lo speed is unknown, defaulting to 1000
[  422.489230][T12169] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2216'.
[  422.629224][T12175] netlink: 'syz.3.2218': attribute type 1 has an invalid length.
[  422.703552][T12175] 8021q: adding VLAN 0 to HW filter on device bond3
[  422.938454][T12191] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2223'.
[  423.039121][T12194] vlan2: entered allmulticast mode
[  423.063639][T12194] hsr0: entered allmulticast mode
[  423.079792][T12194] hsr_slave_0: entered allmulticast mode
[  423.093624][T12194] hsr_slave_1: entered allmulticast mode
[  423.292419][T12211] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2229'.
[  424.237884][T12233] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  424.321638][T12237] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2241'.
[  424.517125][T12224] loop4: detected capacity change from 0 to 40427
[  424.545297][T12224] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  424.562473][T12224] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  424.681267][    C1] vcan0: j1939_tp_rxtimer: 0xffff888058916800: rx timeout, send abort
[  424.693619][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058916800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  424.936467][T12224] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  425.012692][T12224] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  425.031902][T12224] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  425.059655][   T30] audit: type=1804 audit(1755624619.183:83): pid=12224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2235" name="/newroot/513/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  425.151948][T12269] svc: failed to register nfsdv3 RPC service (errno 111).
[  425.199146][T12269] svc: failed to register nfsaclv3 RPC service (errno 111).
[  425.551670][T12276] loop0: detected capacity change from 0 to 256
[  426.349331][T12281] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2255'.
[  426.378390][T12281] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2255'.
[  426.422086][T12281] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2255'.
[  426.504543][T12281] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2255'.
[  427.143132][T12294] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2261'.
[  428.019016][T12332] netlink: 'syz.4.2274': attribute type 1 has an invalid length.
[  428.086741][T12332] 8021q: adding VLAN 0 to HW filter on device bond4
[  428.135481][T12338] bond4: (slave geneve2): making interface the new active one
[  428.202276][T12338] bond4: (slave geneve2): Enslaving as an active interface with an up link
[  428.257501][T12340] bridge0: port 3(erspan0) entered blocking state
[  428.310004][T12340] bridge0: port 3(erspan0) entered disabled state
[  428.330461][T12340] erspan0: entered allmulticast mode
[  428.363700][T12340] erspan0: entered promiscuous mode
[  428.388945][T12340] bridge0: port 3(erspan0) entered blocking state
[  428.396057][T12340] bridge0: port 3(erspan0) entered forwarding state
[  428.425577][T12345] netlink: 272 bytes leftover after parsing attributes in process `syz.3.2278'.
[  428.444970][T12341] erspan0: left allmulticast mode
[  428.453051][T12341] erspan0: left promiscuous mode
[  428.492598][T12341] bridge0: port 3(erspan0) entered disabled state
[  428.885942][T12367] loop4: detected capacity change from 0 to 512
[  429.013283][T12367] EXT4-fs (loop4): orphan cleanup on readonly fs
[  429.022213][T12367] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.2285: bad orphan inode 13
[  429.034636][T12367] ext4_test_bit(bit=12, block=18) = 1
[  429.040417][T12367] is_bad_inode(inode)=0
[  429.045831][T12367] NEXT_ORPHAN(inode)=2130706432
[  429.050715][T12367] max_ino=32
[  429.054139][T12367] i_nlink=1
[  429.058310][T12367] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  429.588756][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.621767][T12388] netlink: 272 bytes leftover after parsing attributes in process `syz.5.2293'.
[  429.714952][T12390] netlink: 'syz.0.2296': attribute type 10 has an invalid length.
[  429.971746][T12406] netlink: 'syz.3.2302': attribute type 1 has an invalid length.
[  430.068571][T12406] 8021q: adding VLAN 0 to HW filter on device bond4
[  430.677694][   T56] Bluetooth: (null): Invalid header checksum
[  430.757848][   T56] Bluetooth: (null): Invalid header checksum
[  430.887593][   T56] Bluetooth: (null): Invalid header checksum
[  430.961530][   T56] Bluetooth: (null): Invalid header checksum
[  431.007234][ T1334] Bluetooth: (null): Invalid header checksum
[  431.114313][   T37] Bluetooth: (null): Invalid header checksum
[  431.182741][T12436] team_slave_0: entered promiscuous mode
[  431.188551][T12436] team_slave_1: entered promiscuous mode
[  431.198918][T12436] vlan2: entered promiscuous mode
[  431.206523][T12436] team0: entered promiscuous mode
[  431.362779][T12446] netlink: 272 bytes leftover after parsing attributes in process `syz.0.2316'.
[  431.471342][T12451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2318'.
[  431.521222][T12451] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2318'.
[  431.574026][T12451] gretap1: entered promiscuous mode
[  431.963156][T12482] vlan2: entered promiscuous mode
[  434.136312][T12520] svc: failed to register nfsdv3 RPC service (errno 111).
[  434.147275][T12520] svc: failed to register nfsaclv3 RPC service (errno 111).
[  434.186242][T12529] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2345'.
[  434.299040][T12526] lo speed is unknown, defaulting to 1000
[  434.939538][T12564] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2356'.
[  435.148357][T12574] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2360'.
[  435.196603][T12574] bond_slave_0: entered promiscuous mode
[  435.202524][T12574] bond_slave_1: entered promiscuous mode
[  435.215064][T12574] macvtap1: entered promiscuous mode
[  435.221932][T12574] bond0: entered promiscuous mode
[  435.228613][T12574] macvtap1: entered allmulticast mode
[  435.235331][T12574] bond0: entered allmulticast mode
[  435.240649][T12574] bond_slave_0: entered allmulticast mode
[  435.251561][T12574] bond_slave_1: entered allmulticast mode
[  435.259270][T12574] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  435.283627][T12579] bond0: left allmulticast mode
[  435.290976][T12579] bond_slave_0: left allmulticast mode
[  435.308516][T12579] bond_slave_1: left allmulticast mode
[  435.336947][T12579] bond0: left promiscuous mode
[  435.353097][T12579] bond_slave_0: left promiscuous mode
[  435.358707][T12579] bond_slave_1: left promiscuous mode
[  435.648881][T12601] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2372'.
[  435.676390][T12598] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.684221][T12598] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.763506][T12604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2368'.
[  436.280613][T12598] wg2: left promiscuous mode
[  436.386128][T12598] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  436.532204][T12598] ipip0: left allmulticast mode
[  436.547012][T12604] veth1_to_hsr: entered promiscuous mode
[  436.554652][T12604] macsec1: entered promiscuous mode
[  436.561940][T12604] macsec1: entered allmulticast mode
[  436.568104][T12604] veth1_to_hsr: entered allmulticast mode
[  436.578749][T12604] veth1_to_hsr: left allmulticast mode
[  436.585423][T12604] veth1_to_hsr: left promiscuous mode
[  436.598907][ T1334] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  436.608883][ T1334] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.624488][ T1334] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  436.634046][ T1334] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.675714][ T1334] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  436.689263][ T1334] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.716839][ T1334] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  436.749197][ T1334] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.810405][T12633] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2383'.
[  436.811253][T12634] netlink: 'syz.3.2384': attribute type 13 has an invalid length.
[  436.830345][T12634] gretap0: refused to change device tx_queue_len
[  436.838160][T12634] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  437.393120][ T5863] Bluetooth: hci5: link tx timeout
[  437.399410][ T5863] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.407797][ T7115] Bluetooth: hci5: link tx timeout
[  437.413027][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.720624][T12676] lo speed is unknown, defaulting to 1000
[  437.737265][T12680] netlink: 'syz.2.2406': attribute type 1 has an invalid length.
[  437.789907][ T7115] Bluetooth: hci5: link tx timeout
[  437.795239][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.803171][ T7115] Bluetooth: hci5: link tx timeout
[  437.808480][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.811598][T12680] 8021q: adding VLAN 0 to HW filter on device bond2
[  437.817321][ T7115] Bluetooth: hci5: link tx timeout
[  437.828931][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.837957][ T7115] Bluetooth: hci5: link tx timeout
[  437.843463][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.851340][ T7115] Bluetooth: hci5: link tx timeout
[  437.857017][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  437.902722][T12684] bond2: (slave geneve2): making interface the new active one
[  437.920108][T12684] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  438.176883][T12706] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2416'.
[  438.349752][ T7115] Bluetooth: hci5: link tx timeout
[  438.355486][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  438.363799][ T7115] Bluetooth: hci5: link tx timeout
[  438.370640][ T7115] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  438.478176][T12721] lo speed is unknown, defaulting to 1000
[  439.054457][T12748] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2433'.
[  439.120271][T12753] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2436'.
[  439.276718][T12765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2437'.
[  439.367180][T12769] lo speed is unknown, defaulting to 1000
[  439.574484][ T5863] Bluetooth: hci5: command 0x0406 tx timeout
[  439.766192][T12781] loop4: detected capacity change from 0 to 512
[  439.926835][T12781] EXT4-fs (loop4): orphan cleanup on readonly fs
[  439.947872][T12781] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.2443: bad orphan inode 13
[  439.961160][T12781] ext4_test_bit(bit=12, block=18) = 1
[  439.967194][T12781] is_bad_inode(inode)=0
[  439.971595][T12781] NEXT_ORPHAN(inode)=2130706432
[  439.976944][T12781] max_ino=32
[  439.980304][T12781] i_nlink=1
[  439.991913][T12781] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  440.635331][T12786] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2447'.
[  440.986965][T12795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2449'.
[  441.030626][T12795] macsec1: entered promiscuous mode
[  441.036106][T12795] veth1_to_hsr: entered promiscuous mode
[  441.043379][T12795] macsec1: entered allmulticast mode
[  441.048959][T12795] veth1_to_hsr: entered allmulticast mode
[  441.423007][T12795] veth1_to_hsr: left allmulticast mode
[  441.428678][T12795] veth1_to_hsr: left promiscuous mode
[  441.506569][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.604942][T12801] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2453'.
[  441.938680][T12794] loop2: detected capacity change from 0 to 40427
[  441.957731][T12794] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  441.985821][T12794] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  442.114512][T12794] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  442.131665][T12794] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  442.156985][T12794] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  442.197543][   T30] audit: type=1804 audit(1755624636.323:84): pid=12794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2450" name="/newroot/417/bus/bus" dev="loop2" ino=10 res=1 errno=0
[  442.376931][T12836] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2463'.
[  442.577961][T12840] loop4: detected capacity change from 0 to 512
[  442.712795][T12842] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2464'.
[  442.764271][T12842] veth1_to_hsr: entered promiscuous mode
[  442.771156][T12842] macsec1: entered promiscuous mode
[  442.778062][T12842] macsec1: entered allmulticast mode
[  442.784314][T12842] veth1_to_hsr: entered allmulticast mode
[  443.127762][T12842] veth1_to_hsr: left allmulticast mode
[  443.133700][T12842] veth1_to_hsr: left promiscuous mode
[  443.215497][T12840] EXT4-fs (loop4): orphan cleanup on readonly fs
[  443.250978][T12840] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.2462: bad orphan inode 13
[  443.521373][T12840] ext4_test_bit(bit=12, block=18) = 1
[  443.527099][T12840] is_bad_inode(inode)=0
[  443.531282][T12840] NEXT_ORPHAN(inode)=2130706432
[  443.536407][T12840] max_ino=32
[  443.539633][T12840] i_nlink=1
[  443.544233][T12840] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  443.933436][T12847] syzkaller1: entered promiscuous mode
[  443.967196][T12847] syzkaller1: entered allmulticast mode
[  444.096397][T12853] netlink: 'syz.3.2469': attribute type 13 has an invalid length.
[  444.533851][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.277381][T12874] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2467'.
[  445.379535][T12877] pim6reg1: entered promiscuous mode
[  445.403504][T12877] pim6reg1: entered allmulticast mode
[  445.964328][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  445.972321][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  446.542995][T12929] netlink: 'syz.2.2501': attribute type 1 has an invalid length.
[  446.611661][T12929] 8021q: adding VLAN 0 to HW filter on device bond3
[  448.373757][T12970] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2513'.
[  448.414388][T12970] veth1_to_hsr: entered promiscuous mode
[  448.420747][T12970] macsec1: entered promiscuous mode
[  448.427370][T12970] macsec1: entered allmulticast mode
[  448.433265][T12970] veth1_to_hsr: entered allmulticast mode
[  448.744032][T12970] veth1_to_hsr: left allmulticast mode
[  448.750050][T12970] veth1_to_hsr: left promiscuous mode
[  449.031853][T12979] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2518'.
[  449.896431][T13001] vlan2: entered promiscuous mode
[  450.245738][T13010] loop2: detected capacity change from 0 to 4096
[  450.253204][T13010] EXT4-fs: Ignoring removed mblk_io_submit option
[  450.277289][T13010] EXT4-fs (loop2): Test dummy encryption mode enabled
[  450.320188][T13010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.820313][T13023] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2533'.
[  451.555656][T13040] vlan2: entered promiscuous mode
[  451.591639][T13040] team0: entered promiscuous mode
[  451.598132][T13040] team_slave_0: entered promiscuous mode
[  451.605335][T13040] team_slave_1: entered promiscuous mode
[  452.521001][T13060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2546'.
[  454.002653][T13077] netlink: 'syz.4.2550': attribute type 1 has an invalid length.
[  454.124929][T13083] loop5: detected capacity change from 0 to 512
[  455.816810][T13077] 8021q: adding VLAN 0 to HW filter on device bond5
[  456.069161][T13083] EXT4-fs (loop5): orphan cleanup on readonly fs
[  456.078829][T13083] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2551: bad orphan inode 13
[  456.090866][T13083] ext4_test_bit(bit=12, block=18) = 1
[  456.096371][T13083] is_bad_inode(inode)=0
[  456.100640][T13083] NEXT_ORPHAN(inode)=2130706432
[  456.105942][T13083] max_ino=32
[  456.109328][T13083] i_nlink=1
[  456.116944][T13083] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  456.322903][T13089] vlan2: entered promiscuous mode
[  456.361960][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.567080][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.823161][T13123] netlink: 'syz.0.2564': attribute type 1 has an invalid length.
[  457.937481][T13123] 8021q: adding VLAN 0 to HW filter on device bond1
[  458.029122][T13126] bond1: (slave geneve2): making interface the new active one
[  458.058857][T13126] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  458.094957][ T3013] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  458.124888][ T3013] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  458.145479][ T3013] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  458.186274][ T3013] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  458.618826][T13146] loop0: detected capacity change from 0 to 512
[  458.671194][T13146] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  458.712815][T13146] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042e11c, mo2=0002]
[  458.721584][T13146] System zones: 1-12
[  458.726792][T13146] EXT4-fs (loop0): orphan cleanup on readonly fs
[  458.743295][T13146] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2570: bg 0: block 361: padding at end of block bitmap is not set
[  458.774740][T13146] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  458.824734][T13146] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2570: invalid indirect mapped block 12 (level 1)
[  458.846364][T13146] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.2570: invalid indirect mapped block 2 (level 2)
[  458.869382][T13146] EXT4-fs (loop0): 1 truncate cleaned up
[  458.882067][T13146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  458.935917][T13146] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #2: block 5: comm syz.0.2570: lblock 0 mapped to illegal pblock 5 (length 1)
[  458.967747][T13146] EXT4-fs warning (device loop0): dx_probe:791: inode #2: lblock 0: comm syz.0.2570: error -117 reading directory block
[  458.986475][T13146] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #2: block 5: comm syz.0.2570: lblock 0 mapped to illegal pblock 5 (length 1)
[  459.010008][T13146] EXT4-fs warning (device loop0): dx_probe:791: inode #2: lblock 0: comm syz.0.2570: error -117 reading directory block
[  459.434861][T13144] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2566'.
[  460.023095][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  460.030102][T13151] overlayfs: failed to clone upperpath
[  460.244410][T13170] process 'syz.4.2575' launched '/dev/fd/5' with NULL argv: empty string added
[  460.445437][T13172] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2576'.
[  460.639771][   T30] audit: type=1326 audit(1755624655.763:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13173 comm="syz.2.2577" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15c9d8ebe9 code=0x0
[  460.754099][T13175] 9p: Bad value for 'rfdno'
[  461.054460][T13180] loop0: detected capacity change from 0 to 1024
[  461.089966][T13180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  462.115418][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2583'.
[  462.136748][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.155042][T13196] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  463.029002][T13215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2588'.
[  463.115525][T13217] loop2: detected capacity change from 0 to 1024
[  463.151438][T13217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  464.551771][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  464.586779][T13239] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2596'.
[  464.645458][T13239] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  464.697616][T13247] loop0: detected capacity change from 0 to 512
[  464.746594][T13247] EXT4-fs: Ignoring removed orlov option
[  465.334179][T13247] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  465.625095][T13247] ext4 filesystem being mounted at /511/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  466.526637][T13261] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  466.672390][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  466.798763][T13269] netlink: 'syz.2.2607': attribute type 1 has an invalid length.
[  467.050880][T13269] 8021q: adding VLAN 0 to HW filter on device bond4
[  467.096454][T13281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2607'.
[  467.180478][T13278] veth13: entered promiscuous mode
[  467.203140][T13278] bond4: (slave veth13): Enslaving as an active interface with a down link
[  468.261564][T13285] lo speed is unknown, defaulting to 1000
[  470.080730][T11796] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  470.250689][T13308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  470.280069][T13317] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2621'.
[  470.296507][T11796] usb 6-1: Using ep0 maxpacket: 16
[  470.311281][T11796] usb 6-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 60, changing to 9
[  470.332958][T11796] usb 6-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96
[  470.345568][T11796] usb 6-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 1023
[  470.356262][T11796] usb 6-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  470.370707][T11796] usb 6-1: config 1 interface 0 has no altsetting 0
[  470.384118][T11796] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  470.399303][T11796] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  470.407728][T11796] usb 6-1: SerialNumber: syz
[  470.424646][T13306] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  470.442310][T13306] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  470.489883][T13318] lo speed is unknown, defaulting to 1000
[  470.662510][T13306] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  470.680717][T13306] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  470.866465][T13315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  471.114140][T13336] loop4: detected capacity change from 0 to 1024
[  471.127668][T13336] EXT4-fs: Ignoring removed bh option
[  471.138745][T13336] EXT4-fs: Ignoring removed nomblk_io_submit option
[  471.181690][T13336] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  471.347785][T11796] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42
[  471.926009][T11796] usb 6-1: USB disconnect, device number 3
[  471.945718][T11796] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device
[  472.071484][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  472.555246][T13356] loop4: detected capacity change from 0 to 512
[  472.628408][T13356] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  472.638505][T13356] EXT4-fs (loop4): orphan cleanup on readonly fs
[  472.652131][T13356] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  472.670199][T13356] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  472.681022][T13356] EXT4-fs error (device loop4): __ext4_iget:5464: inode #16: block 127754: comm syz.4.2630: invalid block
[  472.696386][T13356] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2630: couldn't read orphan inode 16 (err -117)
[  472.728746][T13356] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  474.119328][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.278008][T13379] lo speed is unknown, defaulting to 1000
[  474.727718][T13385] loop4: detected capacity change from 0 to 512
[  474.743693][T13385] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  474.759013][T13385] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:169: inode #17: comm syz.4.2641: inline data xattr refers to an external xattr inode
[  474.775398][T13385] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2641: couldn't read orphan inode 17 (err -117)
[  474.790907][T13385] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  474.993584][T13370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  475.167831][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2641'.
[  475.708574][T13397] syz.4.2641 (13397) used greatest stack depth: 16880 bytes left
[  475.821494][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  475.963105][T13409] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  476.431521][ T5863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  476.439818][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  476.447716][ T5863] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  476.455830][ T5863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  476.465699][ T5863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  476.576169][T13423] lo speed is unknown, defaulting to 1000
[  478.185428][T13434] loop2: detected capacity change from 0 to 256
[  478.210239][T13434] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x368b264c, utbl_chksum : 0xe619d30d)
[  478.443518][T13427] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.478755][T13434] exFAT-fs (loop2): IO charset B not found
[  478.513442][ T5863] Bluetooth: hci1: command tx timeout
[  479.459084][T13455] loop4: detected capacity change from 0 to 1024
[  479.552601][T13455] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  479.795776][ T6894] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.331641][ T6894] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.378575][T13423] chnl_net:caif_netlink_parms(): no params data found
[  480.519534][ T5875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.595379][ T5863] Bluetooth: hci1: command tx timeout
[  480.640345][ T6894] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.308228][ T6894] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.099171][T13423] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.229752][T13423] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.283783][T13423] bridge_slave_0: entered allmulticast mode
[  482.290953][T13423] bridge_slave_0: entered promiscuous mode
[  482.352871][T13423] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.387332][T13423] bridge0: port 2(bridge_slave_1) entered disabled state
[  482.447665][T13423] bridge_slave_1: entered allmulticast mode
[  482.499893][T13423] bridge_slave_1: entered promiscuous mode
[  482.523809][T13487] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  482.538422][T13492] tipc: Enabled bearer <udp:syz1>, priority 10
[  482.878595][ T5863] Bluetooth: hci1: command tx timeout
[  482.887841][T13506] loop0: detected capacity change from 0 to 256
[  482.981443][T13423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  483.027272][T13423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  483.045575][T13501] lo speed is unknown, defaulting to 1000
[  483.099634][T13500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.136420][T13423] team0: Port device team_slave_0 added
[  483.145718][T13423] team0: Port device team_slave_1 added
[  483.190371][ T6894] bridge_slave_1: left allmulticast mode
[  483.198424][ T6894] bridge_slave_1: left promiscuous mode
[  483.204351][ T6894] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.212784][ T6894] bridge_slave_0: left allmulticast mode
[  483.222178][ T6894] bridge_slave_0: left promiscuous mode
[  483.228088][ T6894] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.307526][ T6894] bond2 (unregistering): (slave geneve2): Releasing active interface
[  483.343749][ T6894] bridge0 (unregistering): left allmulticast mode
[  483.426537][ T6894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  483.439663][ T6894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  483.451151][ T6894] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  483.460981][ T6894] bond0 (unregistering): Released all slaves
[  483.472439][ T6894] bond1 (unregistering): (slave veth5): Releasing active interface
[  483.481548][ T6894] bond1 (unregistering): Released all slaves
[  483.509591][ T6894] bond2 (unregistering): Released all slaves
[  483.526696][ T6894] bond3 (unregistering): Released all slaves
[  483.544975][T13513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2672'.
[  483.557988][ T6894] bond4 (unregistering): Released all slaves
[  483.572594][T13423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  483.580595][T13423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  483.607412][T13423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  483.639485][T13423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  483.647878][T13423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  483.675514][ T5916] tipc: Node number set to 3110031105
[  483.687158][T13423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  483.782967][ T6894] tipc: Left network mode
[  483.831236][T13423] hsr_slave_0: entered promiscuous mode
[  483.839597][T13423] hsr_slave_1: entered promiscuous mode
[  483.864110][T13423] debugfs: 'hsr0' already exists in 'hsr'
[  483.870155][T13423] Cannot create hsr debugfs directory
[  484.033894][ T5916] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  484.062093][ T6894] hsr_slave_0: left promiscuous mode
[  484.070246][ T6894] hsr_slave_1: left promiscuous mode
[  484.077142][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  484.085187][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_0
[  484.099447][ T6894] veth1_macvtap: left promiscuous mode
[  484.105635][ T6894] veth0_macvtap: left promiscuous mode
[  484.111593][ T6894] veth1_vlan: left promiscuous mode
[  484.121442][ T6894] veth0_vlan: left promiscuous mode
[  484.184840][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  484.202046][ T5916] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  484.218708][ T5916] usb 5-1: config 0 has no interface number 0
[  484.238410][ T5916] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  484.252443][ T6894] batadv1 (unregistering): left promiscuous mode
[  484.261861][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.273135][ T6894] team0 (unregistering): Port device batadv1 removed
[  484.282212][ T5916] usb 5-1: Product: syz
[  484.286735][ T5916] usb 5-1: Manufacturer: syz
[  484.291539][ T5916] usb 5-1: SerialNumber: syz
[  484.299662][ T6894] pim6reg (unregistering): left allmulticast mode
[  484.310252][ T5916] usb 5-1: config 0 descriptor??
[  484.324788][ T5916] smsc95xx v2.0.0
[  484.442071][ T6894] team_slave_1 (unregistering): left promiscuous mode
[  484.449673][ T6894] team0 (unregistering): Port device team_slave_1 removed
[  484.461734][ T6894] team_slave_0 (unregistering): left promiscuous mode
[  484.469476][ T6894] team0 (unregistering): Port device team_slave_0 removed
[  484.736867][ T5916] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  484.798271][ T5916] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  484.913552][ T5863] Bluetooth: hci1: command tx timeout
[  485.098437][T13558] loop0: detected capacity change from 0 to 512
[  485.121817][T13558] EXT4-fs: Ignoring removed mblk_io_submit option
[  485.160352][T13558] EXT4-fs: inline encryption not supported
[  485.166752][T13558] EXT4-fs: Ignoring removed mblk_io_submit option
[  485.183648][T13558] EXT4-fs (loop0): Test dummy encryption mode enabled
[  485.224371][T13558] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  485.999157][T13558] EXT4-fs (loop0): 1 truncate cleaned up
[  486.039698][T13558] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  486.106095][T13423] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  486.172099][T13423] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  486.249517][T13423] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  486.349339][T13423] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  486.415765][ T5916] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  486.469862][T13571] loop2: detected capacity change from 0 to 256
[  486.478365][ T5916] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -61
[  486.607364][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  486.719175][T13423] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.762471][T13571] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  486.780380][T13423] 8021q: adding VLAN 0 to HW filter on device team0
[  486.844800][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.852197][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  486.876420][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.884151][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  486.962367][T13583] syzkaller1: entered promiscuous mode
[  486.978141][T13583] syzkaller1: entered allmulticast mode
[  487.065159][T13423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  487.247378][T13590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2685'.
[  487.261800][T13590] macvtap1: entered promiscuous mode
[  487.288378][T13590] bond0: entered promiscuous mode
[  487.307208][T13590] bond_slave_0: entered promiscuous mode
[  487.334291][T13590] bond_slave_1: entered promiscuous mode
[  487.341880][T13590] macvtap1: entered allmulticast mode
[  487.357735][T13590] bond0: entered allmulticast mode
[  487.367920][T13590] bond_slave_0: entered allmulticast mode
[  487.378701][T13590] bond_slave_1: entered allmulticast mode
[  487.394579][T13590] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  487.499645][T13597] bond0: left allmulticast mode
[  487.506057][T13597] bond_slave_0: left allmulticast mode
[  487.522291][T13597] bond_slave_1: left allmulticast mode
[  487.539589][T13597] bond0: left promiscuous mode
[  487.553808][T13597] bond_slave_0: left promiscuous mode
[  487.562810][T13597] bond_slave_1: left promiscuous mode
[  488.096622][   T10] usb 5-1: USB disconnect, device number 3
[  488.338010][T13423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  488.715612][ T1334] Bluetooth: (null): Invalid header checksum
[  488.790495][ T1334] Bluetooth: (null): Invalid header checksum
[  488.899515][ T1334] Bluetooth: (null): Invalid header checksum
[  488.986500][ T1334] Bluetooth: (null): Invalid header checksum
[  488.989136][T13423] veth0_vlan: entered promiscuous mode
[  489.031891][T13423] veth1_vlan: entered promiscuous mode
[  489.044040][ T1334] Bluetooth: (null): Invalid header checksum
[  489.090611][T13423] veth0_macvtap: entered promiscuous mode
[  489.125681][T13423] veth1_macvtap: entered promiscuous mode
[  489.176239][T13423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  489.212044][T13423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  489.251815][ T6125] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  489.405529][ T3013] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  489.439159][ T3013] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  489.545772][T13610] loop4: detected capacity change from 0 to 40427
[  489.571538][T13610] F2FS-fs (loop4): invalid crc value
[  489.636092][ T3013] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  489.777244][T13643] loop2: detected capacity change from 0 to 512
[  489.800232][T13643] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  489.931518][T13643] EXT4-fs (loop2): 1 truncate cleaned up
[  489.945578][T13643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  491.069636][T13610] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  491.207362][T13610] F2FS-fs (loop4): Start checkpoint disabled!
[  491.284746][T13610] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  491.503669][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.544060][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.566857][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  491.642195][ T6894] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.656899][ T6894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.777885][   T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  491.964687][   T10] usb 1-1: Using ep0 maxpacket: 32
[  492.002075][   T10] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  492.215255][ T3013] Bluetooth: (null): Invalid header checksum
[  492.368768][ T3013] Bluetooth: (null): Invalid header checksum
[  492.492954][   T10] usb 1-1: config 0 has no interface number 0
[  492.500222][ T3013] Bluetooth: (null): Invalid header checksum
[  492.513963][ T3013] Bluetooth: (null): Invalid header checksum
[  492.526057][   T10] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  492.547433][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.574400][ T3013] Bluetooth: (null): Invalid header checksum
[  492.583486][   T10] usb 1-1: Product: syz
[  492.594114][   T10] usb 1-1: Manufacturer: syz
[  492.598786][   T10] usb 1-1: SerialNumber: syz
[  492.625103][   T10] usb 1-1: config 0 descriptor??
[  492.635624][   T10] smsc95xx v2.0.0
[  493.808488][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  493.853702][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  493.890315][T13683] svc: failed to register nfsdv3 RPC service (errno 111).
[  493.995457][T13692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2704'.
[  494.035340][T13692] veth1_to_hsr: entered promiscuous mode
[  494.041734][T13692] macsec1: entered promiscuous mode
[  494.048597][T13692] macsec1: entered allmulticast mode
[  494.054116][T13692] veth1_to_hsr: entered allmulticast mode
[  494.423241][T13692] veth1_to_hsr: left allmulticast mode
[  494.429098][T13692] veth1_to_hsr: left promiscuous mode
[  494.465432][T13683] svc: failed to register nfsaclv3 RPC service (errno 111).
[  494.862936][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  494.901097][   T10] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  494.979455][   T10] usb 1-1: USB disconnect, device number 5
[  495.261126][T13710] syzkaller0: entered promiscuous mode
[  495.319157][T13710] syzkaller0: entered allmulticast mode
[  496.005204][T13734] lo speed is unknown, defaulting to 1000
[  497.305117][ T7115] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  497.313939][ T7115] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  497.321833][ T7115] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  497.329947][ T7115] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  497.337919][ T7115] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  497.426675][T13746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2718'.
[  497.888868][T13746] macsec1: entered promiscuous mode
[  497.895891][T13746] veth1_to_hsr: entered promiscuous mode
[  497.902548][T13746] macsec1: entered allmulticast mode
[  497.908297][T13746] veth1_to_hsr: entered allmulticast mode
[  497.954689][T13746] veth1_to_hsr: left allmulticast mode
[  497.960351][T13746] veth1_to_hsr: left promiscuous mode
[  498.035883][T13739] lo speed is unknown, defaulting to 1000
[  498.044800][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  498.286948][   T10] usb 4-1: Using ep0 maxpacket: 32
[  498.310527][   T10] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  498.355676][   T10] usb 4-1: config 0 has no interface number 0
[  498.388286][   T10] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  498.405008][ T6894] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.423595][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.449337][   T10] usb 4-1: Product: syz
[  498.459180][   T10] usb 4-1: Manufacturer: syz
[  498.473564][   T10] usb 4-1: SerialNumber: syz
[  498.499414][   T10] usb 4-1: config 0 descriptor??
[  498.509233][T13760] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2721'.
[  498.523412][   T10] smsc95xx v2.0.0
[  498.531974][ T6894] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.569794][T13759] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2721'.
[  498.636904][ T6894] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.697517][T13739] chnl_net:caif_netlink_parms(): no params data found
[  498.743155][ T6894] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.825773][T13752] loop5: detected capacity change from 0 to 40427
[  498.845500][T13752] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  498.866093][T13752] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  498.927478][   T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  498.953474][   T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  498.980788][T13739] bridge0: port 1(bridge_slave_0) entered blocking state
[  498.996122][T13739] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.005401][T13752] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  499.006863][T13739] bridge_slave_0: entered allmulticast mode
[  499.022206][T13739] bridge_slave_0: entered promiscuous mode
[  499.033225][T13752] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  499.043784][T13752] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  499.053825][T13739] bridge0: port 2(bridge_slave_1) entered blocking state
[  499.069104][T13739] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.079466][   T30] audit: type=1804 audit(1755624695.206:86): pid=13752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2719" name="/newroot/293/bus/bus" dev="loop5" ino=10 res=1 errno=0
[  499.080721][T13739] bridge_slave_1: entered allmulticast mode
[  499.109616][T13739] bridge_slave_1: entered promiscuous mode
[  499.256724][T13739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  499.295108][T13739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  499.327027][T13764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  499.345333][ T6894] bridge_slave_1: left allmulticast mode
[  499.370615][ T6894] bridge_slave_1: left promiscuous mode
[  499.405020][ T6894] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.431320][ T6894] bridge_slave_0: left allmulticast mode
[  499.440787][ T6894] bridge_slave_0: left promiscuous mode
[  499.454046][ T6894] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.659766][T13776] netlink: 'syz.2.2725': attribute type 1 has an invalid length.
[  499.678171][ T6894] bond4 (unregistering): (slave geneve2): Releasing active interface
[  499.797090][ T6894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  499.809180][ T6894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  499.823021][ T6894] bond0 (unregistering): Released all slaves
[  499.840298][ T6894] bond1 (unregistering): (slave veth11): Releasing active interface
[  499.859981][ T6894] bond1 (unregistering): Released all slaves
[  499.876770][ T6894] bond2 (unregistering): (slave veth13): Releasing active interface
[  499.887538][ T6894] bond2 (unregistering): Released all slaves
[  499.901806][ T6894] bond3 (unregistering): (slave veth17): Releasing backup interface
[  499.916810][ T6894] bond3 (unregistering): Released all slaves
[  499.931112][ T6894] bond4 (unregistering): Released all slaves
[  499.945640][ T6894] bond5 (unregistering): Released all slaves
[  499.953682][ T5863] Bluetooth: hci3: command tx timeout
[  499.990258][T13776] 8021q: adding VLAN 0 to HW filter on device bond5
[  500.002698][T13739] team0: Port device team_slave_0 added
[  500.012019][T13739] team0: Port device team_slave_1 added
[  500.126605][T13739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  500.158326][T13739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  500.160985][T13784] svc: failed to register nfsdv3 RPC service (errno 111).
[  500.185162][T13739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  500.203677][   T10] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  500.215242][   T10] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -61
[  500.226667][ T6894] tipc: Disabling bearer <udp:syz1>
[  500.232760][T13739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  500.239814][ T6894] tipc: Left network mode
[  500.246529][T13784] svc: failed to register nfsaclv3 RPC service (errno 111).
[  500.260236][T13739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  500.298255][T13739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  500.391006][T13793] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2728'.
[  501.434629][T13739] hsr_slave_0: entered promiscuous mode
[  501.447135][T13739] hsr_slave_1: entered promiscuous mode
[  501.512545][ T1216] usb 4-1: USB disconnect, device number 2
[  501.891226][T13801] lo speed is unknown, defaulting to 1000
[  502.033537][ T5863] Bluetooth: hci3: command tx timeout
[  502.249663][T13827] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2736'.
[  502.259839][ T6894] hsr_slave_0: left promiscuous mode
[  502.264607][T13827] netlink: 'syz.2.2736': attribute type 1 has an invalid length.
[  502.277329][ T6894] hsr_slave_1: left promiscuous mode
[  502.284886][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  502.293403][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_0
[  502.307852][ T6894] veth1_macvtap: left promiscuous mode
[  502.313725][ T6894] veth0_macvtap: left promiscuous mode
[  502.320692][ T6894] veth1_vlan: left promiscuous mode
[  502.326637][ T6894] veth0_vlan: left promiscuous mode
[  502.567018][T13818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.608134][ T6894] pim6reg (unregistering): left allmulticast mode
[  503.459658][T13842] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2741'.
[  503.498248][ T6894] team0 (unregistering): Port device team_slave_1 removed
[  503.600307][T13843] loop3: detected capacity change from 0 to 512
[  503.777461][T13843] EXT4-fs (loop3): orphan cleanup on readonly fs
[  503.787582][T13843] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.2740: bad orphan inode 13
[  503.806202][T13843] ext4_test_bit(bit=12, block=18) = 1
[  503.811912][T13843] is_bad_inode(inode)=0
[  503.816397][T13843] NEXT_ORPHAN(inode)=2130706432
[  503.821429][T13843] max_ino=32
[  503.824795][T13843] i_nlink=1
[  503.834479][T13843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  504.240196][ T5863] Bluetooth: hci3: command tx timeout
[  504.946926][ T6894] team0 (unregistering): Port device team_slave_0 removed
[  504.947688][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.147959][T13827] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[  505.290342][T13854] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2744'.
[  505.593093][T13864] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2743'.
[  506.007731][T13864] macsec1: entered promiscuous mode
[  506.013186][T13864] veth1_to_hsr: entered promiscuous mode
[  506.019285][T13864] macsec1: entered allmulticast mode
[  506.024925][T13864] veth1_to_hsr: entered allmulticast mode
[  506.032027][T13864] veth1_to_hsr: left allmulticast mode
[  506.037636][T13864] veth1_to_hsr: left promiscuous mode
[  506.273730][ T5863] Bluetooth: hci3: command tx timeout
[  506.386219][T13882] loop2: detected capacity change from 0 to 1024
[  506.422573][T13882] EXT4-fs: Ignoring removed orlov option
[  506.465305][T13882] EXT4-fs: Ignoring removed nomblk_io_submit option
[  506.527422][T13889] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2754'.
[  506.581556][T13882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.600733][T13889] netlink: 'syz.0.2754': attribute type 1 has an invalid length.
[  506.676504][T13889] 8021q: adding VLAN 0 to HW filter on device bond2
[  506.872211][T13739] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  506.909282][T13739] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  507.854201][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  507.861015][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  509.156493][T13739] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  509.335015][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.358228][T13739] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  509.645074][T13739] 8021q: adding VLAN 0 to HW filter on device bond0
[  509.801174][T13739] 8021q: adding VLAN 0 to HW filter on device team0
[  509.821240][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.828689][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  509.848449][T13933] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2761'.
[  509.928382][T13934] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2759'.
[  510.340517][T13934] veth1_to_hsr: entered promiscuous mode
[  510.346487][T13934] macsec1: entered promiscuous mode
[  510.351969][T13934] macsec1: entered allmulticast mode
[  510.357641][T13934] veth1_to_hsr: entered allmulticast mode
[  510.366977][T13934] veth1_to_hsr: left allmulticast mode
[  510.372776][T13934] veth1_to_hsr: left promiscuous mode
[  510.417971][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  510.425394][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  510.595455][T13739] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  510.608431][T13739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  510.690749][T13950] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2763'.
[  510.941150][T13739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  511.517631][T13739] veth0_vlan: entered promiscuous mode
[  511.560478][T13739] veth1_vlan: entered promiscuous mode
[  511.640178][T13739] veth0_macvtap: entered promiscuous mode
[  511.674402][T13739] veth1_macvtap: entered promiscuous mode
[  511.707945][T13993] loop2: detected capacity change from 0 to 256
[  511.809483][T13739] batman_adv: batadv0: Interface activated: batadv_slave_0
[  511.914674][T13739] batman_adv: batadv0: Interface activated: batadv_slave_1
[  512.040623][ T1154] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  512.091400][ T1154] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  512.139028][ T1154] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  512.165456][ T1154] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  512.680211][T13992] loop5: detected capacity change from 0 to 40427
[  512.732620][T13992] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  512.771147][T13992] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  512.834599][ T6894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  512.843109][ T6894] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.929794][T13992] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  512.962763][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  512.973167][T13992] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  512.983579][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.999428][T13992] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  513.097099][T14004] svc: failed to register nfsdv3 RPC service (errno 111).
[  513.127185][   T30] audit: type=1804 audit(1755624709.246:87): pid=13992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2771" name="/newroot/305/bus/bus" dev="loop5" ino=10 res=1 errno=0
[  513.165304][T14004] svc: failed to register nfsaclv3 RPC service (errno 111).
[  513.998092][T14017] lo speed is unknown, defaulting to 1000
[  514.761428][T14020] ipip0: entered allmulticast mode
[  514.846193][T14022] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2779'.
[  514.890723][T14022] netlink: 'syz.2.2779': attribute type 1 has an invalid length.
[  515.090731][T14022] 8021q: adding VLAN 0 to HW filter on device bond6
[  515.189191][T14032] syzkaller0: entered promiscuous mode
[  515.226252][T14032] syzkaller0: entered allmulticast mode
[  515.395034][T14043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2784'.
[  515.433349][T14043] macsec1: entered promiscuous mode
[  515.438678][T14043] veth1_to_hsr: entered promiscuous mode
[  515.446004][T14043] macsec1: entered allmulticast mode
[  515.451498][T14043] veth1_to_hsr: entered allmulticast mode
[  515.607818][T14043] veth1_to_hsr: left allmulticast mode
[  515.613592][T14043] veth1_to_hsr: left promiscuous mode
[  515.722967][T14045] netlink: 'syz.2.2786': attribute type 1 has an invalid length.
[  515.798114][T14045] 8021q: adding VLAN 0 to HW filter on device bond7
[  515.853186][T14048] veth15: entered promiscuous mode
[  515.862112][T14045] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2786'.
[  515.868127][T14048] bond7: (slave veth15): Enslaving as an active interface with a down link
[  515.898554][T14052] tipc: Started in network mode
[  515.911052][T14052] tipc: Node identity b6785fffcac6, cluster identity 4711
[  515.942598][T14052] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  516.017680][T14052] syzkaller0: entered promiscuous mode
[  516.056483][T14052] syzkaller0: entered allmulticast mode
[  516.075498][T14056] svc: failed to register nfsdv3 RPC service (errno 111).
[  516.136797][T14056] svc: failed to register nfsaclv3 RPC service (errno 111).
[  516.155055][T14064] tipc: Resetting bearer <eth:syzkaller0>
[  516.209320][T14051] tipc: Resetting bearer <eth:syzkaller0>
[  517.193406][ T5858] tipc: Node number set to 2092851199
[  518.724544][T14051] tipc: Disabling bearer <eth:syzkaller0>
[  518.808134][T14071] lo speed is unknown, defaulting to 1000
[  519.107444][T14079] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2797'.
[  519.176918][T14079] netlink: 'syz.2.2797': attribute type 1 has an invalid length.
[  519.228264][T14083] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2799'.
[  519.275671][T14079] 8021q: adding VLAN 0 to HW filter on device bond8
[  519.387771][T14087] syzkaller0: entered promiscuous mode
[  519.408518][T14087] syzkaller0: entered allmulticast mode
[  519.675697][T14098] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2803'.
[  519.896196][T14112] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  519.911799][T14112] syzkaller0: entered promiscuous mode
[  519.920131][T14112] syzkaller0: entered allmulticast mode
[  519.947890][T14111] svc: failed to register nfsdv3 RPC service (errno 111).
[  519.968542][T14111] svc: failed to register nfsaclv3 RPC service (errno 111).
[  519.988905][T14112] tipc: Resetting bearer <eth:syzkaller0>
[  520.000212][T14110] tipc: Resetting bearer <eth:syzkaller0>
[  520.011817][T14110] tipc: Disabling bearer <eth:syzkaller0>
[  520.048807][T14121] netlink: 'syz.2.2812': attribute type 1 has an invalid length.
[  520.070261][T14121] 8021q: adding VLAN 0 to HW filter on device bond9
[  520.157690][T14125] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2814'.
[  520.362083][T14132] lo speed is unknown, defaulting to 1000
[  523.655044][T14152] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2821'.
[  523.672491][T14147] loop2: detected capacity change from 0 to 256
[  524.672229][T14158] loop3: detected capacity change from 0 to 512
[  524.789952][T14158] EXT4-fs (loop3): orphan cleanup on readonly fs
[  524.811128][T14158] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.2822: bad orphan inode 13
[  524.823846][T14158] ext4_test_bit(bit=12, block=18) = 1
[  524.830309][T14158] is_bad_inode(inode)=0
[  524.834805][T14158] NEXT_ORPHAN(inode)=2130706432
[  524.839829][T14158] max_ino=32
[  524.843180][T14158] i_nlink=1
[  524.852785][T14158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  525.193517][T14161] netlink: 'syz.2.2824': attribute type 1 has an invalid length.
[  525.382717][T14150] syzkaller0: entered promiscuous mode
[  525.388885][T14150] syzkaller0: entered allmulticast mode
[  525.455237][T14161] 8021q: adding VLAN 0 to HW filter on device bond10
[  525.519919][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.619985][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2825'.
[  527.349711][T14202] loop2: detected capacity change from 0 to 512
[  529.181907][T14202] EXT4-fs (loop2): orphan cleanup on readonly fs
[  529.191268][T14202] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.2837: bad orphan inode 13
[  529.204492][T14202] ext4_test_bit(bit=12, block=18) = 1
[  529.210000][T14202] is_bad_inode(inode)=0
[  529.214544][T14202] NEXT_ORPHAN(inode)=2130706432
[  529.219743][T14202] max_ino=32
[  529.223012][T14202] i_nlink=1
[  529.230741][T14202] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  529.391634][T14201] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2838'.
[  529.488164][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.569058][T14208] syzkaller0: entered promiscuous mode
[  529.603553][T14208] syzkaller0: entered allmulticast mode
[  529.903108][T14229] team_slave_0: entered promiscuous mode
[  529.908893][T14229] team_slave_1: entered promiscuous mode
[  529.932762][T14229] vlan2: entered promiscuous mode
[  529.953562][T14229] team0: entered promiscuous mode
[  530.048220][T14237] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2853'.
[  530.506704][T14249] lo speed is unknown, defaulting to 1000
[  530.944064][T14254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2858'.
[  531.019901][T14239] loop0: detected capacity change from 0 to 40427
[  531.041410][T14239] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  531.094068][T14239] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  531.281659][T14239] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  531.303633][T14270] ipip0: entered allmulticast mode
[  531.325955][T14271] syzkaller0: entered promiscuous mode
[  531.339379][T14239] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  531.344298][T14271] syzkaller0: entered allmulticast mode
[  531.371903][T14239] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  531.379847][T14275] vlan2: entered promiscuous mode
[  531.423031][   T30] audit: type=1804 audit(1755624727.536:88): pid=14239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2852" name="/newroot/564/bus/bus" dev="loop0" ino=10 res=1 errno=0
[  531.521252][T14272] syzkaller1: entered promiscuous mode
[  531.527855][T14272] syzkaller1: entered allmulticast mode
[  531.978798][T14295] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2875'.
[  532.260617][T14305] lo speed is unknown, defaulting to 1000
[  532.609942][T14304] vlan2: entered promiscuous mode
[  532.915578][T14311] syzkaller0: entered promiscuous mode
[  532.921140][T14311] syzkaller0: entered allmulticast mode
[  532.951163][T14314] syzkaller1: entered promiscuous mode
[  532.961455][T14314] syzkaller1: entered allmulticast mode
[  533.179793][T14309] loop4: detected capacity change from 0 to 40427
[  533.208556][T14309] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  533.220561][T14309] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  533.371451][T14309] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  533.396200][T14309] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  533.406208][T14338] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2890'.
[  533.417291][T14309] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  533.446152][   T30] audit: type=1804 audit(1755624729.566:89): pid=14309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2880" name="/newroot/24/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  533.596147][T14346] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2892'.
[  533.967443][T14353] lo speed is unknown, defaulting to 1000
[  534.397070][T14359] syzkaller1: entered promiscuous mode
[  534.402914][T14359] syzkaller1: entered allmulticast mode
[  535.026793][T14385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2909'.
[  535.498579][T14388] syzkaller0: entered promiscuous mode
[  535.520508][T14388] syzkaller0: entered allmulticast mode
[  535.922013][T14404] syzkaller1: entered promiscuous mode
[  536.014252][T14404] syzkaller1: entered allmulticast mode
[  536.421382][T14407] lo speed is unknown, defaulting to 1000
[  536.450328][T14378] loop5: detected capacity change from 0 to 40427
[  536.464873][T14378] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  536.483523][T14378] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  538.423585][T14430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2922'.
[  538.807883][T14378] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  538.941587][T14430] veth1_to_hsr: entered promiscuous mode
[  538.947609][T14430] macsec1: entered promiscuous mode
[  538.953764][T14430] macsec1: entered allmulticast mode
[  538.959362][T14430] veth1_to_hsr: entered allmulticast mode
[  538.968007][T14430] veth1_to_hsr: left allmulticast mode
[  538.974030][T14430] veth1_to_hsr: left promiscuous mode
[  539.006199][T14438] syzkaller0: entered promiscuous mode
[  539.022271][T14438] syzkaller0: entered allmulticast mode
[  540.330506][T14468] netlink: 'syz.0.2936': attribute type 1 has an invalid length.
[  540.354447][T14465] syzkaller1: entered promiscuous mode
[  540.360231][T14465] syzkaller1: entered allmulticast mode
[  540.440393][T14468] 8021q: adding VLAN 0 to HW filter on device bond3
[  541.389514][T14472] loop3: detected capacity change from 0 to 40427
[  541.508975][T14472] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  541.647849][T14472] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  541.771812][T14505] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2947'.
[  541.871307][T14472] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  541.902115][T14472] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  541.922907][T14472] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  541.957011][   T30] audit: type=1804 audit(1755624738.076:90): pid=14472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2938" name="/newroot/58/bus/bus" dev="loop3" ino=10 res=1 errno=0
[  542.071412][T14515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2952'.
[  542.085821][T14515] bond_slave_0: entered promiscuous mode
[  542.091603][T14515] bond_slave_1: entered promiscuous mode
[  542.162737][T14515] macvtap1: entered promiscuous mode
[  542.173971][T14515] bond0: entered promiscuous mode
[  542.179545][T14515] macvtap1: entered allmulticast mode
[  542.205392][T14515] bond0: entered allmulticast mode
[  542.213546][T14515] bond_slave_0: entered allmulticast mode
[  542.229682][T14515] bond_slave_1: entered allmulticast mode
[  542.249138][T14515] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  542.294735][T14499] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.327799][T14518] bond0: left allmulticast mode
[  542.333926][T14518] bond_slave_0: left allmulticast mode
[  542.358504][T14518] bond_slave_1: left allmulticast mode
[  542.368798][T14518] bond0: left promiscuous mode
[  542.380239][T14518] bond_slave_0: left promiscuous mode
[  542.386070][T14518] bond_slave_1: left promiscuous mode
[  542.767837][T14534] tipc: Started in network mode
[  542.779873][T14534] tipc: Node identity e681f7c589b2, cluster identity 4711
[  542.793237][T14534] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  542.812856][T14534] syzkaller0: entered promiscuous mode
[  542.820800][T14534] syzkaller0: entered allmulticast mode
[  542.841524][T14534] tipc: Resetting bearer <eth:syzkaller0>
[  542.858037][T14533] tipc: Resetting bearer <eth:syzkaller0>
[  542.869550][T14533] tipc: Disabling bearer <eth:syzkaller0>
[  542.884258][T14535] loop0: detected capacity change from 0 to 4096
[  542.895823][T14535] EXT4-fs: Ignoring removed mblk_io_submit option
[  542.961957][T14535] EXT4-fs (loop0): Test dummy encryption mode enabled
[  543.076919][T14535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.135892][T14546] netlink: 'syz.2.2961': attribute type 1 has an invalid length.
[  544.210413][T14546] 8021q: adding VLAN 0 to HW filter on device bond11
[  544.357461][T14549] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2961'.
[  544.557041][T14548] 8021q: adding VLAN 0 to HW filter on device bond11
[  544.606022][T14548] bond11: (slave vxcan3): The slave device specified does not support setting the MAC address
[  544.636377][ T5863] Bluetooth: hci3: link tx timeout
[  544.641769][ T5863] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  544.661680][T14548] bond11: (slave vxcan3): Error -95 calling set_mac_address
[  544.866159][T14546] veth17: entered promiscuous mode
[  544.872246][T14549] 8021q: adding VLAN 0 to HW filter on device bond11
[  544.969825][T14558] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2964'.
[  545.077709][T14558] veth1_to_hsr: entered promiscuous mode
[  545.083853][T14558] macsec1: entered promiscuous mode
[  545.090180][T14558] macsec1: entered allmulticast mode
[  545.095602][T14558] veth1_to_hsr: entered allmulticast mode
[  545.111062][T14558] veth1_to_hsr: left allmulticast mode
[  545.118052][T14558] veth1_to_hsr: left promiscuous mode
[  545.630238][T14564] lo speed is unknown, defaulting to 1000
[  546.486479][T14567] lo speed is unknown, defaulting to 1000
[  546.723187][T14552] Bluetooth: hci3: command 0x0406 tx timeout
[  547.842082][T14575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.947537][T14579] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  548.034495][T14579] syzkaller0: entered promiscuous mode
[  548.066190][T14579] syzkaller0: entered allmulticast mode
[  548.118435][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.133171][T14579] tipc: Resetting bearer <eth:syzkaller0>
[  548.142432][T14578] tipc: Resetting bearer <eth:syzkaller0>
[  548.153272][T14578] tipc: Disabling bearer <eth:syzkaller0>
[  548.742600][T11796] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  548.901489][T14594] syzkaller1: entered promiscuous mode
[  548.907291][T14594] syzkaller1: entered allmulticast mode
[  548.913891][T11796] usb 4-1: Using ep0 maxpacket: 32
[  548.931859][T11796] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  548.943043][T11796] usb 4-1: config 0 has no interface number 0
[  549.906816][T11796] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  549.924351][T11796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.932706][T11796] usb 4-1: Product: syz
[  549.939491][T11796] usb 4-1: Manufacturer: syz
[  549.944946][T11796] usb 4-1: SerialNumber: syz
[  550.114358][T14602] syzkaller0: entered promiscuous mode
[  550.326551][T14602] syzkaller0: entered allmulticast mode
[  551.170366][T11796] usb 4-1: config 0 descriptor??
[  551.219489][T14613] vlan2: entered promiscuous mode
[  551.247885][T11796] usb 4-1: can't set config #0, error -71
[  551.255126][T11796] usb 4-1: USB disconnect, device number 3
[  551.269412][T14613] bond0: entered promiscuous mode
[  551.274857][T14613] bond_slave_0: entered promiscuous mode
[  551.280888][T14613] bond_slave_1: entered promiscuous mode
[  551.379769][T14615] loop3: detected capacity change from 0 to 4096
[  551.387784][T14615] EXT4-fs: Ignoring removed mblk_io_submit option
[  551.396915][T14615] EXT4-fs (loop3): Test dummy encryption mode enabled
[  551.438954][T14615] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  551.558535][T14623] lo speed is unknown, defaulting to 1000
[  551.741799][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  552.287995][T14634] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2989'.
[  552.329480][T14634] macsec1: entered promiscuous mode
[  552.335682][T14634] veth1_to_hsr: entered promiscuous mode
[  552.343481][T14634] macsec1: entered allmulticast mode
[  552.349032][T14634] veth1_to_hsr: entered allmulticast mode
[  552.435120][T14634] veth1_to_hsr: left allmulticast mode
[  552.440892][T14634] veth1_to_hsr: left promiscuous mode
[  553.001826][T14647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2991'.
[  553.910195][T14653] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2995'.
[  553.984000][T14655] syzkaller0: entered promiscuous mode
[  554.005500][T14655] syzkaller0: entered allmulticast mode
[  554.356404][T14660] loop3: detected capacity change from 0 to 4096
[  554.365538][T14660] EXT4-fs: Ignoring removed mblk_io_submit option
[  555.804881][T14660] EXT4-fs (loop3): Test dummy encryption mode enabled
[  555.832296][T14660] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  556.827677][T14681] lo speed is unknown, defaulting to 1000
[  557.315827][T14685] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  557.375996][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.396013][T14685] syzkaller0: entered promiscuous mode
[  557.401671][T14685] syzkaller0: entered allmulticast mode
[  557.433763][T14691] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3008'.
[  557.473093][T14685] tipc: Resetting bearer <eth:syzkaller0>
[  557.529524][T14684] tipc: Resetting bearer <eth:syzkaller0>
[  557.538120][T14684] tipc: Disabling bearer <eth:syzkaller0>
[  557.756781][T14699] syzkaller0: entered promiscuous mode
[  557.762409][T14699] syzkaller0: entered allmulticast mode
[  560.235213][T14717] syzkaller1: entered promiscuous mode
[  560.252697][T14717] syzkaller1: entered allmulticast mode
[  560.393454][T11796] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  560.577092][T11796] usb 1-1: Using ep0 maxpacket: 32
[  560.614283][T11796] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  560.622556][T11796] usb 1-1: config 0 has no interface number 0
[  560.715522][T11796] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  560.734462][T14721] netlink: 'syz.3.3019': attribute type 1 has an invalid length.
[  560.768300][T11796] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.798913][T14721] 8021q: adding VLAN 0 to HW filter on device bond1
[  560.813966][T14727] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3020'.
[  560.823001][T11796] usb 1-1: Product: syz
[  560.833123][T11796] usb 1-1: Manufacturer: syz
[  560.848158][T11796] usb 1-1: SerialNumber: syz
[  560.869744][T11796] usb 1-1: config 0 descriptor??
[  560.887017][T14728] bond1: (slave geneve2): making interface the new active one
[  560.908326][T11796] smsc95xx v2.0.0
[  560.927955][T14728] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  561.145974][T14733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3022'.
[  561.160900][T14733] bond_slave_0: entered promiscuous mode
[  561.166833][T14733] bond_slave_1: entered promiscuous mode
[  561.195491][T14733] macvtap1: entered promiscuous mode
[  561.212272][T14733] bond0: entered promiscuous mode
[  561.232178][T14733] macvtap1: entered allmulticast mode
[  561.239732][T14733] bond0: entered allmulticast mode
[  561.287130][T14737] loop5: detected capacity change from 0 to 4096
[  561.294883][T14737] EXT4-fs: Ignoring removed mblk_io_submit option
[  561.304894][T14737] EXT4-fs (loop5): Test dummy encryption mode enabled
[  561.323135][T14733] bond_slave_0: entered allmulticast mode
[  561.403635][T14733] bond_slave_1: entered allmulticast mode
[  561.412757][T14737] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.516584][T14733] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  561.602671][T14736] bond0: left allmulticast mode
[  561.645883][T14736] bond_slave_0: left allmulticast mode
[  561.681986][T14736] bond_slave_1: left allmulticast mode
[  561.708924][T14736] bond0: left promiscuous mode
[  561.735693][T14736] bond_slave_0: left promiscuous mode
[  561.741248][T14736] bond_slave_1: left promiscuous mode
[  562.141628][T11796] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  562.152423][T11796] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  562.627197][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  563.719606][T14761] syzkaller1: entered promiscuous mode
[  563.735639][T14761] syzkaller1: entered allmulticast mode
[  564.612847][T11796] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -32
[  564.627973][T11796] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -32
[  564.700834][T14776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3032'.
[  564.910835][T14784] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3037'.
[  564.922681][T14783] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  564.939901][T14783] syzkaller0: entered promiscuous mode
[  564.948773][T14783] syzkaller0: entered allmulticast mode
[  564.974518][T14783] tipc: Resetting bearer <eth:syzkaller0>
[  564.986809][T14781] tipc: Resetting bearer <eth:syzkaller0>
[  564.997006][T14781] tipc: Disabling bearer <eth:syzkaller0>
[  565.002026][T14790] netlink: 'syz.4.3040': attribute type 1 has an invalid length.
[  565.026479][T14790] 8021q: adding VLAN 0 to HW filter on device bond1
[  565.044069][T14790] bond1: (slave geneve2): making interface the new active one
[  565.054043][T14790] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  565.110724][ T1216] usb 1-1: USB disconnect, device number 6
[  565.188095][T14794] syzkaller0: entered promiscuous mode
[  565.196925][T14794] syzkaller0: entered allmulticast mode
[  567.404677][T14826] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3050'.
[  567.588049][T14829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3051'.
[  567.626940][T14829] macsec1: entered promiscuous mode
[  567.632370][T14829] veth1_to_hsr: entered promiscuous mode
[  567.640042][T14829] macsec1: entered allmulticast mode
[  567.645970][T14829] veth1_to_hsr: entered allmulticast mode
[  567.771352][T14829] veth1_to_hsr: left allmulticast mode
[  567.777740][T14829] veth1_to_hsr: left promiscuous mode
[  567.985613][T14831] netlink: 'syz.2.3053': attribute type 1 has an invalid length.
[  568.016740][T14831] 8021q: adding VLAN 0 to HW filter on device bond12
[  568.029077][T14832] tipc: Started in network mode
[  568.053849][T14832] tipc: Node identity d24cf6cc04b, cluster identity 4711
[  568.061505][T14832] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  568.085670][T14837] syzkaller0: entered promiscuous mode
[  568.108012][T14837] syzkaller0: entered allmulticast mode
[  568.223032][T14837] tipc: Resetting bearer <eth:syzkaller0>
[  568.410397][T14828] tipc: Resetting bearer <eth:syzkaller0>
[  568.459580][   T12] Bluetooth: (null): Invalid header checksum
[  568.617041][   T12] Bluetooth: (null): Invalid header checksum
[  568.664445][T14828] tipc: Disabling bearer <eth:syzkaller0>
[  568.716237][   T12] Bluetooth: (null): Invalid header checksum
[  568.722529][   T12] Bluetooth: (null): Invalid header checksum
[  568.748478][T14842] netlink: 'syz.0.3055': attribute type 1 has an invalid length.
[  568.775622][T14842] 8021q: adding VLAN 0 to HW filter on device bond4
[  568.797244][   T12] Bluetooth: (null): Invalid header checksum
[  568.836939][T14842] 8021q: adding VLAN 0 to HW filter on device bond4
[  568.857179][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  568.864453][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  568.925189][T14846] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3055'.
[  568.934297][T14842] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  569.067082][T14842] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  569.117672][T14846] 8021q: adding VLAN 0 to HW filter on device bond4
[  570.570006][T14866] loop0: detected capacity change from 0 to 256
[  571.119577][T14877] loop4: detected capacity change from 0 to 512
[  571.171040][T14877] EXT4-fs (loop4): orphan cleanup on readonly fs
[  571.180826][T14877] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.3064: bad orphan inode 13
[  571.217103][T14877] ext4_test_bit(bit=12, block=18) = 1
[  571.222637][T14877] is_bad_inode(inode)=0
[  571.226954][T14877] NEXT_ORPHAN(inode)=2130706432
[  571.231889][T14877] max_ino=32
[  571.235226][T14877] i_nlink=1
[  571.245200][T14877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  572.452979][T14882] lo speed is unknown, defaulting to 1000
[  572.526091][T13739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.741121][T14891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3067'.
[  574.781477][T14891] veth1_to_hsr: entered promiscuous mode
[  574.787850][T14891] macsec1: entered promiscuous mode
[  574.794471][T14891] macsec1: entered allmulticast mode
[  574.800009][T14891] veth1_to_hsr: entered allmulticast mode
[  575.090936][T14891] veth1_to_hsr: left allmulticast mode
[  575.098254][T14891] veth1_to_hsr: left promiscuous mode
[  575.764826][T14901] lo speed is unknown, defaulting to 1000
[  576.933499][T14919] loop2: detected capacity change from 0 to 512
[  577.138613][T14918] loop3: detected capacity change from 0 to 4096
[  577.151450][T14918] EXT4-fs: Ignoring removed mblk_io_submit option
[  577.278046][T14918] EXT4-fs (loop3): Test dummy encryption mode enabled
[  577.316774][T14919] EXT4-fs (loop2): orphan cleanup on readonly fs
[  577.329826][T14919] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.3076: bad orphan inode 13
[  577.352343][T14919] ext4_test_bit(bit=12, block=18) = 1
[  577.358086][T14919] is_bad_inode(inode)=0
[  577.362355][T14919] NEXT_ORPHAN(inode)=2130706432
[  577.367487][T14919] max_ino=32
[  577.370746][T14919] i_nlink=1
[  577.382705][T14919] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  577.642116][T14918] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.001159][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.294856][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.602705][T14929] lo speed is unknown, defaulting to 1000
[  579.422579][T14912] loop4: detected capacity change from 0 to 40427
[  582.468960][T14937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3081'.
[  582.994094][T14937] veth1_to_hsr: entered promiscuous mode
[  583.000034][T14937] macsec1: entered promiscuous mode
[  583.005718][T14937] macsec1: entered allmulticast mode
[  583.011044][T14937] veth1_to_hsr: entered allmulticast mode
[  583.021541][T14937] veth1_to_hsr: left allmulticast mode
[  583.029373][T14937] veth1_to_hsr: left promiscuous mode
[  583.637214][T14946] lo speed is unknown, defaulting to 1000
[  584.575763][T14967] loop2: detected capacity change from 0 to 4096
[  584.583177][T14967] EXT4-fs: Ignoring removed mblk_io_submit option
[  584.595023][T14967] EXT4-fs (loop2): Test dummy encryption mode enabled
[  586.599203][T14972] loop5: detected capacity change from 0 to 512
[  587.720838][T14972] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  587.720920][T14972] EXT4-fs: failed to create workqueue
[  587.736993][T14972] EXT4-fs (loop5): mount failed
[  587.745371][T14967] EXT4-fs: error -4 creating inode table initialization thread
[  587.753583][T14967] EXT4-fs (loop2): mount failed
[  588.254730][T14978] lo speed is unknown, defaulting to 1000
[  589.347444][T14552] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  589.355053][T14552] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  589.362505][T14552] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  589.371000][T14552] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  589.381484][T14552] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  589.555160][T14982] lo speed is unknown, defaulting to 1000
[  589.910381][T14992] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  589.924361][T14992] syzkaller0: entered promiscuous mode
[  589.929901][T14992] syzkaller0: entered allmulticast mode
[  590.010322][T14995] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3095'.
[  590.335778][T14995] veth1_to_hsr: entered promiscuous mode
[  590.341991][T14995] macsec1: entered promiscuous mode
[  590.348364][T14995] macsec1: entered allmulticast mode
[  590.354324][T14995] veth1_to_hsr: entered allmulticast mode
[  590.381242][T14995] veth1_to_hsr: left allmulticast mode
[  590.387020][T14995] veth1_to_hsr: left promiscuous mode
[  590.440796][T14981] loop4: detected capacity change from 0 to 40427
[  590.456028][T14981] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  590.494983][T14981] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  590.542547][T14997] tipc: Resetting bearer <eth:syzkaller0>
[  591.175699][ T5858] tipc: Node number set to 394621784
[  591.229502][T14991] tipc: Resetting bearer <eth:syzkaller0>
[  591.346996][T14981] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  591.361459][T14991] tipc: Disabling bearer <eth:syzkaller0>
[  591.372111][T14981] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  591.387938][T14981] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  592.343827][T14552] Bluetooth: hci4: command tx timeout
[  593.130640][   T30] audit: type=1804 audit(1755624788.516:91): pid=14981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3093" name="/newroot/66/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  593.236609][T14982] chnl_net:caif_netlink_parms(): no params data found
[  593.247784][T15021] netlink: 'syz.5.3101': attribute type 1 has an invalid length.
[  593.314188][T15021] 8021q: adding VLAN 0 to HW filter on device bond1
[  593.369918][T15021] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3101'.
[  593.417605][T15025] 8021q: adding VLAN 0 to HW filter on device bond1
[  593.426725][T15025] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  593.438946][T15025] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  593.543966][T15028] loop3: detected capacity change from 0 to 512
[  593.617007][T15021] 8021q: adding VLAN 0 to HW filter on device bond1
[  594.039245][T14982] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.088819][T14982] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.147907][T14982] bridge_slave_0: entered allmulticast mode
[  594.199541][T14982] bridge_slave_0: entered promiscuous mode
[  594.254528][T14982] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.294719][T14982] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.336749][T14982] bridge_slave_1: entered allmulticast mode
[  594.362673][T14982] bridge_slave_1: entered promiscuous mode
[  594.373512][T14552] Bluetooth: hci4: command tx timeout
[  594.415607][T15028] EXT4-fs (loop3): orphan cleanup on readonly fs
[  594.465754][T15028] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.3103: bad orphan inode 13
[  594.477355][T15028] ext4_test_bit(bit=12, block=18) = 1
[  594.482901][T15028] is_bad_inode(inode)=0
[  594.487285][T15028] NEXT_ORPHAN(inode)=2130706432
[  594.492211][T15028] max_ino=32
[  594.495519][T15028] i_nlink=1
[  594.504958][T15028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  594.938307][T15035] loop2: detected capacity change from 0 to 4096
[  594.946006][T15035] EXT4-fs: Ignoring removed mblk_io_submit option
[  594.955120][T15035] EXT4-fs (loop2): Test dummy encryption mode enabled
[  595.003032][T14982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.043603][T15035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  595.087067][T14982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.135228][T15040] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3106'.
[  595.185768][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.255944][T14982] team0: Port device team_slave_0 added
[  595.287907][T14982] team0: Port device team_slave_1 added
[  595.365224][T14982] batman_adv: batadv0: Adding interface: batadv_slave_0
[  595.372509][T14982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.410057][T14982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.436519][T14982] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.453311][T14982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.506478][T14982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.320127][T14204] Bluetooth: (null): Invalid header checksum
[  596.395658][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  596.412220][T14204] Bluetooth: (null): Invalid header checksum
[  596.422370][T14204] Bluetooth: (null): Invalid header checksum
[  596.430233][T14204] Bluetooth: (null): Invalid header checksum
[  596.440787][T14204] Bluetooth: (null): Invalid header checksum
[  596.448514][T14552] Bluetooth: hci4: command tx timeout
[  596.460391][T14982] hsr_slave_0: entered promiscuous mode
[  596.468520][T14982] hsr_slave_1: entered promiscuous mode
[  596.475168][T14982] debugfs: 'hsr0' already exists in 'hsr'
[  596.480944][T14982] Cannot create hsr debugfs directory
[  596.743755][T15060] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  596.803747][T15062] syzkaller0: entered promiscuous mode
[  596.835000][T15062] syzkaller0: entered allmulticast mode
[  597.401623][T15060] tipc: Resetting bearer <eth:syzkaller0>
[  597.792124][T15059] tipc: Resetting bearer <eth:syzkaller0>
[  597.815999][T15059] tipc: Disabling bearer <eth:syzkaller0>
[  597.824426][T15073] netlink: 'syz.5.3116': attribute type 1 has an invalid length.
[  597.876239][T15073] 8021q: adding VLAN 0 to HW filter on device bond2
[  597.903439][T14982] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.941394][T15073] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3116'.
[  597.951576][T15076] 8021q: adding VLAN 0 to HW filter on device bond2
[  597.975881][T15076] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  597.989134][T15076] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  598.017652][T15073] 8021q: adding VLAN 0 to HW filter on device bond2
[  598.108621][T15080] loop2: detected capacity change from 0 to 512
[  598.220833][T15080] EXT4-fs (loop2): orphan cleanup on readonly fs
[  598.232168][T15080] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.3117: bad orphan inode 13
[  598.297796][T15080] ext4_test_bit(bit=12, block=18) = 1
[  598.303653][T15080] is_bad_inode(inode)=0
[  598.307979][T15080] NEXT_ORPHAN(inode)=2130706432
[  598.312974][T15080] max_ino=32
[  598.316432][T15080] i_nlink=1
[  598.325412][T15080] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  598.417481][T14982] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.513569][T14552] Bluetooth: hci4: command tx timeout
[  599.130599][T14982] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.237153][T15089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3119'.
[  599.706439][T15089] veth1_to_hsr: entered promiscuous mode
[  599.712241][T15089] macsec1: entered promiscuous mode
[  599.717786][T15089] macsec1: entered allmulticast mode
[  599.723382][T15089] veth1_to_hsr: entered allmulticast mode
[  599.777398][T15089] veth1_to_hsr: left allmulticast mode
[  599.785342][T15089] veth1_to_hsr: left promiscuous mode
[  599.858453][T14982] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.883036][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  600.113751][T14982] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  600.126543][T14982] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  600.137716][T14982] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  600.147882][T14982] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  600.566492][T15092] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  601.713581][ T5863] Bluetooth: hci1: command 0x0406 tx timeout
[  602.108617][T14982] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.157282][T14982] 8021q: adding VLAN 0 to HW filter on device team0
[  602.181542][ T6894] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.188971][ T6894] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.304822][ T6078] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.312529][ T6078] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.478267][T15135] loop4: detected capacity change from 0 to 512
[  602.581748][T15135] EXT4-fs (loop4): orphan cleanup on readonly fs
[  602.596317][T15135] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.3134: bad orphan inode 13
[  602.621703][T15135] ext4_test_bit(bit=12, block=18) = 1
[  602.627466][T15135] is_bad_inode(inode)=0
[  602.632449][T15135] NEXT_ORPHAN(inode)=2130706432
[  602.638150][T15135] max_ino=32
[  602.642299][T15135] i_nlink=1
[  602.652731][T15135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  603.163239][T14982] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  603.353007][T14982] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  603.458438][T15141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3135'.
[  604.214499][T15139] loop5: detected capacity change from 0 to 40427
[  604.223081][T13739] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  604.241008][T15141] veth1_to_hsr: entered promiscuous mode
[  604.249145][T15141] macsec1: entered promiscuous mode
[  604.254806][T15141] macsec1: entered allmulticast mode
[  604.260457][T15141] veth1_to_hsr: entered allmulticast mode
[  604.284979][T15139] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  604.293120][T15139] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  604.302831][T15141] veth1_to_hsr: left allmulticast mode
[  604.309373][T15141] veth1_to_hsr: left promiscuous mode
[  604.620936][T15143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  605.094025][T15139] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  605.429165][T15139] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  605.480643][T15139] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  605.643766][   T30] audit: type=1804 audit(1755624801.696:92): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3136" name="/newroot/378/bus/bus" dev="loop5" ino=10 res=1 errno=0
[  606.490490][T14982] 8021q: adding VLAN 0 to HW filter on device batadv0
[  606.610377][T14982] veth0_vlan: entered promiscuous mode
[  606.664155][T14982] veth1_vlan: entered promiscuous mode
[  606.806771][T15176] lo speed is unknown, defaulting to 1000
[  607.651761][T14982] veth0_macvtap: entered promiscuous mode
[  607.661895][T14982] veth1_macvtap: entered promiscuous mode
[  607.811371][T14982] batman_adv: batadv0: Interface activated: batadv_slave_0
[  607.822086][T14982] batman_adv: batadv0: Interface activated: batadv_slave_1
[  607.992013][T15187] netlink: 'syz.4.3149': attribute type 1 has an invalid length.
[  608.030487][T15187] 8021q: adding VLAN 0 to HW filter on device bond2
[  608.096218][ T6078] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.110629][T15189] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3149'.
[  608.126213][ T6078] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.200988][T15187] 8021q: adding VLAN 0 to HW filter on device bond2
[  608.227688][T15187] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  608.275090][T15187] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  608.397244][T15189] 8021q: adding VLAN 0 to HW filter on device bond2
[  608.407396][ T6078] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.445751][ T6078] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  608.574218][ T6078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.615650][ T6078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  610.558351][ T3020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  610.613403][ T3020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  610.740434][T15200] loop3: detected capacity change from 0 to 40427
[  610.769943][T15200] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  610.795992][T15200] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  611.745927][T15200] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  611.941931][T15233] netlink: 'syz.4.3163': attribute type 1 has an invalid length.
[  612.407228][T15238] loop5: detected capacity change from 0 to 512
[  612.509994][T15238] EXT4-fs (loop5): orphan cleanup on readonly fs
[  612.519312][T15238] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.3164: bad orphan inode 13
[  612.539971][T15238] ext4_test_bit(bit=12, block=18) = 1
[  612.545788][T15238] is_bad_inode(inode)=0
[  612.550289][T15238] NEXT_ORPHAN(inode)=2130706432
[  612.555529][T15238] max_ino=32
[  612.558984][T15238] i_nlink=1
[  612.568430][T15238] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  612.893778][T15240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3162'.
[  612.917202][T15233] 8021q: adding VLAN 0 to HW filter on device bond3
[  613.049203][T15233] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3163'.
[  613.099466][T15241] 8021q: adding VLAN 0 to HW filter on device bond3
[  613.120988][T15241] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  613.152360][T15241] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  613.232025][T15243] veth3: entered promiscuous mode
[  613.270134][T15233] 8021q: adding VLAN 0 to HW filter on device bond3
[  613.780025][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  614.539829][T15259] lo speed is unknown, defaulting to 1000
[  616.030471][T15274] syzkaller1: entered promiscuous mode
[  616.043484][T15274] syzkaller1: entered allmulticast mode
[  616.124618][T15271] loop2: detected capacity change from 0 to 256
[  616.271606][T15284] netlink: 'syz.2.3177': attribute type 1 has an invalid length.
[  616.281574][T15282] tipc: Started in network mode
[  616.288828][T15282] tipc: Node identity 52dc77ea60ec, cluster identity 4711
[  616.299165][T15282] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  616.341997][T15284] 8021q: adding VLAN 0 to HW filter on device bond13
[  616.350344][T15282] syzkaller0: entered promiscuous mode
[  616.357249][T15282] syzkaller0: entered allmulticast mode
[  616.373123][T15289] 8021q: adding VLAN 0 to HW filter on device bond13
[  616.380991][T15289] bond13: (slave vxcan3): The slave device specified does not support setting the MAC address
[  616.397515][T15291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3178'.
[  616.402929][T15289] bond13: (slave vxcan3): Error -95 calling set_mac_address
[  616.433497][T15284] veth19: entered promiscuous mode
[  616.441479][T15284] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3177'.
[  616.446474][T15290] tipc: Resetting bearer <eth:syzkaller0>
[  616.461064][T15284] 8021q: adding VLAN 0 to HW filter on device bond13
[  616.482574][T15281] tipc: Resetting bearer <eth:syzkaller0>
[  616.493059][T15281] tipc: Disabling bearer <eth:syzkaller0>
[  616.759787][T15278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  616.817061][T15297] loop2: detected capacity change from 0 to 512
[  616.906635][T15297] EXT4-fs (loop2): orphan cleanup on readonly fs
[  616.918495][T15297] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.3179: bad orphan inode 13
[  616.951622][T15297] ext4_test_bit(bit=12, block=18) = 1
[  616.957486][T15297] is_bad_inode(inode)=0
[  616.962013][T15297] NEXT_ORPHAN(inode)=2130706432
[  616.967604][T15297] max_ino=32
[  616.970868][T15297] i_nlink=1
[  616.980273][T15297] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  619.014892][T15310] lo speed is unknown, defaulting to 1000
[  620.273488][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  621.116396][ T3013] Bluetooth: (null): Invalid header checksum
[  621.271233][ T3013] Bluetooth: (null): Invalid header checksum
[  621.278610][ T3013] Bluetooth: (null): Invalid header checksum
[  621.334146][T14204] Bluetooth: (null): Invalid header checksum
[  621.363185][T14204] Bluetooth: (null): Invalid header checksum
[  621.443528][T15329] syzkaller1: entered promiscuous mode
[  621.481736][T15329] syzkaller1: entered allmulticast mode
[  621.524883][T15333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3190'.
[  621.642831][T15337] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  621.655179][T15337] syzkaller0: entered promiscuous mode
[  621.661072][T15337] syzkaller0: entered allmulticast mode
[  622.356353][T15339] tipc: Resetting bearer <eth:syzkaller0>
[  622.372365][T15336] tipc: Resetting bearer <eth:syzkaller0>
[  622.380259][T15336] tipc: Disabling bearer <eth:syzkaller0>
[  622.526676][T15344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3194'.
[  622.580943][T15344] bond_slave_0: entered promiscuous mode
[  622.587890][T15344] bond_slave_1: entered promiscuous mode
[  622.674100][T15344] macvtap2: entered promiscuous mode
[  622.748228][T15344] bond0: entered promiscuous mode
[  622.909010][T15344] macvtap2: entered allmulticast mode
[  623.016056][T15344] bond0: entered allmulticast mode
[  623.105343][T15344] bond_slave_0: entered allmulticast mode
[  623.120328][T15344] bond_slave_1: entered allmulticast mode
[  623.128340][T15344] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  623.140819][T15349] bond0: left allmulticast mode
[  623.167391][T15349] bond_slave_0: left allmulticast mode
[  623.174718][T15349] bond_slave_1: left allmulticast mode
[  623.180737][T15349] bond0: left promiscuous mode
[  623.186176][T15349] bond_slave_0: left promiscuous mode
[  623.191799][T15349] bond_slave_1: left promiscuous mode
[  624.416697][T15369] loop5: detected capacity change from 0 to 256
[  625.223899][T15370] vlan2: entered promiscuous mode
[  627.142302][T15383] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3206'.
[  627.369350][T15387] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  627.873576][T15387] syzkaller0: entered promiscuous mode
[  627.897808][ T6894] Bluetooth: (null): Invalid header checksum
[  627.915757][T15387] syzkaller0: entered allmulticast mode
[  627.926597][ T6894] Bluetooth: (null): Invalid header checksum
[  627.948188][ T6894] Bluetooth: (null): Invalid header checksum
[  627.995639][ T6894] Bluetooth: (null): Invalid header checksum
[  628.018989][T15386] tipc: Resetting bearer <eth:syzkaller0>
[  628.033681][ T6894] Bluetooth: (null): Invalid header checksum
[  628.105815][T15394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3209'.
[  628.129411][T15386] tipc: Disabling bearer <eth:syzkaller0>
[  628.150028][T15394] bond_slave_0: entered promiscuous mode
[  628.156245][T15394] bond_slave_1: entered promiscuous mode
[  628.167523][T15394] macvtap2: entered promiscuous mode
[  628.172997][T15394] bond0: entered promiscuous mode
[  628.180650][T15394] macvtap2: entered allmulticast mode
[  628.190833][T15394] bond0: entered allmulticast mode
[  628.201046][T15394] bond_slave_0: entered allmulticast mode
[  628.215285][T15394] bond_slave_1: entered allmulticast mode
[  628.226816][T15394] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  628.244873][T15395] bond0: left allmulticast mode
[  628.250249][T15395] bond_slave_0: left allmulticast mode
[  628.258846][T15395] bond_slave_1: left allmulticast mode
[  628.266580][T15395] bond0: left promiscuous mode
[  628.277265][T15395] bond_slave_0: left promiscuous mode
[  628.282926][T15395] bond_slave_1: left promiscuous mode
[  630.551887][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  630.558324][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  631.579553][T15419] loop5: detected capacity change from 0 to 4096
[  631.586959][T15419] EXT4-fs: Ignoring removed mblk_io_submit option
[  631.624565][T15419] EXT4-fs (loop5): Test dummy encryption mode enabled
[  631.816645][T15419] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  632.264436][T15417] team_slave_0: entered promiscuous mode
[  632.271150][T15417] team_slave_1: entered promiscuous mode
[  632.441954][T15417] vlan2: entered promiscuous mode
[  632.589296][T15430] loop2: detected capacity change from 0 to 256
[  633.197755][T15417] team0: entered promiscuous mode
[  635.288009][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  635.370246][T15434] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  635.434626][T15434] syzkaller0: entered promiscuous mode
[  635.440198][T15434] syzkaller0: entered allmulticast mode
[  635.522209][T15433] tipc: Resetting bearer <eth:syzkaller0>
[  635.598340][T15433] tipc: Disabling bearer <eth:syzkaller0>
[  636.167429][T15461] loop5: detected capacity change from 0 to 256
[  637.557289][T15475] loop5: detected capacity change from 0 to 4096
[  637.564683][T15475] EXT4-fs: Ignoring removed mblk_io_submit option
[  637.636161][T15475] EXT4-fs (loop5): Test dummy encryption mode enabled
[  637.700198][T15475] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  639.151513][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  639.153004][T15490] loop2: detected capacity change from 0 to 512
[  639.192370][T15490] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  639.225655][T15490] EXT4-fs (loop2): 1 truncate cleaned up
[  639.250969][T15490] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  640.067475][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  640.598633][   T37] bridge_slave_1: left allmulticast mode
[  640.728111][   T37] bridge_slave_1: left promiscuous mode
[  640.923489][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.961842][   T37] bridge_slave_0: left allmulticast mode
[  641.008003][   T37] bridge_slave_0: left promiscuous mode
[  641.042314][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.724080][   T37] bond1 (unregistering): (slave geneve2): Releasing active interface
[  641.799076][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  641.809152][   T37] bond_slave_0: left promiscuous mode
[  641.816886][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  641.826352][   T37] bond_slave_1: left promiscuous mode
[  641.832300][   T37] bond0 (unregistering): Released all slaves
[  641.847148][   T37] bond1 (unregistering): Released all slaves
[  641.859552][   T37] bond2 (unregistering): Released all slaves
[  641.889225][   T37] bond3 (unregistering): Released all slaves
[  641.929536][   T37] bond4 (unregistering): Released all slaves
[  641.994465][T15522] bond_slave_0: entered promiscuous mode
[  642.000201][T15522] bond_slave_1: entered promiscuous mode
[  642.013868][T15522] vlan2: entered promiscuous mode
[  642.034372][T15522] bond0: entered promiscuous mode
[  642.260009][T15528] loop5: detected capacity change from 0 to 4096
[  642.275607][T15528] EXT4-fs: Ignoring removed mblk_io_submit option
[  642.349478][T15528] EXT4-fs (loop5): Test dummy encryption mode enabled
[  642.396437][T15528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  642.979373][   T37] tipc: Left network mode
[  644.090488][T15551] lo speed is unknown, defaulting to 1000
[  644.782716][ T9246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  644.993425][   T37] hsr_slave_0: left promiscuous mode
[  645.993463][   T37] hsr_slave_1: left promiscuous mode
[  646.034608][T15556] loop3: detected capacity change from 0 to 512
[  646.058465][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  646.085357][T15556] EXT4-fs (loop3): orphan cleanup on readonly fs
[  646.093953][T15556] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.3258: bad orphan inode 13
[  646.106593][T15556] ext4_test_bit(bit=12, block=18) = 1
[  646.112718][T15556] is_bad_inode(inode)=0
[  646.117435][T15556] NEXT_ORPHAN(inode)=2130706432
[  646.122323][T15556] max_ino=32
[  646.125861][T15556] i_nlink=1
[  646.130384][T15556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  646.365516][T13423] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  646.511727][T15566] loop5: detected capacity change from 0 to 256
[  646.740599][   T37] team_slave_1 (unregistering): left promiscuous mode
[  646.752927][   T37] team0 (unregistering): Port device team_slave_1 removed
[  646.770513][   T37] team_slave_0 (unregistering): left promiscuous mode
[  646.781040][   T37] team0 (unregistering): Port device team_slave_0 removed
[  647.002460][T15577] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  647.057864][T15593] binder_alloc: 15592: binder_alloc_buf, no vma
[  647.074048][T15579] bond_slave_0: entered promiscuous mode
[  647.079849][T15579] bond_slave_1: entered promiscuous mode
[  647.124302][T15579] vlan2: entered promiscuous mode
[  647.148932][T15579] bond0: entered promiscuous mode
[  647.220500][T15580] syzkaller0: entered promiscuous mode
[  647.229952][T15580] syzkaller0: entered allmulticast mode
[  647.766705][T15612] lo: Caught tx_queue_len zero misconfig
[  647.845104][   T37] ==================================================================
[  647.853527][   T37] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x666/0xca0
[  647.861750][   T37] Write of size 8 at addr ffff888055ca6aa8 by task kworker/u8:3/37
[  647.870018][   T37] 
[  647.872653][   T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  647.872680][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  647.872696][   T37] Workqueue: netns cleanup_net
[  647.872737][   T37] Call Trace:
[  647.872746][   T37]  <TASK>
[  647.872756][   T37]  dump_stack_lvl+0x189/0x250
[  647.872785][   T37]  ? __virt_addr_valid+0x1c8/0x5c0
[  647.872813][   T37]  ? rcu_is_watching+0x15/0xb0
[  647.872838][   T37]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.872862][   T37]  ? rcu_is_watching+0x15/0xb0
[  647.872883][   T37]  ? lock_release+0x4b/0x3e0
[  647.872918][   T37]  ? __virt_addr_valid+0x1c8/0x5c0
[  647.872944][   T37]  ? __virt_addr_valid+0x4a5/0x5c0
[  647.872973][   T37]  print_report+0xca/0x240
[  647.872995][   T37]  ? __xfrm_state_delete+0x666/0xca0
[  647.873021][   T37]  kasan_report+0x118/0x150
[  647.873055][   T37]  ? __xfrm_state_delete+0x666/0xca0
[  647.873086][   T37]  __xfrm_state_delete+0x666/0xca0
[  647.873121][   T37]  xfrm_state_flush+0x45f/0x770
[  647.873154][   T37]  xfrm6_tunnel_net_exit+0x3c/0x100
[  647.873188][   T37]  ops_undo_list+0x49a/0x990
[  647.873218][   T37]  ? __pfx_ops_undo_list+0x10/0x10
[  647.873244][   T37]  ? preempt_schedule_thunk+0x16/0x30
[  647.873268][   T37]  cleanup_net+0x4c5/0x800
[  647.873296][   T37]  ? __pfx_cleanup_net+0x10/0x10
[  647.873321][   T37]  ? __pfx_cleanup_net+0x10/0x10
[  647.873350][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  647.873373][   T37]  process_scheduled_works+0xae1/0x17b0
[  647.873410][   T37]  ? __pfx_process_scheduled_works+0x10/0x10
[  647.873440][   T37]  worker_thread+0x8a0/0xda0
[  647.873464][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  647.873495][   T37]  ? __kthread_parkme+0x7b/0x200
[  647.873524][   T37]  kthread+0x70e/0x8a0
[  647.873553][   T37]  ? __pfx_worker_thread+0x10/0x10
[  647.873580][   T37]  ? __pfx_kthread+0x10/0x10
[  647.873608][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  647.873630][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.873654][   T37]  ? __pfx_kthread+0x10/0x10
[  647.873681][   T37]  ret_from_fork+0x3f9/0x770
[  647.873706][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  647.873730][   T37]  ? __switch_to_asm+0x39/0x70
[  647.873758][   T37]  ? __switch_to_asm+0x33/0x70
[  647.873786][   T37]  ? __pfx_kthread+0x10/0x10
[  647.873812][   T37]  ret_from_fork_asm+0x1a/0x30
[  647.873850][   T37]  </TASK>
[  647.873858][   T37] 
[  648.109327][   T37] Allocated by task 5858:
[  648.113939][   T37]  kasan_save_track+0x3e/0x80
[  648.118652][   T37]  __kasan_slab_alloc+0x6c/0x80
[  648.123938][   T37]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  648.129657][   T37]  xfrm_state_alloc+0x24/0x2f0
[  648.134821][   T37]  xfrm_state_find+0x37d4/0x5400
[  648.139898][   T37]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  648.146083][   T37]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  648.151519][   T37]  mld_sendpack+0x678/0xd80
[  648.156227][   T37]  mld_ifc_work+0x83e/0xd60
[  648.160856][   T37]  process_scheduled_works+0xae1/0x17b0
[  648.166428][   T37]  worker_thread+0x8a0/0xda0
[  648.171042][   T37]  kthread+0x70e/0x8a0
[  648.175140][   T37]  ret_from_fork+0x3f9/0x770
[  648.179931][   T37]  ret_from_fork_asm+0x1a/0x30
[  648.184987][   T37] 
[  648.187329][   T37] Freed by task 5858:
[  648.191321][   T37]  kasan_save_track+0x3e/0x80
[  648.196285][   T37]  kasan_save_free_info+0x46/0x50
[  648.201785][   T37]  __kasan_slab_free+0x5b/0x80
[  648.206689][   T37]  kmem_cache_free+0x18f/0x400
[  648.211491][   T37]  xfrm_state_gc_task+0x52d/0x6b0
[  648.217082][   T37]  process_scheduled_works+0xae1/0x17b0
[  648.222672][   T37]  worker_thread+0x8a0/0xda0
[  648.227589][   T37]  kthread+0x70e/0x8a0
[  648.231880][   T37]  ret_from_fork+0x3f9/0x770
[  648.236763][   T37]  ret_from_fork_asm+0x1a/0x30
[  648.241560][   T37] 
[  648.243912][   T37] The buggy address belongs to the object at ffff888055ca6a80
[  648.243912][   T37]  which belongs to the cache xfrm_state of size 928
[  648.259035][   T37] The buggy address is located 40 bytes inside of
[  648.259035][   T37]  freed 928-byte region [ffff888055ca6a80, ffff888055ca6e20)
[  648.272960][   T37] 
[  648.275320][   T37] The buggy address belongs to the physical page:
[  648.281771][   T37] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888055ca5980 pfn:0x55ca4
[  648.291956][   T37] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  648.300565][   T37] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  648.308319][   T37] page_type: f5(slab)
[  648.312336][   T37] raw: 00fff00000000040 ffff8880206adc80 dead000000000122 0000000000000000
[  648.321597][   T37] raw: ffff888055ca5980 00000000800f0008 00000000f5000000 0000000000000000
[  648.331105][   T37] head: 00fff00000000040 ffff8880206adc80 dead000000000122 0000000000000000
[  648.339990][   T37] head: ffff888055ca5980 00000000800f0008 00000000f5000000 0000000000000000
[  648.348786][   T37] head: 00fff00000000002 ffffea0001572901 00000000ffffffff 00000000ffffffff
[  648.357497][   T37] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  648.366479][   T37] page dumped because: kasan: bad access detected
[  648.373032][   T37] page_owner tracks the page as allocated
[  648.378853][   T37] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7284, tgid 7283 (syz.4.410), ts 220271754545, free_ts 220203109960
[  648.398265][   T37]  post_alloc_hook+0x240/0x2a0
[  648.403447][   T37]  get_page_from_freelist+0x21e4/0x22c0
[  648.409213][   T37]  __alloc_frozen_pages_noprof+0x181/0x370
[  648.415254][   T37]  alloc_pages_mpol+0x232/0x4a0
[  648.420437][   T37]  allocate_slab+0x8a/0x370
[  648.425046][   T37]  ___slab_alloc+0xbeb/0x1410
[  648.429815][   T37]  kmem_cache_alloc_noprof+0x283/0x3c0
[  648.435291][   T37]  xfrm_state_alloc+0x24/0x2f0
[  648.440074][   T37]  xfrm_add_sa+0x17d1/0x41d0
[  648.444680][   T37]  xfrm_user_rcv_msg+0x7a0/0xab0
[  648.449733][   T37]  netlink_rcv_skb+0x205/0x470
[  648.454685][   T37]  xfrm_netlink_rcv+0x79/0x90
[  648.459415][   T37]  netlink_unicast+0x82f/0x9e0
[  648.464225][   T37]  netlink_sendmsg+0x805/0xb30
[  648.469110][   T37]  __sock_sendmsg+0x21c/0x270
[  648.474183][   T37]  ____sys_sendmsg+0x505/0x830
[  648.478977][   T37] page last free pid 5861 tgid 5861 stack trace:
[  648.485327][   T37]  __free_frozen_pages+0xbc4/0xd30
[  648.490469][   T37]  __slab_free+0x303/0x3c0
[  648.494918][   T37]  qlist_free_all+0x97/0x140
[  648.500520][   T37]  kasan_quarantine_reduce+0x148/0x160
[  648.506455][   T37]  __kasan_slab_alloc+0x22/0x80
[  648.511401][   T37]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  648.517021][   T37]  getname_flags+0xb8/0x540
[  648.521840][   T37]  __x64_sys_unlink+0x3a/0x50
[  648.526657][   T37]  do_syscall_64+0xfa/0x3b0
[  648.531411][   T37]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.537605][   T37] 
[  648.540042][   T37] Memory state around the buggy address:
[  648.545709][   T37]  ffff888055ca6980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  648.554675][   T37]  ffff888055ca6a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  648.562877][   T37] >ffff888055ca6a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  648.571489][   T37]                                   ^
[  648.576916][   T37]  ffff888055ca6b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  648.585589][   T37]  ffff888055ca6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  648.594117][   T37] ==================================================================
[  648.608940][   T37] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  648.616593][   T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  648.627146][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  648.637683][   T37] Workqueue: netns cleanup_net
[  648.642505][   T37] Call Trace:
[  648.645807][   T37]  <TASK>
[  648.648752][   T37]  dump_stack_lvl+0x99/0x250
[  648.653635][   T37]  ? __asan_memcpy+0x40/0x70
[  648.658279][   T37]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.663542][   T37]  ? __pfx__printk+0x10/0x10
[  648.668175][   T37]  vpanic+0x281/0x750
[  648.672267][   T37]  ? __pfx_print_hex_dump+0x10/0x10
[  648.677489][   T37]  ? __pfx_vpanic+0x10/0x10
[  648.682272][   T37]  ? rcu_is_watching+0x15/0xb0
[  648.687054][   T37]  panic+0xb9/0xc0
[  648.690895][   T37]  ? __pfx_panic+0x10/0x10
[  648.695324][   T37]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  648.701334][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  648.707852][   T37]  ? __xfrm_state_delete+0x666/0xca0
[  648.713258][   T37]  check_panic_on_warn+0x89/0xb0
[  648.718313][   T37]  ? __xfrm_state_delete+0x666/0xca0
[  648.723710][   T37]  end_report+0x78/0x160
[  648.727983][   T37]  kasan_report+0x129/0x150
[  648.732509][   T37]  ? __xfrm_state_delete+0x666/0xca0
[  648.737817][   T37]  __xfrm_state_delete+0x666/0xca0
[  648.743223][   T37]  xfrm_state_flush+0x45f/0x770
[  648.748815][   T37]  xfrm6_tunnel_net_exit+0x3c/0x100
[  648.754472][   T37]  ops_undo_list+0x49a/0x990
[  648.759623][   T37]  ? __pfx_ops_undo_list+0x10/0x10
[  648.765014][   T37]  ? preempt_schedule_thunk+0x16/0x30
[  648.770438][   T37]  cleanup_net+0x4c5/0x800
[  648.774878][   T37]  ? __pfx_cleanup_net+0x10/0x10
[  648.780436][   T37]  ? __pfx_cleanup_net+0x10/0x10
[  648.785534][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  648.791427][   T37]  process_scheduled_works+0xae1/0x17b0
[  648.797139][   T37]  ? __pfx_process_scheduled_works+0x10/0x10
[  648.803333][   T37]  worker_thread+0x8a0/0xda0
[  648.808121][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  648.814467][   T37]  ? __kthread_parkme+0x7b/0x200
[  648.819546][   T37]  kthread+0x70e/0x8a0
[  648.823735][   T37]  ? __pfx_worker_thread+0x10/0x10
[  648.829143][   T37]  ? __pfx_kthread+0x10/0x10
[  648.833855][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  648.839067][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.844309][   T37]  ? __pfx_kthread+0x10/0x10
[  648.849094][   T37]  ret_from_fork+0x3f9/0x770
[  648.853785][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  648.859115][   T37]  ? __switch_to_asm+0x39/0x70
[  648.863946][   T37]  ? __switch_to_asm+0x33/0x70
[  648.868935][   T37]  ? __pfx_kthread+0x10/0x10
[  648.873633][   T37]  ret_from_fork_asm+0x1a/0x30
[  648.878474][   T37]  </TASK>
[  648.881940][   T37] Kernel Offset: disabled
[  648.886410][   T37] Rebooting in 86400 seconds..